Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Forensic Approach to Complex Fraud Keith Foggon Head of Digital Forensics Unit Serious Fraud Office.

Similar presentations

Presentation on theme: "The Forensic Approach to Complex Fraud Keith Foggon Head of Digital Forensics Unit Serious Fraud Office."— Presentation transcript:

1 The Forensic Approach to Complex Fraud Keith Foggon Head of Digital Forensics Unit Serious Fraud Office

2 Serious Fraud Office Outline What is the SFO Forensic Challenges DFU Technology Forensic Processes

3 Serious Fraud Office What is the SFO Created by Criminal Justice Act 1987 Roskill Fraud Trials Report 1986 began April 1988 compulsory powers (defeat confidentiality) Investigates and prosecutes Serious or complex fraud Multi-disciplinary teams Referral, vetting and acceptance

4 Serious Fraud Office Reduce fraud and the cost of fraud Deliver Justice and rule of law Maintain confidence in UK business by: taking on appropriate cases investigating quickly prosecuting fairly communicating clearly to deter fraud Responsive – not reactive What is the SFO do

5 Serious Fraud Office Criminal Justice Act 1987 s1:the director may investigate offences

6 Serious Fraud Office s1:the director may investigate offences s2 (2) : answer questions or furnish information s2 (3) : copies of documents & explanations s2 (4) : warrant to enter premises s2 available for mutual legal assistance Criminal Justice Act 1987

7 Serious Fraud Office s1:the director may investigate offences s2 (2) : answer questions or furnish information s2 (3) : copies of documents & explanations s2 (4) : warrant to enter premises s2 available for mutual legal assistance s3: disclosure to other authorities Criminal Justice Act 1987

8 Serious Fraud Office Investigate & Prosecute Prosecutor leads the investigation team unique effective (if the product is a prosecution) Team formed with: Internal investigators, law clerks, etc. Police (one or more forces) Counsel External accountants etc.

9 Serious Fraud Office Criteria for Acceptance Direction of the investigation should be in the hands of the prosecutor Sum at risk > £1m Public concern / interest International dimension Specialisms / multi-disciplinary teams Use of s2 appropriate

10 Serious Fraud Office Roles and Responsibilities Case Controller (dual function + maybe disclosure officer), leads overall investigation separate from the case - he is the arbiter in relation to the way it will be prosecuted Case Lawyer investigator involved closely in all aspects of the investigation Support Staff Law clerks / IT / analysts / DOCMAN Digital Forensics Unit

11 Serious Fraud Office Computer Forensics Whats it all about Why does the SFO need a Forensics Unit? Student Participation Time

12 Serious Fraud Office Digital Forensics Unit Every case involves digital evidence Seizing server farms Work volume increasing each year Encryption built in to MS products , increasing volume & value Anti-Forensics tools on the increase All fraud investigators need awareness Massive amount of data – too much – far too much

13 Serious Fraud Office So how do we cope ? Forensics is such a linear process It does not cope well with multiple dimensions It confuses data and information It finds the useless and ignores the useful Imaging blank space (75% - 80% of image is of no use) Investigators need knowledge but forensics creates a mist of confusion

14 Serious Fraud Office Consider: Data and Query Equality Queries find data Data finds queries Data finds data Queries find queries! Traditional Forensics Intelligent Forensics

15 Serious Fraud Office Treat all Data as a Query If you dont process every new piece of data like a query … then you will not know if it matters … until you ask!

16 Serious Fraud Office Pause for thought All single parameter forensic processes will fail. An investigator sitting at an EnCase machine will fail! The best, most reliable & useful results for large and complex fraud will be realized using a multiple, & simultaneous, approach

17 Serious Fraud Office The route forward The Technology behind the process: Using intelligence in forensic IT Hardware Environment Network Processes Databases Software

18 Serious Fraud Office Dell XPS 700 series HP xw8600 Workstation (2 x quad-core 64-bit, 16Gb RAM, 1.5TB HD, Win XP Pro 64) Our new Desktop Environment

19 Serious Fraud Office Nexsan SATABeast 4 x 42TB Raided to 8 x 16.3TB Volumes Our new Storage Environment

20 Serious Fraud Office Our new Network Environment BladesSilos

21 Serious Fraud Office Our new Network Environment SatabeastsCloseup of Satabeasts

22 Serious Fraud Office One for the Techies Rear ViewFull Frontal

23 Serious Fraud Office New Work Area

24 Serious Fraud Office New Work Area

25 Serious Fraud Office New Work Area

26 Serious Fraud Office New Work Area

27 Serious Fraud Office New Work Area

28 Serious Fraud Office Hardware / Network Silo-based structure Enhanced security Dedicated dirty network 64-bit workstations Optimised processing RESTRICTED Improved throughput

