Embed Size (px)
DESCRIPTION
Presentation - Digital Crime and Forensics - Prashant Mahajan & Penelope Forbes
Citation preview
Prashant Mahajan & Penelope Forbes
Agenda
What is Digital Crime
What is Forensics
Conventional Crime vs Digital Crime
Forensics at Fault
Different Countries, Law Enforcement and Courts
New Trends in Cyber Law and Law Enforcement
Recommendations/Evaluation
What is Digital Crime?
Digital Crime is…
Problematical
Any crime where computer is a tool, target or
both
Offences against computer data or systems
Unauthorised access, modification or
impairment of a computer or digital system
Offences against the confidentiality, integrity
and availability of computer data and systems
Digital Crime is… Cntd.
“If getting rich were as simple
as downloading and running
software, wouldn’t more
people do it?”
researchers Dinei Florêncio and Cormac Herley
ask in their Times editorial, "The Cybercrime
Wave That Wasn't.“
Examples of digital crime
Malicious Code
Denial of Service
Man In The Middle
Spam
Phishing
Case Studies
2007 Estonia attack
Cyber attacks from an unknown source
Most believe Russia was the attacker
Key websites were subject to denial-of-service
attacks which rendered their services
inaccessible and unavailable
Outcome?
Nigerian 4-1-9 Scams
Scammers contact target by email or letter
Offer target a share of a large sum of
money
Attacker states that they cannot access
money
Target ends up transferring money or fees
to the attacker
What is Forensics?
Forensics is…
The lawful and ethical seizure, acquisition, analysis, reporting and safeguarding of data and meta-data derived from digital devices which may contain information that is notable and perhaps of evidentiary value to the trier of fact in managerial, evidentiary value to the trier of fact in managerial, administrative, civil and criminal investigations.
- Larry Leibrock, PhD, 1998
Forensic Science is science exercised on behalf of the law in the just resolution of conflict (Thornton 1997).
Computer Forensics
Computer Forensics involves:
Identification
Preservation
Extraction
Documentation
Interpretation and
Presentation
of computer data in such a way that it can be legally admissible.
What forensics is not…
Pro-Active (Security)
But reactive to an event or request
About finding the bad guy/criminal
But finding evidence of value
Something you do for fun
Expertise is needed
Quick
2 TB drives are easily available
OS X 10.4 supports 8 Exabyte or 8 million TB
Searching for a needle in a
haystack…
Computer Forensics
Identification
Identify Evidence
Identify type of information available
Determine how best to retrieve it
Computer Forensics
Preservation
Preserve evidence with least
amount of change possible
Must be able to account for
any change
Chain of custody
Computer Forensics
Analysis
Extract
Process
Interpret
Computer Forensics
Types of Evidence
Inculpatory Evidence: Supports a given theory
Exculpatory Evidence: Contradicts a given
theory
Evidence of Tampering: Shows that the system
was tampered with to avoid identification
Computer Forensics
Presentation
Evidence will be accepted in court on:-
○ Manner of presentation
○ Qualifications of the presenter
○ Credibility of the processes used
to preserve and analyze evidence
○ If you can duplicate the process
Some Tools of the Trade
Logicube Portable Forensic Lab (PFL)
Forensic Talon, Forensic Dossier
CyberCheck Suite (C-DAC)
Encase, Forensic Toolkit (FTK), Sleuthkit
X-Ways Forensics, X-Ways Trace
Celldek-Tek, MOBILedit! Forensic, Oxygen Forensic Suite, Paraben
CDR-Analyzer (Call Data Record)
NetworkMiner, Wireshark
SimCON
Helix, DEFT, SANS Sift Kit, Matriux, Backtrack
Commercial vs Open-Source Tools
Some advantages Commercial tools have
over Open-Source tools:
Better Documentation
Commercial Level Support
Slick GUI (Graphical User Interface), user-friendly
In some cases, complete report generation which
is accepted in court of law
However, for anything a commercial forensics
application can do, there are open-source
applications which can do the same thing.
Conventional Crimes vs Digital
Crimes
Conventional crimes are traditional
Digital crimes have emerged due to computers/internet enabling:
ANONYMITY
OPPORTUNITY & AVAILABILITY
FAST/SWIFT
EASE OF USE/SIMPLE
CONNECTIVITY & NETWORKS
NO GEOGRAPHICAL LIMITATIONS
LIMITED LAW ENFORCEMENT AND PENALTIES
What is safer?
Document in filing cabinet in secure facility
Document on encrypted USB in someone’s
Conventional Crimes vs Digital
Crimes (continued)
SUBJECTIVE
However…
Are conventional methods of crime more
advanced and changed now, because of
digital crime?
Conventional Crimes vs Digital
Crimes (continued)
Yes
Digital crime is an adaptation, as well as,
an addition to conventional crime.
