Computer crime talk take aways

US congress started contemplating laws in 1970 bit only implemented in 1986.

Phreaking was the first hack. It happened in the us proving its superiority. Nowadays hacking happens from Russia. Is this the emerging super power?

A criminal offense requires both will and action. Involuntary action is not a criminal act.

Traditional trace evidence

Once it is evident there is a criminal offense stop investigations and pass on to police. They will use data blockers during disk access to prevent data being written to it. They are placed in a uncontaminated quarantine area first then labelled and registered and clearly marked . The system used to analyse or copy must have its registry checked and av scan run and all logged accordingly.

Poisoned tree concept that contamination moves down a seed. Defence will always use contamination to pour doubt into the evidence. If there is the slightest doubt it favours the accused. That evidence is thrown out.

there is no link between the computer or mobile and the person using it. And exclude beyond all doubt that the accused was the person using the mobile

Even digital signatures are not good enough since one can claim that someone else ha access to the device where signature is saved.

Twin towers guys went under the radar by sharing a gmail acct and leaving emails in draft never sending them. Thus there was.no matching record for the sent email. To date this is the only such occurrence in electronic cases.

In Malta we have the (British adopted) concept of the Criminal electronic environment which includes the perpetrators and devices

Using backups for examination is good practice since it has least disruption on the business. Of course this is not best .

Data blockers can cost as low as two hundred dollars.

Take as much detail as possible of the disk manufacture etc to prevent future failures from
Document all processes.
Ncase is a very good software but expensive. If you cannot afford it use free other but only licensed software to avoid worms from existing the data or compromising the outcome reliability.
Use only licensed an official software sources so that defence cannot put the evidence in question.
Do not carry out analyses on a trial and error basis

Conclude on evidence but do not forward any opinion.
Work in pairs and sign together the logs
Once you find evidence stop. Do not attempt to overdo it

Once you establish a fact you take control over the evidence. The disk cannot be accessed must be labelled signed etc till handed to police

In any investigation proving facts lies on prosecution
Once you prove one fact stop there. In Maltese law, ten or hundred cases makes no difference in the significance of the infringement.
Magistrate is an IT lay person so keep the analyses simple
Be concise and objective
Never suppose or assume. Be sure beyond any doubt
Use paid software to avoid virus infection of the free site be a point of attack

 

If meeting the guy keep minutes and both of you nee to sign.

Show and keep proof that you had a plan how to investigate. Ensure you can prove you worked in a structured manner. This again helps avoid contamination being a source of doubt.
Report objectively on findings
If identify a suspect remember you are not law enforcement

If meeting the guy keep minutes and both of you nee to sign.

Show and keep proof that you had a plan how to investigate. Ensure you can prove you worked in a structured manner. This again helps avoid contamination being a source of doubt.
Report objectively on findings
If identify a suspect remember you are not law enforcement

Advertisements

Lidram’s weekly news digest

Desktop virtualisation picked some more ground

A poacher, turned game keeper, turned poacher again A new world record, but I doubt Guinness will award him the $170,00 he’s due

Reg’s VOIP primer for SME

A Sick People – and why is the church silent?

Malta’s Return in the Empire (Hail, Lord Skywalker)

Sheriff prefers jail to handing passwords – Agiliance wouldn’t have helped here

256GB SSD, stupid fast – WOW!

BT know that outsourcing isn’t always easy

Wireless Power get logo – A terribly useful technology that is a non-starter

Reg’s VOIP primer for SME

Dell’s Android – no WiFi, no 3G – Bah!

Hacking the hacker’s infiltrator – Ululating cops jabbed in the behind

Windows 7 gaining ground

Or is it?

Smile – Warding off Topless Militants

FireFox can’t rock the corporate, yet

FireFox is a great browser for many-a-reason you can find in plenty blogs out there. But take-up has been somewhat slow and my wild guess is that it won’t rock much further; unless they get their corporate solution better that is. Here is a good write-up on the matter written in Mar 2009

http://4sysops.com/archives/internet-explorer-8-vs-firefox-3-deployment-and-management/

And finally just in case you still want to give it a try, here is FrontMotion, the FireFox AD integration toolkit

http://www.frontmotion.com/Firefox/fmfirefox.htm