TRAFFIC DATA- refers to any computer data other than the BEST EVIDENCE-The original piece of evidence or an accurate

content of the communication including, but not limited to, duplicate of the original.
the communication's origin, destination, route, time, date,
BIG DATA-Large volumes of structured and unstructured data
size, duration, or type of underlying service.
that can be consolidated and analyzed to reveal information
A sent a photo to B, then B forwarded it to C. about associations, patterns and threads.

DATABASE-A representation of information, knowledge, facts, BRUTE FORCE ATTACK-The use of a script or bot to guess user
concepts, or instructions which are being prepared, credentials.
processed or stored or have been prepared, processed or
BACKTRACING-The process of tracing illicit acts back to the
stored in a formalized manner and which are intended for use
source of the cybercrime.
in a computer system.
ASSET-Something that is being considered important and with
INTERCEPTION-Listening to, recording, monitoring or
value.
surveillance of the content of communications, including
procuring of the content of data, either directly, through ATTRIBUTION-The determination of who and/or what is
access and use of a computer system or indirectly, through responsible for a cybercrime.
the use of electronic eavesdropping or tapping devices, at the
same time that the communication is occurring. AVAILABILITY-Data, services, and systems are accessible on
demand.
CRITICAL INFRASTRUCTURE-The computer systems, and/or
networks, whether physical or virtual, and/or the computer BACKDOOR-A secret portal used in gain unauthorized access
programs, computer data and/or traffic data so vital to this to systems.
country that the incapacity or destruction of or interference
ANTI-DIGITAL FORENSICS-Also known as Anti-Forensics.
with such system and assets would have a debilitating impact
on security, national or economic security, national public -Tools and techniques used to obfuscate cybercrime
health and safety, or any combination of those matters. investigation and digital forensic efforts.

CYBERSECURITY-Refers to the collection of tools, policies, risk ANTI-MALWARE/ANTI-VIRUS-These systems used signatures
management approaches, actions, training, best practices, or behavioral analysis of applications to identify and block
assurance and technologies that can be used to protect the malicious code from being executed.
cyber environment and organization and user's assets.
APPLICATION AND FILE ANALYSIS-Performed to examine
CENSORSHIP-The prohibition of information, visual applications and files on a computer system to determine the
depictions, and written or oral communications that are perpetrator's knowledge of and intent and capabilities to
prohibited by law and or their suppression by a government commit cybercrime.
community or group because they are unlawful.
APPELATIONS OF ORIGIN-Also known as Geographical
CENTRAL AUTHORITY indications.

DOJ-Office of the Cybercrime. -Symbols of products quality and the reputation of the place
of its creation property, which cannot be used unless the
CHAIN OF CUSTODY- A detailed log of the evidence.
product was developed in that region according to the
CHILD GROOMING-Enticement of children or solicitation of standards of practice.
children for sexual purposes.
ΑΝΟΝΥΜΙTY-The shielding of one's identity to enable
BULLETPROOF HOSTING-A service that enables criminals to individuals to engage in activities without revealing
utilize servers to commit cybercrime, store illicit content, and themselves and/or their actions to others.
protect illicit content from being accessed by law
ACCESS-It refers to the instruction, communication with,
enforcement authorities.
storing data in, retrieving data from, or otherwise making use
BUSINESS CONTINUITY PLAN-Outlines instructions to be of any resources of a computer system or communication
followed and actions to be taken in the event of a network.
cybersecurity incident.
ACCESS CONTROL-Measures that establish privileges,
-Also known as Emergency Management Plan. determine authorized access, and prevent unauthorized
access.
CATPHISHING-False or misleading promises of love and
companionship desiged to scam individuals. ACTIVE DIGITAL FOOTPRINT-Created by data provided by the
user.
BOTCODE- device
REPUBLIC ACT 10175 "Cybercrime Prevention Act of 2012"
CURITY - CYBER SE CYBER
A type of malicious software that enables the remote control INCOMPETENT STALKER-Those who has inadequate social
of these devices and use them to commit cybercrimes, steal skills and don not have the ability to communicate normally w
information, and engage in cybercrime. inith others.
BOTHERDER-person/responsible EROTOMANIA AND MORBIDLY INFATUATED STALKER-This
type of stalker feels that the victim loves them enough.
-Controller of bot-infected digital devices.
REJECTED STALKER-Becomes upset when friendship or
BOT NET-victim
romantic relationship has ended.
-A network of computers infected with botcode.
RESENTFUL STALKER-Feels humiliated that the relationship
BUFFER-This is a memory and area allocated to an has ended and they seek revenge.
application.
PREDATOR STALKER-Those who seeks power and sexual 2018- Rule on Cybercrime Warrants
gratification.
SCOPE AND APPLICABILITY
INTIMACY STALKER-Seeks intimate and romantic relationship
RCW sets for the procedure for the application and grant of
with the victim.
warrants and related orders involving the preservation,
CYBERSTALKING- is the use of the Internet or other electronic discosure, interception, search, seizure, and/or examination,
means to stalk or harass an individual, group, or organization. as well as the custody, and destruction of computer data, as
provided under R.A. No. 10175.
-It may include false accusations, defamation, slander and
libel. COMPUTER DATA refers to any representation of facts,
information, or concepts in a form suitable for processing in a
- may also include monitoring, identity theft, threats,
computer system including a program suitable to cause a
vandalism, solicitation for sex, doxing, or blackmail.
computer system to perform a function and Includes
Cyberstalking is often accompanied by real-time or offline electronic documents and/or electronic data messages
stalking. whether stored in local computer systems or online.

