INTRODUCTION TO

CYBERCRIME

BY: Jessa Anghag, RCrim.

1
“INVISIBLE CRIMINALS
ARE FAR MORE
DANGEROUS THAN THE
VISIBLE ONES.”

—SYNONYMOUS

2
What is RA 10175 or
Cybercrime Prevention Act
of 2012?

3
DIFFERENCE BETWEEN TRADITIONAL
CRIMES AND CYBERCRIMES

TRADITIONAL CRIMES CYBERCRIMES

LIBEL Has wider reach than

traditional crimes and it
SCAM/FRAUD is more likely to victimize
more people as
IDENTITY
THEFT compared to traditional
crimes.
4
 WHEN DID CYBERCRIME
BEGIN?
PHREAKERS
 From the term ‘phreaking’ or ‘phone
phreaking, means fraudulent
manipulation of telephone signaling in
order to make free phone calls
 It involves reverse engineering to route
long-distance calls
 Criminals in America who imitate certain
tones on the phones to make free calls at
the beginning of 1970s.
 John Draper, a well-known Phreaker

5
 WHEN DID CYBERCRIME
BEGIN?
 Steve Jobs and Steve Wozniak by selling and
manufacturing “blue box” at $170 each in 1972 prior to
founding Apple computer in 1976.
 “Blue Box” was dubbed as the world’s first digital
hacking tool
 It can make free phone calls anywhere in the world and a
host of other illegal practices

6
 WHEN DID CYBERCRIME BEGIN?

1834 — French Telegraph System — A pair of thieves hack the French Telegraph

System and steal financial market information, effectively conducting the world’s
first cyberattack.
1870 — Switchboard Hack — A teenager hired as a switchboard operator is able
to disconnect and redirect calls and use the line for personal usage. 
1878 — Early Telephone Calls — Two years after Alexander Graham Bell invents
the telephone, the Bell Telephone Company kicks a group of teenage boys off the
telephone system in New York for repeatedly and intentionally misdirecting and
disconnecting customer calls.
1903 — Wireless Telegraphy — During John Ambrose Fleming’s first public
demonstration of Marconi’s “secure” wireless telegraphy technology, Nevil
Maskelyne disrupts it by sending insulting Morse code messages discrediting the
invention.
7
 CYBERCRIME
PREVENTION ACT
OF 2012

REPUBLIC ACT
10175
AN ACT DEFINING CYBERCRIME,
PROVIDING FOR THE
PREVENTION, INVESTIGATION,
SUPPRESSION AND THE
IMPOSITION OF PENALTIES
THEREFOR AND FOR OTHER
PURPOSES
 HISTORY OF
CYBERCRIME IN THE  ILOVEYOU, referred to as Love Bug, is
PHILIPPINES a computer worm that infected over 10
million Windows personal computers on
and after May 5, 2000 that started
spreading as an email with the subject
“ILOVEYOU” and an attachment
 Onel de Guzman, a 24-yr old Manileño,
created the malware to steal other
users’ passwords which he could use to
log in to their Internet accounts
 The worm used the same principles he
described in his undergraduate thesis
at AMA Computer College
 HISTORY OF
CYBERCRIME IN THE
PHILIPPINES  It spread worldwide first in Hong Kong,
then to Europe, and finally to the US.
The outbreak was estimated to have
caused US$10-15 billion to remove the
worm.
 The Pentagon, CIA, British Parliament
and most large corporations decided to
completely shutdown their mail systems
to protect themselves
 It was one of the world’s most destructive
computer-related disasters.
Introduction and
Signed into law on September 12,
Rationale of the
2012
Law

1. To penalize acts like cybersex, child

pornography, identity theft and unsolicited
electronic communication in the country;
and
2. To protect and safeguard the integrity of
computer, computer and communications
systems, networks and databases, and the
confidentiality, integrity and availability of
information and data stored therein from all
forms of misuse, abuse and illegal access
 COMPUTER
 Refers to an electronic, magnetic, optical,
DEFINITION OF electrochemical, or other data processing
TERMS or communications device, capable of
performing logical arithmetic, routing or
storage functions and which includes any
storage facility or equipment or
communications facility directly related
to or opening in conjunction with such
device

