CHAPTER 1

• Digital Natives - in that they were brought into a world that was already digital,
spend large amounts of time in digital environments, and use technological
resources in their day-to-day lives.
• Digital Immigrants - are those who were born prior to the creation of the Internet
and digital technologies. These individuals quite often need to adapt to the digital
environment, which changes much more rapidly than they may be prepared for
otherwise.
• Cyberspace - refers to indefinite place where individuals transact and
communicate. It is the place between places.
• digital evidence - refers to digital information that may be used as evidence in a
case.
- digital evidence - refers to information and data of value to investigation that
is stored on, received, or sent by a digital device or attachment Accordingly,
digital evidence has the following features:
• ephemeral electronic communication - refers to telephone conversations, text
messages, chatroom sessions, streaming audio, streaming video, and other
electronic forms of communication the evidence of which is not recorded or
retained
• Computer forensics - is the use of scientifically derived and proven methods
toward the preservation, collection, validation, identification, analysis,
interpretation, documentation and presentation of digital evidence derived from
digital sources for the purpose of facilitating or furthering the reconstruction of
events found to be criminal
- computer forensics is a branch of the forensic sciences, refers to the
investigation and analysis of media originating from digital sources to uncover
evidence to present in a court of law.
- computer forensics as the science of locating, extracting, and analyzing types
of data from different devices, which specialists then interpret to serve as legal
evidence.
• digital forensics - as the application of computer science and investigative
procedures for a legal purpose involving the analysis of digital evidence after
proper search authority, chain of custody, validation with mathematics, use of
validated tools, repeatability, reporting, and possible expert presentation.
- digital forensics is the process involved in the collection, protection,
documentation, validation, analysis, and presentation of digital evidence,
 obtained from computerized sources and by the application of established
scientific method.
• digital forensics investigators are performing "digital investigative analysis". To
break this title down, digital because it is all forms of electronic information from
computers to phones to game systems to servers, gaming console, etc.
• investigative - because they are not just pushing a button, they are investigating
what happened on that computer and asking the digital evidence questions.

ABRIDGED HISTORICAL BACKGROUND OF CYBERCRIMES

1. computer-related crime -illegal behaviors in which one or more computers were
helpful but not necessary to commit a criminal act.
2. computer crime - behaviors for which one or more computers were required to
commit a consummate criminal act.
3. computer abuse - use of computers in ways that cause harm to individuals, groups, or
organizations, that may also violate established policies or procedures, but do not rise to
the level of violating existing crime laws.
4. IT-enabled deviancy - behaviors involving use of computerized or
telecommunications devices in ways that violate social norms.

Hierarchy of Contemporary Cybercriminals

1. Script kiddies, also known as skidiots, skiddie, or Victor Skill Deficiency (VSD -
are the lowest life form of cybercriminal. The term is a derogatory one used by
more sophisticated computer users to refer to inexperienced hackers who employ
scripts or other programs authored by others to exploit security vulnerabilities or
otherwise compromise computer systems.
Note: Deep throat - is a hacker's remote administration tool, much like the infamous
Back orifice and NetBus tools. Deep throat allows a hacker to access data and gain
control over some Windows functions on remote system.
2. Cyberpunks - is an innocuous term which has been hotly contested by First
Amendment advocates but has been used by law enforcement officials to refer to
individuals' intent on wreaking havoc via the Internet
3. Cybercriminal organizations - are those groups comprised of criminally minded
individuals who have used the Internet to communicate, collaborate, and facilitate
cybercrime.
 4. Hackers or crackers - are those who target data which is valuable on its face
(e.g., trade secrets and proprietary data) or directed at data (e.g., credit card data)
which may be used to further other criminal activity.
Note:
• Hack involves the modification of technology, such as the alteration of computer
hardware or software, to allow it to be used in innovative ways, whether for
legitimate or illegitimate purposes
• Hacker is defined as a computer user who seeks to gain unauthorized access to a
computer system.
• Cracking -An attempt to gain unauthorized access to a computer system to
commit another crime, such as destroying information contained in that system.
Types of Hackers
1. White-hats - have the knowledge and skills that would enable them to function in the
same way as black-hats, but they decided to be on the right side of the law. To this end,
they often cooperate with the authorities and companies and work with them to combat
cybercrime.
2. Black hats - (as the very name suggests that they) are hackers who commit illegal acts,
and their main purpose is to harm information systems, steal information, etc.
3. Gray-hat hacker - A group of hackers that falls between black- and white-hat hackers
who have shifting or changing ethics depending on the specific situation.
4. Hacktivists - accounted for most of all compromised records in 2011. The term
hacktivism emerged in the 1990s when the Cult of the Dead Cow hacker collective
coined the term to describe their actions. In contemporary parlance, the term is used to
describe technological social movements.

