Upload
phamthu
View
214
Download
0
Embed Size (px)
Citation preview
THE NATIONAL
E D U C A T I O N • I N N O V A T I O N • A D V A N C I N G J U S T I C E
SI: FOURTH AMENDMENT FOR APPELLATE JUDGES: FOUNDATIONAL, CURRENT & FUTURE ISSUES
WB/KZ
MARCH 9-11, 2011 OXFORD, MS
JUDICIAL COLLEGE
INTRODUCTION TO DIGITAL EVIDENCE & FORENSICS/WHAT IS CYBER CRIME?
DIVIDER 9
Professor Donald R. Mason OBJECTIVES: After this session, you will be able to:
1. Define “cyber crime”;
2. Define and describe “digital evidence”;
3. Identify devices and locations where digital evidence may be found;
4. Define basic computer and digital forensics; and
5. Identify and describe the basic practices, principles, and tools used in digital forensics.
REQUIRED READING: PAGE Donald R. Mason, Introduction to Cyber Crime, Digital Evidence, and Computer Forensics (Feb. 2011) [NCJRL PowerPoint]...................................................................................1
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Introduction to Cyber Crime, Introduction to Cyber Crime,
Digital Evidence, and Digital Evidence, and
Computer ForensicsComputer Forensics
Don MasonDon MasonAssociate DirectorAssociate Director
Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
ObjectivesObjectives
After this session, you will be able to:After this session, you will be able to:
Define “cyber crime” Define “cyber crime”
Define and describe “digital evidence”Define and describe “digital evidence”
Id tif d i d l ti h di it lId tif d i d l ti h di it lIdentify devices and locations where digital Identify devices and locations where digital evidence may be foundevidence may be found
Define basic computer and digital forensicsDefine basic computer and digital forensics
Identify and describe the basic practices, Identify and describe the basic practices, principles, and tools used in digital principles, and tools used in digital forensicsforensics
Special AcknowledgmentsSpecial Acknowledgments
Justin T. FitzsimmonsJustin T. FitzsimmonsSenior Attorney, NSenior Attorney, NDAA National Center for Prosecution of Child Abuse
S t J h M liSergeant Josh Moulin
Commander, Southern Oregon High-Tech Crimes Task Force
1
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Roles of Digital DevicesRoles of Digital Devices
TargetsTargets
ToolsTools
ContainersContainers
Computer as Computer as TargetTarget•• Unauthorized access, damage, theftUnauthorized access, damage, theft•• Spam, viruses, wormsSpam, viruses, worms•• Denial of service attacksDenial of service attacks
Computer asComputer as ToolTool
Roles of Digital DevicesRoles of Digital Devices
Computer as Computer as ToolTool•• Fraud Fraud •• Threats, harassmentThreats, harassment•• Child pornographyChild pornography
Computer asComputer as ContainerContainer•• From drug dealer records to how to From drug dealer records to how to
commit murdercommit murder
Murder!Murder!
Studied currentsStudied currents
Researched …Researched …
Bodies of waterBodies of waterBodies of water Bodies of water including San Fran Bayincluding San Fran Bay
How to make cement How to make cement anchorsanchors
Tide chartsTide charts
Had 5 home computers
2
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
“Cyber Crime”“Cyber Crime”
“Computer crime”“Computer crime”“Network crime”“Network crime”“Computer“Computer--related crime”related crime”“Computer“Computer--facilitated crime”facilitated crime”pp“High tech crime”“High tech crime”“Internet crime” or “Online crime”“Internet crime” or “Online crime”“Information age crime”“Information age crime”
Any crime in which a computer or other digital device plays a role, and thus involves digital evidence
Computers Are Digital Devices
A computer is like a light switchSwitch Computer Binary Symbol
ON signal present 1
OFF no signal present 0OFF no signal present 0
Each 0 or 1 is a BIT (for BINARY DIGIT)0 0 0 0 0 0 0 1 = 10 0 0 0 0 0 1 0 = 2 (2+0)0 0 0 0 0 0 1 1 = 3 (2+1)
An 8-bit sequence = 1 byte = a keystroke
Digital DataDigital Data
Data is written in binary code Data is written in binary code ---- 1’s and 1’s and 0’s0’s
These 1’s and These 1’s and 0’s0’s are grouped together in are grouped together in
blocks of 8, called “bytes.”blocks of 8, called “bytes.”yy
For example, the sequence “For example, the sequence “1000111110001111” ”
represents the letter “O”.represents the letter “O”.