COMPUTER SYSTEM
 Any device or group of interconnected or
related devices, or more of which,
pursuant to a program, performs
automated processing of data; also
includes mobile and smart phones.
12
 FIGHTING CYBERCRIMES IN THE
PHILIPPINES

LEGAL
LEGAL SYSTEM PROCESSES CYBERCRIMES

Employment of Employs legal Definition of Terms

certain legal system processes that may not and Prescribed
that may be unique be applicable or Penalties
from other crimes present in other crimes
punished in our
jurisdiction
13
LEGAL
SYSTEM

14
 LEGAL SYSTEM

1 2 3 4 5
LAW
PROSECUTION COURTS CORRECTION COMMUNITY
ENFORCEMENT

15
 Cybercrime Investigation and
LEGAL SYSTEM Coordinating Center (CICC)
 under supervision of the Office
of the President
Duties and Functions
6TH – COORDINATING 1. Policy coordination and
AGENCIES national cyber security planning
2. Monitor Cybercrimes
3. Facilitates International
cooperation thru DOJ OCC
4. Call upon other agencies and
community stakeholders to render
assistance
16
 Department of Justice – Office of
Cyber Crime or DOJ-OCC
LEGAL SYSTEM  Operational Center of the CICC
 Central Authority in all matters
related to international and mutual
assistance and extradition
6TH – COORDINATING Duties and Functions
AGENCIES 1. Coordinates NBI CCD, PNP ACG and
the National Prosecution Service
(NPS)
2. Coordinate with foreign
counterparts
3. Assist in investigation
4. Acts on complaints and cause
investigation and prosecution
17
 1. LAW -Organization of Cybercrime
ENFORCEMENT Division or Unit to be manned by
Special Investigators

Head of Cybercrime Division:

NBI – Head Agent
Sec. 9 LAW PNP – Police Director
ENFORCEMENT
AUTHORITIES: PNP and NBI serve as field
(1) National Bureau of operations arm of CERT
Investigation (NBI) and
The DOJ – Office of Cybercrime
(2) Philippine National (OCC) shall coordinate efforts of
Police (PNP) the NBI and the PNP
18
 1 – LAW
ENFORCEMENT
POWERS AND FUNCTIONS
 Investigation
 Data recovery, Forensic
Analysis
 Formulate guidelines
 Develop Public Relations
 Database Maintenance
 Capacity Development
 Support National Cyber
Security Plans
19 19
 2.
PROSECUTION
Secretary of Justice shall
designate prosecutors
PROSECUTORS and investigators who
 Special Prosecutors of shall comprise the
the National prosecution task force or
Prosecution Service in division under the DOJ –
coordination with the OCC, which will handle
DOJ – Office of the Cybercrime cases.
Cybercrime (DOJ –
OCC)
20
 Requisites for Jurisdiction:
3. COURTS (1) Any of the elements was
committed WITHIN the
Philippines;
(2) Committed with the use
Sec 21 - JURISDICTION of any computer system
 Special Commercial wholly or partly situated in
Courts the country; or
(3) When by such commission
 REGIONAL TRIAL COURT any damage is caused to a
 Including any violation natural or juridical person
committed by a Filipino who, at the time the offense
REGARDLESS of the place was committed, was in the
of commission Philippines.
21
 3. COURTS

Sec 22 - VENUE
 Filed with the RTC of
the Province or City
where the
cybercrime or any of
its elements is
committed, etc.
22
 4.
CORRECTIO
N

Bureau of Jail
Management and
Penology; Bureau of
Corrections; and
Provincial and City Jails

23
 5.
COMMUNITY

 Service Providers
 National Computer
Emergency Response Team
(NCERT)
 Other governmental units
or LGUs
 Community in general
24
 WHAT ARE SERVICE
PROVIDERS

?
any public or private entity that provides
users of its service with the ability to
communicate by means of a computer system
(e.g. Viber and Facebook); and
any other entity that processes or stores
computer data on behalf of such
communication service or users of such
service.
 WHAT IS NCERT
?
NCERT means NATIONAL COMPUTER
EMERGENCY RESPONSE TEAM
Under the Information and Communications
Technology – Department of Science and
Technology (ICT – DOST)
Serves as coordinator for cybersecurity –related
activities focused in incident response and proactive
service
 NCERT

