SlideShare uma empresa Scribd logo

Digital Crime & Forensics - Presentation

P
prashant3535

Presentation - Digital Crime and Forensics - Prashant Mahajan & Penelope Forbes

1 de 49
Baixar para ler offline
Prashant Mahajan & Penelope Forbes
Agenda  What is Digital Crime  What is Forensics  Conventional Crime vs Digital Crime  Forensics at Fault  Different Countries, Law Enforcement and Courts  New Trends in Cyber Law and Law Enforcement  Recommendations/Evaluation
What is Digital Crime?
Digital Crime is…  Problematical  Any crime where computer is a tool, target or both  Offences against computer data or systems  Unauthorised access, modification or impairment of a computer or digital system  Offences against the confidentiality, integrity and availability of computer data and systems
Digital Crime is… Cntd. “If getting rich were as simple as downloading and running software, wouldn’t more people do it?” researchers Dinei Florêncio and Cormac Herley ask in their Times editorial, "The Cybercrime Wave That Wasn't.“
Examples of digital crime  Malicious Code  Denial of Service  Man In The Middle  Spam  Phishing
Case Studies  2007 Estonia attack  Cyber attacks from an unknown source  Most believe Russia was the attacker  Key websites were subject to denial-of-service attacks which rendered their services inaccessible and unavailable  Outcome?
Nigerian 4-1-9 Scams  Scammers contact target by email or letter  Offer target a share of a large sum of money  Attacker states that they cannot access money  Target ends up transferring money or fees to the attacker
What is Forensics?
Forensics is…  The lawful and ethical seizure, acquisition, analysis, reporting and safeguarding of data and meta-data derived from digital devices which may contain information that is notable and perhaps of evidentiary value to the trier of fact in managerial, evidentiary value to the trier of fact in managerial, administrative, civil and criminal investigations. - Larry Leibrock, PhD, 1998  Forensic Science is science exercised on behalf of the law in the just resolution of conflict (Thornton 1997).
Computer Forensics Computer Forensics involves:  Identification  Preservation  Extraction  Documentation  Interpretation and  Presentation of computer data in such a way that it can be legally admissible.
What forensics is not…  Pro-Active (Security)  But reactive to an event or request  About finding the bad guy/criminal  But finding evidence of value  Something you do for fun  Expertise is needed  Quick  2 TB drives are easily available  OS X 10.4 supports 8 Exabyte or 8 million TB
Searching for a needle in a haystack…
Computer Forensics  Identification  Identify Evidence  Identify type of information available  Determine how best to retrieve it
Computer Forensics  Preservation  Preserve evidence with least amount of change possible  Must be able to account for any change  Chain of custody
Computer Forensics  Analysis  Extract  Process  Interpret
Computer Forensics  Types of Evidence  Inculpatory Evidence: Supports a given theory  Exculpatory Evidence: Contradicts a given theory  Evidence of Tampering: Shows that the system was tampered with to avoid identification
Computer Forensics Presentation  Evidence will be accepted in court on:- ○ Manner of presentation ○ Qualifications of the presenter ○ Credibility of the processes used to preserve and analyze evidence ○ If you can duplicate the process
Some Tools of the Trade  Logicube Portable Forensic Lab (PFL)  Forensic Talon, Forensic Dossier  CyberCheck Suite (C-DAC)  Encase, Forensic Toolkit (FTK), Sleuthkit  X-Ways Forensics, X-Ways Trace  Celldek-Tek, MOBILedit! Forensic, Oxygen Forensic Suite, Paraben  CDR-Analyzer (Call Data Record)  NetworkMiner, Wireshark  SimCON  Helix, DEFT, SANS Sift Kit, Matriux, Backtrack
Commercial vs Open-Source Tools  Some advantages Commercial tools have over Open-Source tools:  Better Documentation  Commercial Level Support  Slick GUI (Graphical User Interface), user-friendly  In some cases, complete report generation which is accepted in court of law  However, for anything a commercial forensics application can do, there are open-source applications which can do the same thing.
Conventional Crimes vs Digital Crimes  Conventional crimes are traditional  Digital crimes have emerged due to computers/internet enabling:  ANONYMITY  OPPORTUNITY & AVAILABILITY  FAST/SWIFT  EASE OF USE/SIMPLE  CONNECTIVITY & NETWORKS  NO GEOGRAPHICAL LIMITATIONS  LIMITED LAW ENFORCEMENT AND PENALTIES
Conventional Crimes vs Digital Crimes (continued)  What is safer?  Document in filing cabinet in secure facility  Document on encrypted USB in someone’s pocket
Conventional Crimes vs Digital Crimes (continued)  SUBJECTIVE  However…  Are conventional methods of crime more advanced and changed now, because of digital crime?
Conventional Crimes vs Digital Crimes (continued)  Yes  Digital crime is an adaptation, as well as, an addition to conventional crime.  Digital crime makes conventional crime  Easier  More complex  Instantaneous  Undetectable  Sophisticated
