Corporate High Technology Investigations building bridges between  Corporate  Security and Law Enforcement Presented by Co...
Introduction  <ul><li>Complexities of modern day systems demand a well defined and refined approach to high technology inv...
Summary of Course <ul><li>To provide insight to the Corporate Security professional and Police detective on how to use the...
Presentation Objectives <ul><li>1. To show Corporate Investigators how they can initiate, prepare, and present a HiTech cr...
Who is in Attendance? <ul><li>Corporate Auditor </li></ul><ul><li>Corporate Security Investigator </li></ul><ul><li>Corpor...
Presentation Topics <ul><li>Systems Analysis Applied to Investigations </li></ul><ul><li>Investigation scenarios  </li></u...
Overview  <ul><li>Topic discussed will be how Corporate Audit or Security can integrate their inquiries into a criminal in...
Connections  <ul><li>The problem solving skills needed for any criminal investigation are very similar to the methods empl...
<ul><li>Prosecutor’s Advantage  </li></ul><ul><li>Corporate Security and System Administrators Investigate </li></ul><ul><...
Systems Analysis Defined <ul><li>“ The examination of an activity, procedure, method, technique, or business to determine ...
Systems Analysis Applied to Audit or Investigations The Life Cycle <ul><li>Preliminary Investigation </li></ul><ul><li>Sys...
Preliminary to Audit or  Investigation <ul><li>A Time to Ask Questions … </li></ul><ul><li>What authority is there to purs...
Preliminary Audit or Investigation <ul><li>Steps used in the Preliminary Investigation… </li></ul><ul><li>1. Define the is...
Systems Analysis <ul><li>Understand the system </li></ul><ul><li>User involvement, gather data </li></ul><ul><li>Analyze d...
Systems Development <ul><li>Start gathering or building the tools. </li></ul><ul><ul><li>Collect off-the-shelf H/W & S/W <...
Systems Implementation <ul><li>Install the new system </li></ul><ul><li>Train users </li></ul><ul><li>Monitor for problems...
Scenario <ul><li>The Environment </li></ul><ul><ul><li>A large high tech company with tens of thousand of workstations </l...
Scenario <ul><li>The Operations Procedures </li></ul><ul><ul><li>Workstations are routinely backed up to central file serv...
Scenario <ul><li>Discovery of a Crime </li></ul><ul><ul><li>During a routine backup data inspection, files indicating crea...
Scenario <ul><li>What do we do now? </li></ul><ul><ul><li>Do we try to identify other offenders? </li></ul></ul><ul><ul><l...
Scenario <ul><li>Questions that might be asked by Corporate Management </li></ul><ul><ul><li>Legal Obligations to report t...
Integrating Systems Analysis into the Audit or Investigation <ul><li>What’s the complaint? </li></ul><ul><ul><li>Did a cri...
Integrating Systems Analysis into the Investigation <ul><li>Investigator or Auditor as Analyst </li></ul><ul><ul><li>Gathe...
Integrating Systems Analysis into the Audit or Investigation <ul><li>Paper-Data Flow </li></ul><ul><ul><li>Memos </li></ul...
The Audit or Investigation  as a Project <ul><li>What is a Project?  </li></ul><ul><li>“ A project is a sequence of unique...
The Integrated Investigation <ul><li>Preliminary Investigation </li></ul><ul><ul><li>What is the crime or infraction? Iden...
The Integrated Investigation <ul><li>Analysis </li></ul><ul><ul><li>What happened? </li></ul></ul><ul><ul><li>Who did it? ...
The Integrated Investigation <ul><li>Design </li></ul><ul><li>Work Breakdown Structures (WBS)  </li></ul><ul><li>Write the...
The Integrated Investigation <ul><li>Design </li></ul><ul><ul><li>Specify how you plan to communicate between each other. ...
The Integrated Investigation <ul><li>The Work Breakdown Structure (WBS) </li></ul><ul><ul><li>A deliverable-oriented group...
The Integrated Investigation <ul><li>The Statement of Work (SOW) </li></ul><ul><ul><li>A narrative description of products...
The Integrated Investigation <ul><li>The Investigator acts as Project Manager  </li></ul><ul><li>Implementation </li></ul>...
The Integrated Investigation <ul><li>Scheduling and time tables </li></ul><ul><ul><li>PERT </li></ul></ul><ul><ul><li>GANT...
The Integrated Investigation <ul><li>PERT </li></ul><ul><ul><li>Program Evaluation Review Technique chart  </li></ul></ul>...