Duties and Functions

 Extend assistance to
CICC
 Issue guidelines on
cybersecurity plans
 Technical Training
 Technical Analysis
 Facilitate international
cooperation with other
security agencies 27
LEGAL
PROCESSES

28
 HOW IS A CYBERCRIME CASE
INSTITUTED?

WITH LAW WITH THE LAWFUL ARREST

ENFORCEMENT PROSECUTOR’S WITHOUT
AUTHORITY OFFICE WARRANT
(LEA)
It is proper when: (a) Lawful arrest
Filing a complaint there is enough without a warrant
with LEA when evidence; (b) prescribed may be conducted
penalty is at least 4 yrs, 2 in:
your action still mos and 1 day of
needs case build-  Inflagrante
imprisonment; and (c)
up PI is required before delicto and
filing  Hot Pursuit 29
 HOW ARE
COMPLAINTS
FILED?
 THRU PNP
ACG-ONLINE
THRU CICC
ONLINE
CYBER CRIMES
and PENALTIES

33
1. Offenses against
the confidentiality, 2.
integrity and Computer-
availability of Related
computer data and
Offenses
systems

3. Content – Related 4. Other Offenses

Offenses

34
 (1) ILLEGAL ACCESS - The access to the whole or any
SECTION 4 (a)
part of a computer system without right.

What are the (2) ILLEGAL INTERCEPTION - The interception made by

technical means without right of any non-public
offenses transmission of computer data to, from, or within a
against the computer system including electromagnetic emissions
confidentiality from a computer system carrying such computer data.
, integrity and (3) DATA INTERFERENCE – intentional or reckless
availability of alteration, damaging, deletion or deterioration of
computer data, electronic document, or electronic data
computer message, without right, including the introduction or
data and transmission of viruses
systems? (4) SYSTEM INTERFERENCE - intentional alteration or
reckless hindering or interference with the functioning of
a computer or computer network without right or
authority including the introduction of viruses
SECTION 4 (a) (5) MISUSE OF DEVICES – use, production, sale,
procurement, importation, distribution, or
What are the otherwise making available of a device or
password or any info to access any computer for
offenses
the purpose of committing cybercrimes
against the
confidentiality
(6) CYBERSQUATTING –
, integrity and acquisition of a domain
availability of name over the internet in
computer bad faith to profit, mislead,
data and destroy reputation, and
systems? deprive others from
registering the same
 (1) COMPUTER RELATED FORGERY – input, alteration,
SECTION 4 (b) or deletion of any computer data resulting in
inauthentic data with the intent that it be
What are considered or acted upon for legal purposes as if
Computer it were authentic; using forged data for dishonest
gain
Related
Offenses? (2) COMPUTER RELATED FRAUD – unauthorized input,
alteration or deletion of computer data or program or
interference in the functioning of a computer system,
causing damage thereby with fraudulent intent

(3) IDENTITY THEFT – use, production, sale,

procurement, importation, distribution, or otherwise
making available of a device or password or any info
to access any computer for the purpose of
committing cybercrimes
SECTION 4 (c)
(1)CYBERSEX – willful engagement, maintenance,
What are control, or operation, directly or indirectly, of
Content any lascivious exhibition of sexual organs or
sexual activity, with the aid of a computer
Related system, for favor or consideration.
Offenses?

(2) CHILD PORNOGRAPHY – any representation,

whether visual, audio or written combination
thereof, by electronic, mechanic, digital, optical,
magnetic or any other means, of child engaged
or involved in real or simulated explicit sexual
activities (RA 9775)
SECTION 4 (c) (3) LIBEL – public and malicious imputation of vice
or defect, crime, real or imaginary that can cause
What are the contempt, discredit or dishonor a person
Content Elements:
Related  Imputation of a crime, vice or defect, real or
Offenses? imaginary, or any act, omission, condition,
status or circumstance;
 Public
 Imputation is Malicious
 Directed at a Natural or Juridical Person or Dead
 Imputation tends to Dishonor, Discredit or
Contempt
 Imputation was made thru the use of Computer
System
 SECTION 5 (1) Aiding or Abetting in the Commission of Cybercrime
- willfully abets or aids in the commission of any of
the offenses enumerated in this Act shall be held
liable.