Digital crime makes conventional crime
Easier
More complex
Instantaneous
Undetectable
Sophisticated
Conventional Crimes vs Digital
Crimes (continued)
Digital crimes make conventional crimes
harder to investigate
Who attacked who
Legislation
Prosecution
Conventional Crimes vs Digital
Crimes (continued)
Example: Credit Card Fraud Conventional method example:
○ Theft of wallet
Digital method:
○ Hacking
○ Skimming
Multi-layered dimensions of the digitisation mean:
○ Location
○ Identity and legitimacy
○ Simplicy
○ No physical interaction or violence
Conventional Crimes vs Digital
Crimes (continued)
We believe Digital Crime is an adaptation
of Conventional Crimes
Digital crime has made law enforcement a
harder task
Digital criminals are more likely to not be
detected or prosecuted due to lack in
international recognition and laws
Conventional Crimes vs Digital
Crimes Summary
Forensics at Fault
Forensics at Fault
Common mistakes:
Using the internal IT staff to conduct a computer forensics investigation
Waiting until the last minute to perform a computer forensics exam
Too narrowly limiting the scope of computer forensics
Not being prepared to preserve electronic evidence
Not selecting a qualified computer forensics team
Forensics is not cost effective
Forensics is a post-event response – it is
reactive, not proactive; the damage has
already been done
Investigation would reveal the culprit,
maybe limit the damage and keep from
occurring in the future
Will new technologies be the
end of Digital Forensics?
Is forensics dead?
Cloud Computing:
Authority over physical storage media is absent
When data is deleted, it may be permanently
inaccessible
Imaging
Theoretically, imaging tools do a 'bit for bit image
of the entire hard drive'. But actually, they only
access the 'user accessible area' and not the
service area.
The Silver Lining
Cloud Computing:
However, the portable devices used to access
Cloud data tend to store abundant information to
make a case
Although the handhelds are trickier to acquire,
they reveal most of the required information
Imaging
The tools required to read/write to the service area
are hard to get and unlikely be used.
Pitfalls with Forensics
No International Definitions of Computer Crime
No International Agreements on extraditions
Multitude of OS platforms and filesystems
Incredibly large storage space: 100+GB, TB, SANs
(Storage Area Networks)
Small footprint storage devices: compact flash,
memory sticks, thumb drives,
Networked Environments
Cloud Computing
Embedded Processors
Encryption
Anti-forensics: Wiping
Different Countries, Law
Enforcement and Courts
What international law exists to ban digital
crime?
Different Countries, Law
Enforcement and Courts (continued)
Law - very difficult to define - controversial
Currently, there is absence of
law/agreement/regulation that is:
Holistic
Mutual
World-wide
Different Countries, Law
Enforcement and Courts (continued)
What have other countries done?
Council of Europe
United Nations
Different Countries, Law
Enforcement and Courts (continued)
Courts and Law Enforcement
Digital Data can be:
Unreliable
Volatile
Susceptible to manipulation
Different Countries, Law
Enforcement and Courts (continued)
Suggestions:
International resolution
Approaches from all levels – society,
communities, local and federal government,
law enforcement agencies, international
bodies
Publicised and enforced policy, procedures and
views on digital crime
Education, training and awareness
New Trends in Cyber Crime
and Law Enforcement
New Trends
Botnets
Zeus botnet - steals banking credentials, new
variant also has come up
MAC Botnet, compromised 600,000+ systems
Targeted Attacks
Operation Aurora
Organised Crime
RBN
Mobile Malware
How Law Enforcement will
react ???
• Don’t Know !!!
How Law Enforcement will
react ???
Collaboration between law enforcement,
government and industry
Eg: Microsoft seizes Zeus Servers in Anti-Botnet
Rampage
Organised crime has the capability to resist
and adapt to law enforcement efforts
Law enforcement uses special tools including
coercive powers, covert intelligence, surveillance
and a range of specialised analytical and
investigative techniques to overcome this
resistance.
How Law Enforcement will
react ???
Development
DOD's 'Hardened' Android
IOS may be on the way
Information sharing between Law
Enforcement Agencies
Conclusions
As technology advances, so too does crime
Digital crime is an emerging field, and as it
develops and picks up speed, so too should
the governing bodies
Conventional crimes are becoming
underpinned and improved by digital crime
Collaboration between law enforcement,
government and industry is vital
Conclusions
International body for standards of policy,
procedure and forensic investigation
Training, education, awareness
The criminal element is out in front all the
time, so you have to use common sense.
Everybody thinks technology solves a
problem; technology doesn't do anything
except compound common sense needs.
Questions?
Somewhere, something went terribly wrong.
Questions?
References
All References can be found in the report
on Digital Crime and Forensics by
Prashant Mahajan & Penelope Forbes
http://prashantmahajan.wordpress.com/2
012/11/27/digital-crime-forensics-report/
