Reflections

The module Principles of Digital Forensics and Cyber Law was introduced by an overview of the definitions of legislation and forensic measures, as well as the implications and limitations of cybercrime law and its importance in the context of criminal prosecution. While the definition of cybercrime can be clearly defined, it was interesting for me to see that the national legal situation differs within continents and international criminal prosecution is not optimal. Although the development of the last two decades has shown great progress in terms of improved legal bases, due to globalization and the associated potential for cyber crimes, it seems difficult to implement appropriate criminal prosecution. The consideration of the challenges of combating cybercrime in the context of the technical, legal, ethical and operational dimensions was also an insight-expanding consideration. The e-portfolio activity 1 (see Artefacts), which dealt with the question of what law is, could create an understanding of how legislation came about in the historical development and what were the driving forces for the development of the legal bodies known in the western world were and are (Conor, 2019). Also, looking at these in different nations has helped highlight similarities and differences to determine which dynamics contributed (Zeno-Zencovich, 2017). A particularly interesting finding has turned out to be that the linguistic definition of law in everyday language can certainly differ. While the word law anticipates the legal basis for jurisprudence in the widest possible use, Espinosa (2018) uses the term law in the context of a scientific definition of a term. Here the term is used as a synonym for a rule or principle. This shows that the term law can be defined and understood in different ways. While both terms are subject to the stigma that they characterize an instruction that should be followed, the scientific term law implies a fundamental causal connection, while the legal term law characterizes humanistic constructs of social coexistence. This vagueness of the term should be taken into account in future considerations, otherwise it can lead to confusion.

• Conor, G. (2019) What is Law. The British Academy Blog. Available from: https://www.thebritishacademy.ac.uk/blog/what-is-law/ [Accessed 11 August 2022].
• Espinosa, N. (2018) The Five Laws of Cybersecurity. Available from: https://www.youtube.com/watch?v=_nVq7f26-Uo [Accessed 11 August 2022].
• Zeno-Zencovich V. (2017) Comparative Legal Systems. A Short Introduction. Roma Tre Press: Roma. Available from: https://papers-ssrn-com.uniessexlib.idm.oclc.org/sol3/papers.cfm?abstract_id=2982232 [Accessed 11 August 2022].

The subject of this unit was the legal consideration of criminal prosecution in cyberspace, how digital evidence must be secured in order to meet forensic standards and what rights private individuals have in this context. The evaluation of the fourth and fifth principles of American law regarding the protection of the privacy of individuals was very interesting as an exemplary analysis of legal bases for the collection of digital evidence. It was easy to emphasize here that the digital gathering of evidence is in a certain conflict with the right to privacy and that digital media may only be secured and evaluated if there is clear evidence (Holt et al., 2022). Very similar legal bases can be found in all western countries. However, there are also countries that legally require active help for the evaluation of data from their citizens. For example, people in Malaysia and India are obliged to allow access to their encrypted digital data in the event of suspicion, otherwise they could be liable to prosecution (Holt et al., 2022). The comparison of forensics in the analogue space and in the digital space was revealing, since it was able to emphasize the great similarities and general principles that are to be applied to both spaces of forensics. It was also easy to see that the principles according to which digital forensics work are not really new structures, but are based on forensics principles that have been developed for a long time (Pollit, 2008).

• Holt, T., Bossler, A. & Seigfried-Spellar, K. (2022) Cybercrime and Digital Forensics. Routedge, New York. Available from: https://essexonline.vitalsource.com/reader/books/9781000553406/epubcfi/6/52[%3Bvnd.vst.idref%3Dchapter16]!/4/2/2/2[chapter16]/6/1:0[%2C16 [Accessed 20 August 2022].
• Pollitt, M. (2008) Applying traditional forensic taxonomy to digital forensics. IFIP International Conference on Digital Forensics. Springer, Boston. Available from: https://link.springer.com/chapter/10.1007/978-0-387-84927-0_2 [Accessed 21 August 2022].