REAL TIME COLLECTION OF TRAFFIC DATA-Law enforcement CLASSIFICATIONS OF COMPUTER DATA

authorities, with due cause, shall be authorized to collect or
SUBSCRIBER INFORMATION-Refers to any information that is
record by technical or electronic means traffic data in real-
held by a service provider, relating to subscribers of its
time associated with specified communications transmitted
services other than traffic or content data
by means of a computer system.
TRAFFIC OR NON-CONTENT-Refers to any computer data
are required to cooperate and assist law enforcement
other than the content of the communication, which is
authorities in the collection or recording of the above-stated
usually computer- generated.
information.
CONTENT DATA-Refers to the contents of the
Incident Response, Preservation and Collection
communication.
• When computer is off - do not turn it on
PRESERVATION OF COMPUTER DATA
• If the computer is "ON", do not turn it "OFF"
The integrity of traffic data and subscriber information
• If transport is required, pack the components as "fragile relating to communication services provided by a service
cargo" prior to transport provider shall be preserved for a minimum period or six (6)
months from the date of the transaction.
• Keep away computer evidence from magnets, transmitters,
radio, and other hostile environment Content data shall be similarly preserved for six (6) months
from the date of receipt of the order from la enforcement
• In the investigative plan, start with identification, then authorities requiring its preservation.
acquisition, examination/analysis, reporting, and court
presentation PRESERVATION OF COMPUTER DATA

Incident Response, Preservation and Collection Content Dele-offer of the order from the LEAs requiring the
preservation the content date
Observe BWC requirement
PRESERVATION OF COMPUTER DATA
Refuse offers of help/technical assistance from any
unauthorized persons • One-time.cxtension for another six (6) months upon the
order of the LEA
Latent prints only after e-evidence are collected. Do not use
aluminium powders to avoid damage on electronic data • Once computer data presused as evidence in the casey
receipt by the SP of the Transmittal Document to the OCP
Photograph front and back of the monitor, CPU, etc. shall be deemed a notification to preserve computer data
until final termination of the case or as ordered by the court.
Label all connections for convenient of possible reassembly.
(Section 3.1, RCW)
Label unused for ports that are not used
TYPES OF CYBERCRIME WARRANT
Note computer date and time, and active programs
Warrant for Disclosure of Computer Data (WDCD)
Image the RAM. If done, press and hold the power button for
10 seconds. Warrant for Interception of Computer Data (WICD)
CYBER WARRANT Warrant for the Search, Seizure and Examination of Computer
Data (WSSECD)
Warrant to intercept computer data
Warrant for Examination of Computer Data (WECD)
Warrant to disclose computer data (72 hours)
WHERE TO FILE AN APPLICATION FOR A WARRANT?
48 hours to deliver it to the court.
CYBERCRIME COURTS
Warrant to examine computer data.
On 19 January 2017, the Office of the Court Administrator
.Warrant to search, seize and examine computer data.
issued OCA Circular No. 18-2017 designating all commercial
LEGAL FRAMEWORK courts in the Philippines as cybercrime courts.

