The document discusses digital crime and forensics. It defines digital crime as any crime where a computer is used as a tool or target. Examples include malware, denial of service attacks, and phishing. Forensics involves the identification, preservation, extraction, documentation, interpretation and presentation of digital evidence. However, forensics faces challenges due to issues like anonymity, large data storage, encryption, and differences between legal systems of countries. The document concludes that collaboration between law enforcement, governments and industry is needed to address new trends in digital crime.

1. Prashant Mahajan & Penelope Forbes

2. Agenda
 What is Digital Crime
 What is Forensics
 Conventional Crime vs Digital Crime
 Forensics at Fault
 Different Countries, Law Enforcement and
Courts
 New Trends in Cyber Law and Law
Enforcement
 Recommendations/Evaluation

3. What is Digital Crime?

4. Digital Crime is…
 Problematical
 Any crime where computer is a tool, target or
both
 Offences against computer data or systems
 Unauthorised access, modification or
impairment of a computer or digital system
 Offences against the confidentiality, integrity
and availability of computer data and systems

5. Digital Crime is… Cntd.
“If getting rich were as simple
as downloading and running
software, wouldn’t more
people do it?”
researchers Dinei Florêncio and Cormac Herley
ask in their Times editorial, "The Cybercrime
Wave That Wasn't.“

6. Examples of digital crime
 Malicious Code
 Denial of Service
 Man In The Middle
 Spam
 Phishing

7. Case Studies
 2007 Estonia attack
 Cyber attacks from an unknown source
 Most believe Russia was the attacker
 Key websites were subject to denial-of-service
attacks which rendered their services
inaccessible and unavailable
 Outcome?

8. Nigerian 4-1-9 Scams
 Scammers contact target by email or letter
 Offer target a share of a large sum of
money
 Attacker states that they cannot access
money
 Target ends up transferring money or fees
to the attacker

9. What is Forensics?

10. Forensics is…
 The lawful and ethical seizure, acquisition,
analysis, reporting and safeguarding of data and
meta-data derived from digital devices which may
contain information that is notable and perhaps
of evidentiary value to the trier of fact in
managerial, evidentiary value to the trier of fact
in managerial, administrative, civil and criminal
investigations.
- Larry Leibrock, PhD, 1998
 Forensic Science is science exercised on behalf
of the law in the just resolution of conflict
(Thornton 1997).

11. Computer Forensics
Computer Forensics involves:
 Identification
 Preservation
 Extraction
 Documentation
 Interpretation and
 Presentation
of computer data in such a way that it can be
legally admissible.

12. What forensics is not…
 Pro-Active (Security)
 But reactive to an event or request
 About finding the bad guy/criminal
 But finding evidence of value
 Something you do for fun
 Expertise is needed
 Quick
 2 TB drives are easily available
 OS X 10.4 supports 8 Exabyte or 8 million TB

13. Searching for a needle in a
haystack…

14. Computer Forensics
 Identification
 Identify Evidence
 Identify type of information available
 Determine how best to retrieve it

15. Computer Forensics
 Preservation
 Preserve evidence with least
amount of change possible
 Must be able to account for
any change
 Chain of custody

16. Computer Forensics
 Analysis
 Extract
 Process
 Interpret

17. Computer Forensics
 Types of Evidence
 Inculpatory Evidence: Supports a given theory
 Exculpatory Evidence: Contradicts a given
theory
 Evidence of Tampering: Shows that the system
was tampered with to avoid identification

18. Computer Forensics
Presentation
 Evidence will be accepted in court on:-
○ Manner of presentation
○ Qualifications of the presenter
○ Credibility of the processes used
to preserve and analyze evidence
○ If you can duplicate the process

19. Some Tools of the Trade
 Logicube Portable Forensic Lab (PFL)
 Forensic Talon, Forensic Dossier
 CyberCheck Suite (C-DAC)
 Encase, Forensic Toolkit (FTK), Sleuthkit
 X-Ways Forensics, X-Ways Trace
 Celldek-Tek, MOBILedit! Forensic, Oxygen
Forensic Suite, Paraben
 CDR-Analyzer (Call Data Record)
 NetworkMiner, Wireshark
 SimCON
 Helix, DEFT, SANS Sift Kit, Matriux, Backtrack

20. Commercial vs Open-Source Tools
 Some advantages Commercial tools have
over Open-Source tools:
 Better Documentation
 Commercial Level Support
 Slick GUI (Graphical User Interface), user-friendly
 In some cases, complete report generation which
is accepted in court of law
 However, for anything a commercial forensics
application can do, there are open-source
applications which can do the same thing.

21. Conventional Crimes vs Digital
Crimes
 Conventional crimes are traditional
 Digital crimes have emerged due to
computers/internet enabling:
 ANONYMITY
 OPPORTUNITY & AVAILABILITY
 FAST/SWIFT
 EASE OF USE/SIMPLE
 CONNECTIVITY & NETWORKS
 NO GEOGRAPHICAL LIMITATIONS
 LIMITED LAW ENFORCEMENT AND PENALTIES

22. Conventional Crimes vs Digital
Crimes (continued)
 What is safer?
 Document in filing cabinet in secure facility
 Document on encrypted USB in someone’s
pocket

23. Conventional Crimes vs Digital
Crimes (continued)
 SUBJECTIVE
 However…
 Are conventional methods of crime more
advanced and changed now, because of
digital crime?