Common Motivation of Cybercriminals

1. Revenge
An attacker may commit a criminal offense against a company after a
perceived injustice against themselves. The attacker may be a current or former
employee, a competitor, or an issue-motivated group
2. Opportunity
In the instance of an internal employee, there may be no initial motivation
by the employee to commit any form of crime against their employee.
 3. Greed
Greed is a common motivator for the criminal, whether internal or external
to the company. The potential to enrich their lives at the expense of others is an
enticing option to them, with little to no concern as to the damage they do to
others.

4. Test of Skill
Some cyber criminals may commit technical attacks against others as a
training exercise to develop their skills for a more financially lucrative attack.
They may also use these attacks to advertise their skill set and their successful
system compromises to build their credibility on cybercriminal websites.

5. Business Competitor
The marketplace can be a very aggressive environment for businesses, with
each placing an emphasis on developing a strategic advantage.

6. Professional Criminal
The professional criminal's motivation is seeking personal financial
advantage. The attack is rarely personal and the attack on the target company is
nothing more than a business venture to make money.
7. Terrorism
With the world being connected, the opportunity exists for persons in
remote locations to target the critical infrastructure of an entity they wish to cause
extreme harm to.
8. Geopolitics
A state actor is a government agency or aligned group who conducts cyber
activities on behalf of that government.

TOOLKIT OF CYBERCRIMINALS
1. Malwares or malicious software - refers to code that causes damage to computer
system.
A. Backdoor - is a type of malware that is used to get unauthorized access to a
website by the cybercriminals.
 B. Trojan horses - type of malware that tricks the computer user into thinking that it
is legitimate software, but actually contains hidden functions.

C. Virus - is a software program that is designed to spread itself to other computers

and to damage or disrupt a computer, such as interrupting communications by
overwhelming a computer's resources.

D. Computer Worm - are unique form of malware that can spread autonomously,
though they do not necessarily have a payload.

E. Bundlers - malware which is hidden inside what appears to be legitimate software

or download. Containers often include gaming software, freeware, image or audio
files, or screensavers.

F. DoS (Denial of Service)

- Denial of Service (DoS) Attack - An attempt to prevent users of a particular
service from effectively using that service. Typically, a network server is
bombarded with authentication requests; the attack overwhelms the resources
of the target computers, causing them to deny server access to other computers
making legitimate requests.
- Distributed Denial of Service (DDoS) Attack occur when a perpetrator seeks
to gain control over multiple.
G. Botnet and Zombie (Bots) - are compromised computers attached to the Internet
which are often used to remotely perform malicious or criminal tasks. They are often
used in large batches, and the majority of owners of zombie computers are unaware of
their usage.
H. Spyware - a type of malware that enables the remote monitoring of a computer
user's activities or information on an individual's computer where this software has been
installed.
- Keyloggers - a type of spyware that records every keystroke of the user and
reports this information back to its source.
- Sniffer - a type of software that is used to monitor and analyze networks, but can
also be used to collect individuals' usernames, passwords, and other personal information.

