Presentation is loading. Please wait.

Presentation is loading. Please wait.

Case Brief Gregory Morton William Campbell Dave Wildner.

Published byLoren Rogers Modified over 8 years ago

Similar presentations

Presentation on theme: "Case Brief Gregory Morton William Campbell Dave Wildner."— Presentation transcript:

1 Case Brief Gregory Morton William Campbell Dave Wildner

2 Crime Summary A complaint was made to Kevin smith, the owner and operator of SmithTeeShirts.com, from a customer that says they put their credit card information into the ordering page on the website, and received nothing from the company. SmithTeeShirts.com uses Paypal, to handle all payments. There is a link on the page that directs users to a Paypal window where they can then put their information in. An investigation was done on the website and it was found that the website was compromised and a fake link was put in place that would take users to a Paypal screen shot that did not belong to SmithTeeShirts.com.

3 Crime Summary When the link was traced, it was found that it came from an IP address 168.356.01. This address belongs to a server at Jones & Yingling Inc. in Washington D.C. this is a company that involved creating websites for non-profit organizations. When the company’s IT team was asked they pointed investigators to a web designers work station that belonged to Tony Marsh, a new member of their team. Mr. Marsh’s USB thumb drive was confiscated for analysis.

4 Crimes Committed Identity theft Phishing fraud

5 PA Crimes Code § 1028. Fraud and related activity in connection with identification documents, authentication features, and information (1) knowingly and without lawful authority produces an identification document, authentication feature, or a false identification document; (2) knowingly transfers an identification document, authentication feature, or a false identification document knowing that such document or feature was stolen or produced without lawful authority;

6 PA Crimes Code (4) knowingly possesses an identification document (other than one issued lawfully for the use of the possessor), authentication feature, or a false identification document, with the intent such document or feature be used to defraud the United States; (5) knowingly produces, transfers, or possesses a document-making implement or authentication feature with the intent such document-making implement or authentication feature will be used in the production of a false identification document or another document- making implement or authentication feature which will be so used

7 Objectives Finding evidence to either convict or prove innocence Evidence proving fraudulent behavior Evidence that may give Tony Marsh an alibi

8 Acquisition of Evidence Obtained case information Obtained USB drive with evidence Obtained necessary software needed to examine evidence

9 What We Are Looking For Emails User login’s Saved passwords Screenshots Saved account information Deleted files Information hidden in image files

10 Software Tools Used Pro Discover Similar to Encase but with less utility FTK Imager Used for finding data files in image files (word docs, notepads) Write Blocker Standard tool built into windows for protecting data before editing it

11 Software Tools Used Encase Primary software used Hex Editor Used for fixing corrupt image, sound and data files Example: Corrupt jpeg image hex code is altered to 4D 5A 9D 00 making image file unable to be seen. Changed hex code to correct jpeg format made seeing the actual image possible: FF D8 FF E0

12 Procedure Obtained USB with image file Created copy of this image file Took steps to safeguard both original USB image file and the copy Done with write blocker on original image file Made multiple copies of image file for all group members Write blocker used before examining all copies of image file

13 What We Found Phishing Emails Saved passwords Saved SSN Saved Birthdays Saved email addresses Saved home addresses

14 What We Found Paypal website HTML code Username/password login form Torrent files WebPage Duplicate Account Fake: Bank Edition Password Recovery Pro WebCode Expert

15 What We Found.docx word files containing images Paypal screenshots in word files Yahoo! Homepage screenshots in word files Random corrupted.jpeg and.gif files Incriminating evidence in Shot1 – Shot53.docx files Some corrupted picture files needed to be fixed with HexEditor tool to view them

16 Conclusion We found enough sufficient evidence to charge Tony Marsh of fraud, identity thief, and inappropriate use of company resources. Among the various files recovered from Tony’s thumb drive we found text files with saved information he collected from the fraudulent website he created, the Paypal screen shots he created, and phishing emails. Which we believe he used company resources to aid in these criminal activites.

17 Lessons Learned Chain of Custody forms Properly recording everything This is not CSI Do not get overwhelmed by evidence How to use various forensic software tools How to hide and find data files How to write block

Download ppt "Case Brief Gregory Morton William Campbell Dave Wildner."

Similar presentations

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Breaking Trust On The Internet

Breaking Trust On The Internet
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J. 2004.

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,

The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,
Quiz 2 - Review. Identity Theft and Fraud Identity theft and fraud are: – Characterized by criminal use of the victim's personal information such as a.

Quiz 2 - Review. Identity Theft and Fraud Identity theft and fraud are: – Characterized by criminal use of the victim's personal information such as a.

Similar presentations

Ads by Google