1. Start  preliminary investigation ID  crime 2. Evaluate crime 3. What needs to be done? 4. Draft report Go to 55 55. Sta...
The Integrated Investigation <ul><li>Gantt chart  </li></ul><ul><ul><li>A bar chart used to schedule system activities. </...
Gantt Chart
The Integrated Investigation <ul><li>Investigation Findings </li></ul><ul><li>Completing the investigation. </li></ul><ul>...
HiTech, Inc.  Intranet Internet WWW, Email, etc.   HiTech Proxy Servers HiTech  Firewall Seattle So. CA. St. Louis Phil. C...
HiTech Intranet Internet WWW, Email, etc.   HiTech Proxy Servers * HiTech Firewall Suspect  Users here IP:111.222.333.444 ...
The Corporate High Technology Affidavit <ul><li>Why should Corporate Security use an affidavit? </li></ul><ul><ul><li>Mini...
The Corporate High  Technology Affidavit <ul><li>Defines and limits what is relevant evidence. </li></ul><ul><li>If suspec...
The Corporate High  Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Bona fides </li></ul></ul><ul><ul><ul><li>...
The Corporate High  Technology Affidavit <ul><li>Element :  </li></ul><ul><ul><li>Narrative </li></ul></ul><ul><ul><ul><li...
The Corporate High  Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Suspect Data </li></ul></ul><ul><ul><ul><l...
The Corporate High  Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Address or Location of  </li></ul></ul><ul...
The Corporate High  Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Suspect’s place of work </li></ul></ul><ul...
The Corporate High  Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Training records and policies </li></ul></...
RCW 5.45.020. Business records as evidence <ul><li>A record . . . shall in so far as relevant, be competent evidence if  ....
The Corporate High  Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Ending Declaration </li></ul></ul><ul><ul>...
The Corporate High  Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Exhibits </li></ul></ul><ul><ul><ul><li>Ph...
Why an Affidavit and Warrant <ul><li>The Corporate view </li></ul><ul><li>The Law Enforcement view </li></ul><ul><li>The D...
The Corporate View <ul><li>Delivery of affidavit defines the moment of transition </li></ul><ul><li>Ends Corporate Liabili...
The Law Enforcement View <ul><li>Affidavit simplifies warrant application process </li></ul><ul><li>Warrants give authorit...
The Suspect’s Attorney’s View <ul><li>Do we care? YES </li></ul><ul><li>A well prepared affidavit with exhibits will impre...
The Prosecutor’s View <ul><li>Reduce risk of suppression order/ruling as inadmissible evidence </li></ul><ul><li>Headstart...
USA v Rouse,U.S.Ct.App 8th Cir. 1998 <ul><li>Because the search in this case was conducted without a warrant, the burden i...
Agent of Law Enforcement? <ul><li>THE STATE OF WASHINGTON  v. MOORE, Wash. App. (Div 1) 1989. </li></ul><ul><li>In The Mat...
Agent of Law Enforcement? <ul><li>To prove that a citizen informant was acting as a government agent, &quot;'it must be sh...
Agent of Law Enforcement? <ul><li>. . . did not act as an agent of law enforcement but as an official of the school. Pierc...
Summary <ul><li>Systems Analysis Applied </li></ul><ul><li>Integrating Systems Analysis to High Technology Investigations ...
Where to get more  information or help <ul><li>Attend a college course in Systems Analysis </li></ul><ul><li>Check out you...
Corporate Training Needs <ul><li>Skills needed, background (Data Processing) </li></ul><ul><ul><li>Systems Administration ...
Corporate Training Needs <ul><li>Understanding of  Non-Data Processing Skill Sets </li></ul><ul><ul><li>Company Policies <...
Corporate Training Needs <ul><li>Investigative Skills (Non-Data Processing) </li></ul><ul><ul><li>Criminal/Civil Investiga...
Corporate Training Needs <ul><li>Corporate Audit and IS Security Duties & Responsibilities </li></ul><ul><ul><li>Risk Mana...
Law Enforcement Training Needs <ul><li>Skills needed, background (Data Processing) </li></ul><ul><ul><li>Systems Administr...
Law Enforcement Training Needs <ul><li>Skills needed, background (Technical Investigations) </li></ul><ul><ul><li>Computin...
Law Enforcement Training Needs <ul><li>Crime Prevention </li></ul><ul><ul><li>Risk management and vulnerability analysis f...
Prosecutor’s Training Needs <ul><li>An understanding of vocabulary of the expert witness </li></ul><ul><li>Preparation for...
