DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL Digital Forensics: The Ever Evolving.

Slides:



Advertisements
Similar presentations
Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
Advertisements

INFORMATION TECHNOLOGY, THE INTERNET, AND YOU
Researching Immigration Law October 9, 2013 Presented by Wilhelmina Randtke Electronic Services Librarian Sarita Kenedy East Law Library St. Marys University.
Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
Psychology of Homicide Unit III Lecture
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
Evidence Collection & Admissibility Computer Forensics BACS 371.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Guide to Computer Forensics and Investigations, Second Edition
Remarks of Kristen Pinhey Competition Law Officer Competition Bureau Canada Unannounced Inspections in Canada International Competition Network, 2013 Cartel.
Computer Forensics Principles and Practices
1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
What is meant by computer forensics?  Principle, Function of computer forensics.  History about computer forensics.  Needs of computer forensics.
Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date:
COEN 152 Computer Forensics Introduction to Computer Forensics.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Guide to Computer Forensics and Investigations, Second Edition
Information Security Technological Security Implementation and Privacy Protection.
Abstract Load balancing in the cloud computing environment has an important impact on the performance. Good load balancing makes cloud computing more.
Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
Class 11 Internet Privacy Law Government Surveillance.
Use Policies Deputy Attorney General Robert Morgester
Other Laws (Primarily for E-Government) COEN 351.
INTRODUCTION TO FORENSICS Science, Technology, & Society MR. CANOVA PERIOD 11.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
The Legal Issues Facing Digital Forensic Investigations In A Cloud Environment Presented by Janice Rafraf 15/05/2015Janice Rafraf1.
Computer Forensics Principles and Practices
Chapter Seven – Searches and Seizures and the Right to Privacy Rolando V. del Carmen.
Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.
Lecture 11: Law and Ethics
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
STANKIEWICZ. Essential Questions and Learning What is the purpose of criminal Investigation? What are the basic steps in criminal investigations? What.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Pre-Trial Procedures Search and Seizure.  The law seeks to balance individual’s right to privacy and need for police to conduct a thorough investigation.
By: Megan Guild and Lauren Moore. Concept Map Mountain Stream Co. OS Active wear Computer Security Their Questions Details Examples Computer Forensics.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
s Protected by Fourth Amendment Right of Privacy By: Xavier Mulligan.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Bay Ridge Security Consulting (BRSC) Cloud Computing.
FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)
WIDESCREEN PRESENTATION Tips and tools for creating and presenting wide format slides.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Electronic Evidence Seizure
Digital Forensics Market Analysis: By Forensic Tools; By Application (Network Forensics, Mobile Forensics, Database Forensics, Computer Forensics) - Forecast.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Cell Phone Forensics Investigator - ICFECI
Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Law and Ethics INFORMATION SECURITY MANAGEMENT
University of Colorado at Colorado Springs
Courts System Search Warrants.
Evidence Preservation/Records Retention
PhD Oral Exam Presentation
Computer Forensics 1 1.
Introduction to Computer Forensics
Introduction to Computer Forensics
Forensics Week 2.
Ad Hoc Phase Structured Phase Enterprise Phase
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Introduction to Digital Forensics
Presentation transcript:

DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL Digital Forensics: The Ever Evolving Science ASAC Mark Tasky, DHS OIG WFO

Goals and Objectives Define Digital Forensics. Explore the forensic process and methodology. Talk about technical limitations/difficulties. Review legal issues and pitfalls. Discuss the impact of our digital life. DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

What is the definition of Computer or Digital Forensics? Digital forensics is the application of proven scientific methods and techniques in order to recover data from electronic / digital media. Digital Forensic specialists work in the field as well as in the lab (Wikipedia). Digital forensics involves the preservation, identification, extraction, documentation and interpretation of computer media for evidentiary and/or root cause analysis. The process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable. (R. McKemmish, What is Forensic Computing?, 1999). DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Defining Digital Forensics: A supervisor… long, long ago told me: That computer stuff is all a fad and wont be around long. Another said… Its a magic box!! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