3
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Digital EvidenceDigital Evidence
Information of probative value that is Information of probative value that is
stored or transmitted in binary form and stored or transmitted in binary form and
may be relied upon in courtmay be relied upon in court
Digital EvidenceDigital Evidence
Information stored in binary code but Information stored in binary code but convertible to, for example:convertible to, for example:–– ee--mail, chat logs, documentsmail, chat logs, documents
photographs (including video)photographs (including video)–– photographs (including video)photographs (including video)
–– user shortcuts, filenamesuser shortcuts, filenames
–– web activity logsweb activity logs
Easily modified, corrupted, or erasedEasily modified, corrupted, or erased
But correctly made copies are But correctly made copies are indistinguishable from the originalindistinguishable from the original
Computer & Internet UsesComputer & Internet Uses
Remote Computing Remote Computing
ResearchResearch
CommerceCommerceCommerceCommerce
RecreationRecreation
CommunicationCommunication
4
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Cloud Computing
GoogleThe Cloud
AmazonYahoo
Ex: Google Docs
Digital EvidenceDigital Evidence
UserUser--createdcreated
–– Text (documents, eText (documents, e--mail, chats, IM’s)mail, chats, IM’s)
–– Address booksAddress books
BookmarksBookmarks–– BookmarksBookmarks
–– DatabasesDatabases
–– Images (photos, drawings, diagrams)Images (photos, drawings, diagrams)
–– Video and sound filesVideo and sound files
–– Web pagesWeb pages
–– Service provider account subscriber recordsService provider account subscriber records
5
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
ComputerComputer--createdcreated–– Dialing, routing, addressing, signaling infoDialing, routing, addressing, signaling info–– Email headersEmail headers–– MetadataMetadata
Logs logs logsLogs logs logs
Digital EvidenceDigital Evidence
–– Logs, logs, logsLogs, logs, logs–– Browser cache, history, cookiesBrowser cache, history, cookies–– Backup and registry filesBackup and registry files–– Configuration filesConfiguration files–– Printer spool filesPrinter spool files–– Swap files and other “transient” dataSwap files and other “transient” data–– Surveillance tapes, recordingsSurveillance tapes, recordings
How Much Data?How Much Data?1 Byte 1 Byte (8 bits): (8 bits): A single characterA single character
1 Kilobyte 1 Kilobyte (1,000 bytes): (1,000 bytes): A paragraphA paragraph
1 Megabyte 1 Megabyte (1,000 KB): (1,000 KB): A small bookA small book
1 Gigabyte1 Gigabyte (1,000 MB): (1,000 MB): 10 yards of shelved 10 yards of shelved booksbooksbooksbooks
1 Terabyte 1 Terabyte (1,000 GB): (1,000 GB): 1,000 copies of 1,000 copies of EncyclopediaEncyclopedia
1 1 PetabytePetabyte (1,000 TB): (1,000 TB): 20 million four20 million four--door filing door filing cabinets of text cabinets of text
1 Exabyte 1 Exabyte (1,000 (1,000 PBPB): ): 5 5 EBEB = All words ever = All words ever spoken by humansspoken by humans
Data Generated in 2010Data Generated in 2010
1200 trillion gigabytes 1200 trillion gigabytes (1.2 (1.2 zettabytes))
89 stacks of books each reaching 89 stacks of books each reaching from the Earth to the Sunfrom the Earth to the Sun
22 million times all the books ever 22 million times all the books ever writtenwritten
Would need more than 750 million Would need more than 750 million iPods to hold itiPods to hold it
90 trillion emails sent in 200990 trillion emails sent in 2009
6
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Projections for 2006Projections for 2006--20102010
Six fold annual information growthSix fold annual information growth
In 2020: 35 In 2020: 35 zettabyteszettabytes will be will be producedproduced–– All words ever spoken by human beings, All words ever spoken by human beings,
written 7 timeswritten 7 times
Compound annual growth rate: 57%Compound annual growth rate: 57%
Sources of EvidenceSources of EvidenceOffender’s computerOffender’s computer–– accessed and downloaded imagesaccessed and downloaded images
–– user log filesuser log files
–– Internet connection logsInternet connection logs
browser history and cache filesbrowser history and cache files–– browser history and cache filesbrowser history and cache files
–– email and chat logsemail and chat logs
HandHand--held devicesheld devices (embedded computer (embedded computer systems)systems)
