Surveillance

In order to monitor one's activities physically or logically you must let them know you are doing so or have a warrant that allows you to record their activities. Most businesses monitor entryways, exits, and access to secured locations through the use of Closed-Circuit Television (CCTV). Most Network administrators monitor files, folders, and other shared resource access activity through the use of auditing and logging. It is important to keep in mind that most companies include a policy that states that employees will be monitored for their own protection and for the protection of the company's resources.

Law enforcement agencies are required to obtain warrants and other permissions before monitoring and recording suspicious activity. Laws regarding legal surveillance and monitoring must be followed or the evidence obtained for an investigation may not be admissible in court.

Motive, Opportunity, and Means (MOM)

Investigating a criminal offense, whether it is computer-related or not, often includes putting yourself in the shoes of the suspected criminal in order to figure out why and how they committed a specific crime. Information security specialists and several security examinations (including the Security+ exam) use the acronym MOM to describe the 'why, when, and how' of computer crime crimes. Don't be surprised if it happens to pop up in a question. Here's what you have to know concerning MOM.

Motive

The question here is, 'Why did someone commit a crime.' People commit computer-related crimes in order to obtain money, steal information that can be sold, or obtain trade secrets that can give a particular business an advantage over the competition. Some simply inflate their egos with a successful hack of another's system. As long as valuable information or services exist, it is likely that someone will be motivated to obtain it illegally.

Opportunity

The opportunity to commit a computer-related crime and be successful at it has increased over time. As the number of systems and people connected to the Internet grow, so does the opportunity to infiltrate weak or unprotected systems. Many systems, both at home and in the workplace, are vulnerable mainly due to lack of resources and security education. Since the dot.com fallout, many businesses have been forced to cut back on the staffing, training, and purchasing of equipment and software that is essential to the protection of an internal network. This can leave the door open for the many who wish take advantage of unprotected networks and systems.

Means

Committing a computer-related or Internet crime is quite easy these days. One can download free scripts from the Internet that can be used quite easily as hacking tools or make a quick stop at the local book store and pick up a 'how to hack' instruction book. The tools used to break into systems illegally are readily available and as younger computer educated generations evolve, more computer-related crimes will occur.

COAST (Computer Operations, Audit, and Security Technology)

COAST is a computer investigation laboratory project that exists at Purdue University. It is one of the largest security research groups in the world. They provide a wealth of valuable information regarding computer investigations on their Web site. In fact, you can even search computer-related crimes and investigations by country or state. It is highly advisable that you visit their Web site at http://www.cerias.purdue.edu/coast/.

Don't be surprised if you see reference to COAST while taking the exam.