The aim of this unit was to gain insights into forensic processes and to examine them in the context of the legal framework. When looking at the standardized forensic processes historically, it is striking that they are based on principles that were developed in the early 20th century, the Locard's principles named after Edmond Locard. The principle states that with every crime, information about the course of the crime and the offender remains, which must be carefully examined, archived and put into context (DeBacco University, 2019). While various digital forensic models have been developed and presented since the 21st century, basic steps in the forensic process can be recorded. These are: acquisition of the evidence, preservation and storage, authentication process and analysis of the evidence. What is striking when considering the respective models is that they are based on a linear structure, which is based on the principle of thesis formation and subsequent validation. This can be traced back to the legal framework in which digital forensics takes place. Since investigations may only take place if there is initial suspicion, forensic investigations may only take place within this framework and with the aim of finding evidence for this explicit crime. The principle of proportionality must be observed here. Corresponding hardware may only be examined if there are sufficient indications that justify the examination of digital media; a general examination without prior reasonable suspicion is unlawful. During the gathering of the evidence during the course of the forensic procedure, it must be ensured at all times that no changes are made to the digital evidence. The conscientious archiving of the original data, the replication and the proof by SHA key, for example, is of central importance, so that evidence must also be used in criminal proceedings against the accused. The burden of proof lies with the investigators. In the legal sense, this can be traced back to the principle: "in dubio pro reo" (in case of doubt for the accused) (Alexy et al., 2019). The question was also raised as to whether the legal basis on which cybercrime is prosecuted meets the demands of today's digital criminal prosecution due to technical progress. An in-depth investigation can be found in the e-Portfolio Activity 2: Computer Forensics – The Investigative Process under Artefacts.

• Alexy, L., Fishan, A., Hähnchen, S., Mushoff, T. & Trepte, U. (2019) Das Rechstslexikon. Begriffe, Grundlagen, Zusammenhänge. Bundeszentrale für politische Bildung, Bonn. Available from: https://www.bpb.de/kurz-knapp/lexika/recht-a-z/323568/in-dubio-pro-reo/ [Accessed 24 August 2022].
• DeBacco Univeristy (2019) Locard’s Exchange Principle. Available from: https://www.youtube.com/watch?v=otIIqmPaGf8 [Accessed 24 August 2022].

In this unit, the implications and limitations of digital evidence gathering were discussed. The Collaborative Discussion 1 on Graosky's thesis (2001): "Virtual Criminality: Old Wine in New Bottles?" has also ended. While the previous unit discussed various models of digital forensics, this unit focused on a closer look at the individual steps involved in collecting evidence through digital forensics and challenges in this process. It was particularly striking that the collection of digital evidence is based on a linear forensic process and that there is little doubt as to its effectiveness. Compared to the SDLC, which has been further developed as a result of historical development and has developed into a dynamic process to break up the linear procedure, the forensic procedure of digital evidence preservation is subject to the prevailing conviction that a linear process should be pursued (ISO, 2012). This is determined by the use of the digital evidence. Since the forensic process aims to collect evidence for or against a criminal offense and a criminal, the process of collecting this data must be precisely logged and must not raise any doubts about the authenticity and integrity of the raw information. Since the evidence found in case of doubt is not valid in court if the forensic procedure is not optimal, a precisely structured procedure for the preservation of evidence is indispensable, because the following applies in court: "in dubio pro reo" (in case of doubt for the accused). The Nine Steps of Digital Forensic Evidence Preservation must therefore be strictly followed to avoid any doubt. Also interesting in this context is the human factor, which can play a decisive role in the forensic process and the gathering of evidence. People are biased and can be influenced in their assumptions by assumptions and first indications. The three central aspects of bias, anchoring bias, availability bias and confirmation bias identified by Sunde and Dror (2019) show how people can be misled by partial information to be biased and thus influence appropriate forensic data collection. Finally, Collaborative Discussion 1 ended with the realization that Grabosky's (2001) thesis "Virtual Criminality: Old Wine in New Bottles?" cannot be confirmed by me (see Artefacts, Collaborative Discussion 1 - Summary Post). Since the dissolution of national borders means that legal sovereignties are reaching their legal limits and the possibilities of the Internet potentially create new possibilities for criminal offenses, the assumption that old criminal offenses take place in a new context or a new dimension in cyber space is not sufficient to adequately reflect the threat to deal with criminal offenses on the Internet. Every crime is considered individually in court and examined in the context of the people involved. However, the Internet and the possibilities it brings make things possible that cannot be realized in an analogue world. For me, this leads to the realization that it is more about "New Wine in New Bottles".

