Archive for the ‘Online Investigations in the News’ Category

New Book Investigating Internet Crimes Released

Saturday, February 15th, 2014
41wMbTIcmVL._SY300_

Investigating Internet Crimes

Investigating Internet Crimes:
An Introduction to Solving Crimes in Cyberspace

You can find the new book by Todd G. Shipley and Art Bowker on Amazon books and you can  also follow the authors on their blog. What’s being said about the book:

Neal Ysart, Director First August Ltd, likes Investigating Internet Crime by Shipley and Bowker

“At last….. Informed, pragmatic guidance from two highly experienced professionals who  have actually spent time on the front line, not just the classroom.  This book is relevant for  practitioners working in both law enforcement and within business – every aspiring cyber  investigator should have a copy.” Neal Ysart, Director First August Ltd, Information and  Corporate Risk Services

Smartphones and the Internet: Finding evidence in 2 different places

Wednesday, June 22nd, 2011
How do Internet and mobile phone evidence support each other?

How do Internet and mobile phone evidence support each other?

On Thursday, June 30, we’ll be offering another webinar that is new to our series: Smartphones and the Internet, a discussion about how smart phones are changing the world of online investigations. Instructor Michael Harrington, Director of Training at Teel Technologies and a longtime expert in mobile device forensics, will cover the various apps and tools that tie smart phones to the Internet and the potential for evidence collection on both the phone and the websites tied to the apps.

We asked Mike for some more detail on what he’ll be talking about:

VS: What are the major apps and platforms you’ll be covering in your webinar, and why are they especially relevant?

MH: I’ll mostly be concentrating on iOS and Android and focusing attention on GPS, browser, cloud and social networking applications such as Facebook and Twitter. iOS and especially Android account for the vast majority of the consumer market. Android growth is particularly strong in emerging markets, and has arguably the number one market position.

I’ll be concentrating on social networking applications because research has shown that the vast majority of access to services such as Facebook and Twitter are done on mobile. Facebook in particular is relevant because of the recent controversies of underage access and of course its role in the Arab Spring. Twitter has also made the news with Weinergate, and controversy over ill-thought tweets by such people as Roger Ebert.

The ability to access cloud based services from smart phones (Evernote, logmein and the like) as well as the smartphones capturing of location information not just overtly through GPS applications makes discussion of the platforms relevant.

VS: How do online evidence and mobile evidence work in conjunction? What if one doesn’t match the other?

Online evidence and mobile evidence should be used to validate each other. They should match each other regarding similar data such as IP address. In some instances online evidence may contain more information and vice versa. If they don’t match further investigation and explanation is needed to account for differences.

VS: How deep should investigators dive when collecting evidence from the Internet and from a mobile device? How can they make the decision about how far to go?

I think these questions are tied together inextricably. The decision on how far to dive depends on the severity of the crime. In most instances a simple download of the logical data on the phone will be sufficient to corroborate online evidence or to gather additional evidence to support that gathered online. In some instances it may be necessary to try to recover deleted data off a mobile — this may require specialist equipment and certainly more time and training.

VS: Not all mobile examiners will collect online evidence, and not all online investigators will collect mobile evidence. What’s the best way for them to come together to work out case building?

Since most people on the planet carry mobile phones and the usage of smart phones to access more services is expected to rise by 55% in 2011 it is absolute folly not to look for evidence on mobile devices. I would recommend that a [standard operating procedure] be worked out that if mobile devices are seized, and the particular type of case being worked suggests that a device may be used to access online services where evidence could be collected — or the like is found on mobile devices — that [all] those leads are chased down.

Investigators have to aware of all ways in which criminals and victims access the online world. More and more it’s through their mobile devices.

VS: Anything else webinar attendees should know in advance?

Maybe some stats on the smartphone market. Here is an excerpt from the first chapter of the Android book (Apress, expected pub date December 2011) I’m working on:

The growth of the global smart phone market has been nothing short of explosive. According to the International Data Corporation (IDC), a leader in market research, the world wide smartphone market is expected to grow 55% in 2011, fueled by consumers eager to exchange their feature mobile phones for advanced devices with more features, and most importantly, apps.

The sheer number of devices being shipped is staggering. Again according to the IDC’s Worldwide Quarterly Mobile Phone Tracker there will be a total of 472 million smart phones shipped in 2011 up from 305 in 2010. Furthermore, this is expected to almost double to an unbelievable 982 million by the end of 2015.

The growth rate is over four times the rate of the overall mobile phone market due to the accessibility of devices to a wide range of users, and helped by falling prices, functionality and low cost data plans.

The growth is most pronounced in markets that are emerging and where the adoption of these devices is still in early days – the IDC predicts that the most stunning growth will be in the Asia/Pacific region and in Latin America.

Join us on Thursday, June 30 from 11am-12pm Pacific, and bring any questions you have for Mike!

Image: Johann Larsson via Flickr

How the bad guys use social media: An interview with Todd Shipley

Monday, February 28th, 2011

Hardly a day goes by when the news isn’t reporting criminal use of social media to find and groom victims, start and fuel gang wars, or exploit other weaknesses. Todd Shipley joined Spark CBC host Nora Young last week to talk about some of these issues, along with how police can use social media to find the activity.