Prosecutor’s Training Needs <ul><li>Civil Liability Law as it applies to corporation </li></ul>
Professional Organizations <ul><li>Agora  N.W.C.C.A </li></ul><ul><li>C.T.I.N.  C.R.I.M.E. </li></ul><ul><li>H.T.C.I.A.  E...
Consultants  <ul><li>Electronic Discovery, Inc. </li></ul><ul><li>New Dimensions International (NDI) </li></ul><ul><li>New...
Investigators <ul><li>Electronic Discovery, Inc. </li></ul><ul><li>Computer Forensics, Ltd. </li></ul><ul><li>New Dimensio...
Upcoming SlideShare
Loading in …5
×

Corporate Public Investigations

964 views
887 views

Published on

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
964
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Corporate Public Investigations

  1. 1. Corporate High Technology Investigations building bridges between Corporate Security and Law Enforcement Presented by Computer Technology Investigators Northwest Presentation Prepared By Christopher Steuart, The Boeing Company Bill Nelson, The Boeing Company Brian Palmer, King County Sheriff’s Office
  2. 2. Introduction <ul><li>Complexities of modern day systems demand a well defined and refined approach to high technology investigations. </li></ul><ul><li>Law Enforcement frequently has limited resources required to conduct difficult electronic “paper case” investigations and subsequent trials. </li></ul>
  3. 3. Summary of Course <ul><li>To provide insight to the Corporate Security professional and Police detective on how to use the tools of high technology. </li></ul><ul><li>To share experiences and ideas from previous investigations of the presentation and the audience. </li></ul>
  4. 4. Presentation Objectives <ul><li>1. To show Corporate Investigators how they can initiate, prepare, and present a HiTech criminal investigations. </li></ul><ul><li>2. Show Law Enforcement and Prosecutors what Corporate Security needs to know about how to inititate, prepare, and present an investigation. </li></ul>
  5. 5. Who is in Attendance? <ul><li>Corporate Auditor </li></ul><ul><li>Corporate Security Investigator </li></ul><ul><li>Corporate General Counsel </li></ul><ul><li>Police Detective, Sergeants, and Unit Commanders </li></ul><ul><li>Systems or Network Administrators </li></ul><ul><li>Prosecuting Attorneys-Crown Counsel </li></ul>
  6. 6. Presentation Topics <ul><li>Systems Analysis Applied to Investigations </li></ul><ul><li>Investigation scenarios </li></ul><ul><li>Integrating Systems Analysis into the Investigation </li></ul><ul><li>The Corporate Report: Affidavit </li></ul><ul><li>Review </li></ul>
  7. 7. Overview <ul><li>Topic discussed will be how Corporate Audit or Security can integrate their inquiries into a criminal investigation. </li></ul>
  8. 8. Connections <ul><li>The problem solving skills needed for any criminal investigation are very similar to the methods employed in the high technology work environment. </li></ul><ul><li>Here we will discuss the basics of systems analysis and how they might be applied to a high technology audit or investigation. </li></ul>
  9. 9. <ul><li>Prosecutor’s Advantage </li></ul><ul><li>Corporate Security and System Administrators Investigate </li></ul><ul><ul><li>No Fourth Amendment (search and seizure issues) </li></ul></ul><ul><ul><li>No Agent of Law Enforcement issues </li></ul></ul><ul><ul><li>No Electronic Communications Privacy issues </li></ul></ul>
  10. 10. Systems Analysis Defined <ul><li>“ The examination of an activity, procedure, method, technique, or business to determine what must be accomplished and the best method of accomplishing the necessary operation.” </li></ul><ul><li>Computer Dictionary, 3rd Ed. Sippl & Sippl 1982 </li></ul>
  11. 11. Systems Analysis Applied to Audit or Investigations The Life Cycle <ul><li>Preliminary Investigation </li></ul><ul><li>Systems Analysis </li></ul><ul><li>Systems Design </li></ul><ul><li>Systems Development </li></ul><ul><li>Systems Implementation </li></ul>
  12. 12. Preliminary to Audit or Investigation <ul><li>A Time to Ask Questions … </li></ul><ul><li>What authority is there to pursue this issue? </li></ul><ul><li>What is the nature of the issue? </li></ul><ul><li>What is the scope of the issue? </li></ul><ul><li>What are the true objectives? </li></ul>