24. Conventional Crimes vs Digital
Crimes (continued)
 Yes
 Digital crime is an adaptation, as well as,
an addition to conventional crime.
 Digital crime makes conventional crime
 Easier
 More complex
 Instantaneous
 Undetectable
 Sophisticated

25. Conventional Crimes vs Digital
Crimes (continued)
 Digital crimes make conventional crimes
harder to investigate
 Who attacked who
 Legislation
 Prosecution

26. Conventional Crimes vs Digital
Crimes (continued)
 Example: Credit Card Fraud
 Conventional method example:
○ Theft of wallet
 Digital method:
○ Hacking
○ Skimming
 Multi-layered dimensions of the digitisation mean:
○ Location
○ Identity and legitimacy
○ Simplicy
○ No physical interaction or violence

27. Conventional Crimes vs Digital
Crimes Summary
 We believe Digital Crime is an adaptation
of Conventional Crimes
 Digital crime has made law enforcement a
harder task
 Digital criminals are more likely to not be
detected or prosecuted due to lack in
international recognition and laws

28. Forensics at Fault

29. Forensics at Fault
Common mistakes:
 Using the internal IT staff to conduct a
computer forensics investigation
 Waiting until the last minute to perform a
computer forensics exam
 Too narrowly limiting the scope of computer
forensics
 Not being prepared to preserve electronic
evidence
 Not selecting a qualified computer forensics
team

30. Forensics is not cost effective
 Forensics is a post-event response – it is
reactive, not proactive; the damage has
already been done
 Investigation would reveal the culprit,
maybe limit the damage and keep from
occurring in the future

31. Will new technologies be the
end of Digital Forensics?

32. Is forensics dead?
 Cloud Computing:
 Authority over physical storage media is absent
 When data is deleted, it may be permanently
inaccessible
Imaging
 Theoretically, imaging tools do a 'bit for bit image
of the entire hard drive'. But actually, they only
access the 'user accessible area' and not the
service area.

33. The Silver Lining
Cloud Computing:
 However, the portable devices used to access
Cloud data tend to store abundant information to
make a case
 Although the handhelds are trickier to acquire,
they reveal most of the required information
Imaging
 The tools required to read/write to the service area
are hard to get and unlikely be used.

34. Pitfalls with Forensics
 No International Definitions of Computer Crime
 No International Agreements on extraditions
 Multitude of OS platforms and filesystems
 Incredibly large storage space: 100+GB, TB, SANs
(Storage Area Networks)
 Small footprint storage devices: compact flash,
memory sticks, thumb drives,
 Networked Environments
 Cloud Computing
 Embedded Processors
 Encryption
 Anti-forensics: Wiping

35. Different Countries, Law
Enforcement and Courts
 What international law exists to ban digital
crime?

36. Different Countries, Law
Enforcement and Courts (continued)
 Law - very difficult to define - controversial
 Currently, there is absence of
law/agreement/regulation that is:
 Holistic
 Mutual
 World-wide

37. Different Countries, Law
Enforcement and Courts (continued)
 What have other countries done?
 Council of Europe
 United Nations

38. Different Countries, Law
Enforcement and Courts (continued)
 Courts and Law Enforcement
 Digital Data can be:
 Unreliable
 Volatile
 Susceptible to manipulation

39. Different Countries, Law
Enforcement and Courts (continued)
 Suggestions:
 International resolution
 Approaches from all levels – society,
communities, local and federal government,
law enforcement agencies, international
bodies
 Publicised and enforced policy, procedures and
views on digital crime
 Education, training and awareness

40. New Trends in Cyber Crime
and Law Enforcement

41. New Trends
 Botnets
 Zeus botnet - steals banking credentials, new
variant also has come up
 MAC Botnet, compromised 600,000+ systems
 Targeted Attacks
 Operation Aurora
 Organised Crime
 RBN
 Mobile Malware

42. How Law Enforcement will
react ???
• Don’t Know !!!

43. How Law Enforcement will
react ???
 Collaboration between law enforcement,
government and industry
 Eg: Microsoft seizes Zeus Servers in Anti-Botnet
Rampage
 Organised crime has the capability to resist
and adapt to law enforcement efforts
 Law enforcement uses special tools including
coercive powers, covert intelligence, surveillance
and a range of specialised analytical and
investigative techniques to overcome this
resistance.

44. How Law Enforcement will
react ???
 Development
 DOD's 'Hardened' Android
 IOS may be on the way
 Information sharing between Law
Enforcement Agencies

45. Conclusions
 As technology advances, so too does crime
 Digital crime is an emerging field, and as it
develops and picks up speed, so too should
the governing bodies
 Conventional crimes are becoming
underpinned and improved by digital crime
 Collaboration between law enforcement,
government and industry is vital

46. Conclusions
 International body for standards of policy,
procedure and forensic investigation
 Training, education, awareness
 The criminal element is out in front all the
time, so you have to use common sense.
 Everybody thinks technology solves a
problem; technology doesn't do anything
except compound common sense needs.

47. Questions?
Somewhere, something went terribly wrong.

48. Questions?

49. References
 All References can be found in the report
on Digital Crime and Forensics by
Prashant Mahajan & Penelope Forbes
http://prashantmahajan.wordpress.com/2
012/11/27/digital-crime-forensics-report/