Technology and Evidence 09-27-18 - PAVTN.net€¦ · MYTH: Security is a concern when discussing the switch to the cloud. REALITY: The cloud is much safer than any on-premises storage

1

Copyright © 2018 by the Pennsylvania Municipal Police Officers’ Education and Training Commission. All Rights Reserved.

19 - 004Criminal Technology and

Electronic Evidence

19-004 Criminal Technology and Electronic Evidence

2

Social Media

Websites and applications (Apps) used to facilitate the creation & sharing of

content in virtual communities & networks.


• Use it to help find missing, endangered, distressed people

• Help provide insight to their state of mind/intentions through posts

• Apprehend fugitives, single out associate suspects, link individuals to street gangs, provide evidence of criminal activity

• “Social media is the 21st century witness to a crime” – clues are endless, photos, videos, and words all stored on web servers

3

Can Police Use Social Media Sites

2


• Get tips from suspects’ “friends” after the suspect brags about his behavior on social networking site

• Gather evidence from pictures or videos posted to YouTube

• Track/gain insight into suspect’s mentality by monitoring their posts

• No reasonable expectation of privacy when you willingly post to a public social media account online, all of these activities are subject to scrutiny

• Police can use social media to gather valuable intelligence on suspected criminals

4

Can Police Use Social Media Sites


• Cloud computing means you are using a service from another company and accessing it (software e.g. Microsoft word) over the internet

• Cloud storage is storing (saving) your documents and/or media in the cloud (i.e. Google) vs your PC or phone. This will also allow you to share it across devices and with others

• Everyone is already using cloud-based services on a daily basis

5

Pros and Cons of the Cloud


MYTH: Security is a concern when discussing the switch to the cloud.

REALITY: The cloud is much safer than any on-premises storage.

• A 2-3 person IT department is likely not focused on data security and cannot hope to match the resources of the security crew at a cloud-hosting company

6

The Cloud is More Secure

3


7

Why Security Matters

2 BIGGEST CONCERNS:

• Data theft

• The danger presented by downtime


FOR CHIEFS: The cloud means peace of mind.

FOR PATROL OFFICERS: The cloud means less down time, less frustration trying to get disparate systems to work, and fewer hours filing paperwork.

FOR IT STAFF: It’s a relief to have support from the cloud provider. IT can utilize the cloud to test new ideas in a secure and cost-effective manner, as well as scale up or down without the potential for wasted resources.

8

What the Shift to the Cloud Looks Like


STORING INFORMATION IN THE CLOUD MEANS:

• Almost unlimited storage capacity

• No more worrying about running out of storage space

• The ability to access information on the cloud from multiple devices

9

What the Shift to the Cloud Looks Like

4


10

BACKUP AND RECOVERY

PRONE TO ATTACK


11

Consider Alternatives in Addition to Cloud Storage

Because of the diversity of digital data collected, police departments must build a data platform that can collect, store, and manage individual pools of data.

Instead of having a separate storage solution - whether it be in the cloud or in your datacenter for each evidence type -police departments need to invest in a common storage platform that can more efficiently and more cost effectively manage all your evidence regardless of the source.


The Dark Web

5


The Dark Web


The Dark Web


• Understand the Tor Network

• Download the Tor Browser

15

Tor Network

6


16

Tor Network

• Protect your anonymity

• Torrent-sharing is especiallyinsecure


• Use specialized deepweb services

• Talk to deep web denizens

17

Explore and Maintain


18

• Follow policy for entering the dark web

• Use proper firewall

• For Investigation only

• Use a “dirty laptop”

Rules and Regulations

7


Drones


Drones


21

8


2017 LEGISLATION

22

Drones


23

Drones

FEDERAL UAS REGULATION

Offers safety regulations for unmanned aircraft drones weighing less than 55 pounds that are conducting non-hobbyist operations.


24

Drones

FEDERAL UAS REGULATION

In May 2017, a federal court struck down the requirement for drone registration by hobbyists who operate their drone purely for recreation.

