Gathering digital evidence by the EU Commission in inspections

Slides:



Advertisements
Similar presentations
1 of 15 Information Access Internal Information © FAO 2005 IMARK Investing in Information for Development Information Access Internal Information.
Advertisements

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
National Database Templates for the Biosafety Clearing-House Application (NDT-nBCH) Overview of the US nBCH Applications.
CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, CRMA.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
COEN 252 Computer Forensics
E-Discovery for System Administrators Russell M. Shumway.
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Information Technology, the Internet, and You © 2013 The McGraw-Hill Companies, Inc. All rights reserved.Computing Essentials 2013.
Data Acquisition Chao-Hsien Chu, Ph.D.
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Capturing Computer Evidence Extracting Information.
E-Domec Electronic archving and document management in the Commission.
Information Technology & Computer Science E-Discovery Lab Identification and Collection Seminar on E-Discovery, February 9th, 2012, College of Information.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Item Web 2.0 application relevant to teacher’s work.
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
Objectives Overview Identify the qualities of valuable information Describe various information systems used in an enterprise Identify the components of.
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Framing the Future A motion in favour of digital switchover for audiovisual services.
Document Management System for Construction Industry From Infocrew Solutions Pvt Ltd.
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
Task 16 Describe the need for document control (such as ensuring that completed models are approved, labelled and stored on a suitable storage medium).
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Thomas Schwarz, S.J. SCU Comp. Eng COEN 252 Collection of Evidence.
Thomas Schwarz, S.J. SCU Comp. Eng COEN 252 Collection of Evidence.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
Launching E-Records with a PERPOS: The Presidential Electronic Records PilOt System 2005 NAGARA Annual Meeting.
Using Google Apps at Coonabarabran High 2013 An introduction to new DEC- approved tools for staff and students.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
81 st Lunch Talk of the Global Competition Law Center Markus Röhrig – April 28, 2016 The ECN+ Initiative: Outcome and Challenges of the Commission Consultation.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Digital Forensics and Hand Held Devices Robert Trimble COSC
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 28 – Consumer and Health Protection.
Rebecca L. Mugridge LFO Research Colloquium March 19, 2008.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Records Management Reality
DISCOVERING COMPUTERS 2018 Digital Technology, Data, and Devices
UW-Madison Guidelines for Managing the Records of Departing Employees*
Dr. Anastasios Xeniadis Dr. Luca Schicho
Chapter 7: Investigating Theft Acts
Brandon Botes #SPSDBN Records Management – Friend or Foe ???
Guide to Computer Forensics and Investigations Fifth Edition
Information Security Seminar
Communication and Collusion in the Digital Age
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
Chapter 1 – Introduction to Computers
Digital Forensics Chris Rozic.
Electronic Discovery Sabrina Jones 4/14/2011.
On-Site Investigations
Presentation transcript:

Gathering digital evidence by the EU Commission in inspections Dirk VAN ERPS Head of Unit Cartels II Forensic IT Project Manager Madrid, 5 July 2013

Digital Evidence Gathering: Powers Reg. 1/2003, Art. 20, 2: "The officials […] are empowered: (b) to examine the books and other records related to the business irrespective of the medium on which they are stored; (c) to take or obtain in any form copies of or extracts from such books or records"

Digital Evidence Gathering: Powers Means: We can look at electronic documents We can make electronic copies of (electronic or paper) documents (see point 9 of Explanatory Note)

Digital Evidence Gathering: Powers DG Comp has started in April 2013 to take systematically electronic copies of electronic documents; DG Comp is planning to make electronic copies (scans) of paper documents; one test in June 2013

The revised Explanatory Note What for: - provide transparency to company, kind of FAQ - handed over to company representative at start of inspection - available on internet For information only and without prejudice to formal interpretation of powers of investigation

Clarifications in 18 March 2013 version - provides examples on company's IT environment and storage media that can be searched: "laptops, desktops, tablets, mobile phones, CD-Roms, DVDs, USB-key and so on" (point 10) - reference to 'obligation to cooperate fully and actively with the inspection' (point 11) - more examples stemming from this: -"explaining organisation and IT environment"

Clarifications in 18 March 2013 version "temporarily disconnecting running computers from network, removing and re-installing hard drives from computers and providing 'administrator access rights'-support" Possibility to use company hardware (that is not wiped at the end by Commission) (pt 11) Inspectors can keep storage media until end of inspection but may return earlier after having made forensic copy of data (pt 12)

Clarifications in 18 March 2013 version Commission cleanses all Commission data carriers used to transfer data at end of inspection (pt 13) Revised Note to coincide with introduction of new workflow

Previous Workflow IT Inspector Company Computer No Dedicated Search Tools DG COMP FIT Laptop Forensic Software FIT Inspector 9

New Workflow IT Inspector Nuix Operator FIT Inspector Nuix Reviewers 10

Digital review method has not changed Possible relevant documents are 'collected' (no systematic 'imaging' of entire content, but still forensic copy from laptops/desktops) Possible relevant documents are indexed Possible relevant documents are reviewed, now on a 'platform' basis Commission official decides whether document is relevant Company receives list and copy of relevant documents

Digital review method has not changed In principle, review is done on the spot, on the basis of the content of the individual document, by a Commission official (in the presence of company representative) Sealed envelope (or 'continued inspection') procedure remains exceptional: Less than 10% of cases Often on request of company (as 'Nuix' was not available on site)

We are not obliged to Define the relevance of a document on the basis of a Commission pair of eyes looking at the individual document (but we do) Describe our interpretation of our rights (but we do – transparency via Inspection Explanatory Note) Describe our workflow and our tools (but we do – article and presentation as this one) Cleanse/Sanitise/Wipe our tools at the end of the inspection (but we do)

Legal issues Location of server: irrelevant: what is available to company staff is available to Commission official LPP: can be excluded from 'search data' and reviewed separately between Team leader and company representative Keywords: are not provided as they are only 'intelligence' helping to define possible individual relevant documents (that are provided) Chain of custody: company signs 'document list' that identifies individual documents by path file and name and Hash Value for entire collection

Legal issues 'Continued inspection' or 'sealed envelope' procedure: Nexans/Prysmian challenge: General Court: measure implementing inspection decision; not separable act Personal Data: we process in compliance with Reg. 45/2001 applicable to Commission, but no hindrance to obtain the data No procedural harmonisation within ECN but exchange of practices and experience in ECN Forensic IT Working Group

DEMO Presentation of the Demo CD that is provided to inspected company at start of inspection to explain procedure

The End Thank you Any further questions? Dirk.Van-Erps@ec.europa.eu * The views expressed are personal and do not commit the Commission

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.