CHAPTER 1 obtained from computerized sources and by the application of established
scientific method.
• Digital Natives - in that they were brought into a world that was already digital,
spend large amounts of time in digital environments, and use technological
resources in their day-to-day lives.
• Digital Immigrants - are those who were born prior to the creation of the Internet
and digital technologies. These individuals quite often need to adapt to the digital
environment, which changes much more rapidly than they may be prepared for
otherwise.
• Cyberspace - refers to indefinite place where individuals transact and
communicate. It is the place between places.
• digital evidence - refers to digital information that may be used as evidence in a
case.
- digital evidence - refers to information and data of value to investigation that
is stored on, received, or sent by a digital device or attachment Accordingly,
digital evidence has the following features:
• ephemeral electronic communication - refers to telephone conversations, text
messages, chatroom sessions, streaming audio, streaming video, and other
electronic forms of communication the evidence of which is not recorded or
retained
• Computer forensics - is the use of scientifically derived and proven methods
toward the preservation, collection, validation, identification, analysis,
interpretation, documentation and presentation of digital evidence derived from
digital sources for the purpose of facilitating or furthering the reconstruction of
events found to be criminal
- computer forensics is a branch of the forensic sciences, refers to the
investigation and analysis of media originating from digital sources to uncover
evidence to present in a court of law.
- computer forensics as the science of locating, extracting, and analyzing types
of data from different devices, which specialists then interpret to serve as legal
evidence.
• digital forensics - as the application of computer science and investigative
procedures for a legal purpose involving the analysis of digital evidence after
proper search authority, chain of custody, validation with mathematics, use of
validated tools, repeatability, reporting, and possible expert presentation.
- digital forensics is the process involved in the collection, protection,
documentation, validation, analysis, and presentation of digital evidence,
• digital forensics investigators are performing "digital investigative analysis". To
break this title down, digital because it is all forms of electronic information from
computers to phones to game systems to servers, gaming console, etc.
• investigative - because they are not just pushing a button, they are investigating
what happened on that computer and asking the digital evidence questions.
ABRIDGED HISTORICAL BACKGROUND OF CYBERCRIMES
1. computer-related crime -illegal behaviors in which one or more computers were
helpful but not necessary to commit a criminal act.
2. computer crime - behaviors for which one or more computers were required to
commit a consummate criminal act.
3. computer abuse - use of computers in ways that cause harm to individuals, groups, or
organizations, that may also violate established policies or procedures, but do not rise to
the level of violating existing crime laws.
4. IT-enabled deviancy - behaviors involving use of computerized or
telecommunications devices in ways that violate social norms.
Hierarchy of Contemporary Cybercriminals
1. Script kiddies, also known as skidiots, skiddie, or Victor Skill Deficiency (VSD -
are the lowest life form of cybercriminal. The term is a derogatory one used by
more sophisticated computer users to refer to inexperienced hackers who employ
scripts or other programs authored by others to exploit security vulnerabilities or
otherwise compromise computer systems.
Note: Deep throat - is a hacker's remote administration tool, much like the infamous
Back orifice and NetBus tools. Deep throat allows a hacker to access data and gain
control over some Windows functions on remote system.
2. Cyberpunks - is an innocuous term which has been hotly contested by First
Amendment advocates but has been used by law enforcement officials to refer to
individuals' intent on wreaking havoc via the Internet
3. Cybercriminal organizations - are those groups comprised of criminally minded
individuals who have used the Internet to communicate, collaborate, and facilitate
cybercrime.
 4. Hackers or crackers - are those who target data which is valuable on its face
(e.g., trade secrets and proprietary data) or directed at data (e.g., credit card data)
which may be used to further other criminal activity.
Note:
• Hack involves the modification of technology, such as the alteration of computer
hardware or software, to allow it to be used in innovative ways, whether for
legitimate or illegitimate purposes
• Hacker is defined as a computer user who seeks to gain unauthorized access to a
computer system.