9



THE IMPORTANCE OF LAWENFORCEMENT DRONE POLICY

TRAIN PERSONNEL

26


Technology used by Police

10


28

How Electronic Technology is Used (By Police)


GPS on Cars (Counter Surveillance)


• Critical in assisting agencies with vehicle management

• Squad Car Theft Protection

• Surveillance On Criminals

• Route Management

• Officer Accountability

• Search and Rescue

• The tracking data is stored on secure servers where it can be access online anytime via smart phone or computer

30

GPS Tracking Police Cars

11


Technology used by citizens


32

Citizen Cell Phones


33

By Citizens

Technology keeps on advancing and it is becoming very essential in our lives.

Everyday people use technology to improve on the way they accomplish specific tasks.

Technology is being used in many ways to simplify every aspect of our lives.

12


Business/Workplace/Future Development• SharePoint/Intranet• Instant messaging• Email• Social Media• Video Conferencing

Teaching/Learning/Education• Automated programs• Tracking software for students• Online Education

34

By Citizens


The Bank• Plastic Money cards• Mobile Banking

Home• Entertainment• Home Security• Save Energy

Data Collection and storage

35

By Citizens


Technology used by Criminals

13



38

How Electronic Technology is Used (By Criminals)

Drones used for Counter Surveillance


Electronic Evidence

14


Digital Evidence

• What is it?

• http://www.iacpcybercenter.org/

• Using social media is a due diligent search

40

The Value and Process of Evidence


Digital Evidence

• Is it at the Crime Scene?

• Computer?

• On a Mobile Device?

• Cloud?

• Vehicle?

• Image File (Picture)?

• Bank Account (IP)?

41



Digital Evidence

• Preserving Evidence

• Common Sense

• INTERVIEW!!!!• Cloud Accounts (Email/Social Media)• Passcode/Passwords

• Court Order vs Search Warrant

• Search Warrants vs Consent

42


15


43

Preserve the Cloud

SAFEGUARDING DIGITAL INFORMATION WILL RISE


44

Preserve the Cloud

COLLECT & PRESERVE


• The person collecting should sign and date item

• Record items on an evidence log

• Establish that the evidence is in the same condition as when taken

45

Collect and Preserve

16


46


Even with helpful testimony on all these points, you still can't testify, “I saw the ones and zeroes and electromagnetic dust 18 months ago, and what is before us today is in substantially the same condition as it was back then.”

KEEP CALM

AND

ASK AGEEK


47


THE CHAIN OF CUSTODY

• Record the location

• Initial or sign and date materials

• Record on evidence log

• Establish authenticity of evidence


48

A Shield and a Sword

Proper evidence handling and chain of custody provide both a shield and a sword for the credibility and persuasiveness of your digital evidence

17


Extracting Personal Date from Cell Phones

• Starts with Your Service Provider

49

Cell Phone Forensics


Extracting Personal Date from Cell Phones

• Cracking Your Cell Phone

50

Cell Phone Forensics


51

Preservation Letter

18


52

Preservation Letter

Use language to ensure that the ISP or social media provider does not notify

the suspect of the investigation.


The Proposed Amendments to the Rules of Civil Procedure

Though serving a preservation letter isn’t a formal component of civil discovery procedures, it’s likely to be a de facto practice as federal and local rules of civil procedure impose express rediscovery “meet and confer” obligations upon litigants. For example, effective December 1, 2006, Rule 26 of the Federal Rules of Civil Procedure require litigants to “discuss any issues relating to preserving discoverable information,” as well as “any issues relating to disclosure or discovery of electronically stored information, including the form or forms in which it should be produced. ” The preservation letter is sure to frame the agenda for such discussions. The preservation letter may play an important role in a court’s consideration of whether a party acted in good faith in connection with information lost to routine operations of an electronic information system. Assessment of good faith turns on the subjective awareness of the party.

53

Preservation Letter


19 - 004Criminal Technology and

Electronic Evidence

Documents

Technology and Evidence 09-27-18 - PAVTN.net€¦ · MYTH: Security is a concern when discussing the switch to the cloud. REALITY: The cloud is much safer than any on-premises storage