Digital Forensics -challenges and opportunities

Marc Kirby Cranfield University

Health Warning

• Based on my experiences as a manager and practitioner since 2000

• They are only my views, there are others

• Debatable…

• Which is the purpose of this session… “To get us thinking about the future and allow us to chart a course for the next few years”

• Fail to plan… plan to fail

• PPPPPP (Six Ps) or is it seven?

Digital Forensics - The challenges and opportunities

Practical Challenges (today!)

Challenges

Data quantity

Data Preservation

Connectivity

Interconnectivity

Data storage

Disclosure to Courts / 3rd

parties

Multiplicity of devices Encryption

Steganography

Field investigations (Internet Cafes)

Covert Capabilities

Blue sky / keeping up to date

Operating Systems

Vista

Management /Strategic

Challenge

Costs Budgets

Staff retention

Bringing big business on board

ISP Liaison

Disclosure to Courts / 3rd

parties

Laws relating to computer crimes

Terrorism / Organised Crime

Rules of evidenceCovert Capabilities

Funding appropriate

research

Staff Recruitment

Training pathways

Official standards

Vendor Liaison

Are staff experts in everything?

Opportunities

Loads

MaybeNot at all

Opportunities…….It’s not all bad!

Encryption

Interconnectivity

Vista

ConnectivityData

quantity

Covert Ops

The digital age is here and everyone is a part of it

Sat Nav and the like

A Case in point

Younis Tsouli described himself online as Terrorist 007

One of the most notorious cyber-jihadists in the world.

He built websites and ran web forums for al-Qaeda and soon he became the main distributor of video material from in Iraq.

He looked for home movies from US soldiers that would show the inside of US bases in Iraq, so they (al-Qaeda) could do a better job at launching attacks into those bases

Part of a PowerPoint presentation on how to make a car bomb found on Tsouli's laptop

Example

"What it did show us was the extent to which they could conduct operational planning on the internet. It was the first virtual conspiracy to murder that we had seen," …… Peter Clarke of Scotland Yard.

Lesson

Organised Crime

On the hard drives of two associates were 37,000 credit card details, including security codes.

Used to fund web hosting and other disbursements

Proved through

Digital forensic investigation of …….

Hard Drives

USB memory

CD/DVD

Internet Café

Mob Phones

Email

Documents

Metadata

Pictures

Video

IP records

etc. etc.etc.

Challenge = Opportunity

What some fear as our greatest challenges have turned into our greatest opportunities.

Digital traces were left everywhere.

Operating systems such as Vista are actually our best friends. It is really hard to destroy or hide data.

Digital devices all connect much more easily than even seven years ago. USB / WiFi / Internet / Bluetooth.

Electronic Devices

Electronic Device

Case Study

Case Study Op EuphroeCase Study Op EuphroeBackgroundBackground

Financial sector of UK notices abnormal levels of PHISHING

Mules recruited via web sites to work as agents for a “new Russian company”. Believed legitimate employment

Credit Card &other data obtained from unsuspecting public

Used to clone cards / create false identities

Cash or goods

Documents & EquipmentDocuments & Equipment

Create multiple identities such as US and UK Driving Licences.

MSR 2000 Card readers/encoders.

Fargo Printer to print Credit Cards and encode magnetic data.

Money Counting machine.

Thanks

• For your time and patience

Marc Kirby Senior Lecturer in Forensic Computing

m.kirby@cranfield.ac.uk