Concluding Remarks11

THOMAS A. JOHNSON

This book has brought together a group of contributing authors who have been among the first wave of experts to assist our nation in confronting this new paradigm of criminal activity. Each author has played a pivotal role in the operation of computer crime units, and collectively they also participated in the education and training of more than 4,000 federal, state, and local law enforcement officers. In addition, over the past decade, these authors have participated in the graduate and undergraduate education of many outstanding university students. The overarching purpose of this text was to provide an introduction to the forensic computer crime investigation process. We hope this modest effort will encourage an interest in the student and officer of tomorrow to pursue this subject matter and to acquire the expertise to function as effectively as possible.

In our view, the subject of forensic computer investigation intersects at three important academic disciplines: computer science, law, and forensic investigation. The importance of each of these disciplines requires a respect and inclusion of other principles and concepts so that a body of knowledge will continue to emerge and grow with a richness that can only be attained by their interdisciplinary inclusion.

There have been many excellent contributions by authors throughout the world who have offered their unique insights. Also, there have as well, been many timely and influential books that have shaped the emergence of this field of study. There is onebook that merits our praise for the role it played in moving our nation forward in this important area. This book,Computers at Risk: Safe Computing in the Information Age, by the National Research Council and under the leadership of Dr. David D. Clark, was prepared in response to a 1988 request from the Defense Advanced Research

239

240Forensic Computer Crime Investigation

Projects Agency (DARPA). The focus was to create a national research, engineering, and policy agenda to assist our nation in achievinga more trustworthy computing technology by the end of the century. This important effort sought to achieve an understanding of the nature of computer security as expressed in terms of vulnerability, threat, and countermeasure. This was the first comprehensive effort to analyze the concepts of information security; to examine them in terms of confidentiality, integrity, and availability; and to discuss technology in terms of achieving secure computer systems. The criteria to evaluate computer and network security as well as agenda for pursuing research to enhance our nation’s computer systems was a valuable and insightful contribution. If the National Research Council’s text served as one of the important benchmarks in our past, we feel the addition of the four appendices to this text will focus the reader on several important works that will guide our future. Accordingly, we have provided the executive summaries of three important national studies and a useful appendix on sample language for search warrantsand accompanying affidavits to search and seizure computers, from the United States Department of Justice Computer Crime and Intellectual Property Section, Manual on Electronic Search and Seizure.

Appendix A, the Executive Summary of theNational Strategy__to Secure Cyberspace, reviews our nation’s strategic objectives that are consistent with our national strategy for homeland security. The role of government in securing cyberspace as well as critical priorities for cyberspace security and a national cyberspace security response system is presented as the first major national effort since the landmark_Computers at Risk_study was completed almost 15 years earlier. In addition, this report recommended a national cyberspace security threat and vulnerability reduction program as well as a national security cyberspace awareness and training program. The securing of our nation’s cyberspace was not the sole focus; recommendations were also made to develop an international cyberspace program in cooperation with our nation’s efforts.

Appendix B, which is the Executive Summary ofNational Strategy for the Physical Protection of Critical Infrastructures and Key Assets, discusses the need for a national policy and guiding principles to protect our nation’s critical infrastructure sectors. This report discusses both governmental and private sector responsibilities and provides a strategy for both planning and resource allocation. The report provides a strategy and identifies major initiatives that we as a nation must implement to protect our key assets. Because cyber attacks could be focused on any one of these key and critical infrastructure assets, it is important that the reader direct attention to this important resource document.

Concluding Remarks241

Appendix C is theExecutive Summary of the National Institute of Standards and Technology reportComputer Security Incident Handling Guide, as well as its recommendations. This report is noteworthy for its insight in terms of organizing a computer security incident response capability, as well as recommending establishment of incident response policies and procedures. Also useful was the structure of the incident response team and the description of a number of incidents one is likely to encounter.

Appendix D, the excellentdocument titledSample Language for Search Warrants and Accompanying Affidavits to Search and Seize Computers, as prepared by the United States Department of Justice, Computer Crime and Intellectual Property section, provides excellent guidelines for lawenforcement agencies to review as they create their computer crime units.

In closing, we encourage the reader to carefully review these appendices because they offer great insight into the challenges the forensic computer investigator of the future will have to be prepared to meet.