Law Enforcement Role in Computer Investigations
 
History of the Computer... <ul><li>UNIVAC </li></ul><ul><li>UNIVAC evolved into main frame computer </li></ul><ul><li>Phon...
History of the Computer... <ul><li>Popular Science magazine showed plans for a “personal” computer </li></ul><ul><li>Apple...
First Criminal Case? <ul><li>First computer crime case was reported in what year?… </li></ul>1958
What are the Crimes? <ul><li>What is the most committed computer crime? </li></ul><ul><ul><li>Financial Crimes </li></ul><...
How Much is Being Report? <ul><li>Less than 10% of computer crimes are reported! </li></ul>
Confirmed Intrusions - 1997... <ul><li>1997 -  1,134   confirmed  instances of intrusions… </li></ul><ul><ul><li>Affected ...
What If? <ul><li>What if all the intrusions were reported? </li></ul><ul><ul><li><200,000 instances of intrusion in 1997 <...
Impact on Law Enforcement… <ul><li>Automobile accelerated and decentralized crime by creating the mobile criminal </li></u...
Computers are Involved in Three Types of Crimes... <ul><li>Target of the Crime -   </li></ul><ul><ul><li>Theft of long-dis...
Computers are Involved in Three Types of Crimes... <ul><li>Instrument of the Crime -   </li></ul><ul><ul><li>Solicitation ...
Computers are Involved in Three Types of Crimes... <ul><li>Repository of Information -   </li></ul><ul><ul><li>Fraud/Embez...
Unique Electronic Crime Scene.. <ul><li>Electronic crime scene is very fragile </li></ul><ul><li>Electronic evidence can b...
Unique Electronic Crime Scene... <ul><li>Traditional  Physical  Evidence –  </li></ul><ul><ul><li>Spent bullets </li></ul>...
Unique Electronic Crime Scene... <ul><li>Electronic Data is Ambient – </li></ul><ul><ul><li>Static electricity </li></ul><...
Hiding the Evidence... <ul><li>Physical evidence may be thrown away but usually is retrievable </li></ul><ul><li>Computer ...
Transfer Theory of Evidence... <ul><li>A criminal will always take something from and leave something behind, however minu...
Futurists Predict... <ul><li>“By the year 2000, there will be so much computer related crime, law enforcement will be redu...
The Future... <ul><li>Electronic devices have lead to a level of New Age Crime. </li></ul><ul><li>Internet fraud is rapidl...
Forensic Investigators v. Computer Crime Investigators? <ul><li>Analyst v. Forensics </li></ul>OR OR OR <ul><li>On-line In...
State Statutes...
Civilian v. Law Enforcement Officer? <ul><li>Law Enforcement-Positive… </li></ul><ul><ul><li>Good Training </li></ul></ul>...
Civilian v. Law Enforcement Officer? <ul><li>Civilian-Positive… </li></ul><ul><ul><li>Exciting work </li></ul></ul><ul><ul...
How Does Private Industry Keep Up?  How Can the Police Keep Up? How Does Anybody Keep Up?
Equipment Issues... <ul><li>Hardware - $5000 to $10,000 </li></ul><ul><li>Software - $5000 to $10,000 </li></ul>$
Seizure v. Not Seizing... <ul><li>Time? </li></ul><ul><li>Environment? </li></ul><ul><li>Seizure Time? </li></ul>
Network v. Desktop
Multi-Jurisdictional Issues... <ul><li>City </li></ul><ul><li>County </li></ul><ul><li>State </li></ul><ul><li>Federal </l...
Civil V. Criminal... <ul><li>The Hypothetical Widget Company </li></ul>
Forensics v. Analyst... <ul><li>What is the best description of a computer forensics unit? </li></ul><ul><ul><li>Crime Lab...
Pro-Active Investigative Issues... <ul><li>Were do we start? </li></ul>
History of Computer Forensics... <ul><li>DOS Rules! </li></ul><ul><li>GUI is Best! </li></ul><ul><li>Stand Alones are the ...
Search Warrant Issues... <ul><li>What is a container? </li></ul><ul><li>What is the best description for a computer? </li>...
Legal Issues... <ul><li>Case Law is being written as we speak </li></ul><ul><ul><li>Don’t be apart of bad-case law </li></...
State Issues to Pro-Active Investigations... <ul><li>Two-party consent </li></ul><ul><li>E-Mail </li></ul><ul><li>Voice Ma...
Federal Issues... <ul><li>WHERE’S THE MONEY? </li></ul>
Defense Issues… <ul><li>Evidence Seized </li></ul><ul><li>Training of police at search warrant </li></ul><ul><li>Training ...
Report Types...
COMPUTER FORENSICS UNIT
History of the Computer Forensics Unit <ul><li>1987 - Crime Analysis Unit </li></ul><ul><ul><li>6 Full Time Employees </li...
History of the Computer Forensics Unit <ul><li>1995 - Investigative Support Unit </li></ul><ul><ul><li>2 Full Time Detecti...
History of the Computer Forensics Unit <ul><li>1998 - Computer Forensics Unit </li></ul><ul><ul><li>1 Full Time Detective ...
History of the Computer Forensics Unit <ul><li>Today - Computer Forensics Unit </li></ul><ul><ul><li>1 Full Time Detective...
The Future... <ul><li>Renamed to the Computer Crimes Unit </li></ul><ul><ul><li>1 Full Time Sergeant </li></ul></ul><ul><u...
Case Load - 1998 <ul><li>40 Forensic Examinations </li></ul><ul><li>63 Computers (83 Partitions) </li></ul><ul><li>1200 Di...
Case Load - 1999 <ul><li>55+ Forensic Examinations to Date </li></ul>4.8 GB Per Case (HD Only)
Case Type <ul><li>Homicide </li></ul><ul><li>Suicide </li></ul><ul><li>Arson </li></ul><ul><li>Stalking </li></ul><ul><li>...
Case Type <ul><li>Child Pornography </li></ul><ul><li>Child Solicitation </li></ul><ul><li>Administrative Investigations -...
Cases of Interest <ul><li>Embezzlement Case  </li></ul><ul><ul><li>$750,000 found in deleted file </li></ul></ul><ul><li>C...
 