  13. 13. Preliminary Audit or Investigation <ul><li>Steps used in the Preliminary Investigation… </li></ul><ul><li>1. Define the issue. </li></ul><ul><li>2. Evaluate the issue. </li></ul><ul><li>3. What are the desired benefits? </li></ul><ul><li>4. Create a preliminary report. </li></ul>
  14. 14. Systems Analysis <ul><li>Understand the system </li></ul><ul><li>User involvement, gather data </li></ul><ul><li>Analyze data, identify system requirements </li></ul><ul><li>Summarize the analysis </li></ul>
  15. 15. Systems Development <ul><li>Start gathering or building the tools. </li></ul><ul><ul><li>Collect off-the-shelf H/W & S/W </li></ul></ul><ul><li>Start S/W programming & testing </li></ul><ul><li>Integrate S/W & H/W </li></ul><ul><li>Test & fix errors </li></ul>
  16. 16. Systems Implementation <ul><li>Install the new system </li></ul><ul><li>Train users </li></ul><ul><li>Monitor for problems, correct as needed </li></ul><ul><li>System evaluation—critique </li></ul><ul><li>System maintenance </li></ul>
  17. 17. Scenario <ul><li>The Environment </li></ul><ul><ul><li>A large high tech company with tens of thousand of workstations </li></ul></ul><ul><li>The Company’s Philosophy </li></ul><ul><ul><li>Employees need access to the Internet to stay competitive </li></ul></ul><ul><ul><li>Few restrictions on employees access to the Internet </li></ul></ul>
  18. 18. Scenario <ul><li>The Operations Procedures </li></ul><ul><ul><li>Workstations are routinely backed up to central file servers </li></ul></ul><ul><ul><li>Backed up data is inspected & personal data is deleted to save space on drives </li></ul></ul><ul><li>Known Problems with the Internet </li></ul><ul><ul><li>Since access to the Internet has been in place, low productivity in certain areas of the business has occurred </li></ul></ul>
  19. 19. Scenario <ul><li>Discovery of a Crime </li></ul><ul><ul><li>During a routine backup data inspection, files indicating creation of credit card billing activity was found in one user’s assigned data storage area. </li></ul></ul><ul><ul><li>Assigned data storage area is password protected and is controlled by the user and system administrator. No one else has access to this disk space on the file server. </li></ul></ul>
  20. 20. Scenario <ul><li>What do we do now? </li></ul><ul><ul><li>Do we try to identify other offenders? </li></ul></ul><ul><ul><li>Is there time and budget to conduct a major investigation? </li></ul></ul><ul><ul><li>How much resources do we apply to this investigation? </li></ul></ul><ul><ul><li>Do we put a limit on how much resources we put into investigation? </li></ul></ul>
  21. 21. Scenario <ul><li>Questions that might be asked by Corporate Management </li></ul><ul><ul><li>Legal Obligations to report the crime to police? </li></ul></ul><ul><ul><li>Moral Obligations to report the crime? To Whom? </li></ul></ul><ul><ul><ul><li>Why </li></ul></ul></ul><ul><ul><ul><li>When </li></ul></ul></ul><ul><ul><ul><li>What </li></ul></ul></ul><ul><ul><ul><li>In what form </li></ul></ul></ul>
  22. 22. Integrating Systems Analysis into the Audit or Investigation <ul><li>What’s the complaint? </li></ul><ul><ul><li>Did a crime occur? </li></ul></ul><ul><ul><li>What crime do we believe occurred? </li></ul></ul><ul><ul><li>What other information is there? </li></ul></ul><ul><li>Who is the investigation for (the customer)? </li></ul><ul><ul><li>Corporate Management, CFO </li></ul></ul><ul><ul><li>Corporate General Counsel </li></ul></ul><ul><ul><li>Crown Counsel or Law Enforcement </li></ul></ul>
  23. 23. Integrating Systems Analysis into the Investigation <ul><li>Investigator or Auditor as Analyst </li></ul><ul><ul><li>Gather facts, Identify witnesses and suspects </li></ul></ul><ul><ul><li>Examine data, facts, and become familiar with incident </li></ul></ul><ul><li>Investigation-Audit Communications </li></ul><ul><ul><li>Who needs to know what? </li></ul></ul><ul><ul><li>How much do you need to tell others? </li></ul></ul><ul><ul><li>Is Attorney-Client-Privilege appropriate? </li></ul></ul>
