Digital CrimeCan Computer Forensics Save Us?

Darren HayesMarch, 2009

Objectives Understanding Crime

Understanding Security Understanding Computer Forensics

Understand Compromises Understand How to be Proactive

Learn how to Investigate Ownership Control Intent

Changes in Digital Crime Criminal Minds

Better understanding of covering tracks Impersonation

International Criminals More influence from international crime

Control of Computers Botnets

RoBOT NETworks 1.5 Million computers infected Uses IRC 70% Spam Botnets

Spamhaus

SpamhausName: “Bad Cow”

Country: Russian Federation

Russian/American spammer. Does "OEM CD" pirated software spam, copy-cat pharmaceuticals, porn spam, porn payment collection, etc. Spams using virus-created botnets and seems to be involved in virus distribution. Partnered with Vlad - aka "Mr. Green"

Xsox Lease Botnets Proxy Attacks DELBOT

Used to render computers useless

Xsox

Hide Identity Russian Business Network Money Mules Anyproxy.net

Russian Web Proxy Server 4,220 US users

Vip72.com Endless supply of Proxy Servers 8,000 US monthly subscribers

Hide Identity Loads.cc

Botnets By hackers for hackers Allows you to spread your malware

Fraud Crew

Fraud Crew

Botnet Crime Credit Card Fraud

Card Forms Preauthorization

Primarily Used for Online Gambling Spam Stock Manipulation Online Poll Manipulation

Network Attacks Spear Phishing

Government contractor compromised

Cellular Phone Forensics

Overview 2002 – First Imaging Software for Cellphones

Made Available 2008 – Memory Dump Available on 40% of

Cellphones Mandate – GPS Chip in Every Cellphone by

2009

Different Forensics Communication through Embedded Chip Different File System Active Memory Storage Smaller Onboard Capacity

iPhone File System Depends on Chip Solid State Memory Larger Storage Capacity Multi-tier Wireless Communication Bit-stream Memory Image Marketing Tracking Device Avg. Memory Capture: 1.4 tb

Blackberry Move from Business Consumer IPD Backup on Desktop

Timestamped Unencrypted 65 Primary databases

Parsed to be viewed

Computer Forensics in Practice?

Enron Fastow, Skilling & Lay found Guilty Hundreds of Employee Computers Examined Thousands of E-mails Researched Documents Required Full Text Search

Capabilities 31 Terabytes (1012 bytes) of Data

(~15 Academic Libraries)

Virginia Tech Massacre Killer: Seung-Hui Cho 32 Murdered Ebay Searches

Scott Peterson Murder Trial Searched Online for

Boats Boat Ramps Tides Knots

Toys R Us Fraud Case Gift Cards Scam

NYC & Chicago Kings County D.A. Evidence

AOL (Login times) Toys R Us (Activity Logs) UPS (Delivery Logs)

Computer

Data Recovered Passwords Websites Visited Emails (Sent / Received) File Creation, Access, Modified, Deletion

Dates & Times

Chat Sessions Files Copied Programs Installed Files Transferred Images Viewed or Saved

Devices Hard Disk Floppy Disk Zip Disk CD DVD Blackberry

USB Tapes TiVo Xbox DVR Smartphone

In the Classroom

Microsoft Applications PowerPoint

Student Presentations Lab Layout Link

Microsoft Applications Excel

Crimes Hardware Inventory Evidence Form Link

Word Research Paper Evidence Form Link

Web Design

Other Applications YouTube Podcasting (www.camstudio.org) Blogging (www.blosxom.com or

www.wordpress.org) Wikis (www.wikispaces.com) Social Networking (www.ning.com) Mashups (www.popfly.com)

Computer Forensics Software Helix (Imaging) FTK (Imager) Invisible Secrets (Steganography) Wireshark (Network Tracking) Snort (Network Intrusion Prevention System) Nmap (Security Auditing) S-Tool (Center for Internet Security) Vmware (Reverse-Engineer Malware)

Resources http://berghel.com/home.php http://www.simson.net/cv/pubs.php http://www.cylab.cmu.edu/ http://www.wireshark.org/ http://www.swgde.org/ http://www.rcfl.gov http://www.ssddfj.org/

Summary Rise in Botnet Activity Anonymous Users Organized Crime Decrease in Password Cracking Increase in Network Attacks Increasing Importance of Mobile Forensics