Other
Difference between ‘Aiding’ and ‘Abetting’
Offenses  Aiding – helping someone commit a crime
 Abetting – encourage or incite a criminal act;
though does not necessarily mean that you help or
facilitate its execution

(2) ATTEMPT IN THE COMMISSION OF CYBERCRIME – Any person who

willfully attempts to commit any of the offenses enumerated in this Act 
 VIOLATION IMPRISONMENT FINES
Sec 4 (a) – Offenses against the
Confidentiality, Integrity and Availability of
Computer Data and Systems; Prision Mayor (6 years and 1 day to Fine of at least
12 years) PhP200,000.00
Sec 4 (b) – Computer-Related Offenses

Sec 4 (a) – If committed against critical Reclusion Temporal (12 years and At least PhP500,000.00 up
infrastructure (e.g. transportation systems, 1 day to 20 years) to Max Amount
energy sectors, airports, Commensurate to the
telecommunication companies and Damage Incurred
manufacturing industries)

Sec 4 (c) (1) – Cybersex Prision Mayor At least PhP200,000.00

Sec 4 (c) (2) – Child Pornography
Sec 5 – Other Offenses
One degree higher than the
penalties imposed in RA 9775
One degree lower than the At least PhP100,000 but
prescribed penalty for the offense
not exceeding PhP500,000

41
RULE ON
CYBERCRIME
WARRANTS
42
 RULE ON CYBERCRIME
WARRANTS
(AM No. 17-11-03 SC)
 Took effect on August 15, 2018;
 Drafted by the Sub-Committee on
Commercial Courts as directed by the SC
Click icon to add picture  Scope: procedure for the application and
grant of warrants and related orders
involving the preservation, disclosure,
interception, search, seizure, and/or
examination, and destruction of
computer data as provided in RA 10175.
 Rule is Supplementary or Suppletory in
nature.
43
 Where to file an application for a Warrant?

It shall be filed by law enforcement authorities before any of the

designated cybercrime courts of the province or city where the
offense or any of its elements has been committed, is being
committed, or is about to be committed, or where any part of the
computer system used is situated, or where any of the damage caused
to a natural or juridical person took place

Cybercrime courts in Quezon City, the City of Manila, Makati City,

Pasig City, Cebu City, Iloilo City, Davao city and Cagayan de Oro City
shall have authority to act on applications and issue warrants which
shall be enforceable nationwide and outside Philippines.
44
Which court has jurisdiction on a Motion to Quash and
other Incidents that relate to the warrant?

It shall be heard and resolved by the court that subsequently

acquired jurisdiction over the criminal action.

Sec 2.3. Incidents Related to the Warrant When a Criminal Action is

Instituted – Once a criminal action is instituted, a MTQ and other
incidents that relate to the warrant shall be hear and resolved by
the court that subsequently acquired jurisdiction over the criminal
action. The prosecution has the duty to move for the transmittal of
the records, as well as transfer of the items’ custody to the latter
court.
45
Q: Who examines the applicant before issuing a warrant?
A: The judge must personally examine in the form of searching
questions and answers, in writing, and under oath, the applicant and
witnesses he may produce, on facts personally known to them and
attach to the record their sworn statements, together with the Judicial
Affidavits submitted.

Q: What is the effective period of warrants?

A: Effective for the length of time as determined by the court, which
shall not exceed a period of ten (10) days from its issuance. The court
issuing the warrant may, upon motion, extend its effectivity based
only on justifiable reasons for a period not exceeding ten (10) days
from the expiration of the original period.

46
Q: When can a law enforcer be subjected for Contempt?
A: (Sec. 2.6 Contempt) Failure to timely file the returns for any of the
issued warrants under the Rule or to duly turn-over to the court’s
custody any of the items disclosed, intercepted, searched, seized,
and/or examined, shall subject the responsible law enforcer to an
action for contempt.

Q: When is there Obstruction of Justice under RA 10175?

A: Willful and deliberate failure to comply the provisions of Chapter
IV of RA 10175 specifically orders from law enforcement shall be
punished as a violation of PD 1829 or ‘Penalizing Obstruction of
Apprehension and Prosecution of Criminal Offenders’.