2. Phishing - means the solicitation of information via e-mail or the culling of individuals
to fake Web sites.
 a. Spoofing - is a type of scam in which criminals attempt to obtain someone's
personal information by pretending to be a legitimate business, a neighbor, or some other
innocent party.
b. Pharming - is an advanced form of phishing, which redirects the connection
between an IP address (i.e., consumer seeking legitimate site) and its target serve (i.e.,
legitimate site).
c. Redirectors - are malicious programs which redirect users' network traffic to
undesired sites. According to the Anti-Phishing Working Group, utilization of traffic
redirectors and phishing- based keyloggers is on the increase.
d. Advance-fee fraud or 419 fraud - some individuals will willingly divulge
personal and financial information to strangers if they believe that a large financial
windfall will soon follow. This fraud is accomplished when an e-mail message is
distributed to a victim which asks the recipient for his claiming "found" money.
e. Floating windows - phishers may place floating windows over the address bars
in Web browsers.

CHAPTER 2

BASIC PARTS OF COMPUTER

As computing devices get sleeker and more compressed to save space, it gets
harder for most users to conceptualize all the diferent parts that make it perform so
many functions.
1. Case
2. Power supply
3. Motherboard
4. Processor or Central Processing Unit
5. Memory
6. Persistent Memory
7. Interfaces for input and output with user
8. Physical ports
9. External storage, servers, and more

1. Case
Computers would not last long without a case because it protects the internal
components from damage, dirt, and moisture. But beyond holding the guts of the
computer, the case is an important facet of the device. The case provides the interface
between the device, the user, and the outside world. For example, a case might include a
view-only screen, touch screen, keyboard, microphone, as well as physical ports for a
keyboard, monitor, mouse, power supply, and data exchange.
2. Power source
Computers need electricity to operate, and that means they need power from an
internal battery, from an electrical outlet, or both. Portable devices like laptops, tablets,
and smartphones rely upon battery power, with periodic charging.
3. Motherboard
The motherboard is an important computer component because it is where
everything else connects to. The motherboard is a decently sized circuit board that lets
other components communicate.
4. Processors (Central Processing Unit)
The work of a computer is done through computer processors, also known as
central processing units (CPUs). These are computer chips, or groups of chips, that do the
thinking (the massive number of binary calculations) of the computer necessary to run all
programs.
5. Memory (ROM and RAM)
a. Read-Only Memory (ROM)
Read-only memory computer chips store firmware programs that holds the
instructions to power up or boot, the computer to control the DVD drives, hard
disk drives and graphic cards. ROM also known as flash memory and is
considered non-volatile memory.
b. Random Access Memory (RAM)
A computer relies on a type of memory - known as temporary or volatile
storage to perform most functions. This volatile storage is also called Random
Access Memory (RAM).
6. Persistent storage (HDD/SSD)
Persistent (long-term) storage holds data stored in the computer even after
the power is disconnected. Persistent storage mechanisms include hard disk drives
(HDD) and solid-state drives (SSD). HDDs were the standard method for
persistent data storage for many years. These drives have spinning disks or platters
 divided into smaller sectors, then ultimately into bit-sized storage units, each of
which holds a magnetic charge holding the bit value.
- SSDs are a newer type of storage drive. These drives do not have any moving
parts, but rather are computer chips that store the data as electrical charges.

