Digital Crime & Forensics - Presentation


Published on

Presentation - Digital Crime and Forensics - Prashant Mahajan & Penelope Forbes

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Digital Crime & Forensics - Presentation

  1. 1. Prashant Mahajan & Penelope Forbes
  2. 2. Agenda What is Digital Crime What is Forensics Conventional Crime vs Digital Crime Forensics at Fault Different Countries, Law Enforcement and Courts New Trends in Cyber Law and Law Enforcement Recommendations/Evaluation
  3. 3. What is Digital Crime?
  4. 4. Digital Crime is… Problematical Any crime where computer is a tool, target or both Offences against computer data or systems Unauthorised access, modification or impairment of a computer or digital system Offences against the confidentiality, integrity and availability of computer data and systems
  5. 5. Digital Crime is… Cntd.“If getting rich were as simple as downloading and running software, wouldn’t more people do it?”researchers Dinei Florêncio and Cormac Herley ask in their Times editorial, "The Cybercrime Wave That Wasnt.“
  6. 6. Examples of digital crime Malicious Code Denial of Service Man In The Middle Spam Phishing
  7. 7. Case Studies 2007 Estonia attack  Cyber attacks from an unknown source  Most believe Russia was the attacker  Key websites were subject to denial-of-service attacks which rendered their services inaccessible and unavailable  Outcome?
  8. 8. Nigerian 4-1-9 Scams Scammers contact target by email or letter Offer target a share of a large sum of money Attacker states that they cannot access money Target ends up transferring money or fees to the attacker
  9. 9. What is Forensics?
  10. 10. Forensics is… The lawful and ethical seizure, acquisition, analysis, reporting and safeguarding of data and meta-data derived from digital devices which may contain information that is notable and perhaps of evidentiary value to the trier of fact in managerial, evidentiary value to the trier of fact in managerial, administrative, civil and criminal investigations. - Larry Leibrock, PhD, 1998 Forensic Science is science exercised on behalf of the law in the just resolution of conflict (Thornton 1997).
  11. 11. Computer ForensicsComputer Forensics involves: Identification Preservation Extraction Documentation Interpretation and Presentationof computer data in such a way that it can belegally admissible.
  12. 12. What forensics is not… Pro-Active (Security)  But reactive to an event or request About finding the bad guy/criminal  But finding evidence of value Something you do for fun  Expertise is needed Quick  2 TB drives are easily available  OS X 10.4 supports 8 Exabyte or 8 million TB
  13. 13. Searching for a needle in ahaystack…
  14. 14. Computer Forensics Identification  Identify Evidence  Identify type of information available  Determine how best to retrieve it
  15. 15. Computer Forensics Preservation  Preserve evidence with least amount of change possible  Must be able to account for any change  Chain of custody
  16. 16. Computer Forensics Analysis  Extract  Process  Interpret
  17. 17. Computer Forensics Types of Evidence  Inculpatory Evidence: Supports a given theory  Exculpatory Evidence: Contradicts a given theory  Evidence of Tampering: Shows that the system was tampered with to avoid identification
  18. 18. Computer ForensicsPresentation  Evidence will be accepted in court on:- ○ Manner of presentation ○ Qualifications of the presenter ○ Credibility of the processes used to preserve and analyze evidence ○ If you can duplicate the process
  19. 19. Some Tools of the Trade Logicube Portable Forensic Lab (PFL) Forensic Talon, Forensic Dossier CyberCheck Suite (C-DAC) Encase, Forensic Toolkit (FTK), Sleuthkit X-Ways Forensics, X-Ways Trace Celldek-Tek, MOBILedit! Forensic, Oxygen Forensic Suite, Paraben CDR-Analyzer (Call Data Record) NetworkMiner, Wireshark SimCON Helix, DEFT, SANS Sift Kit, Matriux, Backtrack
  20. 20. Commercial vs Open-Source Tools Some advantages Commercial tools have over Open-Source tools:  Better Documentation  Commercial Level Support  Slick GUI (Graphical User Interface), user-friendly  In some cases, complete report generation which is accepted in court of law However, for anything a commercial forensics application can do, there are open-source applications which can do the same thing.
  21. 21. Conventional Crimes vs DigitalCrimes Conventional crimes are traditional Digital crimes have emerged due to computers/internet enabling:  ANONYMITY  OPPORTUNITY & AVAILABILITY  FAST/SWIFT  EASE OF USE/SIMPLE  CONNECTIVITY & NETWORKS  NO GEOGRAPHICAL LIMITATIONS  LIMITED LAW ENFORCEMENT AND PENALTIES
  22. 22. Conventional Crimes vs DigitalCrimes (continued) What is safer?  Document in filing cabinet in secure facility  Document on encrypted USB in someone’s pocket
  23. 23. Conventional Crimes vs DigitalCrimes (continued) SUBJECTIVE However… Are conventional methods of crime more advanced and changed now, because of digital crime?
  24. 24. Conventional Crimes vs DigitalCrimes (continued) Yes Digital crime is an adaptation, as well as, an addition to conventional crime. Digital crime makes conventional crime  Easier  More complex  Instantaneous  Undetectable  Sophisticated