  24. 24. Integrating Systems Analysis into the Audit or Investigation <ul><li>Paper-Data Flow </li></ul><ul><ul><li>Memos </li></ul></ul><ul><ul><li>Graphing </li></ul></ul><ul><ul><li>Matrix assignments </li></ul></ul>
  25. 25. The Audit or Investigation as a Project <ul><li>What is a Project? </li></ul><ul><li>“ A project is a sequence of unique, complex, and connected activities having one goal or purpose and that must be completed by a specific time, within budget, and according to specifications.” Effective Project Management, Wysocki 1995 </li></ul><ul><li>Why apply Project Management methods? </li></ul>
  26. 26. The Integrated Investigation <ul><li>Preliminary Investigation </li></ul><ul><ul><li>What is the crime or infraction? Identify the problem. </li></ul></ul><ul><ul><li>Staffing, Scope, & Budget needs of the investigation. </li></ul></ul><ul><ul><li>Publicity, how do we minimize negative media exposure for the Corporation? </li></ul></ul>
  27. 27. The Integrated Investigation <ul><li>Analysis </li></ul><ul><ul><li>What happened? </li></ul></ul><ul><ul><li>Who did it? </li></ul></ul><ul><ul><li>Can you reverse engineer what had occurred? </li></ul></ul><ul><ul><li>What kind of budget do we have to get the resources needed? </li></ul></ul><ul><ul><li>Can you re-use a pre-existing plan? </li></ul></ul>
  28. 28. The Integrated Investigation <ul><li>Design </li></ul><ul><li>Work Breakdown Structures (WBS) </li></ul><ul><li>Write the Investigation Statement of Work (SOW) </li></ul><ul><ul><li>1. Collect all ideas on how to do the investigation. </li></ul></ul><ul><ul><li>2. Outline the best approach. </li></ul></ul><ul><ul><li>3. Design the investigation plan, create the Workflow. </li></ul></ul>
  29. 29. The Integrated Investigation <ul><li>Design </li></ul><ul><ul><li>Specify how you plan to communicate between each other. </li></ul></ul><ul><ul><li>Build any customized S/W needed to conduct the investigation. </li></ul></ul><ul><ul><li>4. Create the WBS. </li></ul></ul><ul><ul><li>5. Review & update the plan. </li></ul></ul><ul><ul><li>6. Build the needed S/W & H/W tools. </li></ul></ul>
  30. 30. The Integrated Investigation <ul><li>The Work Breakdown Structure (WBS) </li></ul><ul><ul><li>A deliverable-oriented grouping of project elements which organizes and defines the total scope of the project. Each descending level represents an increasingly detailed definition of a project component. Project components may be products or services. </li></ul></ul>
  31. 31. The Integrated Investigation <ul><li>The Statement of Work (SOW) </li></ul><ul><ul><li>A narrative description of products or services to be supplied under contract. </li></ul></ul>
  32. 32. The Integrated Investigation <ul><li>The Investigator acts as Project Manager </li></ul><ul><li>Implementation </li></ul><ul><ul><li>Assign personnel to each WBS. </li></ul></ul><ul><ul><li>Apply the needed resources. </li></ul></ul><ul><ul><li>Starting the High Technology Investigation. </li></ul></ul><ul><ul><li>Review & modify the plan as needed. </li></ul></ul>
  33. 33. The Integrated Investigation <ul><li>Scheduling and time tables </li></ul><ul><ul><li>PERT </li></ul></ul><ul><ul><li>GANTT </li></ul></ul>
  34. 34. The Integrated Investigation <ul><li>PERT </li></ul><ul><ul><li>Program Evaluation Review Technique chart </li></ul></ul><ul><ul><ul><li>A chart showing a network of events connected by activities. </li></ul></ul></ul>
  35. 35. 1. Start preliminary investigation ID crime 2. Evaluate crime 3. What needs to be done? 4. Draft report Go to 55 55. Start systems analysis 56. 56.1 list items needed 56.2 get items needed 56.3 imple- ment items 57. Brian- storm 58. 71. Select analysis Notify manage- ment Review initial findings Review planning Establish commun- cations methods PERT CHART
  36. 36. The Integrated Investigation <ul><li>Gantt chart </li></ul><ul><ul><li>A bar chart used to schedule system activities. </li></ul></ul>
  37. 37. Gantt Chart
  38. 38. The Integrated Investigation <ul><li>Investigation Findings </li></ul><ul><li>Completing the investigation. </li></ul><ul><ul><li>1. Collect and control all evidence. </li></ul></ul><ul><ul><li>2. Analyze data, make report (affidavit). </li></ul></ul><ul><ul><li>3. Submit affidavit and exhibits. </li></ul></ul><ul><ul><li>4. Critique the investigation. </li></ul></ul>
