Академический Документы
Профессиональный Документы
Культура Документы
05/13/10 3
The Ultimate Weapon …..Cyber
Warfare
Competitive Weapons of Competitive Weapons of
1990’s 2000
Costs Speed
Speed
Economy of Scale Economy of Skill
05/13/10 6
Cyber Weapons
EMAIL-An email that looks like it comes directly from
your bank.
• Contains links could cause your machine to re-boot,
and then send out passwords and login information.
• It also usually says please click on this safe link
VIRUS- A virus that is modifying commercial USB
drives. The virus on an infected computer modifies
programs on USB drives.
• The infected USB drive, when connected to another
computer, can automatically infect the computer and
other drives.
05/13/10 7
What Is Electronic
Evidence?
Electronic evidence is information and data of investigative
value
a)that is stored on or transmitted by an electronic device.
b)is acquired when data or physical items are collected and
c)stored for examination purposes.
d) Is often latent in the same sense as fingerprints or DNA
evidence
e)Can transcend borders with ease and speed.
f) Is fragile and can be easily altered, damaged, or destroyed.
g) Is sometimes time-sensitive.
05/13/10 8
ELECTRONIC Crime Scene
Investigations
05/13/10 9
Managing Digital
Evidence
in the 21st Century
05/13/10 10
05/13/10 11
Digital Forensics
Digital forensics is the application of science and
engineering to the recovery of digital evidence in a
legally acceptable method.
Examiners use digital investigation and analysis
techniques to determine potential legal evidence by
applying their skills on a variety of software programs,
different operating systems, varying hard drives sizes,
and specific technologies such as personal digital
assistants, cell phones, or video cameras.
Examiners are also capable of locating deleted,
encrypted or damaged file information that may serve
as evidence in a criminal investigation.
05/13/10 12
Global initiatives- California
High-Technology Crime Task
Forces
• The design, development, and production of this project
utilizing grant funds made available from the Governor’s
Office of Criminal Justice Planning.
• Help in achieving even greater levels of success in their
prosecution and convictions of those who commit high-
technology crimes.
• Legal transcripts, documents, and resource materials
were selected and developed using the insight and
professional experience of a team of prosecutors
05/13/10 13
Email Tracing and
Prosecutorial Enforcement
Tool
a)Email step-by-step tracing methodology,
b)Expert testimony,
c)Jury presentation,
d)Search warrants, and
e)State and Federal guidelines.
• Veteran who have successfully prosecuted high-
technology crimes cases instrumental in the strategy,
selection of content, and production design used to
address the scale and scope of this complex topic.
• Application of this product — Informative resource
tool that can be applied to a variety of cases —
05/13/10 14
How email works
Computer Forensic Examiner
• How to Trace an Email ..Tracing methodology.
• How an Email Travels the Internet .
• How to Trace an IP Address . Proper IP address tracing
methods.
• How email moves over the global Internet include
Anonymizers, Remailers, and Email Spoofing.
• Request for Comments (RFCs) and other technical documen
that define protocols
• Digital Evidence Presenting an email case to a jury
involving complex topics such as digital evidence.
• Expert testimony The following documents provide
information regarding working with expert witnesses
in technical cases.
05/13/10 15
Child Pornography
Cases
Sample direct and cross-examination of a
prosecution expert in the Westerfield case:
State of California v. Westerfield trial (June 2002).
• Qualifying the expert
• Imaging hard drives; an explanation of hard drives,
compact disks, zip disks, and how files are stored or
copied to those media;
• Downloading images from the Internet;
• Presenting still images and digital movies to a jury;
• File extensions; allocated versus unallocated space
(deleted files); temporary Internet files; screen capture
• Reviewing email stored on a suspect's computer.
05/13/10 16
Hacking Case
•
05/13/10 17
Cyber InvestigationSoftware/To
• Steganography IP Addresses
• Surveillance/Desktop Monitoring Programs
• Whois Information (Domain Name Lo
• Security Information, Software and Utilities
• Software Firewalls • Country Codes
• Miscellaneous and Shareware • DNS Tools and More
• V. Technical Links • Pings and Traceroutes
• File Extensions and Formats • Person Searches
• Hard Drive Removal • Software Links
• Hard Drives • Forensic Software
• CD-R – Hard Drive Duplication/Examination
• Drivers
– PDA Duplication
• VI. Internet Redirecting Sites/Services (Web Forwarding)
– Data Recovery Services
– Hard Drive Wiping Utilities
05/13/10 18
Data Recovery-Forensics
.
05/13/10 19
Cyber Forensic Software
Providing complete network visibility, immediate response and
comprehensive, forensic-level analysis of servers and workstations
Securely investigate/analyze over the LAN/WAN at the disk and
memory level.
Limit incident impact and eliminate system downtime with
immediate response capabilities.
Investigate and analyze multiple platforms — Windows, Linux, AIX,
OS X, Solaris
Proactively audit systems for classified information, as well as
unauthorized processes and network connections.
Identify fraud, security events and employee integrity issues
wherever they are taking place — then investigate without alerting
targets.
05/13/10 20
Mobile Forensics
• Mobile devices are an integral part of an ever-increasing
number of investigations,
• Need to acquire evidence from mobile devices has
created new and complex challenges for investigators.
• Overview of mobile phone networks
• Identify mobile phones
• Learn proper seizure techniques
• Receive an overview of mobile phone data storage
• Acquire and examine SIM cards
• Examine Mobile Phone Acquisition Device components
• Acquire data from mobile devices
• Examine the data that they have acquired
05/13/10 21
EnCase® Legal Hold
Evidence will be preserved in Logical Evidence File, built upon
court-validated technology, hashed for full chain of custody.
By maintaining complete chain of custody from the moment
the duty to preserve documents occurs
• a) Conduct Early Case Assessment through a network scan for
responsive documents.
b) Execute track and analyze custodian acknowledgments
c) Execute an Interview regarding Responsive Data from your
custodians to determine where their responsive data exists
d) Collecting the potentially responsive data and preserving
that data in a forensically sound manner
05/13/10 22
Image Scan Training
05/13/10 23
RCFL
An RCFL is a one stop, full service forensics
laboratory and training center devoted entirely to
the examination of digital evidence in support of
criminal investigations such as—
Terrorism
Child Pornography
Crimes of Violence
Trade secret theft
Theft or destruction to intellectual property
Financial crime /Property crime /Internet crimes
/Fraud.
05/13/10 24
Emerging Requirements
New Initiatives Required
Computer Forensic Science Laboratory
Electronic Crimes Task Force
Digital Evidence databank
Training in Cyber Security
Personnel------Cyber Security trained officers
Integrated Approach-Home land security
initiative
INTERPOL
05/13/10 25
CYBER SECURITY COMPETENCY MATRIX
FUNCTIONAL
High Tech
CONSULTANTS
Crimes
APTITUDE TEST GLOBAL APPROACH FOR
Task Force
INTEGRATION
LEGISLATION/
MULTI CONTINUOUS DIGITAL ENFORCEMENT
DISCIPLINARY/ EVIDENSE PROSECUTION/
DIVERSITY COLLECTIONN
CASE Management
CYBER SECURITY
TRAINING
05/13/10 29