–– digital camerasdigital cameras
–– PDAsPDAs
–– mobile phonesmobile phones
Sources of EvidenceSources of Evidence
ServersServers–– ISP authentication user logsISP authentication user logs
–– FTP and Web server access logsFTP and Web server access logs
Email server user logsEmail server user logs–– Email server user logsEmail server user logs
–– LAN server logsLAN server logs
Online activityOnline activity–– IP addresses of chat room contributorsIP addresses of chat room contributors
7
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Digital Devices / Digital Devices / Locations Where DigitalLocations Where DigitalLocations Where Digital Locations Where Digital Evidence May be FoundEvidence May be Found
Computer ForensicsComputer Forensics
Computer ForensicsComputer Forensics
“Preservation, identification, extraction, “Preservation, identification, extraction, documentation, and interpretation of documentation, and interpretation of computer media for evidentiary and/or root computer media for evidentiary and/or root cause analysis”cause analysis”
Usually preUsually pre--defined procedures followed defined procedures followed but flexibility is necessary as the unusual but flexibility is necessary as the unusual will be encounteredwill be encountered
Was largely “postWas largely “post--mortem” but is evolvingmortem” but is evolving
8
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Computer / Digital ForensicsComputer / Digital Forensics
Sub branches / activities / stepsSub branches / activities / steps
–– Computer forensicsComputer forensics
–– Network forensicsNetwork forensics
Li f iLi f i–– Live forensicsLive forensics
–– Software forensicsSoftware forensics
–– Mobile device forensicsMobile device forensics
–– “Browser” forensics“Browser” forensics
–– “Triage” forensics“Triage” forensics
SeizingSeizing computer evidence
Bagging & tagging
ImagingImaging seized materials
BasicBasic Computer ForensicsComputer Forensics
ImagingImaging seized materials
SearchingSearching the image
for evidence
PresentingPresenting digital evidencein court
Basic StepsBasic Steps
AAcquiringcquiring evidence without evidence without altering or damaging originalaltering or damaging original
AAuthenticatinguthenticating acquired evidence acquired evidence gg qqby showing it’s identical to data by showing it’s identical to data originally seizedoriginally seized
AAnalyzingnalyzing the evidence without the evidence without modifying itmodifying it
9
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Popular Automated ToolsPopular Automated Tools
EncaseGuidance Softwarehttp://www.guidancesoftware.com/computer-forensics-
ediscovery-software-digital-evidence.htm
Forensic Tool Kit (FTK)Access Data
Acquiring the EvidenceAcquiring the EvidenceSeizing the computer: Bag and TagSeizing the computer: Bag and TagHandling computer evidence carefullyHandling computer evidence carefully–– Chain of custodyChain of custody–– Evidence collectionEvidence collection–– Evidence identificationEvidence identificationEvidence identificationEvidence identification–– TransportationTransportation–– StorageStorage
Making at least two images of each evidence Making at least two images of each evidence containercontainer–– Perhaps 3rd in criminal case Perhaps 3rd in criminal case –– for discoveryfor discovery
Documenting, Documenting, DocumentingDocumenting, Documenting, Documenting
Preserving Digital EvidencePreserving Digital EvidenceThe “Forensic Image” or “Duplicate”The “Forensic Image” or “Duplicate”
A virtual “clone” of the entire drive
Every bit & byte
“Erased” & reformatted data
Data in “slack” & unallocated space
Virtual memory data
10
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Authenticating the EvidenceAuthenticating the Evidence
Proving that evidence to be analyzed is Proving that evidence to be analyzed is exactly the same as what suspect/party exactly the same as what suspect/party left behindleft behind
–– Readable text and pictures don’t Readable text and pictures don’t i ll t di ll t dmagically appear at randommagically appear at random
–– Calculating hash values for the original Calculating hash values for the original evidence and the images/duplicatesevidence and the images/duplicates
MD5MD5 (Message(Message--Digest algorithm 5)Digest algorithm 5)
SHASHA (Secure Hash Algorithm) (Secure Hash Algorithm) ((NSANSA//NISTNIST))
Write Blockers
Hard drives are imaged using hardware write blockers
What Is a Hash Value?
