Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Similar presentations


Presentation on theme: "Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division."— Presentation transcript:

1 Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division

2 Introduction RCFL (Regional Computer Forensic Lab) RCFL (Regional Computer Forensic Lab) The FBIs Cyber Investigations The FBIs Cyber Investigations New Legislation: Cyber Stalking New Legislation: Cyber Stalking

3 Regional Computer Forensic Labs (RCFL) One-stop, full service forensics laboratory One-stop, full service forensics laboratory Training center - to train all LEO Training center - to train all LEO Devoted to the examination of digital evidence in support of criminal investigations Devoted to the examination of digital evidence in support of criminal investigations

4 Texas HB 2703 Law signed June 2003 Law signed June 2003 Physical evidence not admissible unless lab or other entity accredited Physical evidence not admissible unless lab or other entity accredited If not accredited, need to retain sample of physical evidence If not accredited, need to retain sample of physical evidence After Sept labs required to be accredited After Sept labs required to be accredited

5 The RCFL & You LEO and Private Entity personnel can submit electronic evidence to the RCFL to be examined LEO and Private Entity personnel can submit electronic evidence to the RCFL to be examinedOr A law enforcement agency can join the RCFL: A law enforcement agency can join the RCFL: Send an officer to become a computer forensic examiner Send an officer to become a computer forensic examiner RCFL pays for training, equipment, space for that examiner RCFL pays for training, equipment, space for that examiner

6 Training Provided to any law enforcement personnel free of charge Provided to any law enforcement personnel free of charge Use the RCFL classrooms Use the RCFL classrooms For class schedule, descriptions and registration: For class schedule, descriptions and registration: Sign up online Sign up online Forensic classes Forensic classes Bag & Tag class / Image Scan class Bag & Tag class / Image Scan class

7 RCFLs support: Terrorism Terrorism Homicide Homicide National Security National Security Violent Crimes Violent Crimes Child Pornography Child Pornography Theft or destruction of Intellectual Property Theft or destruction of Intellectual Property Fraud Fraud

8 RCFL Services Laboratory - examination of digital evidence Laboratory - examination of digital evidence Technical - advice on preparing search warrants (digital), seizure of digital evidence, techniques for handling digital evidence Technical - advice on preparing search warrants (digital), seizure of digital evidence, techniques for handling digital evidence Training - Free technical training for both forensic examiners and non-forensic LEO personnel (investigators) Training - Free technical training for both forensic examiners and non-forensic LEO personnel (investigators) On-Site - RCFL examiners can deploy to locations to execute search warrants on site On-Site - RCFL examiners can deploy to locations to execute search warrants on site

9 To Submit Evidence to the RCFL Submit only digital evidence Submit only digital evidence Computers, hard drives, CDs, floppies, USB drives, cameras, telephones Computers, hard drives, CDs, floppies, USB drives, cameras, telephones Separate these items from other evidence (paper documents, objects) - store in your own property room Separate these items from other evidence (paper documents, objects) - store in your own property room Search warrant or signed consent to search form must be with the evidence Search warrant or signed consent to search form must be with the evidence RCFL examiner can also go to a location and make a forensic/digital copy on site (so you do not have to take the owners computer) RCFL examiner can also go to a location and make a forensic/digital copy on site (so you do not have to take the owners computer)

10 FY05: What the RCFLs Did For Us Services - Provided digital data processing for state, local and federal government agencies Services - Provided digital data processing for state, local and federal government agencies Program Growth - Total RCFLs grew to 9. Available to more than 3500 law enforcement agencies in 11 states Program Growth - Total RCFLs grew to 9. Available to more than 3500 law enforcement agencies in 11 states National Recognition - Harvard Universitys 2005 Innovations in American Government National Recognition - Harvard Universitys 2005 Innovations in American Government

11 FY05: What the RCFLs Did For Us Training - Training - Digital Forensic tools & techniques Digital Forensic tools & techniques Investigator tools & techniques Investigator tools & techniques Support to Major Investigations Support to Major Investigations Increased Number of Participating Agencies Increased Number of Participating Agencies 90 total participating agencies 90 total participating agencies 13 state agencies 13 state agencies 54 local agencies 54 local agencies 23 non-FBI federal agencies 23 non-FBI federal agencies

12 Types of Evidence Examined Cell Phone Forensic Exams Cell Phone Forensic Exams Audio/Video Forensic Exams Audio/Video Forensic Exams Computer Exams (Windows, Unix, Mac) Computer Exams (Windows, Unix, Mac) Digital Media Exams (USB drives, flash memory, CDs, DVDs, etc…) Digital Media Exams (USB drives, flash memory, CDs, DVDs, etc…) Digital Camera Exams Digital Camera Exams