47
Q: Where to file the criminal charge for Obstruction of Justice?
A: The criminal charge for Obstruction of Justice shall be filed
before the designated cybercrime court that has jurisdiction over
the place where the non-compliance was committed.

Q: How is Extraterritorial Service of Warrants and other Court

Processes made?
A: (Sec. 2.8) It shall be coursed through the DOJ – Office of the
Cybercrime, in line with all relevant international instruments
and/or agreements on the matter. It usually covers service
providers e.g. Smart, Globe and other internet providers.

48
 Sec 4 -
DISCLOSURE Sec 3 -
OF COMPUTER PRESERVATIO
DATA N OF
COMPUTER
Sec 5 - DATA
INTERCEPTION
POWERS OF LAW
OF COMPUTER ENFORCEMENT
DATA AUTHORITIES IN RELATION
TO CYBERCRIME
WARRANTS Sec 6 – SEARCH, SEIZURE
Sec 6.9 – EXAMINE AND EXAMINATION OF
COMPUTER DATA COMPUTER DATA

 LEA may order a one-time extension
for another 6 months. Provided, once
computer data that is preserved,
Click icon to add picture
transmitted or stored by a service
provider (SP) is used as evidence in a
case, the receipt by the SP of a copy of
the transmittal document to the Office
of the Prosecutor shall be deemed a
notification to preserve the computer
data until the final termination of the
case and/or ordered by the court.
Sec. 3 PRESERVATION OF
COMPUTER DATA
 The integrity of traffic data and
subscriber’s information shall be
kept, retained and preserved by a
service provider for a minimum
of six (6) months from the date
of transaction.
 Content data shall be preserved
for 6 months from the date of
receipt of the order from LEA
requiring its preservation.
 Shall be preserved with
confidentiality. 50
Q: What is Traffic Data?
A: Refers only to the communication’s origin, destination, route,
time, date, size, duration, or type of underlying service, but not
content or identities

Q: What is Content Data?

A: Refers to the content of the communication, the meaning or
purported meaning of the communication, or the message or
information being conveyed by the communication, other than
traffic data.

51
Q: What is a Service Provider?
A: Refers to (a) any public or private entity that provides users of
its service the ability to communicate by means of a computer
system; and (b) any other entity that processes or stores
computer data on behalf of such communication service or users
of such service;

The term service provider is understood to include any service

provider offering its services within the territory of the Philippines,
regardless of its principal place of business.

52

 A person or SP may be ordered to
Click icon to add picture
Sec. 4 DISCLOSURE OF
COMPUTER DATA
disclose or submit subscriber’s
information, traffic data or
relevant data in his/her or its
possession or control within 72
hours from receipt of the order in
relation to valid complaint
officially docketed and assigned
for investigation and the
disclosure is necessary and
relevant for the purpose of
investigation.
53
FOUR TYPES OF CYBERCRIME WARRANTS

WARRANT TO DISCLOSE COMPUTER

DATA (WDCD)

WARRANT TO INTERCEPT COMPUTER DATA

(WICD)

WARRANT TO SEARCH, SEIZE AND

EXAMINE COMPUTER DATA (WSSECD)

WARRANT TO EXAMINE COMPUTER DATA

(WECD)

54
 (1) WARRANT TO DISCLOSE COMPUTER
DATA (WDCD)

Q: What is a WARRANT TO DISCLOSE COMPUTER DATA (WDCD)?

A: An order requiring any person or SP to disclose or submit subscriber’s
information, traffic data or relevant data in his/her or its possession or
control
Q: How many hours should the disclosure or submission be made?
A: 72 hours from receipt of the order
Q: Can a WDCD be issued anytime?
A: No. WDCD can only be had when there is valid complaint officially
docketed and assigned for investigation and the disclosure is necessary
and relevant for the purpose of investigation.
55
Q: What is the purpose of a WDCD?
A: It allows an authorized law officer to retain a copy of the disclosed
data or subscriber’s information, provided that the details are kept
strictly confidential and the retained copy shall be labelled.

Q: What does a WDCD contain?

