Docstoc

Computer Network Security Conference

Document Sample
Computer Network Security Conference Powered By Docstoc
					Computer Network Security
      Conference
         Billings, MT




        Timothy P. Kosiba
Program Manager/Forensic Examiner
             Objectives
 What is CART?
 What is Digital Evidence?
 What is Computer Forensics?
 What Crimes involve Digital Devices?
 How can CART or a Computer Forensic
 Examiner help the Investigator?
 What training is available?
 What is an RCFL?




              CART
CART is a team of law enforcement
individuals trained in Computer
Forensics. Their task is to examine
digital evidence in criminal matters
and provide testimony with respect
to such evidence in a court of law.
                 CART MISSION
 To provide digital forensics and technical
 capabilities, services and support to the FBI,
 Intelligence Organizations and other Law
 Enforcement agencies.

                                                              are
Providing the highest quality digital forensic services which are prompt
accurate, impartial and usable.

Maintaining a leadership role in the field of digital forensics.

                                                            multi
Development and application of validated, state of the art, multi-platform
hardware and software tools, practices and procedures.




                  Digital Evidence

                          is information of
                            probative value
                                 stored
        Digital Evidence

             or transmitted in
                digital form
            (SWG-
            (SWG-DE 7/14/98)




  Digital Evidence is Volatile
Simply starting a computer alters or
destroys data and reduces chances of data
recovery
Viewing, copying or printing likewise can
destroy data
Malicious or hidden code can also cause
data destruction
Regardless of the role computer
 /digital device played, it is still:
               EVIDENCE


  Victim/weapon
  Instrumentality (Tool)
  Storage Facility




       Computer Forensics

   Acquire, Preserve, Examine and the
   Presentation of forensic examination results
   Application of science and engineering
   to the legal problem of digital evidence.
   Requires expertise, training and tools
 Forensic Examination Tools
Imaging Tools:
  Safeback, DD, Drive Duplicators


Examination Tools:
  ILook, Forensic Toolkit, Misc. Specialty Tools




              CART Territory Map
        Seattle

       Portland                                                            Minneapolis
                                                                                                          New York
                              Pocatello                                               Milwaukee
                                                                                                              Buffalo           Boston
                                                                                        Chicago Detroit                   Albany
                                                                  Omaha                                  Cleveland            New Heaven
                                                                                             Indianapolis Pittsburgh  Philadelphia
         Sacramento               Salt Lake City                                Springfield      Cincinnati               Newark
                                                   Denver                                                           Baltimore
      San Francisco                                              Kansas City St Louis                            Washington, DC
                                                                                            Louisville               Norfolk
                         Las Vegas                                                                         Richmond
                                                                                                  Knoxville
                                                                                     Memphis              Charlotte
              Los Angeles                                     Oklahoma City Little Rock
                                     Phoenix   Albuquerque                                                 Columbia
                                                                                         Birmingham
                      San Diego                                                                   Atlanta
                                                               Dallas              Jackson
                                               El Paso                                 Mobile
                                                                      Houston      New Orleans         Jacksonville
                                                             San Antonio
                                                                                                Tampa
                                                                                                           Miami
  Anchorage
                                          Honolulu
                                                                                                                     San Juan
    Crimes Involving Computers
             International Terrorism

E-mail Extortion Threats      On-
                              On-line Threats
On-line Child Pornography
On-                           On-
                              On-line Narcotic Sales
On-line Gambling
On-                           Computer Component Theft
Offshore Money Laundering     Viruses/Worms
Websites                      Telecommunication Fraud
Organized Crime               Chip Fraud
Cyber-Terrorism
Cyber-                        Counterfeiting
Civil Rights Crimes           Securities Fraud
Hate Crimes                   Theft of Intellectual Property
Domestic Terrorism            Homicides
Medical Fraud                 Kidnapping

     Is the computer a tool, target, or
     storage medium?




               How Much?
  Contents of a 3.2 Gigabyte Hard Drive
  Printed
  Would build a Stack of Paper as High as
  The Washington Monument (555 ft)
   Case Agent/Investigator
responsibilities for examination
 Examination information
   What are you looking for?
   Define Filter for Target Data
      Searches Terms
      File Types
      Specific File
 CART Output
   Time (1 Computer can take up to over 40 hours)
   Review Output and discuss with AUSA




  Digital Evidence Processing
           Equipment
  Desktop                          Yearly upgrade cost
     SCSI Card,                    approximately $12,500
     CDROM
     2 Hard Drive
     Removable drive bays
     1.0GB Ram

  Laptop (Extra Hard Drive)        Yearly Supply Budget for
  CDRW                             expendable items
                                      Hard Drives
  Magneto Optical Drive
                                      CDROM (Only)
        Drive(s)
  Tape Drive(s)
                                      Magneto Optical
  Printer                             Cartridges
  Palm Pilot                          Zips
  Travel Cases                        Jaz
  Cables                              Tapes
  Cost Approximately                  Floppy Disks
  $25,000
 Computer Analysis Response Team
                  Digital Evidence Processes
Acquisition
* Physical Copy                     Internet Processing
  Image                                History Files
  Logical Copy                         Email
                                       Cache
Preservation
   Write Protecting                    Buddy List
   Working from a copy                 Screen Names
                                       Address Book
Data Extraction
* Data Reduction                    PDA Processing
  Logical Copy
  Recovering Deleted Files          Hash Comparison
  File Slack
  Searching
                                 Presentation
      Text String
      File type                     Standard Format
      File name                     HTML




         How can AUSAs help?
    Help define examination requirements.
    Keep CART updated on digital evidence
    matters.
    Provide critical dates/deadlines
    Brief CART for testimonial purposes
What is the DOJ / FBI doing to
enhance the digital evidence
          program?
Regional Computer      Training
Forensics Laboratory     TAG -n- BAG
                                    FE’
                         More CART FE’s
DOD Joint Forensics      National Computer Training
Laboratory               Program


Review Networks




  REGIONAL COMPUTER
 FORENSIC LABORATORYS
  Regional Lab Structure
Multi-agency
Multi-jurisdictional
Both sworn and non-sworn law enforcement
personnel.
Organized Separation of Duties:
  imaging, analysis, and research and development
  functions.
Rotate examiners between these
assignments, allowing each to develop a
variety of skills.
Data Storage procedures




Regional Computer Forensic
   Laboratories - RCFL


                                               Chicago



    San Francisco                Kansas City
                                                         National Program
                                                               Office



                    San Diego

                                Dallas
Questions?

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:10/22/2012
language:Latin
pages:12