Conventional Crimes vs Digital Crimes (continued)  Digital crimes make conventional crimes harder to investigate  Who attacked who  Legislation  Prosecution
Conventional Crimes vs Digital Crimes (continued)  Example: Credit Card Fraud  Conventional method example: ○ Theft of wallet  Digital method: ○ Hacking ○ Skimming  Multi-layered dimensions of the digitisation mean: ○ Location ○ Identity and legitimacy ○ Simplicy ○ No physical interaction or violence
Conventional Crimes vs Digital Crimes Summary  We believe Digital Crime is an adaptation of Conventional Crimes  Digital crime has made law enforcement a harder task  Digital criminals are more likely to not be detected or prosecuted due to lack in international recognition and laws
Forensics at Fault
Forensics at Fault Common mistakes:  Using the internal IT staff to conduct a computer forensics investigation  Waiting until the last minute to perform a computer forensics exam  Too narrowly limiting the scope of computer forensics  Not being prepared to preserve electronic evidence  Not selecting a qualified computer forensics team
Forensics is not cost effective  Forensics is a post-event response – it is reactive, not proactive; the damage has already been done  Investigation would reveal the culprit, maybe limit the damage and keep from occurring in the future
Will new technologies be the end of Digital Forensics?
Is forensics dead?  Cloud Computing:  Authority over physical storage media is absent  When data is deleted, it may be permanently inaccessible Imaging  Theoretically, imaging tools do a 'bit for bit image of the entire hard drive'. But actually, they only access the 'user accessible area' and not the service area.
The Silver Lining Cloud Computing:  However, the portable devices used to access Cloud data tend to store abundant information to make a case  Although the handhelds are trickier to acquire, they reveal most of the required information Imaging  The tools required to read/write to the service area are hard to get and unlikely be used.
Pitfalls with Forensics  No International Definitions of Computer Crime  No International Agreements on extraditions  Multitude of OS platforms and filesystems  Incredibly large storage space: 100+GB, TB, SANs (Storage Area Networks)  Small footprint storage devices: compact flash, memory sticks, thumb drives,  Networked Environments  Cloud Computing  Embedded Processors  Encryption  Anti-forensics: Wiping
Different Countries, Law Enforcement and Courts  What international law exists to ban digital crime?
Different Countries, Law Enforcement and Courts (continued)  Law - very difficult to define - controversial  Currently, there is absence of law/agreement/regulation that is:  Holistic  Mutual  World-wide
Different Countries, Law Enforcement and Courts (continued)  What have other countries done?  Council of Europe  United Nations
Different Countries, Law Enforcement and Courts (continued)  Courts and Law Enforcement  Digital Data can be:  Unreliable  Volatile  Susceptible to manipulation
Different Countries, Law Enforcement and Courts (continued)  Suggestions:  International resolution  Approaches from all levels – society, communities, local and federal government, law enforcement agencies, international bodies  Publicised and enforced policy, procedures and views on digital crime  Education, training and awareness
New Trends in Cyber Crime and Law Enforcement
New Trends  Botnets  Zeus botnet - steals banking credentials, new variant also has come up  MAC Botnet, compromised 600,000+ systems  Targeted Attacks  Operation Aurora  Organised Crime  RBN  Mobile Malware
How Law Enforcement will react ??? • Don’t Know !!!
How Law Enforcement will react ???  Collaboration between law enforcement, government and industry  Eg: Microsoft seizes Zeus Servers in Anti-Botnet Rampage  Organised crime has the capability to resist and adapt to law enforcement efforts  Law enforcement uses special tools including coercive powers, covert intelligence, surveillance and a range of specialised analytical and investigative techniques to overcome this resistance.
How Law Enforcement will react ???  Development  DOD's 'Hardened' Android  IOS may be on the way  Information sharing between Law Enforcement Agencies
Conclusions  As technology advances, so too does crime  Digital crime is an emerging field, and as it develops and picks up speed, so too should the governing bodies  Conventional crimes are becoming underpinned and improved by digital crime  Collaboration between law enforcement, government and industry is vital
Conclusions  International body for standards of policy, procedure and forensic investigation  Training, education, awareness  The criminal element is out in front all the time, so you have to use common sense.  Everybody thinks technology solves a problem; technology doesn't do anything except compound common sense needs.
Questions? Somewhere, something went terribly wrong.
Questions?
References  All References can be found in the report on Digital Crime and Forensics by Prashant Mahajan & Penelope Forbes http://prashantmahajan.wordpress.com/2 012/11/27/digital-crime-forensics-report/