  39. 39. HiTech, Inc. Intranet Internet WWW, Email, etc. HiTech Proxy Servers HiTech Firewall Seattle So. CA. St. Louis Phil. Coco Beach Users Users Users Users Users Users Mesa Witchita HiTech, Inc. Intranet and Internet T3 line
  40. 40. HiTech Intranet Internet WWW, Email, etc. HiTech Proxy Servers * HiTech Firewall Suspect Users here IP:111.222.333.444 Realtime Internet Monitor Process Investigation Proxy Server - suspect Internet data is collected here. Both sent & received data is collected as it occurs. Normal access flow * Utility called Proxy.Pac is updated to tell the Network to sendsuspects Internet activity to Investigation Proxy Server. (http://proxy-support.boeing.com:31060/proxy.pac) Suspect is automatically rerouted to Investigation Proxy Server. to the Internet T3 line
  41. 41. The Corporate High Technology Affidavit <ul><li>Why should Corporate Security use an affidavit? </li></ul><ul><ul><li>Minimize publicity. </li></ul></ul><ul><ul><li>Minimize criminal and civil liability of the business. </li></ul></ul><ul><ul><li>Helps Law Enforcement in processing of any search or arrest warrants. </li></ul></ul><ul><ul><li>Report crosses jurisdictions more readily </li></ul></ul>
  42. 42. The Corporate High Technology Affidavit <ul><li>Defines and limits what is relevant evidence. </li></ul><ul><li>If suspect or incident is out of state, makes reporting from main office easier. </li></ul><ul><li>Simplifies trial preparation. </li></ul><ul><li>Increases the probability of a plea. </li></ul><ul><li>Prosecutor’s outline of expert witness testimony </li></ul>
  43. 43. The Corporate High Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Bona fides </li></ul></ul><ul><ul><ul><li>Your position </li></ul></ul></ul><ul><ul><ul><li>Your experience </li></ul></ul></ul><ul><ul><ul><li>Your education </li></ul></ul></ul><ul><ul><ul><li>Your training </li></ul></ul></ul><ul><ul><ul><li>Your specific investigative experience </li></ul></ul></ul><ul><ul><ul><ul><li>ER 702 (expert witnesses) </li></ul></ul></ul></ul>
  44. 44. The Corporate High Technology Affidavit <ul><li>Element : </li></ul><ul><ul><li>Narrative </li></ul></ul><ul><ul><ul><li>Tell what happened and list sources of information </li></ul></ul></ul><ul><ul><ul><li>Tell how you collected the evidence </li></ul></ul></ul><ul><ul><ul><li>Describe evidence that you have recovered </li></ul></ul></ul><ul><ul><ul><li>Document how you preserved the evidence </li></ul></ul></ul><ul><ul><ul><ul><li>ER 703 (bases for opinions) </li></ul></ul></ul></ul>
  45. 45. The Corporate High Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Suspect Data </li></ul></ul><ul><ul><ul><li>Make notation that source is your company’s business records. Records of regularly conducted business activity. (may be exhibit to affidavit) </li></ul></ul></ul><ul><ul><ul><ul><li>ER 803 (a) (6) RCW 5.45 </li></ul></ul></ul></ul>
  46. 46. The Corporate High Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Address or Location of </li></ul></ul><ul><ul><ul><li>Make notation that source is your company’s business records. Records of regularly conducted business activity. (may be exhibit to affidavit) </li></ul></ul></ul><ul><ul><ul><ul><li>ER 803 (a) (6) RCW 5.45 </li></ul></ul></ul></ul>
  47. 47. The Corporate High Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Suspect’s place of work </li></ul></ul><ul><ul><ul><li>Make notation that source is your company’s business records. Records of regularly conducted business activity. (may be exhibit to affidavit) </li></ul></ul></ul><ul><ul><ul><ul><li>ER 803 (a) (6) RCW 5.45 </li></ul></ul></ul></ul>
  48. 48. The Corporate High Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Training records and policies </li></ul></ul><ul><ul><ul><li>List specific training received by the suspect on company policy. (may be exhibit to affidavit) </li></ul></ul></ul><ul><ul><ul><li>Make notation that source is your company’s business records. Records of regularly conducted business activity. (may be exhibit to affidavit) </li></ul></ul></ul><ul><ul><ul><ul><li>ER 803 (a) (6) RCW 5.45 </li></ul></ul></ul></ul>