 
 
Equipment <ul><li>Computers </li></ul><ul><ul><li>5 - 266 to 450 MHz, Pentium II Machines </li></ul></ul><ul><ul><ul><li>2...
 
Equipment <ul><li>Peripherals </li></ul><ul><ul><li>4 - Zip Plus Drives </li></ul></ul><ul><ul><li>2 - Two GB Jaz Drives <...
Equipment <ul><li>Tape Drives </li></ul><ul><ul><li>2 - Wangdat Drives </li></ul></ul><ul><ul><li>3 - Conner Drives </li><...
Equipment <ul><li>CD Drives </li></ul><ul><ul><li>5 - CD ROM’s </li></ul></ul><ul><ul><li>1 - CDR </li></ul></ul>
Equipment <ul><li>1/2 Terabytes of storage capacity </li></ul>
 
Summary Slide <ul><li>How Much is Being Report? </li></ul><ul><li>Computers are Involved in Three Types of Crimes... </li>...
Experts? <ul><li>Civilians </li></ul><ul><li>Police </li></ul><ul><ul><li>What about reports? </li></ul></ul>
Scenario 1 <ul><li>Kid Missing! </li></ul>
Scenario 2 <ul><li>Pro-active Internet Investigation </li></ul>
How it Works...
What is Needed? <ul><li>Search Warrant </li></ul><ul><li>Affidavit </li></ul><ul><li>Key Words </li></ul><ul><li>CPU </li>...
 
 
Duplicate Image... Suspect’s Computer WSP Computer
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Liability... <ul><li>Police officers must execute search warrants to avoid unnecessary destruction of property.  Departmen...
Evidence Handling <ul><li>Look for hidden passwords! </li></ul>
Resources on the Internet... <ul><li>Federal Guidelines for Searching and Seizing Computers </li></ul><ul><ul><li>www.usdo...
Other Resources... <ul><li>Training </li></ul><ul><ul><li>City U </li></ul></ul><ul><ul><li>CTIN </li></ul></ul><ul><ul><l...
On Going Issues... <ul><li>Staffing </li></ul><ul><li>Education </li></ul><ul><li>Equipment </li></ul><ul><li>Training </l...
Where Are We Going? <ul><li>WSP – Computer Crime Unit </li></ul><ul><li>Federal Task Forces </li></ul>
Who to Contact... <ul><li>Sergeant Jim Faust </li></ul><ul><li>Detective Steve Beltz </li></ul>360-753-3277
 