Recomendados

Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 

Recomendados

Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
penetration testing
penetration testingpenetration testing
penetration testingShitesh Sachan
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
The Realm Of Digital Forensics
The Realm Of Digital ForensicsThe Realm Of Digital Forensics
The Realm Of Digital ForensicsDonald Tabone
 

Mais conteúdo relacionado

Mais procurados

Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 

Mais procurados (20)

CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
penetration testing
penetration testingpenetration testing
penetration testing
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 

Semelhante a Digital Crime & Forensics - Presentation

What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
The Realm Of Digital Forensics
The Realm Of Digital ForensicsThe Realm Of Digital Forensics
The Realm Of Digital ForensicsDonald Tabone
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its toolsKathirvel Ayyaswamy
 
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtDigital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtCell Site Analysis (CSA)
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxDaniyaHuzaifa
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxssuser2bf502
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptxAlAsad4
 
Scene Of The Cybercrime
Scene Of The CybercrimeScene Of The Cybercrime
Scene Of The CybercrimeAmjad Hussain
 
Scene Of The Cybercrime
Scene Of The CybercrimeScene Of The Cybercrime
Scene Of The CybercrimeAmjad Hussain
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeCSCJournals
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloJohn Intindolo
 

Semelhante a Digital Crime & Forensics - Presentation (20)

What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
The Realm Of Digital Forensics
The Realm Of Digital ForensicsThe Realm Of Digital Forensics
The Realm Of Digital Forensics
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its tools
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtDigital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the court
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptx
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Scene Of The Cybercrime
Scene Of The CybercrimeScene Of The Cybercrime
Scene Of The Cybercrime
 
Scene Of The Cybercrime
Scene Of The CybercrimeScene Of The Cybercrime
Scene Of The Cybercrime
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_Intindolo
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 

Mais de prashant3535

ADRecon - Detection CHCON 2018
ADRecon - Detection CHCON 2018ADRecon - Detection CHCON 2018
ADRecon - Detection CHCON 2018prashant3535
 
Active Directory Recon 101
Active Directory Recon 101Active Directory Recon 101
Active Directory Recon 101prashant3535
 
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs PresentationADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentationprashant3535
 