A: probable offense involved; relevance and necessity of the computer
data sought to be disclosed; names of individuals/entities whose CD
or SI are sought to be disclosed, including those who have control,
possession or access thereto; particular description of the CD and SI;
place where the disclosure of the CD or SI is to be enforced; manner or
method of disclosure; and other relevant information that will
persuade the court that there is probable cause to issue a WDCD

56
Q: What does a LEA do upon securing a WDCD?
A: The LEA shall issue an order requiring any person or SP to disclose or
submit SI, traffic data or relevant data in his/her possession or control
within 72 hours from receipt of the order in relation to a valid complaint
docketed and assigned for investigation and disclosure is necessary and
relevant for the purpose of investigation.

Q: When is return on the WDCD be made?

A: Within 48 hours from implementation or after the expiration of the
effectivity of the WDCD, whichever comes first, the LEO shall submit a
return on the WDCD to the court that issued it and simultaneously turn
over the custody of the disclosed computer data or SI thereto.

Q: What does the judge pertaining the warrant?

A: The issuing judge ascertain if the return has been made, if none, to
summon the LEO and require him to explain why no return was made
57
Q: Can LEO retain a copy of the disclosed CD or SI?
A: Yes, for case build-up or preliminary investigation purposes, without
need for court intervention; provided, details are strictly made
confidential and retained copy is labelled.

Q: When happens to the retained copy if an action has been instituted in

court?
A: It shall be turned-over to the court where the action has been
instituted, or if no criminal action has been filed, and shall be
simultaneously destroyed or returned to its lawful owner or possessor
together with the CD or SI that was originally turned-over to the issuing
court. (para 3 sec 8.2)

Q: What does the judge do upon return of the warrant?

A: The issuing judge ascertain if the return has been made, if none, to
summon the LEO and require him to explain why no return was made
58
 WARRANT TO INTERCEPT COMPUTER
DATA (WICD)

Q: What is a WARRANT TO INTERCEPT COMPUTER DATA (WICD)?

A: It authorizes the LEA to carry out any or all of the ff activities: (a)
listening to; (b) recording, (c) monitoring, or (d) surveillance of the
content of communications, including procuring of the content of
computer data, either directly, through access and use of a computer
system or indirectly, through the use of electronic eavesdropping or
tapping devices, at the same time that the communication is occurring.
Q: When is return on WICD be made?
A: Within 48 hours from implementation or after the expiration of the
effectivity of WICD which shall be attached to the NOTICE
59
 WARRANT TO INTERCEPT COMPUTER
DATA (WICD)

Q: What is NOTICE?
A: It is the duty of the LEO to notify the person whose communication or
computer data have been intercepted of the activities conducted
pursuant to the WICD within 30 days from filing of return, or if no return,
from the lapse of 48 hr period to file return
Q: What does a Notice contain?
A: Details of the interception activities including the contents of the
intercepted communication or computer data
Q: Can the subject person challenge the legality of the interception?
A: Yes, within 10 days from notice by motion
60
 (3) WARRANT TO SEARCH, SEIZURE AND EXAMINATION OF
COMPUTER DATA (WSSECD)

Q: What is a WARRANT TO SEARCH, SEIZURE AND EXAMINATION OF

COMPUTER DATA (WSSECD)?
A: It is an order in writing issued in the name of the PPL of the Philippines,
signed by a judge, upon application of LEA, authorizing the latter to search
a particular place for items to be seized and/or examined.
Q: What are the contents of a WSSECD?
A: Contents are similar to WDCD, except that the subject matter is the
computer data sought to be SSE and all other items relative thereto. It
should also contain an explanation of the search and seize strategy to be
implemented , including a projection of whether or not an off-site or on-site
search will be conducted, taking into account the nature of the computer
data involved, the system’s features and other relevant circumstances.
61
Q: What is ON-SITE and OFF-SITE PRINCIPLE?
A: General Rule – taking of forensic image of the computer data and
the search, if circumstances allow, shall be limited to the place
specified in the WSSECD. Off-Site search is where law enforcer
searches the computer outside the place to be searched.

Q: What is Computer Data?

