The document discusses cybersecurity and digital forensics. It covers topics like how cybercrimes are committed using email and viruses, what constitutes electronic evidence, investigating electronic crimes scenes and managing digital evidence. It also discusses digital forensics techniques, global initiatives on high-tech task forces, tools for tracing emails and presenting digital evidence in court. The document provides an overview of software used for cyber investigations, data recovery and legal holds on electronic evidence.

1. Firoze Zia Hussain CEO Totem International Former Superintendent of Police Pondicherry [email_address] M-919618621234

2. 08/05/09

3. Criminals and Terrorists are increasingly Tech-Savvy. Are We Ready? 08/05/09

4. The Ultimate Weapon …..Cyber Warfare Command and Control Costs Economy of Scale Time Skills Competitive Weapons of 1990’s Collaboration, Communities of Interest Competitive Weapons of 2000 Speed Economy of Skill Speed Openness Collaboration Trust

5. 08/05/09

6. Digital Investigation 08/05/09

7. Cyber Weapons EMAIL-An email that looks like it comes directly from your bank. Contains links could cause your machine to re-boot, and then send out passwords and login information. It also usually says please click on this safe link VIRUS- A virus that is modifying commercial USB drives. The virus on an infected computer modifies programs on USB drives. The infected USB drive, when connected to another computer, can automatically infect the computer and other drives. 08/05/09

8. What Is Electronic Evidence? Electronic evidence is information and data of investigative value that is stored on or transmitted by an electronic device. is acquired when data or physical items are collected and stored for examination purposes. Is often latent in the same sense as fingerprints or DNA evidence Can transcend borders with ease and speed. Is fragile and can be easily altered, damaged, or destroyed. Is sometimes time-sensitive. 08/05/09

9. ELECTRONIC Crime Scene Investigations Examination of digital evidence. Investigative uses of technology. Investigating electronic technology crimes. Creating a digital evidence forensic unit. Courtroom presentation of digital evidence 08/05/09

10. Managing Digital Evidence in the 21st Century 08/05/09

11. 08/05/09

12. Digital Forensics Digital forensics is the application of science and engineering to the recovery of digital evidence in a legally acceptable method. Examiners use digital investigation and analysis techniques to determine potential legal evidence by applying their skills on a variety of software programs, different operating systems, varying hard drives sizes, and specific technologies such as personal digital assistants, cell phones, or video cameras. Examiners are also capable of locating deleted, encrypted or damaged file information that may serve as evidence in a criminal investigation. 08/05/09

13. Global initiatives- California High-Technology Crime Task Forces The design, development, and production of this project utilizing grant funds made available from the Governor’s Office of Criminal Justice Planning. Help in achieving even greater levels of success in their prosecution and convictions of those who commit high-technology crimes. Legal transcripts, documents, and resource materials were selected and developed using the insight and professional experience of a team of prosecutors 08/05/09

14. Email Tracing and Prosecutorial Enforcement Tool Email step-by-step tracing methodology, Expert testimony, Jury presentation, Search warrants, and State and Federal guidelines. Veteran who have successfully prosecuted high-technology crimes cases instrumental in the strategy, selection of content, and production design used to address the scale and scope of this complex topic. Application of this product — Informative resource tool that can be applied to a variety of cases — 08/05/09

15. How email works Computer Forensic Examiner How to Trace an Email ..Tracing methodology. How an Email Travels the Internet . How to Trace an IP Address . Proper IP address tracing methods. How email moves over the global Internet include Anonymizers, Remailers, and Email Spoofing. Request for Comments (RFCs) and other technical documents that define protocols Digital Evidence Presenting an email case to a jury involving complex topics such as digital evidence. Expert testimony The following documents provide information regarding working with expert witnesses in technical cases. 08/05/09

16. Child Pornography Cases Sample direct and cross-examination of a prosecution expert in the Westerfield case: State of California v. Westerfield trial (June 2002). Qualifying the expert Imaging hard drives; an explanation of hard drives, compact disks, zip disks, and how files are stored or copied to those media; Downloading images from the Internet; Presenting still images and digital movies to a jury; File extensions; allocated versus unallocated space (deleted files); temporary Internet files; screen capture Reviewing email stored on a suspect's computer. 08/05/09

17. Hacking Case Sample direct and cross-examination of expert in a computer intrusion (hacking) case: The subject computer's clock; Downloading groups of zipped files; access dates; The retrieval of violent photos and poems vire programs (programs that create viruses) Expert opinion regarding surfing habits of "typical" teenagers Whether the computer owner had superior knowledge of computers and the Internet. 08/05/09