2000-Electronic Commerce Act Violation of Sections 4 and 5, Chapter II of R.A. No. 10175

2001-Rules on Electronic Evidence Valid within its territorial jurisdiction, except for those issued
in Quezon City, Manila City, Makati City, Pasig City, Cebu City,
2014-Cybercrime Prevention Act of 2012
Davao City, and Cagayan De Oro City, which warrants shall be • submit a return to the court that issued it; and
enforceable nationwide and outside the Philippines.
• simultaneously turn over the custody of the intercepted
REGULAR/SPECIALIZED COURTS communication or computer data.

Regional Trial Courts with Regular Jurisdiction The Warrant to Search, Seize, and Examine Computer Data
(WSSECD)- authorizes law enforcers to search the particular
Drugs Courts
place for items to be seized and/or examined.
Family Courts
The Rule allows the authorized law enforcer to initially make
Violation of the Revised Penal Code and other Special Penal a forensic image of the computer on-site, as well as limit their
Laws in relation to Section 6 of R.A. No. 10175 search to the place specified in the warrant. Otherwise, an
off-site search, where the law enforcer searches the
Valid within its territorial jurisdiction. computer outside the place to be searched, may be
conducted.
(Section 21 of R.A. No. 10175 and Section 2.2, RCW)
The Warrant to Examine Computer Data (WECD)- authorizes
CONTENTS OF APPLICATION FOR A WARRANT
law enforcers to search a computer device or computer
Offense seized during a lawful warrantless arrest or by any other
lawful method
Relevance and necessity
TYPES OF CYBERCRIME WARRANT
Names of the individuals or entitie
SEARCH SEIZURE AND EXAMINATION OF COMPUTER DATA
Particular description (Section 6. RCWI
Place where the disclosure of computer data is to be Autogriaus laboranturies to a particular place for items
enforced*
Allies the vanilluphysical virtual search
Manner or method by which the computer data will be
disclosed* Once sowed trompasy be conductal without the need of
another warrant far such perpe
Other relevant information
Period to examined by court, which may be extended not
DISCLOSURE OF COMPUTER DATA- Law enforcement exceeding 30 days upon motion for Justifiable reasons.
authorities, upon securing a court warrant, shall issue an
order requiring any person or service provider to disclose or GENERAL RULE. THE LEAS MUST ENDEAVOR TO CONDUCT
submit subscriber's information, traffic data or relevant data
AN ON-SITE SEARCH BY FIRST MAKING A FORENSIC IMAGE OF
in his/its possession or control within seventy-two (72) hours
THE COMPUTER DATA ON-SITE AS WELL AS TO LIMIT THEIR
from receipt of the order in relation to a valid complaint
SEARCH TO THE PLACE SPECIFIED IN THE WARRANT.
officially docketed and assigned for investigation and the
disclosure is necessary and relevant for the purpose of EXCEPTION: IF NOT PRACTICABLE, AN OFF-SITE SEARCH
investigation.
MAY BE MADE, PROVIDED (A) FORENSIC IMAGE IS
CYBER SECURITY NEVERTHELESS MADE; AND (8) THE REASON FOR SUCH OFF-
SITE SEARCH IS STATED IN THE INITIAL RETURN.
The Warrant to Disclose Computer Data (WDCD)-authorizes
law enforcers to disclose or submit subscriber's information, EXAMINATION OF COMPUTER DATA (Section 6.9, RCW)
traffic data, or relevant data in the possession or control of a
person or service provider. Authenties for examination on the computer destor or
computer system,lawful warrantless arrest or by any other
The Warrant to Intercept Computer Data (WICD)-authorizes lawful means
law enforcers to listen, record, monitor, or surveil the content
of the communications through electronic eavesdropping or • The warrants shall only be effective within 10 days from its
tapping devices, while the communication is occurring. issuance.

TYPES OF CYBERCRIME WARRANT • The court upon motion, extend its effectivity based only on
justifiable reasons for a period not exceeding 10 days from
the expiration of the original period.
ENTERCEPTION OF COMPUTER DATA (Section 5. RCW) Failure to timely file the returns of warrants or to duly turn
over to the court's custody any of the items disclosed,
a) Listening
intercepted, searched, seized, and/or examined shall subject
b) Recording for contempt.