13 Associate Examiner Initiative Created by San Diego RCFL Created by San Diego RCFL Allows non-FBI RCFL Forensic Examiners to finish their tenure at an RCFL, then return to their parent agency and maintain their certification and skills Allows non-FBI RCFL Forensic Examiners to finish their tenure at an RCFL, then return to their parent agency and maintain their certification and skills Being implemented nationwide during FY06 Being implemented nationwide during FY06

14 Case Agent Investigative Review Training (CAIR) Purpose: for investigators to use the FBIs Review Net system to review forensic exam results Purpose: for investigators to use the FBIs Review Net system to review forensic exam results Review Net: a tool which allows investigators to review the forensic results of an exam via the FBIs Intranet Review Net: a tool which allows investigators to review the forensic results of an exam via the FBIs Intranet CAIR: one-day training course, hands-on, comes with a refresher CD so students can refer to it after the course is finished CAIR: one-day training course, hands-on, comes with a refresher CD so students can refer to it after the course is finished

15 How an RCFL Works FBI provides: FBI provides: Funding, training, laboratory facility Funding, training, laboratory facility RCFL Director: RCFL Director: Manages the day-to-day operations. The Director is a management level individual from an RCFL member agency (state, local, federal). Manages the day-to-day operations. The Director is a management level individual from an RCFL member agency (state, local, federal). Member supervision: Member supervision: Remains with the officers or agents home agency for non-RCFL matters Remains with the officers or agents home agency for non-RCFL matters Laboratory procedures outlined by the RCFL Program Office, FBIHQ, Laboratory Division Laboratory procedures outlined by the RCFL Program Office, FBIHQ, Laboratory Division

16 On The Horizon Expanding the RCFL program: service area growing from 11 to 16 states during FY06 (with a total of 11 RCFLs) Expanding the RCFL program: service area growing from 11 to 16 states during FY06 (with a total of 11 RCFLs) Implementing Review Net: Implementing Review Net: Currently, only people with access to the FBIs Intranet can access Review Net. Currently, only people with access to the FBIs Intranet can access Review Net. Soon, RCFL participating members from non-FBI agencies will also access it within an RCFL. Soon, RCFL participating members from non-FBI agencies will also access it within an RCFL. Eventually, participating members from non-FBI agencies will access it from their own office space Eventually, participating members from non-FBI agencies will access it from their own office space

17 On The Horizon ASCLD/LAB Accreditation - At least four RCFLs are expected to submit their accreditation applications during FY06 ASCLD/LAB Accreditation - At least four RCFLs are expected to submit their accreditation applications during FY06 Adding RCFL Personnel - Increased digital processing caseloads mean more RCFL examiners are needed nationwide Adding RCFL Personnel - Increased digital processing caseloads mean more RCFL examiners are needed nationwide

18 Member Agencies Participating agencies and their personnel receive: Participating agencies and their personnel receive: 7 weeks of forensic examiner training 7 weeks of forensic examiner training Exposure to the most technologically advanced computer equipment available Exposure to the most technologically advanced computer equipment available Broad experience in a variety of digital forensics cases Broad experience in a variety of digital forensics cases A stake in the management of the RCFL. A stake in the management of the RCFL.

19 A+ Certification Training (2 weeks) Following the course, examiners conduct competency examination on test hard drive and send results to training coordinator Training culminates in taking nationally recognized A+ certification test Commercial Vendor FBI Net+ Certification Training (1 week) Training culminates in taking nationally recognized Net+ certification test Commercial Vendor Basic Data Recovery Analysis (BDRA) (1 week) Training culminates in end-of-course test National White Collar Crime Center FBI Boot Camp (2 weeks) Moot Court (1week) Defense attorneys query participants on their examination results Oral presentation test Examiner Training/Certification Examiners must also conduct five searches and five exams under the supervision of an FBI-certified forensic examiner Complete one advanced FBI-sponsored class per year Complete two additional outside classes per year Pass yearly proficiency test To maintain certification:

20 RCFLs in Texas North TX RCFL (Dallas) North TX RCFL (Dallas) Dallas PD Dallas PD FBI - Dallas Division FBI - Dallas Division Garland PD Garland PD Grand Prairie PD Grand Prairie PD Plano PD Plano PD Richardson PD Richardson PD TX AG TX AG US Attorney - NDTX US Attorney - NDTX Greater Houston RCFL FBI - Houston Harris County - Pct 4 Constables Office Harris County - Pct 5 Constables Office Harris County SO Houston PD Pasadena PD Tomball PD