• Cracking -An attempt to gain unauthorized access to a computer system to
commit another crime, such as destroying information contained in that system.
Types of Hackers
1. White-hats - have the knowledge and skills that would enable them to function in the
same way as black-hats, but they decided to be on the right side of the law. To this end,
they often cooperate with the authorities and companies and work with them to combat
cybercrime.
2. Black hats - (as the very name suggests that they) are hackers who commit illegal acts,
and their main purpose is to harm information systems, steal information, etc.
3. Gray-hat hacker - A group of hackers that falls between black- and white-hat hackers
who have shifting or changing ethics depending on the specific situation.
4. Hacktivists - accounted for most of all compromised records in 2011. The term
hacktivism emerged in the 1990s when the Cult of the Dead Cow hacker collective
coined the term to describe their actions. In contemporary parlance, the term is used to
describe technological social movements.
Common Motivation of Cybercriminals
1. Revenge
An attacker may commit a criminal offense against a company after a
perceived injustice against themselves. The attacker may be a current or former
employee, a competitor, or an issue-motivated group
2. Opportunity
In the instance of an internal employee, there may be no initial motivation
by the employee to commit any form of crime against their employee.
3. Greed
Greed is a common motivator for the criminal, whether internal or external
to the company. The potential to enrich their lives at the expense of others is an
enticing option to them, with little to no concern as to the damage they do to
others.
4. Test of Skill
Some cyber criminals may commit technical attacks against others as a
training exercise to develop their skills for a more financially lucrative attack.
They may also use these attacks to advertise their skill set and their successful
system compromises to build their credibility on cybercriminal websites.
5. Business Competitor
The marketplace can be a very aggressive environment for businesses, with
each placing an emphasis on developing a strategic advantage.
6. Professional Criminal
The professional criminal's motivation is seeking personal financial
advantage. The attack is rarely personal and the attack on the target company is
nothing more than a business venture to make money.
7. Terrorism
With the world being connected, the opportunity exists for persons in
remote locations to target the critical infrastructure of an entity they wish to cause
extreme harm to.
8. Geopolitics
A state actor is a government agency or aligned group who conducts cyber
activities on behalf of that government.
TOOLKIT OF CYBERCRIMINALS
1. Malwares or malicious software - refers to code that causes damage to computer
system.
A. Backdoor - is a type of malware that is used to get unauthorized access to a
website by the cybercriminals.
 B. Trojan horses - type of malware that tricks the computer user into thinking that it a. Spoofing - is a type of scam in which criminals attempt to obtain someone's
is legitimate software, but actually contains hidden functions. personal information by pretending to be a legitimate business, a neighbor, or some other
innocent party.
C. Virus - is a software program that is designed to spread itself to other computers
b. Pharming - is an advanced form of phishing, which redirects the connection
and to damage or disrupt a computer, such as interrupting communications by
between an IP address (i.e., consumer seeking legitimate site) and its target serve (i.e.,
overwhelming a computer's resources.
legitimate site).
D. Computer Worm - are unique form of malware that can spread autonomously, c. Redirectors - are malicious programs which redirect users' network traffic to
though they do not necessarily have a payload. undesired sites. According to the Anti-Phishing Working Group, utilization of traffic
redirectors and phishing- based keyloggers is on the increase.
E. Bundlers - malware which is hidden inside what appears to be legitimate software
d. Advance-fee fraud or 419 fraud - some individuals will willingly divulge
or download. Containers often include gaming software, freeware, image or audio
personal and financial information to strangers if they believe that a large financial
files, or screensavers.
windfall will soon follow. This fraud is accomplished when an e-mail message is
distributed to a victim which asks the recipient for his claiming "found" money.