7. Interfaces for input and output with user

Users (whether a victim, evidence gatherer, or cybercriminal) must be able
to communicate with computers. Users send and receive information to computers
through mechanisms like the keyboard, mouse, monitor, microphone, and
speakers.
8. Network interface controller (NIC) for Communicating with other Computers
Computers also need to be able to communicate with one another, and this
communication is principally accomplished through a network interface controller
(NIC). This controller used to be called a network interface card, because it was a
separate card plugged into the computer's motherboard, but today this function
typically is integrated with the computer motherboard.
9. External storage, and servers
Beyond a computer's internal storage, a user store data by might store
connecting to external storage devices and other computers. Some common
external storage devices are external hard drives, flash drives (thumb drives), or
more complicated storage devices, such as network-attached storage, servers like
google drive, Microsoft, and iCloud for Macintosh.
10. Computer Software
According to Britz (2013), computer software refers to a series of instructions
that performs a particular task. More specifically, software is the interpretation of binary
byte sequences represented by a listing of instructions to the processors. Computer
hardware is useless without software as it cannot move, manipulate data, or receive input.
Without instructions, hardware is just an oversized paperweight-having no known tasks,
functions, or capabilities. Software is not only necessary to tell the components within a
system what to do and how to act, it is also necessary to tell it how to interact with user.
There are main types of software or instruction sets.
a. Boot sequence instructions - refers to the series of steps taken by a computer
immediately upon powering on which are necessary before it is usable.
b. Operating System (OS) - is a piece of software that runs user applications and
provides an interface to the hardware. Traditionally, almost all personal
computers except for Macintosh products contained some version of DOS.
c. Application software - application software is prepackaged
instructions which allow users to perform a variety of functions, including but
not limited to word processing, statistical analysis, and the like. In fact,
existing software packages are all but limited to a user's imagination. Among
other things, individual users can play games, create masterpieces, file taxes,
and develop house plans.

ANSWER AND QUESTIONS:

1. These are people who grew up into a world that was already digital and
spend a large amount of their lives in cyberspace.
a. Millennials c. Gen X
b. Digital immigrants d. Digital natives

2. The action of modifying technology, like alternation of computer hardware

or software, to allow to be used in innovative ways whether for legitimate or
illegitimate purposes.
a. Crackers c. Skidiots
b. Cybercriminals d. White hats

3. What law enacted the cybercrime prevention act of 2012?

a. RA 10364 c. RA 9775
b. RA 9208 d. RA 10175

4. International cooperation to prevent and suppress the proliferation of

cybercrime needs mutual assistance. What treaty is entered into by members of
the Budapest Convention against cybercrimes?
a. Extradition treaty
b. Mutual Legal Assistance Treaty
c. International Justice
d. National Legal Cooperation Treaty
5. They are considered the lowest life form of cybercriminals because of
their___
a. Brute skills in hacking
b. Use scripts authored by others to exploit
c. Destructive action
d. Cyberpunks security vulnerabilities of computer

6. Of the following, which country is NOT a member of the G8 nations?

a. Australia c. Russia
b. Canada d. Japan

7. A government agency designated as the central authority in all matters that

related to MLAT.
a. NBI c. PNP
b. DOJ d. Ant-Cybercrime Group

8. These are people who specialized in the examination of computer data to

prove the guilt of suspected cybercriminals are appropriately called ____.
a. Cybercops c. Digital Forensic Analysts
b. Cyber Investigators d. Computer investigator

9. An attack attempts to prevent users for particular service from effectively

using that service is called.
a. Botnet and zombies attack c. Denial of service
b. Spyware d. Keyllogers

10. He is considered the creator of the 1st internet worm in 1988.

a. Robert Morris Jr.
b. Richard Greenblatt
c. Kevin Poulsen
d. Tom Knight

11. These are people who were born before the creation and widespread use of
the internet and digital technologies.
a. Millennials c. Gen Z
b. Digital immigrants d. Digital natives

12. It refers to any criminal activities which has been committed through the
use of internet and/or computer.
a. Digital crime c. Internet fraud
b. Online Scam d. cyberspace crime

13. It is the continuous process of searching for evidence and leads in

cyberspace.
a. Cybercrime c. Cybercrime investigation
b. Online investigation d. Cyber terrorism

14. The interactional environment created by linking computers together into a

communication network.
a. Cyberspace с. ІСТ
b. Virtual environment d. Computer world

15. He is considered the creator of the 1st ramsonware called the "AIDS
Trojan"in 1989.
a. Kevin Mitnick c. Joseph Popp
b. David Smith d. Kevin Poulsen

16. Computer data collected and examination by digital forensic investigators

are called___
a. Evidence b. Real evidence
c. Digital evidence d. Ephemeral evidence

17. It is the science of locating, extracting, and analyzing different types of

data from digital devices.
a. Cybercrime investigation c. Investigation
b. Computer forensics d. Forensics

18. The following are NOT the key elements computer forensics, EXCEPT:
a. Collection and preservation c. Investigation
b. Ephemeral d. Prosecution

19. He who discovered that the whistle included in the box of Cap'n Crunch"
can be used to hack the telephone system of AT&T in the 1970s.
a. John Mitnick c. John Draper
b. Allan Kotok d. Robert Morris Jr.

