Bangladesh is a young and rapidly growing population is 160 million. According to BASIS 2012 survey the ICT industry is consistently growing 20% to 30% per year. Most of our IT investment focused on Financial, Telecomm and Government sector. Now a day we cannot think a day without Information Technology as we are living on Information Age. We are very quickly accustomed to keeping and using digital information. While we are keeping our processed data on different digital media, security is one of the key issues in contemporary computing and is relevant to a wide range of activities, including software development, networking and system. Some people will then take the advantages of these loosely coupled securities and involved in different crime. Our object in this project is to make a Digital Forensics Framework which will cover Policy, Standard and give a future Guideline for investigation and presentation to law and enforcement agency.
National framework for digital forensics bangladesh context
1. Forensics Geeks: Md. Safiuddin Russel
Md. Abu Taher Dulal
Md. Masud Parvez
Rajib Mahmud
Hasan Al Monsur
2. Md. Safiuddin Russel
Preface... Digitization in our daily life
The Need For Digital Forensics Investigation
Framework
Objectives
3. Bangladesh is a young and rapidly growing population is 160 million. According
to BASIS 2012 survey the ICT industry is consistently growing 20% to 30% per
year. Most of our IT investment focused on Financial, Telecomm and
Government sector. Now a day we cannot think a day without Information
Technology as we are living on Information Age. We are very quickly
accustomed to keeping and using digital information. While we are keeping our
processed data on different digital media, security is one of the key issues in
contemporary computing and is relevant to a wide range of activities, including
software development, networking and system. Some people will then take
the advantages of these loosely coupled securities and involved in different
crime. Our object in this project is to make a Digital Forensics Framework
which will cover Policy, Standard and give a future Guideline for
investigation and presentation to law and enforcement agency.
Preface... Digitization in our daily life
4. The Need For Digital Forensics Investigation Framework
The prevention of further malicious events occurring
against the intended “target".
The successful tracing back of the events that occurred
which led to the crime, and determining the guilty parties
involved.
Bringing the perpetrators of the crime to justice.
The improvement of current prevention mechanisms in
place to prevent such an event from occurring again.
Improving standards used by corporate security
professionals to secure their respective corporate networks.
How everyone “plugged" into this digital environment can
increase their awareness about current vulnerabilities and
prevention measures.
5. Objectives
Analyzing the vulnerability and subsequences of
cybercrime scenario in Bangladesh.
Prepare a Policy, Standards and Guideline for
different digital forensics components and fine-tuning
based on the Bangladesh scenario.
Propose a Generic National Framework for Digital
Forensics suitable to map user activity with legal
admissibility standards as well as all types of digital
crime scene investigations and prosecution of
cybercriminal in Bangladesh.
Validate the proposed Digital Forensics Framework
based on the Bangladesh Cyber Crime Information.
6. Hasan Al Monsur
Most Popular Existing
Digital Forensics Models
Digital Forensics Frameworks
7. Existing Digital Forensics Models
Kruse and Heiser Model: These components focus on
maintaining the integrity of the evidence during the
investigation. [1]
Acquiring the evidence;
Authenticating the evidence, and
Analyzing the data.
The United States of America’s Department of Justice
proposed model. [1]
collection;
examination;
analysis, and
reporting.
8. Existing Digital Forensics Models (Cont.)
The Scientific Crime Scene Investigation Model proposed
by Lee. [2]
Recognition;
Identification;
Individualization, and
reconstruction.
Brian Carrier and Eugene Spafford [3] proposed yet
another model that organizes the process into five groups
consisting all in all 17 phases.
Readdiness Phases Deployment Phases
Physical Crime Scene
Investigation Phases
Review Phase
Digital Crime Scene
Investigation Phases
9. Existing Frameworks
The Digital Forensics Research Working Group (DFRW)
developed a framework [4] :
Identification;
Preservation;
Collection;
Examination;
Analysis;
Presentation, and
Decision.
14. Proposed Framework (Cont.)
Authorization (approval)
Preparation (intelligence for search, adequate toolkits, operational briefing,
task allocation)
Approach strategy: that develops a procedure to use in order to maximize the
collection of untainted evidence while minimizing the impact to the victim.
Preservation: which involves the isolation, securing and preservation of the
state of physical and digital evidence.
Collection: that entails the recording of the physical scene and duplicate digital
evidence using standardized and accepted procedures.
Examination: which involves an in-depth systematic search of evidence
relating to the suspected crime.
Analysis: which involves determination of the significance, reconstructing
fragments of data and drawing conclusions based on evidence found.
