Академический Документы
Профессиональный Документы
Культура Документы
INVESTIGATION
Dr. Gilbert M. Tumibay
Director, Information and Communication
Technology (ICT) Department
Professor, Doctor in Information Technology
Discussion Outline
• Philippine Law Enforcement Setting
• What is Computer Forensics?
• Defining the Need
• Role of an Investigator
• PNP Operation Procedure – Rule #26
• Basic Contents of a Response Kit
• Building a Computer Forensics Lab
• Hardware Write Blockers
• Forensic Software Tools
• Disk Imaging and Duplication
• Disk Analysis
• File Analysis
• RA 8792
• Rules on Electronic Evidence
Philippine Law Enforcement
Setting
NBI – National Bureau of Investigation
• Anti-Fraud and Computer Crimes Division
(ACCD)
• now Technical Intelligence Division (TID)
– Chief Palmer Mallari – proposes a mandatory
laptop registration.
– Senator Edgardo Angara filed a senate bill that will
create a modern cybercrime and forensic
laboratories (2011).
– The bill also proposes to create a DNA database.
– www.nbi.gov.ph
• Tie-up with Symantec (Norton Anti-Virus)
Philippine Law Enforcement
Setting
PNP – Philippine National Police
• CIDG – Criminal Investigation and Detection
Group
– Anti-Transnational Crime Division (ATCD)
Senior Supt. Gilbert C. Sosa (MCP)
– Cyber Crimes, Illegal Recruitment and Human
Trafficking Cases
– Cyber Crime Unit (CCU)
– Tie-up with Trend Micro (PC-Cillin Anti-Virus)
www.cidg.pnp.gov.ph
PNP-CIDG ATCD Update
• Four (4) Digital (Computer) Forensics
Laboratories in the Philippines
– Camp Crame Quezon City, Zamboanga City,
Davao City and General Santos City
• Twelve (12) CIDG Agents/Investigators who
underwent training from the US State
Department for Computer and Cellphone
Forensics (US-Certified Forensic Experts)
• The twelve experts completed the 12-day
training on Audio-Video Forensic Investigation
last March 2011
What is Computer Forensics?
• sometimes Computer Forensic Science
• is a branch of digital forensic science
pertaining to legal evidence found in
computers and digital storage media.
Computer forensics is also known as digital
forensics.
• ww.cidg.pnp.gov.ph
What is Computer Forensics?
Five (5) basic steps to the computer forensics:
1. Preparation (of the investigator)
2. Collection (the data)
3. Examination
4. Analysis
5. Reporting
What is Computer Forensics?
• Evidence must be handled within legally
accepted standards and procedures
• Computer Forensics personnel must be
specially trained in analysis techniques
• Personnel must have a wide variety of
computer-related knowledge
Defining the Need
Reported Cases of Computer Crimes
in the Philippines from PNP-CIDG: