Presentation is loading. Please wait.

Presentation is loading. Please wait.

DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL Digital Forensics: The Ever Evolving.

Published byKaylah Bever Modified over 10 years ago

Similar presentations

Presentation on theme: "DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL Digital Forensics: The Ever Evolving."— Presentation transcript:

1 DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL Digital Forensics: The Ever Evolving Science ASAC Mark Tasky, DHS OIG WFO

2 Goals and Objectives Define Digital Forensics. Explore the forensic process and methodology. Talk about technical limitations/difficulties. Review legal issues and pitfalls. Discuss the impact of our digital life. DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

3 What is the definition of Computer or Digital Forensics? Digital forensics is the application of proven scientific methods and techniques in order to recover data from electronic / digital media. Digital Forensic specialists work in the field as well as in the lab (Wikipedia). Digital forensics involves the preservation, identification, extraction, documentation and interpretation of computer media for evidentiary and/or root cause analysis. The process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable. (R. McKemmish, What is Forensic Computing?, 1999). DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

4 Defining Digital Forensics: A supervisor… long, long ago told me: That computer stuff is all a fad and wont be around long. Another said… Its a magic box!! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

5 The Technical Reality? Were chasing a bunch of 1s and 0s! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

6 Process and Methodology How we do, what we do… Its simple… REALLY! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

7 Process and Methodology First, memorize this: DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

8 DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

9 Process and Methodology Then, this… DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

10 Process and Methodology DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

11 Process and Methodology The field of Digital Forensics is a science. Evidence is preserved, identified, documented and presented similar to the other forensic sciences. –DNA, Entomology (bugs), Serology (body fluids), etc. Best conducted in a controlled environment. The expansion of network/cloud storage is forcing the evolution of digital evidence collection (dead- box vs. live acquisition). Mobile computing is everywhere now! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

12 Technical Difficulties The growth of technology… Moores Law: the observation that over the history of computing hardware, the number of transistors (computing power and storage) on integrated circuits doubles approximately every two years. The rapid expansion of mobile technology: iPhones, iPads, Android phones, tablets, high speed data connections (4G/LTE) and connected everything. DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

13 Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL The good ole days… (from an old presentation circa 2003) 1994 a 540 MB hard drive = 385 floppy disks 1996 a 2 GB hard drive = 1,463 floppy disks 1998 a 4 GB hard drive = 2,926 floppy disks 2001 a 40 GB hard drive = 29,269 floppy disks 2002 a 80 GB hard drive = 58,538 floppy disks 2003 a 160 GB hard drive = 117,077 floppy disks A Terabyte (TB) of hard drive space = 731,734 floppy disks.

14 Technical Difficulties The growth of cloud computing/storage: iCloud, Box (50GB free), Carbonite, etc. The NIST definition: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

15 Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL The bad guys fight back… The RASKATRussian for thunderclapconsists of a black box housing the suspects hard drive. The device is activated using either a button on the computer case or the remote control. The remote control resembles a key fob for the automatic door locking mechanism of an automobile, with two buttons on it. According to the instruction manual, the RASKATs battery back-up will last for 24 hours following the loss of main power. The range of the remote control device is listed as 50 meters.

16 Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

17 Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL USB thumb drive wired into a phone jack Hidden in plain sight How-to manual (with USB pinout) circulated on the Internet

18 Technical Difficulties

19 Legal Issues In the law enforcement world, forensic examiners will be called to testify in court. At a minimum, you must know: 1.The law (case law and statute) 2.Best Practices 3.Your policies and procedure 4.Evolving technology The days of unchallenged experts are over. DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

20 Legal Issues

21 18 USC § 2703 - Required disclosure of customer communications or records [established by the Stored Communications Act (SCA)– October 21, 1986… enacted as Title II of the Electronic Communications Privacy Act (ECPA)] (a) Contents of Wire or Electronic Communications in Electronic Storage. A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section. b) Contents of Wire or Electronic Communications in a Remote Computing Service. (A) without required notice to the subscriber… WARRANT (B) with prior notice from the governmental entity to the subscriber or customer… (i) uses an administrative subpoena authorized by a Federal or State statute… (ii) obtains a court order DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

22 Requirement for a Second Search Warrant Suppose you have a search warrant to look for tax documents in a residence. You find a bag of marijuana in the file cabinet. 1.Can you seize the marijuana? 2.Can you continue to search for more marijuana? Legal Issues

23 Requirement for a Second Search Warrant Suppose you have a search warrant to look for tax documents in a computer. You find a child porn picture imbedded in a Word document. 1.Can you seize the child porn? 2.Can you continue to search for more child porn? Legal Issues

24 Know your resources…

25 Because the bad guys have them too

26 A brave new World…

27

28 References DOJ Computer Crime and Intellectual Property Section: http://www.justice.gov/criminal/cybercrime http://www.justice.gov/criminal/cybercrime Digital Evidence in the Courtroom: https://www.ncjrs.gov/pdffiles1/nij/211314.pdf https://www.ncjrs.gov/pdffiles1/nij/211314.pdf Best Practices for Seizing Electronic Evidence v.3: http://www.forwardedge2.com/pdf/bestpractices.pdf http://www.forwardedge2.com/pdf/bestpractices.pdf US-CERT Cyber Security Awareness: http://www.us-cert.gov/home-and-business http://www.us-cert.gov/home-and-business DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

29 Mark Tasky Assistant Special Agent in Charge Department of Homeland Security Office of Inspector General Office of Investigations Washington Field office TEL: (703) 235-0847 FAX: (703) 235-0854 Mark.Tasky@dhs.gov

Download ppt "DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL Digital Forensics: The Ever Evolving."

Similar presentations

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
INFORMATION TECHNOLOGY, THE INTERNET, AND YOU

INFORMATION TECHNOLOGY, THE INTERNET, AND YOU
Researching Immigration Law October 9, 2013 Presented by Wilhelmina Randtke Electronic Services Librarian Sarita Kenedy East Law Library St. Marys University.

Researching Immigration Law October 9, 2013 Presented by Wilhelmina Randtke Electronic Services Librarian Sarita Kenedy East Law Library St. Marys University.
Complex Recovery/ Data Reduction DFRWS 2002. Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
Psychology of Homicide Unit III Lecture

Psychology of Homicide Unit III Lecture
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?

BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Remarks of Kristen Pinhey Competition Law Officer Competition Bureau Canada Unannounced Inspections in Canada International Competition Network, 2013 Cartel.

Remarks of Kristen Pinhey Competition Law Officer Competition Bureau Canada Unannounced Inspections in Canada International Competition Network, 2013 Cartel.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.

1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
What is meant by computer forensics?  Principle, Function of computer forensics.  History about computer forensics.  Needs of computer forensics.

What is meant by computer forensics?  Principle, Function of computer forensics.  History about computer forensics.  Needs of computer forensics.
Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO.515020181-9.

Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
COEN 152 Computer Forensics Introduction to Computer Forensics.

COEN 152 Computer Forensics Introduction to Computer Forensics.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

Similar presentations

Ads by Google