Presentation: that involves the summary and explanation of conclusions.
Returning evidence: that ensures physical and digital property is returned to
proper owner.
15. Md. Masud Parvez
Cyber Crime Cases Reported in Bangladesh
Cases Validate Proposed Digital Forensics Framework.
16. Cyber Crime Cases Reported in Bangladesh
Case
No.
Case description
01
To Submit a report, A central bank probe blamed the lax monitoring of Sonali Bank's
treasury division for the illegal transfer of $250,000 to a Turkish bank. The treasury
division did not even perform its own duty,” Bangladesh Bank said in its probe
conducted in July last year. In June 2013, the passwords of two officials of the state-
run commercial bank's Shilpa Bhaban corporate branch were used to send payment
instructions for $250,000 and €250,000 to Sonali Bank UK within a space of five days.
02
To Submit a report, A university teacher was posting a comment on Facebook
wishing the death for Prime Minister Sheikh Hasina.
03
Mr. X sent himself spoofed e-mails, which were supposedly from the Euro Lottery
Company. These mails informed him that he had won the largest lottery.
04 Malicious Mail to Foreign Diplomatic Mission and Other VIPs
05 Use of e-mail for illegal activities
06 Illegal Prostitution Promotion Sites from Bangladesh
07
To submit a report on usage of certain computers for making pornography and
indecent films.
17. Cases Validate Proposed Digital Forensics Framework.
Case
No D e s c r i p t i o n
Awaren
ess
Authori
zation
Prepara
tion
Plannin
g
Approac
h
Preserv
ation
Collecti
on
Transpo
rt
Storage
Examin
ation
Hypoth
esis
Analysis
Present
ation
Decisio
n
Retunin
g
Evidenc
01
Sonali Bank treasury blamed for illegal cash
transfer
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
02
To Submit a report, A university teacher was
posting a comment on Facebook wishing
the death for Prime Minister Sheikh Hasina.
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
03
Mr. X sent himself spoofed e-mails, which
were supposedly from the Euro Lottery
Company. These mails informed him that
he had won the largest lottery.
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
04
Malicious Mail to Foreign Diplomatic
Mission and Other VIPs
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
05
Report summit for Illegal Prostitution
Promotion Sites from Bangladesh
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
06
To check a report on usage of certain
computers for making pornography and
indecent films.
N N N N N N Y Y Y Y Y Y Y Y Y
19. Challenges
Device Diversity
Volume of Evidence
Video and Rich Media
Encryption
Anti-forensics
Virtualization
Live Response
Distributed Evidence
Usability & Visualization
Education & Certification
Embedded Systems
Corporate Governance & Forensic Readiness
Monitoring
Tools
Data Volumes
Counter Forensics
Networked Evidence
20. A Generic National Framework for Digital Forensics
Investigation in Bangladesh Context
Digital Forensics Investigation Process
Digital Forensics Policies
Standards for investigation process
Guideline for Digital Forensics Investigation
Expected Outcomes
21. SL Activities Expected
Deadline
1
Preparing a generic Policy for the
Bangladesh context based on the
framework developed.
April 23, 2015
2
Preparing a set of Standards for every
components so that digital forensics
investigation will be proceed in a
organized manner.
April 30, 2015
3
Proposing a Guideline that how the digital
forensics investigation will be proceed.
May 05, 2015
4 Project Final Presentation May 08, 2015
Upcoming Activity Plan & Timeline
22. Reference
[1] Framework for a Digital Forensic Investigation Michael Kohn1, JHP Eloff2
and MS Olivier3 1mkohn@cs.up.ac.za, et al, Information and Computer
Security Architectures Research Group (ICSA) Department of Computer
Science University of Pretoria
[2] Casey, E.: Digital Evidence and Computer Crime, 2nd Edition, Elsevier
Academic Press, 2004.
[3] Brian Carrier and Eugene H Spafford,(2003) Getting Physical with the
Investigative Process International Journal of Digital Evidence. Fall
2003,Volume 2, Issue 2.
[4] National Institute of Justice. Results from Tools and Technologies
Working Group, Goverors Summit on Cybercrime and Cyberterrorism,
Princeton NJ, 2002.
[5] Reith, M., Carr, C. and Gunsch, G.:An Examination of Digital Forensic
Models, International Journal of Digital Evidence. Fall 2002, Volume 1, Issue 3,
2002.
[6] Ciardhuáin, SO.: An Extended Model of Cybercrime Investigations,
International Journal of Digital Evidence. Summer 2004, Volume 3, Issue1,
2004.