 
Upcoming SlideShare
Loading in …5
×

Law Enforcement Role In Computing

1,357 views

Published on

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,357
On SlideShare
0
From Embeds
0
Number of Embeds
27
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Law Enforcement Role In Computing

    1. 1. Law Enforcement Role in Computer Investigations
    2. 3. History of the Computer... <ul><li>UNIVAC </li></ul><ul><li>UNIVAC evolved into main frame computer </li></ul><ul><li>Phone Phreaks emerged </li></ul><ul><li>1951 </li></ul><ul><li>1960 – 1970 </li></ul><ul><li>1954 </li></ul>
    3. 4. History of the Computer... <ul><li>Popular Science magazine showed plans for a “personal” computer </li></ul><ul><li>Apple Computer premiered during Super Bowl commercial </li></ul><ul><li>Progression from 8086 & 8088 chips running from 8 MHz to 450+ MHz </li></ul><ul><li>1970 (Mid) </li></ul><ul><li>1981 </li></ul><ul><li>1980-1990 </li></ul>
    4. 5. First Criminal Case? <ul><li>First computer crime case was reported in what year?… </li></ul>1958
    5. 6. What are the Crimes? <ul><li>What is the most committed computer crime? </li></ul><ul><ul><li>Financial Crimes </li></ul></ul><ul><li>What is the most common case worked by investigators? </li></ul>-Child Pornography
    6. 7. How Much is Being Report? <ul><li>Less than 10% of computer crimes are reported! </li></ul>
    7. 8. Confirmed Intrusions - 1997... <ul><li>1997 - 1,134 confirmed instances of intrusions… </li></ul><ul><ul><li>Affected approx 150,000 systems in 1997 </li></ul></ul><ul><ul><li>> 10% of intrusions are detected (?) </li></ul></ul>
    8. 9. What If? <ul><li>What if all the intrusions were reported? </li></ul><ul><ul><li><200,000 instances of intrusion in 1997 </li></ul></ul><ul><ul><li>How many computers? </li></ul></ul>
    9. 10. Impact on Law Enforcement… <ul><li>Automobile accelerated and decentralized crime by creating the mobile criminal </li></ul><ul><li>The computer chip compounded the problem - </li></ul><ul><ul><li>remoteness from crime scene </li></ul></ul><ul><ul><li>anonymity </li></ul></ul><ul><ul><li>data encryption </li></ul></ul>
    10. 11. Computers are Involved in Three Types of Crimes... <ul><li>Target of the Crime - </li></ul><ul><ul><li>Theft of long-distance service </li></ul></ul><ul><ul><li>Computer and component theft </li></ul></ul><ul><ul><li>System Intrusion </li></ul></ul><ul><ul><li>Cellular phone cloning </li></ul></ul><ul><ul><li>Software Piracy </li></ul></ul><ul><ul><li>Software theft </li></ul></ul>
    11. 12. Computers are Involved in Three Types of Crimes... <ul><li>Instrument of the Crime - </li></ul><ul><ul><li>Solicitation of minors </li></ul></ul><ul><ul><li>Harassment/Stalking </li></ul></ul><ul><ul><li>Prescription Fraud </li></ul></ul><ul><ul><li>Credit Card Fraud </li></ul></ul><ul><ul><li>Counterfeiting </li></ul></ul>
    12. 13. Computers are Involved in Three Types of Crimes... <ul><li>Repository of Information - </li></ul><ul><ul><li>Fraud/Embezzlement </li></ul></ul><ul><ul><li>Pornography </li></ul></ul><ul><ul><li>Narcotics </li></ul></ul><ul><ul><li>Traditional Crimes </li></ul></ul>