An MD5 Hash is a 32 character string that looks like:
Acquisition Hash:3FDSJO90U43JIVJU904FRBEWH
Verification Hash:Verification Hash:3FDSJO90U43JIVJU904FRBEWH
The Chances of two different inputs producing the same MD5 Hash is greater than:
1 in 340 Unidecillion: or 1 in 340,000,000,000,000,000,000,000,000,000,000,000,000
11
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Hashing Tools – Examples
http://www.miraclesalad.com/webtools/md5.php
http://www.fileformat.info/tool/md5sum.htm
htt // l ft /h h l /i d hhttp://www.slavasoft.com/hashcalc/index.htm
Also, AccessData’s FTK Imager can be downloaded free at
http://www.accessdata.com/downloads.html
MD5MD5 HashHash128128--bit (16bit (16--byte) byte) message digest message digest ––
a sequence of 32 charactersa sequence of 32 characters
“The quick brown fox jumps over the lazy “The quick brown fox jumps over the lazy dog”dog”
9e107d9d372bb6826bd81d3542a419d69e107d9d372bb6826bd81d3542a419d6
“The quick brown fox jumps over the lazy “The quick brown fox jumps over the lazy dog.”dog.”
e4d909c290d0fb1ca068ffaddf22cbd0e4d909c290d0fb1ca068ffaddf22cbd0
http://www.miraclesalad.com/webtools/md5.php
12
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
13
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
What Happens When What Happens When You Rename a File?You Rename a File?You Rename a File?You Rename a File?
Or Rename the Or Rename the Extension?Extension?Extension?Extension?
14
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
“Hashing” an Image“Hashing” an Image
MD5MD5
021509c96bc7a6a47718950e78e7a371021509c96bc7a6a47718950e78e7a371
SHA1
77fe03b07c0063cf35dc268b19f5a449e5a9738677fe03b07c0063cf35dc268b19f5a449e5a9738677fe03b07c0063cf35dc268b19f5a449e5a97386 77fe03b07c0063cf35dc268b19f5a449e5a97386
MD5ea8450e5e8cf1a1c17c6effccd95b484
SHA101f57f330fb06c16d5872f5c1decdfeb88b69cbc
(single pixel changed using Paint program)
Analyzing the EvidenceAnalyzing the Evidence
Working on bitWorking on bit--stream images of the stream images of the evidence; never the originalevidence; never the original–– Prevents damaging original evidencePrevents damaging original evidence
–– Two backups of the evidenceTwo backups of the evidenceppOne to work onOne to work on
One to copy from if working copy alteredOne to copy from if working copy altered
Analyzing everything Analyzing everything –– Clues may be found in areas or files Clues may be found in areas or files
seemingly unrelatedseemingly unrelated
15
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Sources of Digital GoldSources of Digital GoldInternet historyInternet history
Temp files (cache, cookies etc…)Temp files (cache, cookies etc…)
Slack/unallocated spaceSlack/unallocated space
Buddy lists, chat room records, personal profiles, Buddy lists, chat room records, personal profiles, etcetcetc.etc.
News groups, club listings, postingsNews groups, club listings, postings
Settings, file names, storage datesSettings, file names, storage dates
Metadata (email header information)Metadata (email header information)
Software/hardware addedSoftware/hardware added
File sharing abilityFile sharing ability
EmailEmail
Forms of EvidenceForms of EvidenceFilesFiles–– Present / Active Present / Active (doc’s, spreadsheets, images, (doc’s, spreadsheets, images,
email, etc.)email, etc.)–– Archive Archive (including as backups)(including as backups)
–– Deleted Deleted (in slack and unallocated space)(in slack and unallocated space)
–– TemporaryTemporary (cache, print records, Internet usage(cache, print records, Internet usageTemporary Temporary (cache, print records, Internet usage (cache, print records, Internet usage records, etc.)records, etc.)
