Case Brief Gregory Morton William Campbell Dave Wildner.

Slides:

Advertisements

Similar presentations

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

Advertisements

Protecting Your Identity: What to Know, What to Do.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.

1 Identity Theft and Phishing: What You Need to Know.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

Breaking Trust On The Internet

Effective Discovery Techniques In Computer Crime Cases.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

Evidence Collection & Admissibility Computer Forensics BACS 371.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

Internet Phishing Not the kind of Fishing you are used to.

Trojan Horse Program Presented by : Lori Agrawal.

Forensic and Investigative Accounting

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,

Quiz 2 - Review. Identity Theft and Fraud Identity theft and fraud are: – Characterized by criminal use of the victim's personal information such as a.

Guide to Computer Forensics and Investigations, Second Edition

How It Applies In A Virtual World

Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

Lecturer: Ghadah Aldehim

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Digital Citizenship Project

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

Catlyn Colson. Recap of Previously Completed Work Previously I had done the following: Built the Database, started basic layout of the webpage, connected.

Preserving Evidence ● Number one priority ● Must also find incriminating evidence ● Must search the contents of the hard drive ● Can not change the hard.

Erin Zimmerman ISTC 705 Web Applications for Education A Web 2.0 Tool for Education.

How to use Microsoft Word. Where can I find Microsoft Word? How to select, copy and paste information Go to the document from which you wish to copy the.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.

Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.

Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.

Topic 5: Basic Security.

January 2001NETWORK ICE1 Forensics. January 2001NETWORK ICE2 What is Computer Forensics? Acquisition of Computer Evidence Preservation Analysis Court.

Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.

Internet Safety Internet Safety LPM

Cybercrime What is it, what does it cost, & how is it regulated?

MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Protecting Your Assets By Preventing Identity Theft 1.

Unit Five Your Money – Keeping It Safe and Secure Identity Theft Part II Resource: NEFE High School Financial Planning Program.

Phishing & Pharming Methods and Safeguards Baber Aslam and Lei Wu.

By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.

WHAT IS IDENTITY THEFT?  Identity thieves take your personal information and use it to harm you in various ways, including these:  User names, passwords,

Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.

Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.

David Fulton Jon Gerber Luke Shaheen.  1. Crime Summary  2. Most appropriate PA crime and the elements of said crime  3. Facts we set out to prove.

COMP 143 Web Development with Adobe Dreamweaver CC.

Jeff loses his identity! Lesson 5: Identity Theft.

Fraudulent Use of a Credit Card COSC 481: Final Project By: Dave Hone Chris Gould.

Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.

Electronic Crime: Incident Reporting and Forensics Between Law Enforcement and Private Industry D/Sgt. Michael Harrington CEECS, CFCE, EnCE Michigan State.

Digital Forensics Ryan Lord. Road Map - What is Digital Forensics? - Types of computer crimes - Tools - Procedures - Cases - Problems.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Computer Forensics and Cyber Crimes. Computer Forensics The systematic identification, preservation, extraction, documentation, and analysis of electronic.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

(class #2) CLICK TO CONTINUE done by T Batchelor.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Protecting Your Assets By Preventing Identity Theft

Chapter 7: Investigating Theft Acts

Protecting Your Identity:

When you get caught for Identity Theft

CHFI & Digital Forensics [Part.1] - Basics & FTK Imager

Digital Forensics Ryan Lord.

Presentation transcript:

Case Brief Gregory Morton William Campbell Dave Wildner

Crime Summary A complaint was made to Kevin smith, the owner and operator of SmithTeeShirts.com, from a customer that says they put their credit card information into the ordering page on the website, and received nothing from the company. SmithTeeShirts.com uses Paypal, to handle all payments. There is a link on the page that directs users to a Paypal window where they can then put their information in. An investigation was done on the website and it was found that the website was compromised and a fake link was put in place that would take users to a Paypal screen shot that did not belong to SmithTeeShirts.com.

Crime Summary When the link was traced, it was found that it came from an IP address This address belongs to a server at Jones & Yingling Inc. in Washington D.C. this is a company that involved creating websites for non-profit organizations. When the company’s IT team was asked they pointed investigators to a web designers work station that belonged to Tony Marsh, a new member of their team. Mr. Marsh’s USB thumb drive was confiscated for analysis.

Crimes Committed Identity theft Phishing fraud

PA Crimes Code § Fraud and related activity in connection with identification documents, authentication features, and information (1) knowingly and without lawful authority produces an identification document, authentication feature, or a false identification document; (2) knowingly transfers an identification document, authentication feature, or a false identification document knowing that such document or feature was stolen or produced without lawful authority;

PA Crimes Code (4) knowingly possesses an identification document (other than one issued lawfully for the use of the possessor), authentication feature, or a false identification document, with the intent such document or feature be used to defraud the United States; (5) knowingly produces, transfers, or possesses a document-making implement or authentication feature with the intent such document-making implement or authentication feature will be used in the production of a false identification document or another document- making implement or authentication feature which will be so used

Objectives Finding evidence to either convict or prove innocence Evidence proving fraudulent behavior Evidence that may give Tony Marsh an alibi

Acquisition of Evidence Obtained case information Obtained USB drive with evidence Obtained necessary software needed to examine evidence

What We Are Looking For s User login’s Saved passwords Screenshots Saved account information Deleted files Information hidden in image files

Software Tools Used Pro Discover Similar to Encase but with less utility FTK Imager Used for finding data files in image files (word docs, notepads) Write Blocker Standard tool built into windows for protecting data before editing it

Software Tools Used Encase Primary software used Hex Editor Used for fixing corrupt image, sound and data files Example: Corrupt jpeg image hex code is altered to 4D 5A 9D 00 making image file unable to be seen. Changed hex code to correct jpeg format made seeing the actual image possible: FF D8 FF E0

Procedure Obtained USB with image file Created copy of this image file Took steps to safeguard both original USB image file and the copy Done with write blocker on original image file Made multiple copies of image file for all group members Write blocker used before examining all copies of image file

What We Found Phishing s Saved passwords Saved SSN Saved Birthdays Saved addresses Saved home addresses

What We Found Paypal website HTML code Username/password login form Torrent files WebPage Duplicate Account Fake: Bank Edition Password Recovery Pro WebCode Expert

What We Found.docx word files containing images Paypal screenshots in word files Yahoo! Homepage screenshots in word files Random corrupted.jpeg and.gif files Incriminating evidence in Shot1 – Shot53.docx files Some corrupted picture files needed to be fixed with HexEditor tool to view them

Conclusion We found enough sufficient evidence to charge Tony Marsh of fraud, identity thief, and inappropriate use of company resources. Among the various files recovered from Tony’s thumb drive we found text files with saved information he collected from the fraudulent website he created, the Paypal screen shots he created, and phishing s. Which we believe he used company resources to aid in these criminal activites.

Lessons Learned Chain of Custody forms Properly recording everything This is not CSI Do not get overwhelmed by evidence How to use various forensic software tools How to hide and find data files How to write block