1. Digital Evidence AFENTIS Computer & Communication Forensics www.afentis.com The Defence, The Prosecution & The Court

2. Digital Evidence The Defence, The Prosecution & The Court Ross Patel BSc(Hons), MCSE, CISSP CCNA,CHFI,CISM,ACFE,ISEB [email_address]

3. Briefing Structure Computer Primer Q & A CSA Courtroom Digital Evidence Sources of Digital Evidence Tracing mobile telephones & suspects Have your questions answered Defence and Prosecution Guidance for computer based assessments

6. Cost of Cyber-Crime 16% drop Average financial loss resulting from an information security breach (internal/ external) FBI Computer Crime Survey 2006 www.fbi.gov and www.infragard.net 24% of business £160,000 Businesses around the world suffering incidents involving viruses, malware, and/or spyware Percentage of firms reporting computer intrusions to law enforcement continues multi-year decline

7. UK Cyber-Crime 70% 2.5% 5% 74% 20% DTI Survey – UK CyberCrime 2006 Figures reflect 12 months Hacking breach Insider threat Unknown offence(s) Virus infection

10. Scene of Crime Referred to as the Digital Crime Scene The system (computer/network) is the crime scene. The infrastructure is not ancillary to the crime. Mark Morris, Scotland Yard Computer Crime Unit “ digital evidence is volatile. Secure it, image it and only then evaluate it”

11. Fundamental Principles “ when two objects come into contact, a mutual exchange of matter will take place between them” Dr. Edmond Locard Forensic Pioneer 1957

12. Fundamental Principles “ when two objects come into contact, a mutual exchange of matter will take place between them” Data enters, exists and operates within the Digital Crime Scene . Through interaction with its environment it leaves traces and remnants. Dr. Edmond Locard Forensic Pioneer 1957 Washington Post, Nov 2005 Digital footprints convict technician of first degree murder

13. Defining a Science 1999 “ Gathering and analysing data in a manner as free from distortion or bias as possible to reconstruct data or what has happened in the past” 1999 “ The process of identifying, preserving, analysing and presenting...” 2002 “… computer-related evidence” including digital devices, digital storage media and ‘last-mile evidence’ McKemmish Patzakis Farmer & Venema

14. Circular Assessment Forensic Computing Quarantine the digital crime scene or system in focus Analysis of imaged materials in relation to charges or suspected misuse Image (forensically sound duplication) of materials of interest

24. Future Trends Tracing Convergence Ciphers Magic Bullet Parallel Security, encryption and counter-forensics Identifying suspects online Mobile & static computing/ communication devices Managing expectations Forensic investigations with multiple analysts

25. Thank You ! AFENTIS Computer & Communication Forensics www.afentis.com

26. Find out more… afentis AFENTIS – Information Assurance Digital Evidence Experts, specialists in complex fraud and high technology crime WWW Guides exclusively for Technologists Additional forensic reports and reference materials are available online at: www.afentis.com/forensics eMail Register today for early notification on future briefings and forensic seminars: [email_address]