  49. 49. RCW 5.45.020. Business records as evidence <ul><li>A record . . . shall in so far as relevant, be competent evidence if . . . qualified witness testifies to its identity and the mode of its preparation, and if it was made in the regular course of business, . . . and if, in the opinion of the court, . . . were such as to justify its admission. </li></ul>
  50. 50. The Corporate High Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Ending Declaration </li></ul></ul><ul><ul><li>Exhibits </li></ul></ul><ul><ul><ul><li>Images extracted from suspect’s computer. </li></ul></ul></ul><ul><ul><ul><li>Log files. </li></ul></ul></ul><ul><ul><ul><li>Email correspondence. </li></ul></ul></ul>
  51. 51. The Corporate High Technology Affidavit <ul><li>Element: </li></ul><ul><ul><li>Exhibits </li></ul></ul><ul><ul><ul><li>Phone records. </li></ul></ul></ul><ul><ul><ul><li>Video surveillance tapes. </li></ul></ul></ul><ul><ul><ul><li>Company records of regularly conducted activity </li></ul></ul></ul>
  52. 52. Why an Affidavit and Warrant <ul><li>The Corporate view </li></ul><ul><li>The Law Enforcement view </li></ul><ul><li>The Defense Attorney’s view </li></ul><ul><li>The Prosecutor’s view </li></ul><ul><li>USA v Rouse,U.S.Ct.App 8th Cir. 1998 </li></ul>
  53. 53. The Corporate View <ul><li>Delivery of affidavit defines the moment of transition </li></ul><ul><li>Ends Corporate Liability for acting as an agent of law enforcement </li></ul><ul><li>Minimizes publicity </li></ul>
  54. 54. The Law Enforcement View <ul><li>Affidavit simplifies warrant application process </li></ul><ul><li>Warrants give authority to </li></ul><ul><ul><li>seize the suspect </li></ul></ul><ul><ul><li>enter the premises and seize evidence </li></ul></ul>
  55. 55. The Suspect’s Attorney’s View <ul><li>Do we care? YES </li></ul><ul><li>A well prepared affidavit with exhibits will impress on a defense attorney that this is a well prepared case and not a case to be tried (from the defense perspective). </li></ul><ul><li>A well prepared affidavit with exhibits will motivate suspect and defense attorney to plead guilty to avoid trial. </li></ul>
  56. 56. The Prosecutor’s View <ul><li>Reduce risk of suppression order/ruling as inadmissible evidence </li></ul><ul><li>Headstart on preparation of expert witness testimony </li></ul><ul><li>Headstart on preparation of exhibits for trial </li></ul><ul><li>Required Discovery and Disclosure materials already on hand </li></ul><ul><li>Negotiation tool </li></ul>
  57. 57. USA v Rouse,U.S.Ct.App 8th Cir. 1998 <ul><li>Because the search in this case was conducted without a warrant, the burden is on the government, as the district court recognized, to prove that the search comported with the requirements of the Fourth Amendment. The warrantless search of luggage is presumptively unreasonable and thus presumptively unconstitutional. </li></ul>
  58. 58. Agent of Law Enforcement? <ul><li>THE STATE OF WASHINGTON v. MOORE, Wash. App. (Div 1) 1989. </li></ul><ul><li>In The Matter Of: Phillips, NC Ct. App. 1998 </li></ul>
  59. 59. Agent of Law Enforcement? <ul><li>To prove that a citizen informant was acting as a government agent, &quot;'it must be shown that the State in some way &quot;instigated, encouraged, counseled, directed, or controlled&quot; the conduct of the private person.'&quot; </li></ul><ul><li>For agency to exist there must be a manifestation of consent by the principal (the police) that the agent (the informant) acts for the police and under their control and consent by the informant that he or she will conduct themselves subject to police control. </li></ul><ul><li>THE STATE OF WASHINGTON v. MOORE, Wash. App. 1989. </li></ul>
  60. 60. Agent of Law Enforcement? <ul><li>. . . did not act as an agent of law enforcement but as an official of the school. Pierce was not a sworn law enforcement officer, he had no arrest power, and was not affiliated with any law enforcement agency. </li></ul><ul><li>Moreover, Pierce did not question the juvenile to obtain information to use in criminal proceedings but questioned her simply for school disciplinary purposes. </li></ul><ul><li>IN THE MATTER OF PHILLIPS, North Carolina Ct App. 1998. </li></ul>