ADRecon BH ASIA 2018 : Arsenal Presentation
ADRecon BH ASIA 2018 : Arsenal PresentationADRecon BH ASIA 2018 : Arsenal Presentation
ADRecon BH ASIA 2018 : Arsenal Presentationprashant3535
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
What Firefox can tell about you? - Firefox Forensics
What Firefox can tell about you? - Firefox ForensicsWhat Firefox can tell about you? - Firefox Forensics
What Firefox can tell about you? - Firefox Forensicsprashant3535
 
One Laptop Per Child
One Laptop Per ChildOne Laptop Per Child
One Laptop Per Childprashant3535
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniquesprashant3535
 

Mais de prashant3535 (12)

BSides Pune 2024
BSides Pune 2024BSides Pune 2024
BSides Pune 2024
 
ADRecon - Detection CHCON 2018
ADRecon - Detection CHCON 2018ADRecon - Detection CHCON 2018
ADRecon - Detection CHCON 2018
 
Mimikatz
MimikatzMimikatz
Mimikatz
 
Active Directory Recon 101
Active Directory Recon 101Active Directory Recon 101
Active Directory Recon 101
 
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs PresentationADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
 
ADRecon BH ASIA 2018 : Arsenal Presentation
ADRecon BH ASIA 2018 : Arsenal PresentationADRecon BH ASIA 2018 : Arsenal Presentation
ADRecon BH ASIA 2018 : Arsenal Presentation
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
 
What Firefox can tell about you? - Firefox Forensics
What Firefox can tell about you? - Firefox ForensicsWhat Firefox can tell about you? - Firefox Forensics
What Firefox can tell about you? - Firefox Forensics
 
Footprinting
FootprintingFootprinting
Footprinting
 
Tracking Emails
Tracking EmailsTracking Emails
Tracking Emails
 
One Laptop Per Child
One Laptop Per ChildOne Laptop Per Child
One Laptop Per Child
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniques
 

