• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Digital Crime & Forensics - Presentation
 

Digital Crime & Forensics - Presentation

on

  • 2,508 views

Presentation - Digital Crime and Forensics - Prashant Mahajan & Penelope Forbes

Presentation - Digital Crime and Forensics - Prashant Mahajan & Penelope Forbes

Statistics

Views

Total Views
2,508
Views on SlideShare
2,385
Embed Views
123

Actions

Likes
0
Downloads
120
Comments
0

1 Embed 123

http://prashantmahajan.wordpress.com 123

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Digital Crime & Forensics - Presentation Digital Crime & Forensics - Presentation Presentation Transcript

    • Prashant Mahajan & Penelope Forbes
    • Agenda What is Digital Crime What is Forensics Conventional Crime vs Digital Crime Forensics at Fault Different Countries, Law Enforcement and Courts New Trends in Cyber Law and Law Enforcement Recommendations/Evaluation
    • What is Digital Crime?
    • Digital Crime is… Problematical Any crime where computer is a tool, target or both Offences against computer data or systems Unauthorised access, modification or impairment of a computer or digital system Offences against the confidentiality, integrity and availability of computer data and systems
    • Digital Crime is… Cntd.“If getting rich were as simple as downloading and running software, wouldn’t more people do it?”researchers Dinei Florêncio and Cormac Herley ask in their Times editorial, "The Cybercrime Wave That Wasnt.“
    • Examples of digital crime Malicious Code Denial of Service Man In The Middle Spam Phishing
    • Case Studies 2007 Estonia attack  Cyber attacks from an unknown source  Most believe Russia was the attacker  Key websites were subject to denial-of-service attacks which rendered their services inaccessible and unavailable  Outcome?
    • Nigerian 4-1-9 Scams Scammers contact target by email or letter Offer target a share of a large sum of money Attacker states that they cannot access money Target ends up transferring money or fees to the attacker
    • What is Forensics?
    • Forensics is… The lawful and ethical seizure, acquisition, analysis, reporting and safeguarding of data and meta-data derived from digital devices which may contain information that is notable and perhaps of evidentiary value to the trier of fact in managerial, evidentiary value to the trier of fact in managerial, administrative, civil and criminal investigations. - Larry Leibrock, PhD, 1998 Forensic Science is science exercised on behalf of the law in the just resolution of conflict (Thornton 1997).
    • Computer ForensicsComputer Forensics involves: Identification Preservation Extraction Documentation Interpretation and Presentationof computer data in such a way that it can belegally admissible.
    • What forensics is not… Pro-Active (Security)  But reactive to an event or request About finding the bad guy/criminal  But finding evidence of value Something you do for fun  Expertise is needed Quick  2 TB drives are easily available  OS X 10.4 supports 8 Exabyte or 8 million TB
    • Searching for a needle in ahaystack…
    • Computer Forensics Identification  Identify Evidence  Identify type of information available  Determine how best to retrieve it
    • Computer Forensics Preservation  Preserve evidence with least amount of change possible  Must be able to account for any change  Chain of custody
    • Computer Forensics Analysis  Extract  Process  Interpret
    • Computer Forensics Types of Evidence  Inculpatory Evidence: Supports a given theory  Exculpatory Evidence: Contradicts a given theory  Evidence of Tampering: Shows that the system was tampered with to avoid identification
    • Computer ForensicsPresentation  Evidence will be accepted in court on:- ○ Manner of presentation ○ Qualifications of the presenter ○ Credibility of the processes used to preserve and analyze evidence ○ If you can duplicate the process
    • Some Tools of the Trade Logicube Portable Forensic Lab (PFL) Forensic Talon, Forensic Dossier CyberCheck Suite (C-DAC) Encase, Forensic Toolkit (FTK), Sleuthkit X-Ways Forensics, X-Ways Trace Celldek-Tek, MOBILedit! Forensic, Oxygen Forensic Suite, Paraben CDR-Analyzer (Call Data Record) NetworkMiner, Wireshark SimCON Helix, DEFT, SANS Sift Kit, Matriux, Backtrack
    • Commercial vs Open-Source Tools Some advantages Commercial tools have over Open-Source tools:  Better Documentation  Commercial Level Support  Slick GUI (Graphical User Interface), user-friendly  In some cases, complete report generation which is accepted in court of law However, for anything a commercial forensics application can do, there are open-source applications which can do the same thing.
    • Conventional Crimes vs DigitalCrimes Conventional crimes are traditional Digital crimes have emerged due to computers/internet enabling:  ANONYMITY  OPPORTUNITY & AVAILABILITY  FAST/SWIFT  EASE OF USE/SIMPLE  CONNECTIVITY & NETWORKS  NO GEOGRAPHICAL LIMITATIONS  LIMITED LAW ENFORCEMENT AND PENALTIES
    • Conventional Crimes vs DigitalCrimes (continued) What is safer?  Document in filing cabinet in secure facility  Document on encrypted USB in someone’s pocket
    • Conventional Crimes vs DigitalCrimes (continued) SUBJECTIVE However… Are conventional methods of crime more advanced and changed now, because of digital crime?
    • Conventional Crimes vs DigitalCrimes (continued) Yes Digital crime is an adaptation, as well as, an addition to conventional crime. Digital crime makes conventional crime  Easier  More complex  Instantaneous  Undetectable  Sophisticated
    • Conventional Crimes vs DigitalCrimes (continued) Digital crimes make conventional crimes harder to investigate  Who attacked who  Legislation  Prosecution
    • Conventional Crimes vs DigitalCrimes (continued) Example: Credit Card Fraud  Conventional method example: ○ Theft of wallet  Digital method: ○ Hacking ○ Skimming  Multi-layered dimensions of the digitisation mean: ○ Location ○ Identity and legitimacy ○ Simplicy ○ No physical interaction or violence
    • Conventional Crimes vs DigitalCrimes Summary We believe Digital Crime is an adaptation of Conventional Crimes Digital crime has made law enforcement a harder task Digital criminals are more likely to not be detected or prosecuted due to lack in international recognition and laws
    • Forensics at Fault
    • Forensics at FaultCommon mistakes: Using the internal IT staff to conduct a computer forensics investigation Waiting until the last minute to perform a computer forensics exam Too narrowly limiting the scope of computer forensics Not being prepared to preserve electronic evidence Not selecting a qualified computer forensics team
    • Forensics is not cost effective Forensics is a post-event response – it is reactive, not proactive; the damage has already been done Investigation would reveal the culprit, maybe limit the damage and keep from occurring in the future
    • Will new technologies be the end of Digital Forensics?
    • Is forensics dead? Cloud Computing:  Authority over physical storage media is absent  When data is deleted, it may be permanently inaccessibleImaging  Theoretically, imaging tools do a bit for bit image of the entire hard drive. But actually, they only access the user accessible area and not the service area.
    • The Silver LiningCloud Computing:  However, the portable devices used to access Cloud data tend to store abundant information to make a case  Although the handhelds are trickier to acquire, they reveal most of the required informationImaging  The tools required to read/write to the service area are hard to get and unlikely be used.
    • Pitfalls with Forensics No International Definitions of Computer Crime No International Agreements on extraditions Multitude of OS platforms and filesystems Incredibly large storage space: 100+GB, TB, SANs (Storage Area Networks) Small footprint storage devices: compact flash, memory sticks, thumb drives, Networked Environments Cloud Computing Embedded Processors Encryption Anti-forensics: Wiping
    • Different Countries, LawEnforcement and Courts What international law exists to ban digital crime?
    • Different Countries, LawEnforcement and Courts (continued) Law - very difficult to define - controversial Currently, there is absence of law/agreement/regulation that is:  Holistic  Mutual  World-wide
    • Different Countries, LawEnforcement and Courts (continued) What have other countries done?  Council of Europe  United Nations
    • Different Countries, LawEnforcement and Courts (continued) Courts and Law Enforcement Digital Data can be:  Unreliable  Volatile  Susceptible to manipulation
    • Different Countries, LawEnforcement and Courts (continued) Suggestions:  International resolution  Approaches from all levels – society, communities, local and federal government, law enforcement agencies, international bodies  Publicised and enforced policy, procedures and views on digital crime  Education, training and awareness
    • New Trends in Cyber Crime and Law Enforcement
    • New Trends Botnets  Zeus botnet - steals banking credentials, new variant also has come up  MAC Botnet, compromised 600,000+ systems Targeted Attacks  Operation Aurora Organised Crime  RBN Mobile Malware
    • How Law Enforcement willreact ???• Don’t Know !!!
    • How Law Enforcement willreact ??? Collaboration between law enforcement, government and industry  Eg: Microsoft seizes Zeus Servers in Anti-Botnet Rampage Organised crime has the capability to resist and adapt to law enforcement efforts  Law enforcement uses special tools including coercive powers, covert intelligence, surveillance and a range of specialised analytical and investigative techniques to overcome this resistance.
    • How Law Enforcement willreact ??? Development  DODs Hardened Android  IOS may be on the way Information sharing between Law Enforcement Agencies
    • Conclusions As technology advances, so too does crime Digital crime is an emerging field, and as it develops and picks up speed, so too should the governing bodies Conventional crimes are becoming underpinned and improved by digital crime Collaboration between law enforcement, government and industry is vital
    • Conclusions International body for standards of policy, procedure and forensic investigation Training, education, awareness The criminal element is out in front all the time, so you have to use common sense. Everybody thinks technology solves a problem; technology doesnt do anything except compound common sense needs.
    • Questions? Somewhere, something went terribly wrong.
    • Questions?
    • References All References can be found in the report on Digital Crime and Forensics by Prashant Mahajan & Penelope Forbes http://prashantmahajan.wordpress.com/2 012/11/27/digital-crime-forensics-report/