2. Agenda
What is Digital Crime
What is Forensics
Conventional Crime vs Digital Crime
Forensics at Fault
Different Countries, Law Enforcement and
Courts
New Trends in Cyber Law and Law
Enforcement
Recommendations/Evaluation
4. Digital Crime is…
Problematical
Any crime where computer is a tool, target or
both
Offences against computer data or systems
Unauthorised access, modification or
impairment of a computer or digital system
Offences against the confidentiality, integrity
and availability of computer data and systems
5. Digital Crime is… Cntd.
“If getting rich were as simple
as downloading and running
software, wouldn’t more
people do it?”
researchers Dinei Florêncio and Cormac Herley
ask in their Times editorial, "The Cybercrime
Wave That Wasn't.“
6. Examples of digital crime
Malicious Code
Denial of Service
Man In The Middle
Spam
Phishing
7. Case Studies
2007 Estonia attack
Cyber attacks from an unknown source
Most believe Russia was the attacker
Key websites were subject to denial-of-service
attacks which rendered their services
inaccessible and unavailable
Outcome?
8. Nigerian 4-1-9 Scams
Scammers contact target by email or letter
Offer target a share of a large sum of
money
Attacker states that they cannot access
money
Target ends up transferring money or fees
to the attacker
10. Forensics is…
The lawful and ethical seizure, acquisition,
analysis, reporting and safeguarding of data and
meta-data derived from digital devices which may
contain information that is notable and perhaps
of evidentiary value to the trier of fact in
managerial, evidentiary value to the trier of fact
in managerial, administrative, civil and criminal
investigations.
- Larry Leibrock, PhD, 1998
Forensic Science is science exercised on behalf
of the law in the just resolution of conflict
(Thornton 1997).
11. Computer Forensics
Computer Forensics involves:
Identification
Preservation
Extraction
Documentation
Interpretation and
Presentation
of computer data in such a way that it can be
legally admissible.
12. What forensics is not…
Pro-Active (Security)
But reactive to an event or request
About finding the bad guy/criminal
But finding evidence of value
Something you do for fun
Expertise is needed
Quick
2 TB drives are easily available
OS X 10.4 supports 8 Exabyte or 8 million TB
14. Computer Forensics
Identification
Identify Evidence
Identify type of information available
Determine how best to retrieve it
15. Computer Forensics
Preservation
Preserve evidence with least
amount of change possible
Must be able to account for
any change
Chain of custody
17. Computer Forensics
Types of Evidence
Inculpatory Evidence: Supports a given theory
Exculpatory Evidence: Contradicts a given
theory
Evidence of Tampering: Shows that the system
was tampered with to avoid identification
18. Computer Forensics
Presentation
Evidence will be accepted in court on:-
○ Manner of presentation
○ Qualifications of the presenter
○ Credibility of the processes used
to preserve and analyze evidence
○ If you can duplicate the process
19. Some Tools of the Trade
Logicube Portable Forensic Lab (PFL)
Forensic Talon, Forensic Dossier
CyberCheck Suite (C-DAC)
Encase, Forensic Toolkit (FTK), Sleuthkit
X-Ways Forensics, X-Ways Trace
Celldek-Tek, MOBILedit! Forensic, Oxygen
Forensic Suite, Paraben
CDR-Analyzer (Call Data Record)
NetworkMiner, Wireshark
SimCON
Helix, DEFT, SANS Sift Kit, Matriux, Backtrack
20. Commercial vs Open-Source Tools
Some advantages Commercial tools have
over Open-Source tools:
Better Documentation
Commercial Level Support
Slick GUI (Graphical User Interface), user-friendly
In some cases, complete report generation which
is accepted in court of law
However, for anything a commercial forensics
application can do, there are open-source
applications which can do the same thing.
21. Conventional Crimes vs Digital
Crimes
Conventional crimes are traditional
Digital crimes have emerged due to
computers/internet enabling:
ANONYMITY
OPPORTUNITY & AVAILABILITY
FAST/SWIFT
EASE OF USE/SIMPLE
CONNECTIVITY & NETWORKS
NO GEOGRAPHICAL LIMITATIONS
LIMITED LAW ENFORCEMENT AND PENALTIES
22. Conventional Crimes vs Digital
Crimes (continued)
What is safer?
Document in filing cabinet in secure facility
Document on encrypted USB in someone’s
pocket
23. Conventional Crimes vs Digital
Crimes (continued)
SUBJECTIVE
However…
Are conventional methods of crime more
advanced and changed now, because of
digital crime?