  61. 61. Summary <ul><li>Systems Analysis Applied </li></ul><ul><li>Integrating Systems Analysis to High Technology Investigations </li></ul><ul><li>Corporate High Technology Affidavit </li></ul><ul><li>Warrants </li></ul>
  62. 62. Where to get more information or help <ul><li>Attend a college course in Systems Analysis </li></ul><ul><li>Check out your local college library or bookstore </li></ul><ul><li>Specialized Training </li></ul>
  63. 63. Corporate Training Needs <ul><li>Skills needed, background (Data Processing) </li></ul><ul><ul><li>Systems Administration (UNIX, NT, Supermini, Mainframe) </li></ul></ul><ul><ul><li>Computer Programming (C/C++, SQL, etc.) </li></ul></ul><ul><ul><li>Systems Analysis/Project Management </li></ul></ul>
  64. 64. Corporate Training Needs <ul><li>Understanding of Non-Data Processing Skill Sets </li></ul><ul><ul><li>Company Policies </li></ul></ul><ul><ul><li>State Criminal Codes (in United States) </li></ul></ul><ul><ul><li>Criminal Practice and Procedure </li></ul></ul><ul><ul><li>Federal Criminal Code (in United States and Canada) </li></ul></ul><ul><ul><li>Civil Liability Law (tort, contracts, etc) </li></ul></ul>
  65. 65. Corporate Training Needs <ul><li>Investigative Skills (Non-Data Processing) </li></ul><ul><ul><li>Criminal/Civil Investigations </li></ul></ul><ul><ul><li>Computing/Networking Forensics </li></ul></ul><ul><ul><li>EDP Auditing </li></ul></ul>
  66. 66. Corporate Training Needs <ul><li>Corporate Audit and IS Security Duties & Responsibilities </li></ul><ul><ul><li>Risk Management of high technology </li></ul></ul><ul><ul><li>Computing/Network Assessments </li></ul></ul><ul><ul><li>Contingency Planning & Implementation </li></ul></ul><ul><ul><li>EDP Physical & Data Security </li></ul></ul><ul><ul><li>Incident Response Administration </li></ul></ul><ul><ul><li>Information Warfare/Industrial Espionage Protection </li></ul></ul>
  67. 67. Law Enforcement Training Needs <ul><li>Skills needed, background (Data Processing) </li></ul><ul><ul><li>Systems Administration (UNIX, NT, Supermini, Mainframe) </li></ul></ul><ul><ul><li>Computer Programming (C/C++, SQL, etc.) </li></ul></ul><ul><ul><li>Systems Analysis/Project Management </li></ul></ul>
  68. 68. Law Enforcement Training Needs <ul><li>Skills needed, background (Technical Investigations) </li></ul><ul><ul><li>Computing/Networking Forensics </li></ul></ul><ul><ul><li>EDP Auditing </li></ul></ul>
  69. 69. Law Enforcement Training Needs <ul><li>Crime Prevention </li></ul><ul><ul><li>Risk management and vulnerability analysis for high technology environments </li></ul></ul><ul><ul><ul><li>Computing/Network Assessments </li></ul></ul></ul><ul><ul><ul><li>Contingency Planning & Implementation </li></ul></ul></ul><ul><ul><ul><li>EDP Physical & Data Security </li></ul></ul></ul>
  70. 70. Prosecutor’s Training Needs <ul><li>An understanding of vocabulary of the expert witness </li></ul><ul><li>Preparation for examination of expert witness </li></ul><ul><ul><li>Computing/Networking Forensics </li></ul></ul><ul><ul><li>EDP Auditing </li></ul></ul><ul><ul><li>Systems Analysis </li></ul></ul><ul><ul><li>Project Management </li></ul></ul>
  71. 71. Prosecutor’s Training Needs <ul><li>Civil Liability Law as it applies to corporation </li></ul>
  72. 72. Professional Organizations <ul><li>Agora N.W.C.C.A </li></ul><ul><li>C.T.I.N. C.R.I.M.E. </li></ul><ul><li>H.T.C.I.A. E.C.I.R.G. </li></ul><ul><li>A.S.I.S A.S.C.F.E. </li></ul><ul><li>N.C.T & C.A.S. </li></ul>
  73. 73. Consultants <ul><li>Electronic Discovery, Inc. </li></ul><ul><li>New Dimensions International (NDI) </li></ul><ul><li>New Techologies Incorporated (NTI) </li></ul><ul><li>Analysts International Corporation (AiC) </li></ul>
  74. 74. Investigators <ul><li>Electronic Discovery, Inc. </li></ul><ul><li>Computer Forensics, Ltd. </li></ul><ul><li>New Dimensions International (NDI) </li></ul><ul><li>New Technologies Incorporated (NTI) </li></ul>

×