• Grabosky, P.N. (2001) Virtual Criminality: Old Wine in New Bottles. Social & Legal Studies. 10(2): 243-249. Available from: https://heinonline-org.uniessexlib.idm.oclc.org/HOL/Page?public=false&handle=hein.journals/solestu10&id=239&collection=journals [Accessed 30 August 2022].
• ISO (2012) ISO/IEC 27037:2012. Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence. Available from: https://www.iso.org/standard/44381.html [Accessed 31 August 2022].
• Sunde, N. & Dror, E. (2019) Cognitive and human factors in digital forensics: Problems, challenges and the way forward. Digital investigation, 29: 101-108. Available from: https://www-sciencedirect-com.uniessexlib.idm.oclc.org/science/article/pii/S1742287619300441?via%3Dihub [Accessed 31 August 2022].

The purpose of this unit was to examine issues related to cyber victims and cybercrime and how it impacts victims beyond the harm caused by the crime. Furthermore, techniques and competencies of case study analysis were tested. When analyzing digital victimology, it was interesting to see the form in which this can occur and what the consequences can be. My first thoughts on this topic related to the consequences of individual sacrifice and the psychological consequences. Examples include the depression suffered by cyber-bulling victims, or the embarrassment that romance-scam victims feel when they realize they are the victim of a scam and need to go public. But fear of persecution as a result of stalking can also have such effects. Victims can suffer long-term damage beyond the time of the crime, which, in addition to physical damage, such as loss of finances and property, has a particular impact on the victim’s psychological integrity and, in the worst case, can even lead to suicide (Notté et al., 2020) . The consequences of intellectual property cybercrime were not initially the subject of my considerations, so an in-depth investigation of this complex of topics was helpful for my personal perception of the complexity of victimology. The damage to reputation caused by cybercrimes affecting copyrights and trademarks should not be underestimated. Brands can be damaged in the long term by such criminal actions. The techniques and skills for discussing case studies, which were trained in this unit as part of the seminar, help me to carry out an in-depth investigation as part of Mid-Module Assignment 1: Presentation. The exemplary case study in which I examined the 5 W and 1 H questions shows me which aspects need to be examined. During the investigation of the case, however, I also became aware of questions that are aimed at the legal investigation of cybercrime. The realization that many countries, including France, do not have dedicated laws on cybercrime, but classify these crimes under the existing criminal offenses shows that the Internet is not yet sufficiently regulated in the legal context. The question therefore arises as to whether the Internet can definitely be regarded as a legal vacuum in certain cases. The fact that there are legal gaps in some countries in this context and that efforts are being made to close them will be an aspect of my investigations in the presentation in the next unit.

• Notté, R., Leukfeldt, E. R. & Malsch, M. (2021) Double, triple or quadruple hits? Exploring the impact of cybercrime on victims in the Netherlands. International Review of Victimology. 27(3): 272-294. Available from: https://journals.sagepub.com/doi/abs/10.1177/02697580211010692 [Accessed 09 September 2022].

The aim of this unit was to explore problems affecting the social perception of cybercrime. These perceptions were discussed in the context of the changes in "crime problem" and their solutions, and the costs of cybercrime cases were examined and the impact on those affected analyzed. In order to achieve the stated goals of this unit, an in-depth examination of the case study of the German dark web website "Germany on the Deep Web - No control, everything allowed!" was carried out (United Nations Office on Drugs and Crime, N.D.). The case study provided some insights into the impact of online crime on the real world and its immediate consequences. The investigation of the case has also shown me what influence such events can have on legislation and what political and social efforts can be made as a consequence of the actions in order to adapt the legislation to an appropriate degree. A central aspect of my research was the consideration of society and the context in relation to the offence. The Deep Web is perceived by the majority of the population as a "dark, spooky" space where laws do not apply and is therefore a hotbed for criminals. While the Deep Web is certainly used for crime, primarily illegal trade, the benefits of this part of the Internet must also be considered. It is not without reason that Tor networks and similar technical systems are not prohibited. This shows that in the legal assessment of damage and grooves, the focus is always on people's freedom. Just because such a network is supposedly also used for criminal offenses does not imply that a user is a potential criminal. In general, the presumption of innocence applies. The case study, which I examined in depth, shows the fine line that laws, but also the police, have to tread here. More information can be found in the presentation under Artefacts.