18. Cyber InvestigationSoftware/Tools Steganography Surveillance/Desktop Monitoring Programs Security Information, Software and Utilities Software Firewalls Miscellaneous and Shareware V. Technical Links File Extensions and Formats Hard Drive Removal Hard Drives CD-R Drivers VI. Internet Redirecting Sites/Services (Web Forwarding) IP Addresses Whois Information (Domain Name Lookup) Country Codes DNS Tools and More Pings and Traceroutes Person Searches Software Links Forensic Software Hard Drive Duplication/Examination PDA Duplication Data Recovery Services Hard Drive Wiping Utilities 08/05/09

19. Data Recovery-Forensics . Recovers a corporation's data that was lost when a former employee launched a computer "time bomb" into the company's technology infrastructure. Experts forensically investigated the source of the computer time bomb and offered expert testimony in a court of law. leading provider of trial consulting and presentation services , to enable law firms and corporations to engage expert for their litigation consulting and technology needs from pre-litigation preparedness, through discovery and trial. 08/05/09

20. Cyber Forensic Software Providing complete network visibility, immediate response and comprehensive, forensic-level analysis of servers and workstations Securely investigate/analyze over the LAN/WAN at the disk and memory level. Limit incident impact and eliminate system downtime with immediate response capabilities. Investigate and analyze multiple platforms — Windows, Linux, AIX, OS X, Solaris Proactively audit systems for classified information, as well as unauthorized processes and network connections. Identify fraud, security events and employee integrity issues wherever they are taking place — then investigate without alerting targets. 08/05/09

21. Mobile Forensics Mobile devices are an integral part of an ever-increasing number of investigations, Need to acquire evidence from mobile devices has created new and complex challenges for investigators. Overview of mobile phone networks Identify mobile phones Learn proper seizure techniques Receive an overview of mobile phone data storage Acquire and examine SIM cards Examine Mobile Phone Acquisition Device components Acquire data from mobile devices Examine the data that they have acquired 08/05/09

22. EnCase® Legal Hold Evidence will be preserved in Logical Evidence File, built upon court-validated technology, hashed for full chain of custody. By maintaining complete chain of custody from the moment the duty to preserve documents occurs a) Conduct Early Case Assessment through a network scan for responsive documents. b) Execute track and analyze custodian acknowledgments c) Execute an Interview regarding Responsive Data from your custodians to determine where their responsive data exists d) Collecting the potentially responsive data and preserving that data in a forensically sound manner 08/05/09

23. Image Scan Training This software tool was created by members of the FBI’s Computer Analysis Response Team Specifically for "knock & talk" situations relating to child exploitation investigations. Once deployed, the software quickly identifies and isolates images on a suspect’s computer Stores them on a thumb drive – without altering any files on the computer. 08/05/09

24. RCFL An RCFL is a one stop, full service forensics laboratory and training center devoted entirely to the examination of digital evidence in support of criminal investigations such as— Terrorism Child Pornography Crimes of Violence Trade secret theft Theft or destruction to intellectual property Financial crime /Property crime /Internet crimes /Fraud. 08/05/09

25. Emerging Requirements New Initiatives Required Computer Forensic Science Laboratory Electronic Crimes Task Force Digital Evidence databank Training in Cyber Security Personnel------Cyber Security trained officers Integrated Approach-Home land security initiative INTERPOL 08/05/09

26. INTEGRATED CYBER SECURITY APPROACH STAFF TRAINING CYBER SECURITY CENTRES INTEGRATION RECRUITMENT METHODOLOGY ON SITE OFF SITE TRAINING HARDWARE & SOFTWARE SHARING OF CRIME DATA MULTI DISCIPLINARY/ DIVERSITY APTITUDE TEST CONTINUOUS GLOBAL APPROACH DIGITAL EVIDENSE COLLECTIONN High Tech Crimes Task Force LEGISLATION/ ENFORCEMENT PROSECUTION/ FUNCTIONAL CONSULTANTS FOR INTEGRATION CYBER SECURITY COMPETENCY MATRIX

27. TRAINING CYBER SECURITY investigation GLOBAL INTEGRATION LEGISLATION CASE Management PUBLIC PRIVATE PARTNERSHIPS Strategy & Planning PROSECUTION

28. PUBLIC AWARENESS IN CYBER SECURITY INTEGRATION ACTIVITY THE – VITAL LINK

29. THANK YOU 08/05/09