F. DoS (Denial of Service)
- Denial of Service (DoS) Attack - An attempt to prevent users of a particular e. Floating windows - phishers may place floating windows over the address bars
service from effectively using that service. Typically, a network server is in Web browsers.
bombarded with authentication requests; the attack overwhelms the resources
of the target computers, causing them to deny server access to other computers
making legitimate requests. CHAPTER 2
- Distributed Denial of Service (DDoS) Attack occur when a perpetrator seeks
to gain control over multiple. BASIC PARTS OF COMPUTER
As computing devices get sleeker and more compressed to save space, it gets
G. Botnet and Zombie (Bots) - are compromised computers attached to the Internet
harder for most users to conceptualize all the diferent parts that make it perform so
which are often used to remotely perform malicious or criminal tasks. They are often
many functions.
used in large batches, and the majority of owners of zombie computers are unaware of
1. Case
their usage.
2. Power supply
H. Spyware - a type of malware that enables the remote monitoring of a computer 3. Motherboard
user's activities or information on an individual's computer where this software has been 4. Processor or Central Processing Unit
installed. 5. Memory
6. Persistent Memory
- Keyloggers - a type of spyware that records every keystroke of the user and
7. Interfaces for input and output with user
reports this information back to its source.
8. Physical ports
- Sniffer - a type of software that is used to monitor and analyze networks, but can 9. External storage, servers, and more
also be used to collect individuals' usernames, passwords, and other personal information.

1. Case
2. Phishing - means the solicitation of information via e-mail or the culling of individuals
Computers would not last long without a case because it protects the internal
to fake Web sites.
components from damage, dirt, and moisture. But beyond holding the guts of the
computer, the case is an important facet of the device. The case provides the interface
between the device, the user, and the outside world. For example, a case might include a
view-only screen, touch screen, keyboard, microphone, as well as physical ports for a
keyboard, monitor, mouse, power supply, and data exchange.
2. Power source
Computers need electricity to operate, and that means they need power from an
internal battery, from an electrical outlet, or both. Portable devices like laptops, tablets,
and smartphones rely upon battery power, with periodic charging.
3. Motherboard
The motherboard is an important computer component because it is where
everything else connects to. The motherboard is a decently sized circuit board that lets
other components communicate.
4. Processors (Central Processing Unit)
The work of a computer is done through computer processors, also known as
central processing units (CPUs). These are computer chips, or groups of chips, that do the
thinking (the massive number of binary calculations) of the computer necessary to run all
programs.
5. Memory (ROM and RAM)
a. Read-Only Memory (ROM)
Read-only memory computer chips store firmware programs that holds the
instructions to power up or boot, the computer to control the DVD drives, hard
disk drives and graphic cards. ROM also known as flash memory and is
considered non-volatile memory.
b. Random Access Memory (RAM)
A computer relies on a type of memory - known as temporary or volatile
storage to perform most functions. This volatile storage is also called Random
Access Memory (RAM).
6. Persistent storage (HDD/SSD)
Persistent (long-term) storage holds data stored in the computer even after
the power is disconnected. Persistent storage mechanisms include hard disk drives
(HDD) and solid-state drives (SSD). HDDs were the standard method for
persistent data storage for many years. These drives have spinning disks or platters
divided into smaller sectors, then ultimately into bit-sized storage units, each of
which holds a magnetic charge holding the bit value.
- SSDs are a newer type of storage drive. These drives do not have any moving
parts, but rather are computer chips that store the data as electrical charges.
7. Interfaces for input and output with user
Users (whether a victim, evidence gatherer, or cybercriminal) must be able
to communicate with computers. Users send and receive information to computers
through mechanisms like the keyboard, mouse, monitor, microphone, and
speakers.
8. Network interface controller (NIC) for Communicating with other Computers
Computers also need to be able to communicate with one another, and this
communication is principally accomplished through a network interface controller
(NIC). This controller used to be called a network interface card, because it was a
separate card plugged into the computer's motherboard, but today this function
typically is integrated with the computer motherboard.
9. External storage, and servers
Beyond a computer's internal storage, a user store data by might store
connecting to external storage devices and other computers. Some common
external storage devices are external hard drives, flash drives (thumb drives), or
more complicated storage devices, such as network-attached storage, servers like
google drive, Microsoft, and iCloud for Macintosh.