• United Nations Office on Drugs and Crime (N.D. b) BGH, Beschluss vom 06.08.2019, 1 StR 188/19. Available from: https://sherloc.unodc.org/cld//case-law-doc/drugcrimetype/deu/2019/bgh_beschluss_vom_06.08.2019_1_str_18819_.html?lng=en&tmpl=sherloc [Accessed 06 September 2022].

In this unit, human rights were examined in the context of cyberspace. The tensions between state authorities and their powers in investigative work and the rights to privacy were analysed. Interesting was on the one hand, the examined aspects of liberty by Brownsword et al. (2016). The differentiation between normative liberty and practical liberty shows that theoretical freedoms and rights are limited by real circumstances. This, on the other hand, in relation to human rights shows that the human rights laid down by the UN are generally desirable, but are threatened by various influences (United Nations, 1995). One of these influences is cyberspace. The Internet particularly strengthens the human rights of freedom of expression in theory, since the Internet offers the possibility of free freedom of expression through social platforms. However, this space also offers the opportunity to accumulate extremist, racist and state-threatening opinions and groups. It is therefore in the interest of states to act against these threats. However, this raises the question of what powers states should be given when fighting potential crimes on the Internet, since these can protect the normative liberty of the population, but they can also endanger practical liberty if the powers are too far-reaching. Also, overly strong state rights mean that opportunistic or unwanted opinions could be suppressed at the political level, which could threaten the state's democratic integrity by the government and executive bodies. It can therefore be stated that both extremes, a completely law-free cyberspace, as well as the absolute surveillance of this space, can endanger people as individuals as well as the state. An approach should therefore be adopted that protects the liberty and privacy of individuals in general, as long as it does not limit the liberty and privacy of others. This tension shows that laws that have been considered and reflected upon are necessary and must be adjusted if necessary, but that they must be proportionate in order not to slip into one of the extremes.

• Brownsword, R., Scotford, E. & Yeung, K. (2016) The Oxford Handbook of Law, Regulation and Technology. Oxford University Press. Available from: https://academic.oup.com/edited-volume/27999/chapter/211731564 [Accessed 20 September 2022].
• United Nations (1995) Universal Declaration of Human Rights. Available from: https://www.ohchr.org/en/human-rights/universal-declaration/translations/english [Accessed 20 September 2022].

The aim of this unit was to gain an understanding of criminological theories and to investigate the extent to which they can explain cyberspace deviations. Analysis of criminological theories has provided an understanding of the potential crime prevalence of criminals. The theories have created an overview of the diverse motivations of criminals and highlighted which factors must be considered in the decision-making process of criminal offenses. The two theories "General Theory of Crime", which refers to the apparently rational weighing up of criminal offenses, and the "Social Learning Theory", which pursues the approach that criminals are tempted to commit crimes through a learning process and comparison and adaptation of ideas raises two interesting points of view (Holt et al., 2022). It was found that these two theories should not be viewed as opposing arguments, but in mutual interdependence. A final assessment of which of the theories better differentiates the criminological context should also be avoided, since both theories give more weight to different aspects, but essentially refer to the same factors, social and economic factors. It should also be noted that these theories attempt to provide a general explanation for the crime prevalence of offenders, but cannot be applied to every individual case. Criminal offenses and criminals are individual and therefore also based on an individual basis, which means that each criminal offense differs in detail in its motives, intentions and motivations. Such theories try to pursue the goal of justifying complex structures with simple factors. Due to the complexity of the motives for criminal acts, these offer a basic explanation, but are not to be understood as sufficient for a detailed assessment. Criminological theories therefore offer a good starting point for understanding criminal processes in general, but should not be taken as a general explanation. In order to create an all-encompassing criminological theory that adequately addresses all factors, such complexity would arise that would be contradictory to the point of such a theory and thus impractical and useless.