Digital Crime & Forensics - Presentation

  • 1. Prashant Mahajan & Penelope Forbes
  • 2. Agenda  What is Digital Crime  What is Forensics  Conventional Crime vs Digital Crime  Forensics at Fault  Different Countries, Law Enforcement and Courts  New Trends in Cyber Law and Law Enforcement  Recommendations/Evaluation
  • 4. Digital Crime is…  Problematical  Any crime where computer is a tool, target or both  Offences against computer data or systems  Unauthorised access, modification or impairment of a computer or digital system  Offences against the confidentiality, integrity and availability of computer data and systems
  • 5. Digital Crime is… Cntd. “If getting rich were as simple as downloading and running software, wouldn’t more people do it?” researchers Dinei Florêncio and Cormac Herley ask in their Times editorial, "The Cybercrime Wave That Wasn't.“
  • 6. Examples of digital crime  Malicious Code  Denial of Service  Man In The Middle  Spam  Phishing
  • 7. Case Studies  2007 Estonia attack  Cyber attacks from an unknown source  Most believe Russia was the attacker  Key websites were subject to denial-of-service attacks which rendered their services inaccessible and unavailable  Outcome?
  • 8. Nigerian 4-1-9 Scams  Scammers contact target by email or letter  Offer target a share of a large sum of money  Attacker states that they cannot access money  Target ends up transferring money or fees to the attacker
  • 10. Forensics is…  The lawful and ethical seizure, acquisition, analysis, reporting and safeguarding of data and meta-data derived from digital devices which may contain information that is notable and perhaps of evidentiary value to the trier of fact in managerial, evidentiary value to the trier of fact in managerial, administrative, civil and criminal investigations. - Larry Leibrock, PhD, 1998  Forensic Science is science exercised on behalf of the law in the just resolution of conflict (Thornton 1997).
  • 11. Computer Forensics Computer Forensics involves:  Identification  Preservation  Extraction  Documentation  Interpretation and  Presentation of computer data in such a way that it can be legally admissible.
  • 12. What forensics is not…  Pro-Active (Security)  But reactive to an event or request  About finding the bad guy/criminal  But finding evidence of value  Something you do for fun  Expertise is needed  Quick  2 TB drives are easily available  OS X 10.4 supports 8 Exabyte or 8 million TB
  • 13. Searching for a needle in a haystack…
  • 14. Computer Forensics  Identification  Identify Evidence  Identify type of information available  Determine how best to retrieve it
  • 15. Computer Forensics  Preservation  Preserve evidence with least amount of change possible  Must be able to account for any change  Chain of custody
  • 16. Computer Forensics  Analysis  Extract  Process  Interpret
  • 17. Computer Forensics  Types of Evidence  Inculpatory Evidence: Supports a given theory  Exculpatory Evidence: Contradicts a given theory  Evidence of Tampering: Shows that the system was tampered with to avoid identification
  • 18. Computer Forensics Presentation  Evidence will be accepted in court on:- ○ Manner of presentation ○ Qualifications of the presenter ○ Credibility of the processes used to preserve and analyze evidence ○ If you can duplicate the process
  • 19. Some Tools of the Trade  Logicube Portable Forensic Lab (PFL)  Forensic Talon, Forensic Dossier  CyberCheck Suite (C-DAC)  Encase, Forensic Toolkit (FTK), Sleuthkit  X-Ways Forensics, X-Ways Trace  Celldek-Tek, MOBILedit! Forensic, Oxygen Forensic Suite, Paraben  CDR-Analyzer (Call Data Record)  NetworkMiner, Wireshark  SimCON  Helix, DEFT, SANS Sift Kit, Matriux, Backtrack
  • 20. Commercial vs Open-Source Tools  Some advantages Commercial tools have over Open-Source tools:  Better Documentation  Commercial Level Support  Slick GUI (Graphical User Interface), user-friendly  In some cases, complete report generation which is accepted in court of law  However, for anything a commercial forensics application can do, there are open-source applications which can do the same thing.
  • 21. Conventional Crimes vs Digital Crimes  Conventional crimes are traditional  Digital crimes have emerged due to computers/internet enabling:  ANONYMITY  OPPORTUNITY & AVAILABILITY  FAST/SWIFT  EASE OF USE/SIMPLE  CONNECTIVITY & NETWORKS  NO GEOGRAPHICAL LIMITATIONS  LIMITED LAW ENFORCEMENT AND PENALTIES
  • 22. Conventional Crimes vs Digital Crimes (continued)  What is safer?  Document in filing cabinet in secure facility  Document on encrypted USB in someone’s pocket
  • 23. Conventional Crimes vs Digital Crimes (continued)  SUBJECTIVE  However…  Are conventional methods of crime more advanced and changed now, because of digital crime?
  • 24. Conventional Crimes vs Digital Crimes (continued)  Yes  Digital crime is an adaptation, as well as, an addition to conventional crime.  Digital crime makes conventional crime  Easier  More complex  Instantaneous  Undetectable  Sophisticated
  • 25. Conventional Crimes vs Digital Crimes (continued)  Digital crimes make conventional crimes harder to investigate  Who attacked who  Legislation  Prosecution