10. Computer Software
According to Britz (2013), computer software refers to a series of instructions
that performs a particular task. More specifically, software is the interpretation of binary
byte sequences represented by a listing of instructions to the processors. Computer
hardware is useless without software as it cannot move, manipulate data, or receive input.
Without instructions, hardware is just an oversized paperweight-having no known tasks,
functions, or capabilities. Software is not only necessary to tell the components within a
system what to do and how to act, it is also necessary to tell it how to interact with user.
There are main types of software or instruction sets.
a. Boot sequence instructions - refers to the series of steps taken by a computer
immediately upon powering on which are necessary before it is usable.
b. Operating System (OS) - is a piece of software that runs user applications and 5. They are considered the lowest life form of cybercriminals because of
provides an interface to the hardware. Traditionally, almost all personal their___
computers except for Macintosh products contained some version of DOS. a. Brute skills in hacking
c. Application software - application software is prepackaged b. Use scripts authored by others to exploit
instructions which allow users to perform a variety of functions, including but c. Destructive action
not limited to word processing, statistical analysis, and the like. In fact, d. Cyberpunks security vulnerabilities of computer
existing software packages are all but limited to a user's imagination. Among
other things, individual users can play games, create masterpieces, file taxes, 6. Of the following, which country is NOT a member of the G8 nations?
and develop house plans. a. Australia c. Russia
b. Canada d. Japan
ANSWER AND QUESTIONS:
7. A government agency designated as the central authority in all matters that
related to MLAT.
1. These are people who grew up into a world that was already digital and a. NBI c. PNP
spend a large amount of their lives in cyberspace. b. DOJ d. Ant-Cybercrime Group
a. Millennials c. Gen X
b. Digital immigrants d. Digital natives 8. These are people who specialized in the examination of computer data to
prove the guilt of suspected cybercriminals are appropriately called ____.
2. The action of modifying technology, like alternation of computer hardware a. Cybercops c. Digital Forensic Analysts
or software, to allow to be used in innovative ways whether for legitimate or b. Cyber Investigators d. Computer investigator
illegitimate purposes.
a. Crackers c. Skidiots 9. An attack attempts to prevent users for particular service from effectively
b. Cybercriminals d. White hats using that service is called.
a. Botnet and zombies attack c. Denial of service
3. What law enacted the cybercrime prevention act of 2012? b. Spyware d. Keyllogers
a. RA 10364 c. RA 9775
b. RA 9208 d. RA 10175 10. He is considered the creator of the 1st internet worm in 1988.
a. Robert Morris Jr.
4. International cooperation to prevent and suppress the proliferation of b. Richard Greenblatt
cybercrime needs mutual assistance. What treaty is entered into by members of c. Kevin Poulsen
the Budapest Convention against cybercrimes? d. Tom Knight
a. Extradition treaty
b. Mutual Legal Assistance Treaty 11. These are people who were born before the creation and widespread use of
c. International Justice the internet and digital technologies.
d. National Legal Cooperation Treaty a. Millennials c. Gen Z
b. Digital immigrants d. Digital natives

12. It refers to any criminal activities which has been committed through the
use of internet and/or computer.
a. Digital crime c. Internet fraud
b. Online Scam d. cyberspace crime 21. In computers, it is considered the smallest piece of data and has two
possible electrical states, 1 or 0.
13. It is the continuous process of searching for evidence and leads in a. File c. Data
cyberspace. b. Bit d. Sector
a. Cybercrime c. Cybercrime investigation
b. Online investigation d. Cyber terrorism 22. A type of computer software that allows unit to take various steps upon
powering.