29 Serious Fraud Office Hardware

30 Serious Fraud Office Hardware

31 Serious Fraud Office Hardware

32 Serious Fraud Office Network

33 Serious Fraud Office Network

34 Serious Fraud Office Police Forces in England & Wales Avon & Somerset Derby Devon & Cornwall Dorset Dyfed- Powys Wiltshire Hampshire Sussex Kent Glouc ester South Wales Gwent North Wales West Mercia Stafford W. Mids. Leicester shire Warwick Thames Valley Surrey Northants. Notts. Merseyside Cleveland Durham Gtr. Man Northumbria North Yorkshire Humber side West Yorkshire S. Yorks Lancashire Beds. Cambs. Essex Lincoln shire Norfolk Suffolk Herts. Cumbria Cheshire Police Services of Northern Ireland London PSNI AA BB EE DD Avon & Somerset Devon & Cornwall Dorset Gloucestershire (Gloucester) Hampshire Kent Sussex Wiltshire Bedfordshire (Beds.) Cheshire Cumbria Greater Manchester (Gtr Man) Hertfordshire Lancashire Merseyside Cambridgeshire (Cambs.) Cleveland Durham Essex Humberside Lincolnshire Norfolk Northumbria North Yorkshire South Yorkshire (S. Yorks) Suffolk West Yorkshire City of London Metropolitan Derbyshire (Derby) Dyfed-Powys Gwent Leicestershire Northamptonshire (Northants.) North Wales Nottinghamshire (Notts.) South Wales Staffordshire (Stafford) Surrey Thames Valley Warwickshire (Warwick) West Mercia West Midlands (W. Mids.) PSNI (Police Service of Northern Ireland)



37 Serious Fraud Office Processes Seizure Imaging Analysis Extraction General offence of fraud (Fraud Act 2006) –False representation –Failure to disclose information –Abuse of position Sanitisation PM Material LPP Material Staging Extraction Presentation

38 Serious Fraud Office Processes Content extraction for defined data types Comparison against known data Transaction analysis (sequence of events) Extraction of data Deleted files recovery Format conversion Keyword searching Decryption / Cracking Storage Media types Rebuild

39 Serious Fraud Office Procedures 2008

40 Serious Fraud Office Procedures 2009

41 Serious Fraud Office Databases SFO-generated Microsoft Hashkeeper NSRL Police Operations Civil Operations Operation Ore Some others – looking at Bit9

42 Serious Fraud Office Software Most Imaging / Analysis –iLook –FTK FTK2? –EnCase –Paraben P2 Mobiles / PDAs –CellDeck / Neutrino / PDA Seizure / Cellebrite Write Blocking –Tableau / FastBloc / Wiebetech Tapes –TapeCat / MMPC / eMAG

43 Serious Fraud Office Software And these others:

44 Serious Fraud Office Electronic Presentation of Evidence Screen displays of: –Documents –Graphics –Animations –Virtual Reality

45 Serious Fraud Office Time Cases take a long time To analyse, investigate, and prosecute Computer Forensics is a slow process Rules and procedures Triage Processes

46 Serious Fraud Office and dont forget about these iPods iPhones PSP X-Box PS3 / Wii SatNav Sky+ Box BlackBerry

47 Serious Fraud Office or these Palm Foleo (linux-based) Sony VGN (XP home) Nokia N8000 (proprietary) Fujitsu (??) Samsung Q1 (Vista)

48 Serious Fraud Office or even these

49 Serious Fraud Office Final word Conventional computer forensics is struggling to keep pace with potential sources of electronic evidence. We need to apply intelligence to our forensics as simply too much data to analyse. Re-examine standard forensic procedures to adapt to advances in technology.

50 Serious Fraud Office Thanks Questions

51 Serious Fraud Office Contact Keith Foggon, Head of Digital Forensics Unit Serious Fraud Office Elm House, Elm Street London WC1X 0BJ

Download ppt "The Forensic Approach to Complex Fraud Keith Foggon Head of Digital Forensics Unit Serious Fraud Office."

Similar presentations

Ads by Google