Upload
stella-long
View
217
Download
2
Tags:
Embed Size (px)
Citation preview
Digital Forensics -challenges and opportunities
Marc Kirby Cranfield University
Health Warning
• Based on my experiences as a manager and practitioner since 2000
• They are only my views, there are others
• Debatable…
• Which is the purpose of this session… “To get us thinking about the future and allow us to chart a course for the next few years”
• Fail to plan… plan to fail
• PPPPPP (Six Ps) or is it seven?
Digital Forensics - The challenges and opportunities
Practical Challenges (today!)
Challenges
Data quantity
Data Preservation
Connectivity
Interconnectivity
Data storage
Disclosure to Courts / 3rd
parties
Multiplicity of devices Encryption
Steganography
Field investigations (Internet Cafes)
Covert Capabilities
Blue sky / keeping up to date
Operating Systems
Vista
Management /Strategic
Challenge
Costs Budgets
Staff retention
Bringing big business on board
ISP Liaison
Disclosure to Courts / 3rd
parties
Laws relating to computer crimes
Terrorism / Organised Crime
Rules of evidenceCovert Capabilities
Funding appropriate
research
Staff Recruitment
Training pathways
Official standards
Vendor Liaison
Are staff experts in everything?
Opportunities
Loads
MaybeNot at all
Opportunities…….It’s not all bad!
Encryption
Interconnectivity
Vista
ConnectivityData
quantity
Covert Ops
The digital age is here and everyone is a part of it
Sat Nav and the like
A Case in point
Younis Tsouli described himself online as Terrorist 007
One of the most notorious cyber-jihadists in the world.
He built websites and ran web forums for al-Qaeda and soon he became the main distributor of video material from in Iraq.
He looked for home movies from US soldiers that would show the inside of US bases in Iraq, so they (al-Qaeda) could do a better job at launching attacks into those bases
Part of a PowerPoint presentation on how to make a car bomb found on Tsouli's laptop
Example
"What it did show us was the extent to which they could conduct operational planning on the internet. It was the first virtual conspiracy to murder that we had seen," …… Peter Clarke of Scotland Yard.
Lesson
Organised Crime
On the hard drives of two associates were 37,000 credit card details, including security codes.
Used to fund web hosting and other disbursements
Proved through
Digital forensic investigation of …….
Hard Drives
USB memory
CD/DVD
Internet Café
Mob Phones
Documents
Metadata
Pictures
Video
IP records
etc. etc.etc.
Challenge = Opportunity
What some fear as our greatest challenges have turned into our greatest opportunities.
Digital traces were left everywhere.
Operating systems such as Vista are actually our best friends. It is really hard to destroy or hide data.
Digital devices all connect much more easily than even seven years ago. USB / WiFi / Internet / Bluetooth.
Electronic Devices
Electronic Device
Case Study
Case Study Op EuphroeCase Study Op EuphroeBackgroundBackground
Financial sector of UK notices abnormal levels of PHISHING
Mules recruited via web sites to work as agents for a “new Russian company”. Believed legitimate employment
Credit Card &other data obtained from unsuspecting public
Used to clone cards / create false identities
Cash or goods
Documents & EquipmentDocuments & Equipment
Create multiple identities such as US and UK Driving Licences.
MSR 2000 Card readers/encoders.
Fargo Printer to print Credit Cards and encode magnetic data.
Money Counting machine.
Thanks
• For your time and patience
Marc Kirby Senior Lecturer in Forensic Computing