• No results found

Battling Current Technological Trends

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Battling Current Technological Trends"

Copied!
32
0
0

Loading.... (view fulltext now)

Download now ( 32 Page )

Full text

(1)

Corey J. Bourgeois, Computer Forensic Examiner &

David Ferris, Investigator

Louisiana Department of Justice

Corey J. Bourgeois, Computer Forensic Examiner &

David Ferris, Investigator

Louisiana Department of Justice

Law Enforcement Incident Response to

Cybercrimes

&

Battling Current Technological Trends

Law Enforcement Incident Response to

Cybercrimes

&

(2)

HTCU

HTCU

A brief history...

A brief history...

(3)

Louisiana ICAC

Louisiana Department of Justice

1 director (ICAC commander) 1 lab supervisor 1 Supervisory Investigator 5 investigators 10 forensic examiners 2 analysts 1 Prosecutor 174 affiliates

1 director (ICAC commander) 1 lab supervisor 1 Supervisory Investigator 5 investigators 10 forensic examiners 2 analysts 1 Prosecutor 174 affiliates

(4)

High Tech Investigations

High Tech Investigations

(5)

Proactive & Reactive

Investigations

Proactive & Reactive

Investigations

(6)

Undercover Chatting

Peer 2 Peer

Juvenile Prostitution

Undercover Chatting

Peer 2 Peer

Juvenile Prostitution

(7)

Undercover Chatting

Undercover Chatting

Target - suspects online praying on

children in chat rooms, social

networking sights, and gaming sights

Requires law enforcement officers to assume roles as either a child, the

mother/father, or as individuals of like mind

Covered under - indecent behavior with a juvenile, computer aided solicitation of a minor and pornography involving

juveniles

Target - suspects online praying on children in chat rooms, social

networking sights, and gaming sights

Requires law enforcement officers to assume roles as either a child, the

mother/father, or as individuals of like mind

Covered under - indecent behavior with a juvenile, computer aided solicitation of a minor and pornography involving

(8)

Peer 2 Peer Investigations

Peer 2 Peer Investigations

Peer to Peer File Sharing

Sharing occurs when two computers are directly connected and downloading files from their shared folder

Primarily used to download, possess, and distribute images and movies of child

pornography

Peer to Peer File Sharing

Sharing occurs when two computers are directly connected and downloading files from their shared folder

Primarily used to download, possess, and distribute images and movies of child

(9)
(10)

Pros

Pros

Known image

Tracking of image origination

Documents the trafficking of images previously unknown in circulation

Establishes historical record of SHA values

Known image

Tracking of image origination

Documents the trafficking of images previously unknown in circulation

(11)

Cons

Cons

IP based investigations - tied to subscriber, not necessarily the suspect

ISP Errors/Hijacked IP Address

Very large pool of targets

IP based investigations - tied to subscriber, not necessarily the suspect

ISP Errors/Hijacked IP Address

(12)

Identifying Contraband

Identifying Contraband

(13)

Sha-1 Algorithm

Sha-1 Algorithm

file encryption method which may be used to produce a unique digital signature of a file.

it is computationally infeasible (2^160th) to find two different files that produce the

same SHA-1 value.

file encryption method which may be used to produce a unique digital signature of a file.

it is computationally infeasible (2^160th) to find two different files that produce the

(14)

JQTPDSTHWKMNDT2VLIE3H7EVLMPH6QNO JQTPDSTHWKMNDT2VLIE3H7EVLMPH6QNO S33EBO3O5SKAHKKHVATJWSXYSZFQJ5NF S33EBO3O5SKAHKKHVATJWSXYSZFQJ5NF

Sha-1 EXAMPLE

Sha-1 EXAMPLE

(15)
(16)

JUVENILE PROSTITUTION

JUVENILE PROSTITUTION

Investigations can target the “Johns” or attempt to recover the juveniles

A large majority of your current prostitutes began when they were juveniles.

Juvenile prostitution stings can occur:

Craigslist, Backpage, Cityvibe, chat rooms and social networking sites

These stings involve juveniles selling themselves as well as parents of the juveniles selling their children

Investigations can target the “Johns” or attempt to recover the juveniles

A large majority of your current prostitutes began when they were juveniles.

Juvenile prostitution stings can occur:

Craigslist, Backpage, Cityvibe, chat rooms and social networking sites

These stings involve juveniles selling themselves as well as parents of the juveniles selling their children

(17)

Reactive Online

Investigations

Reactive Online

Investigations

• Internet Crime Complaint Center (IC3)

• National White Collar Crime (NWC3)

• National Center for Missing and Exploited Children (NCMEC) Cybertips

• Citizen’s Complaint

• Internet Crime Complaint Center (IC3)

• National White Collar Crime (NWC3)

• National Center for Missing and Exploited Children (NCMEC) Cybertips

(18)

Computer Forensics

Computer Forensics

preservation

identification

extraction

documentation

interpretation

preservation

identification

extraction

documentation

interpretation

...of computer data ...of computer data

(19)

Initial Response

Arrive on scene

Photograph computer location, screen, and any connections.

Open case photograph the inside of the computer

Conduct forensic preview

Bag & Tag

Arrive on scene

Photograph computer location, screen, and any connections.