    13. 14. Unique Electronic Crime Scene.. <ul><li>Electronic crime scene is very fragile </li></ul><ul><li>Electronic evidence can be stored on - </li></ul><ul><ul><li>Computer </li></ul></ul><ul><ul><li>Digital answering machine </li></ul></ul><ul><ul><li>Pager </li></ul></ul><ul><ul><li>Fax machine </li></ul></ul>
    14. 15. Unique Electronic Crime Scene... <ul><li>Traditional Physical Evidence – </li></ul><ul><ul><li>Spent bullets </li></ul></ul><ul><ul><li>Broken glass </li></ul></ul><ul><ul><li>Pry marks </li></ul></ul>
    15. 16. Unique Electronic Crime Scene... <ul><li>Electronic Data is Ambient – </li></ul><ul><ul><li>Static electricity </li></ul></ul><ul><ul><li>Dust </li></ul></ul><ul><ul><li>Heat </li></ul></ul><ul><ul><li>Magnetic fields </li></ul></ul>
    16. 17. Hiding the Evidence... <ul><li>Physical evidence may be thrown away but usually is retrievable </li></ul><ul><li>Computer data can be encrypted </li></ul><ul><li>Steganography – </li></ul>-Allows data to be hidden inside a graphic
    17. 18. Transfer Theory of Evidence... <ul><li>A criminal will always take something from and leave something behind, however minute or transitory, from any crime scene </li></ul><ul><li>How does this apply to a network intrusion? </li></ul><ul><ul><li>The Key - no PHYSICAL evidence </li></ul></ul>
    18. 19. Futurists Predict... <ul><li>“By the year 2000, there will be so much computer related crime, law enforcement will be reduced to taking reports because we will not know how to investigate.” </li></ul><ul><ul><li>Dr. William Tafoya 1988 and 1997 </li></ul></ul>
    19. 20. The Future... <ul><li>Electronic devices have lead to a level of New Age Crime. </li></ul><ul><li>Internet fraud is rapidly expanding </li></ul><ul><li>Training and equipment become quickly outdated. </li></ul>
    20. 21. Forensic Investigators v. Computer Crime Investigators? <ul><li>Analyst v. Forensics </li></ul>OR OR OR <ul><li>On-line Investigations v Forensics </li></ul><ul><li>Pro-active v. Re-active </li></ul>
    21. 22. State Statutes...
    22. 23. Civilian v. Law Enforcement Officer? <ul><li>Law Enforcement-Positive… </li></ul><ul><ul><li>Good Training </li></ul></ul><ul><ul><li>High Case Load (Lots of experience) </li></ul></ul><ul><li>Law Enforcement-Negative… </li></ul><ul><ul><li>Poor Training </li></ul></ul><ul><ul><li>High Case Load (Too much work) </li></ul></ul><ul><ul><li>Low Pay </li></ul></ul>
    23. 24. Civilian v. Law Enforcement Officer? <ul><li>Civilian-Positive… </li></ul><ul><ul><li>Exciting work </li></ul></ul><ul><ul><li>Good Pay </li></ul></ul><ul><li>Civilian-Negative… </li></ul><ul><ul><li>Poor pay </li></ul></ul><ul><ul><li>High Stress </li></ul></ul><ul><ul><li>Equipment/Training Costs </li></ul></ul>
    24. 25. How Does Private Industry Keep Up? How Can the Police Keep Up? How Does Anybody Keep Up?
    25. 26. Equipment Issues... <ul><li>Hardware - $5000 to $10,000 </li></ul><ul><li>Software - $5000 to $10,000 </li></ul>$
    26. 27. Seizure v. Not Seizing... <ul><li>Time? </li></ul><ul><li>Environment? </li></ul><ul><li>Seizure Time? </li></ul>
    27. 28. Network v. Desktop
    28. 29. Multi-Jurisdictional Issues... <ul><li>City </li></ul><ul><li>County </li></ul><ul><li>State </li></ul><ul><li>Federal </li></ul>
    29. 30. Civil V. Criminal... <ul><li>The Hypothetical Widget Company </li></ul>