  • 26. Conventional Crimes vs Digital Crimes (continued)  Example: Credit Card Fraud  Conventional method example: ○ Theft of wallet  Digital method: ○ Hacking ○ Skimming  Multi-layered dimensions of the digitisation mean: ○ Location ○ Identity and legitimacy ○ Simplicy ○ No physical interaction or violence
  • 27. Conventional Crimes vs Digital Crimes Summary  We believe Digital Crime is an adaptation of Conventional Crimes  Digital crime has made law enforcement a harder task  Digital criminals are more likely to not be detected or prosecuted due to lack in international recognition and laws
  • 29. Forensics at Fault Common mistakes:  Using the internal IT staff to conduct a computer forensics investigation  Waiting until the last minute to perform a computer forensics exam  Too narrowly limiting the scope of computer forensics  Not being prepared to preserve electronic evidence  Not selecting a qualified computer forensics team
  • 30. Forensics is not cost effective  Forensics is a post-event response – it is reactive, not proactive; the damage has already been done  Investigation would reveal the culprit, maybe limit the damage and keep from occurring in the future
  • 31. Will new technologies be the end of Digital Forensics?
  • 32. Is forensics dead?  Cloud Computing:  Authority over physical storage media is absent  When data is deleted, it may be permanently inaccessible Imaging  Theoretically, imaging tools do a 'bit for bit image of the entire hard drive'. But actually, they only access the 'user accessible area' and not the service area.
  • 33. The Silver Lining Cloud Computing:  However, the portable devices used to access Cloud data tend to store abundant information to make a case  Although the handhelds are trickier to acquire, they reveal most of the required information Imaging  The tools required to read/write to the service area are hard to get and unlikely be used.
  • 34. Pitfalls with Forensics  No International Definitions of Computer Crime  No International Agreements on extraditions  Multitude of OS platforms and filesystems  Incredibly large storage space: 100+GB, TB, SANs (Storage Area Networks)  Small footprint storage devices: compact flash, memory sticks, thumb drives,  Networked Environments  Cloud Computing  Embedded Processors  Encryption  Anti-forensics: Wiping
  • 35. Different Countries, Law Enforcement and Courts  What international law exists to ban digital crime?
  • 36. Different Countries, Law Enforcement and Courts (continued)  Law - very difficult to define - controversial  Currently, there is absence of law/agreement/regulation that is:  Holistic  Mutual  World-wide
  • 37. Different Countries, Law Enforcement and Courts (continued)  What have other countries done?  Council of Europe  United Nations
  • 38. Different Countries, Law Enforcement and Courts (continued)  Courts and Law Enforcement  Digital Data can be:  Unreliable  Volatile  Susceptible to manipulation
  • 39. Different Countries, Law Enforcement and Courts (continued)  Suggestions:  International resolution  Approaches from all levels – society, communities, local and federal government, law enforcement agencies, international bodies  Publicised and enforced policy, procedures and views on digital crime  Education, training and awareness
  • 40. New Trends in Cyber Crime and Law Enforcement
  • 41. New Trends  Botnets  Zeus botnet - steals banking credentials, new variant also has come up  MAC Botnet, compromised 600,000+ systems  Targeted Attacks  Operation Aurora  Organised Crime  RBN  Mobile Malware
  • 42. How Law Enforcement will react ??? • Don’t Know !!!
  • 43. How Law Enforcement will react ???  Collaboration between law enforcement, government and industry  Eg: Microsoft seizes Zeus Servers in Anti-Botnet Rampage  Organised crime has the capability to resist and adapt to law enforcement efforts  Law enforcement uses special tools including coercive powers, covert intelligence, surveillance and a range of specialised analytical and investigative techniques to overcome this resistance.
  • 44. How Law Enforcement will react ???  Development  DOD's 'Hardened' Android  IOS may be on the way  Information sharing between Law Enforcement Agencies
  • 45. Conclusions  As technology advances, so too does crime  Digital crime is an emerging field, and as it develops and picks up speed, so too should the governing bodies  Conventional crimes are becoming underpinned and improved by digital crime  Collaboration between law enforcement, government and industry is vital
  • 46. Conclusions  International body for standards of policy, procedure and forensic investigation  Training, education, awareness  The criminal element is out in front all the time, so you have to use common sense.  Everybody thinks technology solves a problem; technology doesn't do anything except compound common sense needs.
  • 47. Questions? Somewhere, something went terribly wrong.
  • 49. References  All References can be found in the report on Digital Crime and Forensics by Prashant Mahajan & Penelope Forbes http://prashantmahajan.wordpress.com/2 012/11/27/digital-crime-forensics-report/