• Holt, T., Bossler, A. & Seigfried-Spellar, K. (2022) Cybercrime and Digital Forensics. Routedge, New York. Available from: https://essexonline.vitalsource.com/reader/books/9781000553406/epubcfi/6/52[%3Bvnd.vst.idref%3Dchapter16]!/4/2/2/2[chapter16]/6/1:0[%2C16 [Accessed 27 August 2022].

In this unit, questions about the investigative context at national and international level were examined. Various legal approaches by nations and non-government initiatives were highlighted. When comparing national approaches to investigating cybercrime, it was interesting to see how different nations structure and organize crime agencies to tackle crime on the Internet. For example, nations such as the United States of America separate criminal prosecution in the context of cybercrime through their own investigative authorities (Holt et al., 2022). Cross-state investigative authorities are thus bundled and can thus operate effectively throughout the nation. In contrast, the responsibility for prosecuting criminal offenses in Germany lies at the level of the federal states. There is no bundled investigative authority, but the police of the respective federal state is equally responsible as for criminal offenses in the real world. This can lead to complications in law enforcement. In the case of cross-state crimes, the police of the two federal states involved must cooperate with each other, which can slow down and complicate the prosecution of online crimes. In addition, a lack of competence on the part of the police in investigations in cyberspace can be assumed, since the authority is not professionalized in cybercrime and therefore may not have the competencies that an authority that is only familiar with cybercrime would have. The relatively low successful crime investigation rate of 29.3% confirms this assumption (BKA, 2021).

• BKA (2021) Cybercrime Bundeslagebild 2021. Available from: https://www.bka.de/SharedDocs/Downloads/DE/Publikationen/JahresberichteUndLagebilder/Cybercrime/cybercrimeBundeslagebild2021.html?nn=28110 [Accessed 28 September 2022].
• Holt, T., Bossler, A. & Seigfried-Spellar, K. (2022) Cybercrime and Digital Forensics. Routedge, New York. Available from: https://essexonline.vitalsource.com/reader/books/9781000553406/epubcfi/6/52[%3Bvnd.vst.idref%3Dchapter16]!/4/2/2/2[chapter16]/6/1:0[%2C16 [Accessed 05 October 2022].

The central subject of this unit was national, transnational and international criminal prosecutions, cooperation guidelines, but also problems of criminal investigations in this context. The question of national sovereignty was also addressed and how cybercrime can endanger it. In order to analyze international criminal prosecution, the case study of the first conviction for cyberbullying in 2009 was used. This case concerned an 18-year-old female offender who had uttered insults and threats via the social network Facebook and was sentenced to imprisonment as a result (Garter, 2009). In this case, the police investigation was significantly simplified because the perpetrator and the victim knew each other personally and lived in the same city. Due to the physical proximity of those involved in the crime, it was relatively easy for the police to identify the perpetrator. However, it can be assumed that criminal prosecution would have been significantly more difficult if the perpetrator and the victim lived in different countries and did not know each other personally. The Cybercrime Convention of 2001 (Budapest Convention) regulates cooperation in criminal offenses on the Internet between the 68 participating countries, but practical investigation hurdles due to different competences and human and technical resources can make criminal prosecution more difficult (BfDI, N.D.). In addition, only a third of international countries have signed the Convention. It is therefore clear to me that criminal prosecution of cybercrime can be difficult, if not impossible, especially in an international context. Appropriate international regulations and cooperation are therefore of fundamental importance in order to be able to counteract the increase in cybercrime. This is particularly emphasized when looking at cybercrime cases that target national sovereignty. The Stuxnet worm case study I examined shows how cybercrime can pose a threat to the critical infrastructure of states and what consequences such attacks on national sovereignty can have (Anderson, 2012). As a consequence of these findings, the demands of international regulations, rights and cooperation that I have mentioned are absolutely necessary.

• Anderson, N. (2012) Confirmed: US and Israel created Stuxnet, lost control of it. ARS Technica. Available from: https://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/ [Accessed 18.08.2021].
• BfDI (N.D.) Die Cybercrime-Konvention. Available from: https://www.bfdi.bund.de/DE/Fachthemen/Inhalte/Polizei-Strafjustiz/Cybercrime.html [Accessed 11 October 2022].
• Garter, H. (2009) Teenage girl is first to be jailed for bullying on Facebook. The Guardian. Available from: https://www.theguardian.com/uk/2009/aug/21/facebook-bullying-sentence-teenage-girl [Accessed 07 October 2022].