–– Encrypted or otherwise hiddenEncrypted or otherwise hidden–– Compressed or corruptedCompressed or corrupted
Fragments of FilesFragments of Files–– ParagraphsParagraphs–– SentencesSentences–– WordsWords
Analysis (cont.)Analysis (cont.)
Existing FilesExisting Files–– MislabeledMislabeled–– HiddenHidden
Deleted FilesDeleted Files–– Trash BinTrash Bin–– Show up in directory listing with Show up in directory listing with in place in place
of first letterof first letter“taxes.xls” appears as ““taxes.xls” appears as “axes.xls”axes.xls”
Free SpaceFree Space
Slack SpaceSlack Space
Swap SpaceSwap Space
16
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
How Data Is StoredHow Data Is Stored
TrackTrack
SectorSector
ClustersClusters are groups of sectors
Free SpaceFree Space
Currently unoccupied, or Currently unoccupied, or “unallocated” space“unallocated” space
May have held information beforeMay have held information before
Valuable source of dataValuable source of data–– Files that have been deletedFiles that have been deleted
–– Files that have been moved during Files that have been moved during defragmentationdefragmentation
–– Old virtual memoryOld virtual memory
Slack SpaceSlack SpaceSpace not occupied by an active file, but Space not occupied by an active file, but not available for use by the operating not available for use by the operating systemsystem
Every file in a computer fills a minimum Every file in a computer fills a minimum y py pamount of spaceamount of space
–– In some old computers, this is one kilobyte, or In some old computers, this is one kilobyte, or 1,024 bytes. In most new computers, this is 32 1,024 bytes. In most new computers, this is 32 kilobytes, or 32,768 byteskilobytes, or 32,768 bytes
–– If you have a file 2,000 bytes long, everything If you have a file 2,000 bytes long, everything after the 2000after the 2000thth byte is slack spacebyte is slack space
17
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
File A(In RAM)
File Asaved to disk,
t
File A over-writes Fil B
File A(SavedTo Disk)
How “Slack” Is GeneratedHow “Slack” Is Generated
File A(Now On
Disk)
File B(“Erased,”On Disk)
on top of File
B
File B, creating
slack
Remains of File B (Slack)
Slack space: The area between the end of the file and the end of the storage unit
Metadata Metadata –– Basic ExamplesBasic Examples
Metadata Metadata –– Track ChangesTrack Changes
18
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Metadata Metadata –– CommentsComments
EXIF DataEXIF Data
Exchangeable Image File Format
Embeds dataEmbeds data into images containing camera information, date and time, and more
79
Ways of Trying to Hide DataWays of Trying to Hide Data
Password protection schemes
Encryption
Steganography
Anonymous remailers
Proxy servers
19
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Selected “Trend”
“Triage” Forensics
“Triage” Forensics
“Rolling” forensics, or “on-site preview”
Image scan
Especially useful in “knock & talk” t it ti i lti lconsent situations, screening multiple
computers to determine which to seize, or probation or parole monitoring
Not all agencies equipped or trained yet to do this.
“Triage” Forensics
Increasingly important, as the number and storage capacities of devices rapidly grow.
But does NOT enable a comprehensive forensically sound examination of anyforensically sound examination of any device on the scene.
“When is enough “When is enough enoughenough?”?”
20
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
“Triage” Forensics - Steps
Attach/Install write-blocking equipment
Turn on target device
Scan for file extensions, such as:.docdoc
.jpg (.jpeg)
.mpg (.mpeg)
.avi
.wmv
.bmp
“Triage” Forensics - Steps
Pull up thumbnail views - 10-96 images at a time
Right click on image, save to CD or separate drive.
Determine file structure or file path.
Resources
https://blogs.sans.org/computer-forensics/
http://www.e-evidence.info/biblio.html
http://craigball.com/p g
– E.g., What Judges Should Know About Computer Forensics (2008)
21
Introduction to Cyber Crime, Digital Evidence, and Computer ForensicsThe Fourth Amendment for Appellate Judges, March 11, 2011Copyright © 2011 National Center for Justice and the Rule of Law – All Rights Reserved
Questions?Questions?
662662--915915--68986898
[email protected]@olemiss.edu
www.ncjrl.orgwww.ncjrl.org
22