14. The interactional environment created by linking computers together into a a. Bootstrap c. Sequencer
communication network. b. Power on instruction sequencer d. Computer
a. Cyberspace с. ІСТ
b. Virtual environment d. Computer world 23. Microsoft Excel is an example of:
a. Operating System c. Boot sequence
15. He is considered the creator of the 1st ramsonware called the "AIDS b. Application software d. Computer program
Trojan"in 1989.
a. Kevin Mitnick c. Joseph Popp 24. Digital evidence can easily be destroyed or cannot be seen because these
b. David Smith d. Kevin Poulsen type of communication of data are called in the legal sense as:
a. Latent c. Electronic
16. Computer data collected and examination by digital forensic investigators b. Inside the computer d. Ephemeral
are called___
a. Evidence b. Real evidence 25. A keyboard is used to communication with the computer and is an example
c. Digital evidence d. Ephemeral evidence of a:
a. Input device c. Program
17. It is the science of locating, extracting, and analyzing different types of b. Operating system d. Input device
data from digital devices.
a. Cybercrime investigation c. Investigation 26. The character encoding standard for electronic communication is called
b. Computer forensics d. Forensics a. Bit c. Hex
b. ACSII d. ASCII
18. The following are NOT the key elements computer forensics, EXCEPT:
a. Collection and preservation c. Investigation 27. RAM contains volatile data because:
b. Ephemeral d. Prosecution a. The data are too complex to be process by the computer without human
intervention.
19. He who discovered that the whistle included in the box of Cap'n Crunch" b. The data are easily destroyed because it is not in the computer but on the
can be used to hack the telephone system of AT&T in the 1970s. internet.
a. John Mitnick c. John Draper c. The data are temporarily kept for faster processing and needs power to
b. Allan Kotok d. Robert Morris Jr. function properly.
d. The data are recorded in binary and cannot be contained in the memory.

20. It refers to code that causes damage to computer system. 28. A part of the computer that acts as the interface between the device, the
a. Virus b. Backdoor user and outside world.
c. Trojan horses d. Malicious software a. Power source b. Motherboard
c. Case d. Processor 37. When powering a computer, the OS is loaded into the _____ from the
devices long-term memory.
29. The name "Juanito Dela Cruz" is equivalent to how many bytes and bits? a. ROM c. Hard drive
a. 17 bytes or 142 bits c. 15 bytes or 120 bits b. CPU d. RAM
b. 15 bytes or 128 bits d. 17 bytes or 136 bits
38. The speed of the processor is determined by rate of the:
30. The piece of software that runs the specific applications and provides an a. Size of the processor c. Power
interface to the hardware components. b. Bit rate d. Hertz
a. Application c. Operating system
b. Program d. Command 39. A memory that is an important part of the basic input/output system.
a. Flash memory c. RAM
31. It is considered as the basic language of computers. b. Processor d. Hard drive
a. Binary c. decimal conversion
b. Electrical signalization d. ACSII 40. This refers to the set of instructions written in a programming language.
a. Software c. Program
32. The part of the computer where all other computer components are b. Object code d. Source code
connected.
a. RAM c. Circuit board ANSWER KEY:
b. Motherboard d. Processor 1. D 21. B
2. A 22. A
33. A part of the computer responsible for all the commands executed by the 3. D 23. B
computer. 4. B 24. D
a. ROM b. RAM 5. B 25. A
c. Processor d. Storage 6. A 26. B
7. C 27. C
34. This is a storage device wherein there no moving parts and all data is save 8. C 28. C
in computer chips. 9. C 29. C
a. HDD c. SHD 10. A 30. C
b. SSD d. HSSA 11. C 31. A
12. A 32. D
35. This type of memory enables the CPU to communicate with the hard disk 13. C 33. C
and the input/output devices that are attached to the computer. 14. A 34. B
a. Processor c. ROM 15. C 35. B
b. BIOS d. SSD 16. C 36. C
17. B 37. D
36. For computers to be able to communication with one another via the 18. B 38. D
internet using the ___. 19. C 39. A
a. Network connection c. Network Interface controller 20. A 40. D
b. Internet adapter d. Router