In this unit, rules for expert opinions were analyzed. A focus was placed on the ISO/IEC 27043:2015 standards. When analyzing the ISO/IEC 27043 standard, it was noticed that the regulations that the standard offers provide general guidelines for collecting, preserving and processing evidence in order to collect it in a legally appropriate manner. It is noticeable that the regulations are strongly based on general forensic practices. The guidelines are kept very general, so that on the one hand they can be used in a variety of ways, but on the other hand the explicit implementation leaves room for some that should be covered. Karie et al. (2019) has listed some further recommendations in the use of the ISO/IEC 27043:2015 standard, which in my view are important to effectively conduct digital forensics and to develop results that can be used meaningfully in court. The knowledge gained in this unit therefore shows that the regulations and standards developed offer a general overview of the framework conditions to be applied in digital forensics, but are not sufficiently developed to adopt them one-to-one. Situational adjustments have to be made, and this assumption is supported by the results of Veber & Smutny (2015). Furthermore, it should be noted that such regulations must be constantly updated and adapted to new technical possibilities.

• Karie, N. M., Kebande, V. R. & Kim-Kwang Raymond Choo, H.S. V. (2019) On the importance of standardising the process of gernerating digital forensic reports. Forensic Science International: Reports 1. Available from: https://www-sciencedirect-com.uniessexlib.idm.oclc.org/science/article/pii/S2665910719300088?via%3Dihub [Accessed 16 October 2022].
• Veber, J. & Smutny, Z. (2015) Standard ISO 27037:2012 and Collection of Digital Evidence: Experience in the Czech Republic. European Conference on Information Warfare and Security 294-299. Available from: https://www.researchgate.net/publication/283226153_Standard_ISO_270372012_and_Collection_of_Digital_Evidence_Experience_in_the_Czech_Republic [Accessed 18 October 2022].

The module concluded with a consideration of ethics in cyberspace. Here, an in-depth consideration of the aspects from different positions was taken in order to be able to illuminate the complex of ethics in cyberspace. It was enlightening for me to see that different ethical constructs are used depending on the position involved in cyberspace. The authorities and the rule of law have principles and ethics that are self-imposed in order to adequately protect the rights of citizens within the framework of digital forensics and to act in an ethical manner. Such statutes of ethical principles in digital forensics are listed in Germany by the Federal Office for Information Security (BSI) (BSI, 2020). In addition, ethical expectations can also be applied to those who collect, use and store the personal data of others. Online companies play a prominent role here, especially in the context of identity theft. Due to data leaks, companies regularly lose personal information about their customers, which can affect millions of people due to the accumulation of data sets in a breach (Hasso Plattner Institute, N.D.). Numerous cases in which companies have tried to cover up data theft show that these ethical expectations of companies are not always met. However, ethical principles can also be found among hackers. An obvious example are white head hackers who use their skills to find and expose vulnerabilities to help keep the Internet safe. But even malicious hackers have ethical principles that, while not in line with societal expectations, exist. Hacktivism, which aims to draw attention to subjective injustice (Holt et al., 2022). could be cited as an example of this. It can therefore be concluded that it is important to consider the respective ethical positions in order to be able to understand the respective perspectives. But the importance of the ethical question in cyberspace and law enforcement is also important, as otherwise states could run the risk of violating their own rule of law, rights and principles.

• BSI (2020) Orientierungshilfe zu Nachweisen gemäß § 8a Absatz 3 BSIG. Available from: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/KRITIS/oh-nachweise.pdf?__blob=publicationFile&v=8 [Accessed 25 October 2022].
• Hasso-Plattner-Institut (N.D.) Erfasste veröffentlichte Leaks der letzten Monate. Available from: https://sec.hpi.de/ilc/statistics [Accessed 25 October 2022].
• Holt, T., Bossler, A. & Seigfried-Spellar, K. (2022) Cybercrime and Digital Forensics. Routedge, New York. Available from: https://essexonline.vitalsource.com/reader/books/9781000553406/epubcfi/6/52[%3Bvnd.vst.idref%3Dchapter16]!/4/2/2/2[chapter16]/6/1:0[%2C16 [Accessed 25 October 2022].