  25. 25. Conventional Crimes vs DigitalCrimes (continued) Digital crimes make conventional crimes harder to investigate  Who attacked who  Legislation  Prosecution
  26. 26. Conventional Crimes vs DigitalCrimes (continued) Example: Credit Card Fraud  Conventional method example: ○ Theft of wallet  Digital method: ○ Hacking ○ Skimming  Multi-layered dimensions of the digitisation mean: ○ Location ○ Identity and legitimacy ○ Simplicy ○ No physical interaction or violence
  27. 27. Conventional Crimes vs DigitalCrimes Summary We believe Digital Crime is an adaptation of Conventional Crimes Digital crime has made law enforcement a harder task Digital criminals are more likely to not be detected or prosecuted due to lack in international recognition and laws
  28. 28. Forensics at Fault
  29. 29. Forensics at FaultCommon mistakes: Using the internal IT staff to conduct a computer forensics investigation Waiting until the last minute to perform a computer forensics exam Too narrowly limiting the scope of computer forensics Not being prepared to preserve electronic evidence Not selecting a qualified computer forensics team
  30. 30. Forensics is not cost effective Forensics is a post-event response – it is reactive, not proactive; the damage has already been done Investigation would reveal the culprit, maybe limit the damage and keep from occurring in the future
  31. 31. Will new technologies be the end of Digital Forensics?
  32. 32. Is forensics dead? Cloud Computing:  Authority over physical storage media is absent  When data is deleted, it may be permanently inaccessibleImaging  Theoretically, imaging tools do a bit for bit image of the entire hard drive. But actually, they only access the user accessible area and not the service area.
  33. 33. The Silver LiningCloud Computing:  However, the portable devices used to access Cloud data tend to store abundant information to make a case  Although the handhelds are trickier to acquire, they reveal most of the required informationImaging  The tools required to read/write to the service area are hard to get and unlikely be used.
  34. 34. Pitfalls with Forensics No International Definitions of Computer Crime No International Agreements on extraditions Multitude of OS platforms and filesystems Incredibly large storage space: 100+GB, TB, SANs (Storage Area Networks) Small footprint storage devices: compact flash, memory sticks, thumb drives, Networked Environments Cloud Computing Embedded Processors Encryption Anti-forensics: Wiping
  35. 35. Different Countries, LawEnforcement and Courts What international law exists to ban digital crime?
  36. 36. Different Countries, LawEnforcement and Courts (continued) Law - very difficult to define - controversial Currently, there is absence of law/agreement/regulation that is:  Holistic  Mutual  World-wide
  37. 37. Different Countries, LawEnforcement and Courts (continued) What have other countries done?  Council of Europe  United Nations
  38. 38. Different Countries, LawEnforcement and Courts (continued) Courts and Law Enforcement Digital Data can be:  Unreliable  Volatile  Susceptible to manipulation
  39. 39. Different Countries, LawEnforcement and Courts (continued) Suggestions:  International resolution  Approaches from all levels – society, communities, local and federal government, law enforcement agencies, international bodies  Publicised and enforced policy, procedures and views on digital crime  Education, training and awareness
  40. 40. New Trends in Cyber Crime and Law Enforcement
  41. 41. New Trends Botnets  Zeus botnet - steals banking credentials, new variant also has come up  MAC Botnet, compromised 600,000+ systems Targeted Attacks  Operation Aurora Organised Crime  RBN Mobile Malware
  42. 42. How Law Enforcement willreact ???• Don’t Know !!!
  43. 43. How Law Enforcement willreact ??? Collaboration between law enforcement, government and industry  Eg: Microsoft seizes Zeus Servers in Anti-Botnet Rampage Organised crime has the capability to resist and adapt to law enforcement efforts  Law enforcement uses special tools including coercive powers, covert intelligence, surveillance and a range of specialised analytical and investigative techniques to overcome this resistance.
  44. 44. How Law Enforcement willreact ??? Development  DODs Hardened Android  IOS may be on the way Information sharing between Law Enforcement Agencies
  45. 45. Conclusions As technology advances, so too does crime Digital crime is an emerging field, and as it develops and picks up speed, so too should the governing bodies Conventional crimes are becoming underpinned and improved by digital crime Collaboration between law enforcement, government and industry is vital
  46. 46. Conclusions International body for standards of policy, procedure and forensic investigation Training, education, awareness The criminal element is out in front all the time, so you have to use common sense. Everybody thinks technology solves a problem; technology doesnt do anything except compound common sense needs.
  47. 47. Questions? Somewhere, something went terribly wrong.
  48. 48. Questions?
  49. 49. References All References can be found in the report on Digital Crime and Forensics by Prashant Mahajan & Penelope Forbes 012/11/27/digital-crime-forensics-report/