    30. 31. Forensics v. Analyst... <ul><li>What is the best description of a computer forensics unit? </li></ul><ul><ul><li>Crime Lab? </li></ul></ul><ul><ul><li>Analyst? </li></ul></ul>
    31. 32. Pro-Active Investigative Issues... <ul><li>Were do we start? </li></ul>
    32. 33. History of Computer Forensics... <ul><li>DOS Rules! </li></ul><ul><li>GUI is Best! </li></ul><ul><li>Stand Alones are the only thing we will touch! </li></ul><ul><li>MAC – Ouch! </li></ul><ul><li>LINUX/UNIX – Double Ouch! </li></ul>
    33. 34. Search Warrant Issues... <ul><li>What is a container? </li></ul><ul><li>What is the best description for a computer? </li></ul><ul><ul><li>Filing Cabinet? </li></ul></ul>
    34. 35. Legal Issues... <ul><li>Case Law is being written as we speak </li></ul><ul><ul><li>Don’t be apart of bad-case law </li></ul></ul><ul><li>Child Pornography v. Nudist Camp </li></ul><ul><li>Is viewing actually possession? </li></ul><ul><li>Can we take a business down because of a bad employee? </li></ul>
    35. 36. State Issues to Pro-Active Investigations... <ul><li>Two-party consent </li></ul><ul><li>E-Mail </li></ul><ul><li>Voice Mail </li></ul>
    36. 37. Federal Issues... <ul><li>WHERE’S THE MONEY? </li></ul>
    37. 38. Defense Issues… <ul><li>Evidence Seized </li></ul><ul><li>Training of police at search warrant </li></ul><ul><li>Training of computer forensic examiner </li></ul>
    38. 39. Report Types...
    39. 40. COMPUTER FORENSICS UNIT
    40. 41. History of the Computer Forensics Unit <ul><li>1987 - Crime Analysis Unit </li></ul><ul><ul><li>6 Full Time Employees </li></ul></ul><ul><li>1993 - Technical Support Unit </li></ul><ul><ul><li>3 Full Time Employees </li></ul></ul><ul><ul><li>1 National Guard Employee </li></ul></ul>
    41. 42. History of the Computer Forensics Unit <ul><li>1995 - Investigative Support Unit </li></ul><ul><ul><li>2 Full Time Detectives </li></ul></ul><ul><ul><li>1 National Guard </li></ul></ul><ul><li>1997 – Computer Forensics Unit </li></ul><ul><ul><li>2 Full Time Detectives </li></ul></ul><ul><ul><li>1 National Guard </li></ul></ul>
    42. 43. History of the Computer Forensics Unit <ul><li>1998 - Computer Forensics Unit </li></ul><ul><ul><li>1 Full Time Detective </li></ul></ul><ul><ul><li>1 National Guard Employee </li></ul></ul>
    43. 44. History of the Computer Forensics Unit <ul><li>Today - Computer Forensics Unit </li></ul><ul><ul><li>1 Full Time Detective </li></ul></ul>
    44. 45. The Future... <ul><li>Renamed to the Computer Crimes Unit </li></ul><ul><ul><li>1 Full Time Sergeant </li></ul></ul><ul><ul><li>2 Full Time Detectives </li></ul></ul>
    45. 46. Case Load - 1998 <ul><li>40 Forensic Examinations </li></ul><ul><li>63 Computers (83 Partitions) </li></ul><ul><li>1200 Diskettes, Tapes & CD’s </li></ul>2.5 GB Per Case (HD Only)
    46. 47. Case Load - 1999 <ul><li>55+ Forensic Examinations to Date </li></ul>4.8 GB Per Case (HD Only)
    47. 48. Case Type <ul><li>Homicide </li></ul><ul><li>Suicide </li></ul><ul><li>Arson </li></ul><ul><li>Stalking </li></ul><ul><li>Fraud </li></ul><ul><li>Narcotics </li></ul>
    48. 49. Case Type <ul><li>Child Pornography </li></ul><ul><li>Child Solicitation </li></ul><ul><li>Administrative Investigations - </li></ul><ul><ul><li>Deleting files </li></ul></ul><ul><ul><li>Personal Use </li></ul></ul><ul><ul><li>Misuse of State/County/City Equipment </li></ul></ul><ul><ul><li>Pornography </li></ul></ul>