20. It refers to code that causes damage to computer system.

a. Virus b. Backdoor
c. Trojan horses d. Malicious software
21. In computers, it is considered the smallest piece of data and has two
possible electrical states, 1 or 0.
a. File c. Data
b. Bit d. Sector

22. A type of computer software that allows unit to take various steps upon
powering.
a. Bootstrap c. Sequencer
b. Power on instruction sequencer d. Computer

23. Microsoft Excel is an example of:

a. Operating System c. Boot sequence
b. Application software d. Computer program

24. Digital evidence can easily be destroyed or cannot be seen because these
type of communication of data are called in the legal sense as:
a. Latent c. Electronic
b. Inside the computer d. Ephemeral

25. A keyboard is used to communication with the computer and is an example

of a:
a. Input device c. Program
b. Operating system d. Input device

26. The character encoding standard for electronic communication is called

a. Bit c. Hex
b. ACSII d. ASCII

27. RAM contains volatile data because:

a. The data are too complex to be process by the computer without human
intervention.
b. The data are easily destroyed because it is not in the computer but on the
internet.
c. The data are temporarily kept for faster processing and needs power to
function properly.
d. The data are recorded in binary and cannot be contained in the memory.

28. A part of the computer that acts as the interface between the device, the
user and outside world.
a. Power source b. Motherboard
c. Case d. Processor

29. The name "Juanito Dela Cruz" is equivalent to how many bytes and bits?
a. 17 bytes or 142 bits c. 15 bytes or 120 bits
b. 15 bytes or 128 bits d. 17 bytes or 136 bits

30. The piece of software that runs the specific applications and provides an
interface to the hardware components.
a. Application c. Operating system
b. Program d. Command

31. It is considered as the basic language of computers.

a. Binary c. decimal conversion
b. Electrical signalization d. ACSII

32. The part of the computer where all other computer components are
connected.
a. RAM c. Circuit board
b. Motherboard d. Processor

33. A part of the computer responsible for all the commands executed by the
computer.
a. ROM b. RAM
c. Processor d. Storage

34. This is a storage device wherein there no moving parts and all data is save
in computer chips.
a. HDD c. SHD
b. SSD d. HSSA

35. This type of memory enables the CPU to communicate with the hard disk
and the input/output devices that are attached to the computer.
a. Processor c. ROM
b. BIOS d. SSD

36. For computers to be able to communication with one another via the
internet using the ___.
a. Network connection c. Network Interface controller
b. Internet adapter d. Router
37. When powering a computer, the OS is loaded into the _____ from the
devices long-term memory.
a. ROM c. Hard drive
b. CPU d. RAM

38. The speed of the processor is determined by rate of the:

a. Size of the processor c. Power
b. Bit rate d. Hertz

39. A memory that is an important part of the basic input/output system.

a. Flash memory c. RAM
b. Processor d. Hard drive

40. This refers to the set of instructions written in a programming language.

a. Software c. Program
b. Object code d. Source code

ANSWER KEY:
1. D 21. B
2. A 22. A
3. D 23. B
4. B 24. D
5. B 25. A
6. A 26. B
7. C 27. C
8. C 28. C
9. C 29. C
10. A 30. C
11. C 31. A
12. A 32. D
13. C 33. C
14. A 34. B
15. C 35. B
16. C 36. C
17. B 37. D
18. B 38. D
19. C 39. A
20. A 40. D