The Technical Reality? Were chasing a bunch of 1s and 0s! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Process and Methodology How we do, what we do… Its simple… REALLY! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Process and Methodology First, memorize this: DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Process and Methodology Then, this… DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Process and Methodology DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Process and Methodology The field of Digital Forensics is a science. Evidence is preserved, identified, documented and presented similar to the other forensic sciences. –DNA, Entomology (bugs), Serology (body fluids), etc. Best conducted in a controlled environment. The expansion of network/cloud storage is forcing the evolution of digital evidence collection (dead- box vs. live acquisition). Mobile computing is everywhere now! DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Technical Difficulties The growth of technology… Moores Law: the observation that over the history of computing hardware, the number of transistors (computing power and storage) on integrated circuits doubles approximately every two years. The rapid expansion of mobile technology: iPhones, iPads, Android phones, tablets, high speed data connections (4G/LTE) and connected everything. DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL The good ole days… (from an old presentation circa 2003) 1994 a 540 MB hard drive = 385 floppy disks 1996 a 2 GB hard drive = 1,463 floppy disks 1998 a 4 GB hard drive = 2,926 floppy disks 2001 a 40 GB hard drive = 29,269 floppy disks 2002 a 80 GB hard drive = 58,538 floppy disks 2003 a 160 GB hard drive = 117,077 floppy disks A Terabyte (TB) of hard drive space = 731,734 floppy disks.

Technical Difficulties The growth of cloud computing/storage: iCloud, Box (50GB free), Carbonite, etc. The NIST definition: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL The bad guys fight back… The RASKATRussian for thunderclapconsists of a black box housing the suspects hard drive. The device is activated using either a button on the computer case or the remote control. The remote control resembles a key fob for the automatic door locking mechanism of an automobile, with two buttons on it. According to the instruction manual, the RASKATs battery back-up will last for 24 hours following the loss of main power. The range of the remote control device is listed as 50 meters.

Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Technical Difficulties DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL USB thumb drive wired into a phone jack Hidden in plain sight How-to manual (with USB pinout) circulated on the Internet

Technical Difficulties

Legal Issues In the law enforcement world, forensic examiners will be called to testify in court. At a minimum, you must know: 1.The law (case law and statute) 2.Best Practices 3.Your policies and procedure 4.Evolving technology The days of unchallenged experts are over. DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Legal Issues

18 USC § Required disclosure of customer communications or records [established by the Stored Communications Act (SCA)– October 21, 1986… enacted as Title II of the Electronic Communications Privacy Act (ECPA)] (a) Contents of Wire or Electronic Communications in Electronic Storage. A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section. b) Contents of Wire or Electronic Communications in a Remote Computing Service. (A) without required notice to the subscriber… WARRANT (B) with prior notice from the governmental entity to the subscriber or customer… (i) uses an administrative subpoena authorized by a Federal or State statute… (ii) obtains a court order DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Requirement for a Second Search Warrant Suppose you have a search warrant to look for tax documents in a residence. You find a bag of marijuana in the file cabinet. 1.Can you seize the marijuana? 2.Can you continue to search for more marijuana? Legal Issues

Requirement for a Second Search Warrant Suppose you have a search warrant to look for tax documents in a computer. You find a child porn picture imbedded in a Word document. 1.Can you seize the child porn? 2.Can you continue to search for more child porn? Legal Issues

Know your resources…

Because the bad guys have them too

A brave new World…

References DOJ Computer Crime and Intellectual Property Section: Digital Evidence in the Courtroom: Best Practices for Seizing Electronic Evidence v.3: US-CERT Cyber Security Awareness: DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL

Mark Tasky Assistant Special Agent in Charge Department of Homeland Security Office of Inspector General Office of Investigations Washington Field office TEL: (703) FAX: (703)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.