    49. 50. Cases of Interest <ul><li>Embezzlement Case </li></ul><ul><ul><li>$750,000 found in deleted file </li></ul></ul><ul><li>Child Pornography Investigations </li></ul><ul><ul><li>44,000+ Images </li></ul></ul>
    50. 54. Equipment <ul><li>Computers </li></ul><ul><ul><li>5 - 266 to 450 MHz, Pentium II Machines </li></ul></ul><ul><ul><ul><li>20 SCSI Hard Drives </li></ul></ul></ul><ul><ul><li>3 - Lap Tops </li></ul></ul>
    51. 56. Equipment <ul><li>Peripherals </li></ul><ul><ul><li>4 - Zip Plus Drives </li></ul></ul><ul><ul><li>2 - Two GB Jaz Drives </li></ul></ul><ul><ul><li>1 - One GB Jaz Drive </li></ul></ul><ul><ul><li>2 - Syjet Drives </li></ul></ul><ul><ul><li>1 - Ezflyer Drive </li></ul></ul>
    52. 57. Equipment <ul><li>Tape Drives </li></ul><ul><ul><li>2 - Wangdat Drives </li></ul></ul><ul><ul><li>3 - Conner Drives </li></ul></ul><ul><ul><li>1 - Ditto Drive </li></ul></ul>
    53. 58. Equipment <ul><li>CD Drives </li></ul><ul><ul><li>5 - CD ROM’s </li></ul></ul><ul><ul><li>1 - CDR </li></ul></ul>
    54. 59. Equipment <ul><li>1/2 Terabytes of storage capacity </li></ul>
    55. 61. Summary Slide <ul><li>How Much is Being Report? </li></ul><ul><li>Computers are Involved in Three Types of Crimes... </li></ul><ul><li>Transfer Theory of Evidence... </li></ul><ul><li>Forensic Investigators v. Computer Crime Investigators? </li></ul><ul><li>Civilian v. Law Enforcement Officer? </li></ul>
    56. 62. Experts? <ul><li>Civilians </li></ul><ul><li>Police </li></ul><ul><ul><li>What about reports? </li></ul></ul>
    57. 63. Scenario 1 <ul><li>Kid Missing! </li></ul>
    58. 64. Scenario 2 <ul><li>Pro-active Internet Investigation </li></ul>
    59. 65. How it Works...
    60. 66. What is Needed? <ul><li>Search Warrant </li></ul><ul><li>Affidavit </li></ul><ul><li>Key Words </li></ul><ul><li>CPU </li></ul><ul><li>Diskettes </li></ul><ul><li>CD’s </li></ul><ul><li>Zip/Jaz Disks </li></ul>
    61. 69. Duplicate Image... Suspect’s Computer WSP Computer
    62. 87. Liability... <ul><li>Police officers must execute search warrants to avoid unnecessary destruction of property. Departments risk liability for failing to properly train officers proper procedures for searching and seizing computer evidence. </li></ul><ul><ul><li>Ginter v. Stallcu, 869 F 2d 384 (1998) </li></ul></ul><ul><ul><li>Tarpley v. Green, 684 F.2d 1 (1982) </li></ul></ul>
    63. 88. Evidence Handling <ul><li>Look for hidden passwords! </li></ul>
    64. 89. Resources on the Internet... <ul><li>Federal Guidelines for Searching and Seizing Computers </li></ul><ul><ul><li>www.usdoj.gov/criminal/cybercrime </li></ul></ul>
    65. 90. Other Resources... <ul><li>Training </li></ul><ul><ul><li>City U </li></ul></ul><ul><ul><li>CTIN </li></ul></ul><ul><ul><li>IACIS </li></ul></ul><ul><ul><li>SEARCH </li></ul></ul><ul><ul><li>National White Collar Crime Center </li></ul></ul>
    66. 91. On Going Issues... <ul><li>Staffing </li></ul><ul><li>Education </li></ul><ul><li>Equipment </li></ul><ul><li>Training </li></ul>
    67. 92. Where Are We Going? <ul><li>WSP – Computer Crime Unit </li></ul><ul><li>Federal Task Forces </li></ul>
    68. 93. Who to Contact... <ul><li>Sergeant Jim Faust </li></ul><ul><li>Detective Steve Beltz </li></ul>360-753-3277

    ×