21 RCFLs Nationwide North TX RCFL (Dallas) North TX RCFL (Dallas) Chicago RCFL Chicago RCFL Heart of America RCFL (Kansas City) Heart of America RCFL (Kansas City) New Jersey RCFL New Jersey RCFL Silicon Valley RCFL Silicon Valley RCFL Greater Houston RCFL Greater Houston RCFL Intermountain West RCFL (Salt Lake City, Utah) Northwest RCFL (Portland, OR) San Diego RCFL

22 RCFLs to be added Rocky Mountain RCFL - Denver, CO Rocky Mountain RCFL - Denver, CO Miami Valley RCFL - Dayton, OH Miami Valley RCFL - Dayton, OH Philadelphia RCFL - Philadelphia, PA Philadelphia RCFL - Philadelphia, PA Western New York RCFL - Buffalo, NY Western New York RCFL - Buffalo, NY

23 Training Portal - course descriptions, schedule, registration Training Portal - course descriptions, schedule, registration National Program - employment opportunities, accreditation, locations National Program - employment opportunities, accreditation, locations Virtual Newsroom - Annual Report, Resource Kit, speeches, statements Virtual Newsroom - Annual Report, Resource Kit, speeches, statements

24 Dennis Williams, Director Greater Houston RCFL Need to Contact the Greater Houston RCFL?

25 Break !! Block 2 begins 10:00 am The FBIs Cyber Investigations New Legislation: Cyber Stalking

26 Cyber Crimes Overview Types of Cyber Crimes the FBI investigates Counterterrorism Intrusions Counterterrorism Intrusions Counterintelligence Intrusions Counterintelligence Intrusions Crimes Against Children / Exploitation Crimes Against Children / Exploitation Intellectual Property Rights Violations Intellectual Property Rights Violations Identity Theft / Fraud Identity Theft / Fraud

27 What Does the FBI Consider a Cyber Crime ? Is the computer a target? Intrusions Or…. is the computer a tool? Computer Facilitated Crime/ Internet Fraud

28 Intrusion Intrusion Motive: Motive: To impair, damage, alter the computer system To impair, damage, alter the computer system To steal valuable data (credit card #s, SSANs) To steal valuable data (credit card #s, SSANs) Can evolve into other substantive violations Can evolve into other substantive violations An intrusion into a bank for the purpose of stealing $$$ An intrusion into a bank for the purpose of stealing $$$ An intrusion into a business or university database for the purpose of stealing SSANs An intrusion into a business or university database for the purpose of stealing SSANs COMPUTERS AS A TARGET

29 COMPUTERS AS A TOOL Computer Facilitated Crimes A convenient way to commit a host of crimes A convenient way to commit a host of crimes Examples include: Examples include: bank fraud bank fraud phishing phishing credit card fraud credit card fraud child pornography child pornography identity theft identity theft theft of intellectual property theft of intellectual property

30 What Does a Hacker Look Like? Student Employee Adolescent Parent Competitor Foreign government

31 New Legislation: Cyber Stalking 47 United States Code telecommunications harassment statute 47 United States Code telecommunications harassment statute Amended January 5, 2006 Amended January 5, 2006 Section 113 of the Violence Against Women Act - addition to 47 USC 223 Section 113 of the Violence Against Women Act - addition to 47 USC 223

32 Section 113 Prohibits anyone from using a telephone or telecommunications device without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person Prohibits anyone from using a telephone or telecommunications device without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person Penalties: Up to 2 years imprisonment or fines Penalties: Up to 2 years imprisonment or fines

33 Challenges The new law is intended to curb free speech The new law is intended to curb free speech Has a chilling effect on First Amendment rights Has a chilling effect on First Amendment rights ACLU: subjective nature of the word annoy means law too vague, thus unconstitutional ACLU: subjective nature of the word annoy means law too vague, thus unconstitutional

34 Who is Affected by this Law? Internet users: blogs, online bulletin boards/opinion sites, message boards Internet users: blogs, online bulletin boards/opinion sites, message boards Advertisers Advertisers Political Activists Political Activists

35 OPEN DISCUSSION !

36 Cyber Crimes Heidi Estrada Austin Resident Agency/San Antonio Division

37 Lunch !! Return at 1:30 Next Session


Download ppt "Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division."

Similar presentations


Ads by Google