Introduction

In Chapter 4, we discussed how computers both the hardware and the software accept, process, and store data. A decade ago, that might have been as far as we needed to go in our discussion. Many PCs, especially home computers, functioned as standalone systems. Today, however, the local machine is only the starting point for computer crime investigators. Now most computers and by the very nature of cybercrime, all computers that are involved in this special type of offense are connected to a network. That network might be a local area network, the global Internet, or both.

Network connectivity opens up new opportunities for criminals as well as for legitimate computer users. Understanding the more technically oriented cybercrimes, such as unauthorized access across the network (hacking) and indeed, even determining whether or not a crime has occurred can depend on an understanding of how networked computers communicate with one another.

Many hack attacks, which are designed to bring down a computer or network or to congest the system so that legitimate users are unable to get through, are based on exploiting the characteristics of the network protocols, typically the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. To launch these attacks, a criminal must understand how TCP/IP works. Likewise, in order for an investigator to document how the attack was made and determine from where it might have been launched, the investigator must understand the workings of the TCP/IP protocols.

A burglary investigator who doesn t understand how door locks (both mechanical and electronic) work and how they...