24. Conventional Crimes vs Digital
Crimes (continued)
Yes
Digital crime is an adaptation, as well as,
an addition to conventional crime.
Digital crime makes conventional crime
Easier
More complex
Instantaneous
Undetectable
Sophisticated
25. Conventional Crimes vs Digital
Crimes (continued)
Digital crimes make conventional crimes
harder to investigate
Who attacked who
Legislation
Prosecution
26. Conventional Crimes vs Digital
Crimes (continued)
Example: Credit Card Fraud
Conventional method example:
○ Theft of wallet
Digital method:
○ Hacking
○ Skimming
Multi-layered dimensions of the digitisation mean:
○ Location
○ Identity and legitimacy
○ Simplicy
○ No physical interaction or violence
27. Conventional Crimes vs Digital
Crimes Summary
We believe Digital Crime is an adaptation
of Conventional Crimes
Digital crime has made law enforcement a
harder task
Digital criminals are more likely to not be
detected or prosecuted due to lack in
international recognition and laws
29. Forensics at Fault
Common mistakes:
Using the internal IT staff to conduct a
computer forensics investigation
Waiting until the last minute to perform a
computer forensics exam
Too narrowly limiting the scope of computer
forensics
Not being prepared to preserve electronic
evidence
Not selecting a qualified computer forensics
team
30. Forensics is not cost effective
Forensics is a post-event response – it is
reactive, not proactive; the damage has
already been done
Investigation would reveal the culprit,
maybe limit the damage and keep from
occurring in the future
32. Is forensics dead?
Cloud Computing:
Authority over physical storage media is absent
When data is deleted, it may be permanently
inaccessible
Imaging
Theoretically, imaging tools do a 'bit for bit image
of the entire hard drive'. But actually, they only
access the 'user accessible area' and not the
service area.
33. The Silver Lining
Cloud Computing:
However, the portable devices used to access
Cloud data tend to store abundant information to
make a case
Although the handhelds are trickier to acquire,
they reveal most of the required information
Imaging
The tools required to read/write to the service area
are hard to get and unlikely be used.
34. Pitfalls with Forensics
No International Definitions of Computer Crime
No International Agreements on extraditions
Multitude of OS platforms and filesystems
Incredibly large storage space: 100+GB, TB, SANs
(Storage Area Networks)
Small footprint storage devices: compact flash,
memory sticks, thumb drives,
Networked Environments
Cloud Computing
Embedded Processors
Encryption
Anti-forensics: Wiping
36. Different Countries, Law
Enforcement and Courts (continued)
Law - very difficult to define - controversial
Currently, there is absence of
law/agreement/regulation that is:
Holistic
Mutual
World-wide
38. Different Countries, Law
Enforcement and Courts (continued)
Courts and Law Enforcement
Digital Data can be:
Unreliable
Volatile
Susceptible to manipulation
39. Different Countries, Law
Enforcement and Courts (continued)
Suggestions:
International resolution
Approaches from all levels – society,
communities, local and federal government,
law enforcement agencies, international
bodies
Publicised and enforced policy, procedures and
views on digital crime
Education, training and awareness
41. New Trends
Botnets
Zeus botnet - steals banking credentials, new
variant also has come up
MAC Botnet, compromised 600,000+ systems
Targeted Attacks
Operation Aurora
Organised Crime
RBN
Mobile Malware
43. How Law Enforcement will
react ???
Collaboration between law enforcement,
government and industry
Eg: Microsoft seizes Zeus Servers in Anti-Botnet
Rampage
Organised crime has the capability to resist
and adapt to law enforcement efforts
Law enforcement uses special tools including
coercive powers, covert intelligence, surveillance
and a range of specialised analytical and
investigative techniques to overcome this
resistance.
44. How Law Enforcement will
react ???
Development
DOD's 'Hardened' Android
IOS may be on the way
Information sharing between Law
Enforcement Agencies
45. Conclusions
As technology advances, so too does crime
Digital crime is an emerging field, and as it
develops and picks up speed, so too should
the governing bodies
Conventional crimes are becoming
underpinned and improved by digital crime
Collaboration between law enforcement,
government and industry is vital
46. Conclusions
International body for standards of policy,
procedure and forensic investigation
Training, education, awareness
The criminal element is out in front all the
time, so you have to use common sense.
Everybody thinks technology solves a
problem; technology doesn't do anything
except compound common sense needs.
49. References
All References can be found in the report
on Digital Crime and Forensics by
Prashant Mahajan & Penelope Forbes
http://prashantmahajan.wordpress.com/2
012/11/27/digital-crime-forensics-report/