Open case photograph the inside of the computer

Conduct forensic preview

(20)

Basic Methodology

acquire evidence without altering or damaging the original

authenticate that your recovered evidence is the same as the originally seized data

analyze the data without modifying it

acquire evidence without altering or damaging the original

authenticate that your recovered evidence is the same as the originally seized data

(21)

Acquire

Acquire

(22)

Authenticate

Authenticate

(23)

Analyze

Analyze

(24)

Always use sound forensic practices

Always use sound forensic practices

(25)

Always work under the assumption that a

case, no matter how small, could end up in a

court of law.

Always work under the assumption that a

case, no matter how small, could end up in a

(26)

Forensic Toolbox

Forensic Toolbox

• Forensic Computer (Standalone)

• Virtual Machine Application (VMWare Fusion or Parallels)

• Writeblockers (IDE, SATA, Firewire, USB)

• EnCase developed by Guidance Software

• FTK (Forensic Tool Kit) developed by Access Data

• Blacklight, MacQuisition, Softblock developed by Blackbag Technologies

• Internet Evidence Finder developed by JAD Software

• Cellebrite

• Oxygen

• Secure View

• Super Yahoo Chat Decoder

• Forensic Computer (Standalone)

• Virtual Machine Application (VMWare Fusion or Parallels)

• Writeblockers (IDE, SATA, Firewire, USB)

• EnCase developed by Guidance Software

• FTK (Forensic Tool Kit) developed by Access Data

• Blacklight, MacQuisition, Softblock developed by Blackbag Technologies

• Internet Evidence Finder developed by JAD Software

• Cellebrite

• Oxygen

• Secure View

(27)

Don’t focus on a particular tool to get the job done. Think of computer forensics as a concept and the

application and understanding of this concept is especially important for the credibility of the

(28)

Our Lab

11 nerds (including myself)

11 mac pros

2 x 2.93 GHz Quad - Core Intel Xeon Processors

16 GB 1066 Mhz RAM

4 x 1TB 7200 RPM Hitachi Hard drives

184 TB SAN (Storage Area Network)

144 TB usable storage

2 x Xserve RAID

11 nerds (including myself)

11 mac pros

2 x 2.93 GHz Quad - Core Intel Xeon Processors

16 GB 1066 Mhz RAM

4 x 1TB 7200 RPM Hitachi Hard drives

184 TB SAN (Storage Area Network)

144 TB usable storage

(29)

Assistance to Others

Assistance to Others

Training

• Cell phone examination • Computer forensic

• On-scene forensic

• Peer 2 Peer Undercover • Chat Undercover

• Prostitution Training

• On-Scene Seizure of Digital Evidence

Purchasing equipment for affiliate agencies

Training

• Cell phone examination • Computer forensic

• On-scene forensic

• Peer 2 Peer Undercover • Chat Undercover

• Prostitution Training

• On-Scene Seizure of Digital Evidence

(30)

Challenges

storage media

cell phones and cellular technology

the cloud

bit torrent

encryption

iOS

computing power

time

keeping up with new technology

security

wellness

storage media

cell phones and cellular technology

the cloud

bit torrent

encryption

iOS

computing power

time

keeping up with new technology

security

(31)

Questions?

Questions?

(32)

Corey Bourgeois, Lab Supervisor David Ferris, Lead Investigator Louisiana Department of Justice

[email protected]

[email protected] 225.326.6100

Corey Bourgeois, Lab Supervisor David Ferris, Lead Investigator Louisiana Department of Justice

[email protected]

[email protected] 225.326.6100

References

Download now ( PDF - 32 Page - 319.21 KB )

Related documents

South Australian Whale Centre Education Services

The South Australian Whale Centre offers a diverse range of interactive and discovery based education programs and services for visiting groups7. Education services can be

Improvement of coffee beverage quality by using selected yeasts strains during the fermentation in dry process

Four yeast strains (Saccharomyces cerevisiae UFLA YCN727, S. cerevisiae UFLA YCN724, Candida parapsilosis UFLA YCN448 and Pichia guilliermondii UFLA YCN731) were inoculated

Air cargo alliances: walking on a thin line: a study on the impact of air cargo alliances

The SkyTeam Cargo alliance will not improve the negotiating position of Air France-KLM Cargo; a freight agent will chose to use the services of the airline with the

Financial promotions - guidance. Prominence. Financial promotions guidance Prominence. Guidance consultation. July 2011

In the second example of our fictitious newspaper, clarity of the required risk statement has been significantly improved, benefiting from inclusion within the main body of

Answer key

It does not make physical sense to add or subtract two quanitites that have different dimensions, like length plus time. You can add quantities that have different units, like miles

An autonomous system for maintenance scheduling data-rich complex infrastructure: Fusing the railways' condition, planning and cost

Systems engineering and data fusion principles were used to demonstrate an autonomous data-rich infrastructure maintenance scheduling system that integrates railways asset

Four-Phase-Model for the Implementation of Shared Services

Recommended Organisational Form for Shared Service Operat 211. Standardisation ofProcesses and Technologies 211

blowMoldingMachine(1)

The existing blow molding machine used only for molding empty container but aseptic blow molding machine is the machine that filling, sealing or capping work of contents are