comp ter forensics it’s notcomputer forensics: it’s … ter forensics it’s notcomputer...
Post on 10-Jun-2018
263 Views
Preview:
TRANSCRIPT
Comp ter Forensics It’s NotComputer Forensics: It’s Not Just for Computers Anymore
Shauna Woody-Coussens
y
Shauna Woody CoussensCFE, AVA
Lanny MorrowEnCE
It is estimated over 85% of all infractions & crimes committed today contain a digital signaturetoday contain a digital signature
- CSI/FBI survey
BKD Forensics Institute
Digital Signatures Can Be… Email & instant message conversations Websites visited & files downloaded Listing of recent documents opened Installed software (Yes, even if it has been uninstalled) Contents of documents recently printed Every time the computer is started or shut down List of applications recently run When computer was put into service
Wh CD /DVD b d When CDs/DVDs were burned Record of every device ever plugged into computer
BKD Forensics Institute
Computer Forensics Can be Useful with Regard toRegard to… Computers Cell phonesCe p o es Copiers/scanners/printers Fax machines iPods/MP3 players iPads Video surveillance tapes Video surveillance tapes Medical robotics Construction cranes Railroad crossing arms GPS devices
BKD Forensics Institute
Computers
Active filesD l d fil Deleted files
Registry information Metadata Metadata Email Chat logs Chat logs Internet history, cache, URLs temporary
internet files
BKD Forensics Institute
Cell Phones No longer merely telephones Taken on computer capabilitiesa e o co pu e capab es
• Large data storage capacity• Internet connection
Document creation review revision &• Document creation, review, revision & storage in multiple formats
• File encryption• Photo, audio & video creation, editing &
storage
BKD Forensics Institute
Cell Phones
Data extraction of logical & deleted data, such as:• Call logs (incoming/outgoing missed)• Call logs (incoming/outgoing, missed)• Calendar entries• Contact lists• Text messages• Emails• Locations of use with Wi-Fi & cell towers• Internet use files (history/cookies/bookmarks)• Skype use files (contacts/calls/chat)• Facebook use files (contacts/chat)• Facebook use files (contacts/chat)
BKD Forensics Institute
Cell Phone Camera
BKD Forensics Institute
Copiers-Scanners-Printers-Fax Machines
Many models have hard drives just like computersdrives just like computers
Data generally not encrypted & easily recoverable
Few people know data is il bl f thavailable from these
machines
BKD Forensics Institute
Copiers-Scanners-Printers-Fax Machines
http://www.cbsnews.com/video/watch/?id=6412572n&tag=contentMain;contentBody
BKD Forensics Institute
iPods-MP3 Players
iPod/mp3 devices can store audio, video & photo-based filesbased files • Portable & inconspicuous devices capable of storing large
amounts of dataWhil d t i t dil i bl th d i it i dil• While data is not readily viewable on the device, it is readily accessible when attached via a USB cable to a computer
BKD Forensics Institute
iPads
With large storage capabilities of 16GB to 64GB & Wi-Fi capabilities recovery of data is plentifulWi-Fi capabilities, recovery of data is plentiful• Pictures, video & audio files• Calendar entries• Contact lists• Emails• Chat files• Locations of use with Wi-Fi &
cell towers• Internet use files (history/cookies/bookmarks)Internet use files (history/cookies/bookmarks)• Facebook use files (contacts/chat)
BKD Forensics Institute
Video Surveillance Common mistake is forgetting proper preservation Date/time stamps will changea e/ e s a ps c a ge Very tight window for recovery of deleted video, if any Many types of systems, all
handled differently
BKD Forensics Institute
Medical Robotics
Track logins & all commands issued by surgeonby surgeon
Takes video & screen captures Resident hard drive just like aResident hard drive just like a
computer hard drive Deleted data is recoverable
BKD Forensics Institute
Construction Cranes
“Black Box” records every vital statistic of operationvital statistic of operation
Data of critical importance to OSHA & other parties
Requires specialized tools & software to extract & interpret d tdata
BKD Forensics Institute
Railroad Crossing
Date/time arms & lights were operating Data kept relative to train proximity Data kept relative to train proximity
when arms/lights activated
BKD Forensics Institute
GPS Navigation Devices
GPS device information includes both logical & deleted datalogical & deleted data• User-entered home location• BlueTooth paired devices• Device stored route data• User-entered Points-of-Interest (POI) data• User-defined favorite locations• Stored user data files such as
pictures, videos, audio & text• Route data can beRoute data can be
extracted & imported into Google Maps/Google Earth
BKD Forensics Institute
GPS
Most common brands have standard USB ports to pull datadata
Forensic software used to extract data & present in useful format
Software can work with Google Earth to display location & date/time data
BKD Forensics Institute
GPS
BKD Forensics Institute
GPS
The handheld MX300 uses telematics & wireless communications to offer the user more than just acommunications to offer the user more than just a personal navigation device (PND). It’s also an entertainment device capable of serving as an ebook reader, storage for photos & graphics, voice recorder, digital video or music player, online TV viewer & a way to surf the Internet & read emails. It even has VoIPsurf the Internet & read emails. It even has VoIP capabilities & can send SMS messages in case of emergency.htt // 24 7 l / l / d i t j t f d i ihttp://www.24-7pressrelease.com/press-release/gps-devices-not-just-for-driving-directions-anymore-148309.php
BKD Forensics Institute
Challenges Faced
Increasing size of digital media Wide availability of encryption Wide availability of encryption Growing variety of operating systems & file formats Individuals owning multiple devices Individuals owning multiple devices Clouds-off-site management of data 4G cellular technology4G cellular technology Virtual machines Solid state drives & deleted file recoveryy
BKD Forensics Institute
Recent Happenings
8th Circuit Court deems cell phone a computer (United States v. Neil Scott Kramer, 10-1983)States v. Neil Scott Kramer, 10 1983)
BKD Forensics Institute
Questions?Questions?
Shauna Woody-Coussensswoodycoussens@bkd.com
816.701.0250
bkd / i /F i /i tit twww.bkd.com/service/Forensics/institute
BKD Forensics Institute
top related