A: Refers to any representation of facts, information or concepts in a
form suitable for processing in a computer system, including a
program suitable to cause a computer system to perform a function,
and includes electronic documents and/or electronic data messages
whether stored in local computer systems or online

62
Q: What is Off-Site Search?
A: refers to the process whereby LEA, by virtue of WSSECD, are
allowed to bring the computer device and/or parts of the computer
system outside the place to be searched in order to conduct the
forensic examination of the CD subject of the warrant; provided, there
is justifiable cause and must be explained in the initial return for
resorting to such mode

Q: What is On-Site Search?

A: refers to the process whereby LEA, by virtue of WSSECD, obtains
the computer data for forensic examination without the need of
bringing the related computer device and/or parts outside the place
to be searched

63
Q: What is the INITIAL RETURN required in the enforcement of
WSSECD?
A: An initial return must be filed within 10 days from the issuance of
the WSSECD stating all the actions of the law enforcement . The court,
through an order, will set the period to conclude the examination of
all the items seized, which may not exceed 30 days, upon motion, for
justifiable reasons.

Q: What is FINAL RETURN?

A: Final return must be filed, along with the turn-over the custody of
the seized data within 48 hrs after the expiration of the period to
examine.

64
Q: What is Forensic Image?
A: also known as forensic copy, refers to an exact bit-by-bit copy of a
data carrier, including slack, unallocated space and unused space

Q: What is Forensics?
A: refers to the application of investigative and analytical techniques
that conform to evidentiary standards for use in court

65
 (4) WARRANT TO EXAMINE COMPUTER DATA (WECD)

Q: What is a WARRANT TO EXAMINE COMPUTER DATA (WECD)?

A: Warrant to search the computer device or computer system, which was
previously seized via lawful warrantless arrest, for the purpose of
obtaining the forensic examination of the computer data contained
therein.

Q: What are the other acts that may be conducted during the
implementation of WECD?
A: Interception of communications and computer data may be likewise
conducted

66
CUSTODY AND
DESTRUCTION OF
COMPUTER DATA
67
Q: Where shall the seized computer data be deposited?
A: All computer data subject to cybercrime warrants shall be
simultaneously deposited in a sealed package with the same court
that issued the warrant upon the filing of the return for a WDCD or
WICD or final return for a WSSECD or WECD, accompanied by a
complete and verified inventory of all the other items seized and by
the affidavit of the LEO containing: date and time of operation,
particulars of the subject computer data, manner, detailed
identification of all items seized, names and positions of LEOs who
have access to the computer data from the time of its seizure until the
termination of the examination, name of LEO who may be allowed to
access the deposited data and certification that no duplicates or
copies of the whole or any part thereof have been made.

68
Q: What is the duty of the Prosecutor when a criminal action is instituted?
A: Prosecutor should move for the transmittal of the records as the
transfer of the intercepted, disclosed, searched, seized and/or examined
computer data and items including the inventory thereof, to the court
that subsequently acquired jurisdiction over the criminal action. The
motion shall be filed before the court that issued the warrant within 10
days from the time the criminal action is instituted and shall be acted
upon by the court within a period of 5 days.
Q: How is the turned-over computer data accessed and used?
A: By a motion duly granted by the court, which shall state the relevance
of the computer data and the names of persons who will be allowed to
have access thereto. The motion shall include proof of service of copies to
the person whose CD is the subject of the motion, the latter shall be
given 10 days to file a comment which the court shall rule on the motion.
69
Q: How is destruction or return of computer data made in the custody
of the court when a criminal action is instituted?
A: Upon motion and due hearing, the court may, for justifiable
reasons, order the complete or partial destruction, or return to its
lawful owner or possessor, of the computer data or any of the related
items turned over to its custody.

70
Q: How is destruction or return of computer data made when there is no
criminal action instituted or no preliminary investigation is made?
A: The court may, motu proprio, and upon written notice to all of the
parties concerned, order the complete and partial destruction, or return
to its lawful owner or possessor, the computer data turned-over to its
custody after 31 days from their deposit, or if PI has been instituted
within the period, upon finality of the prosecutor’s resolution finding lack
of probable cause. The destruction shall be witnessed by the Branch
Clerk-of-Court. Said COC shall issue a sworn certification as to the fact of
destruction and file said certificate with the same court.

71
 GOOD LUCK!
THANK YOU

Neal Creative ©