c) Monitoring w • Moreover, failure to comply with the orders from law

enforcement authorities shall be punished for obstruction of
d) Surveillanceoff comunications, including justice
Sand activities ronductedDIRECTLY OF INDIRECTLY-rough PRE-HISTORY BEFORE SOCIAL MEDIA
access and use of a computer system, or indirectly, through
the use of electronic eavesdropping or tapping devices at the • Message boards, bulletin boards, discussion groups
same time that the communication is occurring. [Sec. 5.2]
• Early in the Internet age - early 1990s
What is the duty of the authorized law enforcement officer?
• AOL chat rooms
Within forty-eight (48) hours from implementation or after
• Patients already looking for help online
the expiration of the affectivity of WICD, the law enforcement
officer shall: • ACOR - Association of Cancer Online Resources
• MedHelp - questions answered by physicians Like so many other things, the use of social media can be
used for good, or can be abused. However, the benefits of
FRAMEWORK OF SOCIAL MEDIA
sharing news and knowledge, keeping in contact, expanding
• Identity one's network, etc. seem to far outweigh the risks

• Presence Crimes involving Social Media

• Conversations A. SEXTORTION-refers to the broad category of sexual

exploitation in which abuse of power is the means of
• Relationships coercion, as well as to the category of sexual exploitation in
which threatened release of sexual images is the means of
• Sharing
coercion.
• Reputation
B SCAMS-particularly effective at drawing people in by simply
• Groups enticing an individual to click on a link that would interest
almost anyone, such as an innocent-looking notification that
INTRODUCTION you've won a free prize like a gift card.
The 21st century is becoming known as an age of technology, C. CYBERBULLYING- is a common occurrence among
and one of the most important and complex types of new teenagers on Facebook and one that can result in serious
technology is social media. criminal charges if it goes far enough. This could include
Social media accounts for 22% of time spent on the internet, hacking or password and identity theft.
and even among people age 65 and older-who are not D. STALKING is thrown around a lot on Facebook, and it is
generally considered prime users of new technologies-one in often meant as a joke for regulazly looking at someone's
four people are now active on a social media website. profile. However, the actual act of cyberstalking is a common
FACEBOOK'S ROAD TO WORLD DOMINANCE crime on the social networking site and can result in a serious
offense.
By June 2004, 30 campuses, 150,000 users
E. ROBBERY- it doesn't take much for a thief to find out where
How it overwhelmed MySpace, passed it in 2009, kept you live, go to school, work or hang out if you make that
growing information readily available on your social media account.
2011-hosting over 100 billion photos F. IDENTITY THEFT with the large amount of personal
information swarming around Facebook these days, it has
2012-purchases Instagram
become fairly easy for criminals to steal user's identities.
Reaching 1 billion users Hackers often break into user's e-mails and make fake
Facebook accounts.
•
http://socialmediatoday.com/daniel-zeevi/1251026/ultimate- G DEFAMATION- an individual commits the crime of
history- defamation when they communicate a faise statement to a
third party that pains another individual or entity in a
facebook-infographic negative light.
Definition: "SOCIAL MEDIA" H HARASSMENT this happens all the time in Facebook and
"Social" - part: refers to interacting with other people by other social media platforms. From sexual harassment to
sharing information with them and receiving information assault threats, there has been a significant increase in the
from them. number of harassment cases happening on Facebook.

"Media" - part: refers to an instrument of communication, 1 ONLINE LIBEL a person or entity who posts something (in
like the internet. words or pictures)- which can be proven false, and is intended
to harm the reputation of another by tending to bring the
SOCIAL MEDIA-are web based communication tools that target into ridicule, hatred, scorn or contempt of others- may
enable people interact with each other by both sharing and be arrested, detained, and imprisoned because of libel.
consuming information.
Advantages of Using Social Media
Effects of Social Media to the Current Trends in the PNP
1. Ability to connect to other people all over the world;
Building a trustworthy relationship and a sense of commuruty
by engaging with each other; 2. Easy and instant communication;

Gaining control over the department's reputation with the 3. Real-time news and information discovery;
community: 4. Opportunities for business;
Providing a forum for people to ask questions and for you to 5. General fun and enjoyment
share tipa you otherwise wouldn't share; and
Disadvantages of Using Social Media
Spread knowledge quickly and with minimal effort that could
protect your community, help catch suspects, find missing 1. Information overwhelm;
persons, etc.
2. I'rivacy Issues;3. Social peer pressure and cyber bullying;
Social Media Awareness
4. Online interaction substitution for offline interaction;
Social media is here to stay- it is like many other technologies
5. Distraction and procrastination; and
when first introduced, though the rapid growth in the
acceptance of this technology is unlike other technology 6. Sedentary lifestyle habits and sleep disruption
introductions.