Listen to the 20-minute interview now to find out:

  • How criminals exploit their victims’ weaknesses, along with their own need for social connections
  • The importance of looking beyond the physical crime scene to its virtual extension
  • The social and technical skills police need to document online and other digital evidence before it gets to detectives
  • How online or cloud investigation is similar to network forensics (and unlike computer forensics)
  • What legal requirements police need to abide by when they go online

Got questions about Todd’s interview? Leave us a comment!

A DFI News double feature

Friday, February 5th, 2010

We were pleased and honored in December when Digital Forensics Investigator (DFI) News opted to give two of Todd’s articles top billing on its site.

The articles, a two-part series, addressed whether collection of electronic evidence from the Internet is feasible. Some say no; obviously, we say yes!

In Part I, Todd drew from his 2007 white paper, “Collecting Legally Defensible Online Evidence,” to discuss the need for and development of a standard methodology for Internet evidence collection. In Part II, he addressed the application of that methodology specifically to “cloud” computing.

The cloud does present different challenges to evidence collection than do conventional Internet sources. But that doesn’t mean evidence collection from the cloud is impossible.

Read Part I here and Part II here. And please be sure to come back and tell us what you think. Do you agree? Disagree? Have you encountered the need for Internet evidence collection methodology… or investigative issues specific to the cloud? Comments are open!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Surprise!!! The White House Acting Cybersecurity Czar Resigns

Monday, August 3rd, 2009

A not so good announcement today from came from Washington, about the resignation of Melissa Hathaway as Acting Cyberczar. This certainly isn’t a surprise given the inability for the White House to find a candidate. As reported a few weeks ago on Forbes.com the Whitehouse has had some difficulty in recruiting the significant high level Industry executive it’s wanted.

So what does this do for cybersecurity and cybercrime investigation in the U.S.? Nothing, but that is what has been happening for some time now. The direction of the past two administrations has focused in other issues (Bush the War in Iraq and Obama the Economy). Both important distractions but multitasking should the name of the game. The Federal government employs enough people to be able to focus on more than one politicized problem. Simplifying the problem and involve multiple stakeholders in addressing the core issues would be of some help. Unfortunately as an outside observer I’ll I see is a waiting game. Wait until the Czar is appointed and wait until he/she develops a plan, and wait until it is reviewed and wait until we can get the plan funded and wait until congress approves the funding and wait until we can build a bureaucracy to support the project and wait and wait and wait….

Obama may shortly appoint his Cyberczar and we might get some progress on cybercrime but, we also may have to wait awhile.

The European Union Implements a Cybercrime strategy

Monday, February 23rd, 2009

Although this is from December it is of interest in the U.S. considering our current changes in administration. It was widely reported and most recently as last week from the Greek Forensic Community blog, that, the Council of ministers of the European Union adopted, a “strategy to reinforce the fight against cyber crime.” It is interesting that the country that developed the technology to connect the world is being outpaced in its ability to respond to the crime committed through its growing adolescent by others around the world. They wrote that the strategy should include ” the means of combating the traditional forms of crime committed via the Internet, such as identity fraud, identity theft, fraudulent sales, financial offences, illicit trading on the Internet, particularly narcotics and arms dealing.”

Current U.S. policy tends to deal with only the protection of the infrastructure and not the entire problem surrounding Cybercrime and its deleterious effects on the state of the Internet and our economy. Education about the problem and enforcement actions against the offenders works and should be supported and implemented nationwide.

What are extremely interesting in the EU proposal are the measures that would include “Cyber Patrols”, “Joint investigative Teams” and “Remote Searches”. All of these are a step in the right direction. The EU is also funding Europol to set up a crime reporting system to track Internet crimes that can be accessed by the EU members. This too will aid in the response if law enforcement understands the effective of the crime and can respond accordingly.

The EU’s strategy marks a leap in the acknowledgment of the magnitude of the Cybercrime problem at least in the European Union. In addition their strategy suggests closer cooperation and information exchange between law enforcement authorities and the private sector. This has been a stalwart strategy by many in the U.S. especially those belonging to organizations like the High Technology Crime Investigation Association.

As we have commented before the U.S. now needs to consider the same type of strategy. Cybercrime continues to grow and law enforcement’s skills to investigate it, and the national strategy to deal with it, need to be as sophisticated as the crimes committed.

The new “Cyber Czar” in the U.S. should consider the EU’s strategy early and adopt similar policy for U.S. law enforcement.

Threat of Cyber Crime Continues to Increase

Friday, February 13th, 2009

Jim Kouri, formerly the Chief of Police of the New York City housing project in Washington Heights, wrote recently in MensNewsDaily.com about Cyber Crime and its increasing popularity as a criminal endeavor. He rightfully identified that there is a difference between critical infrastructure protection (Cyber security threats) and Cyber crimes (traditional crimes committed through the use of technology). This is far too often overlooked at the national level and appropriate consideration given to both areas. Threats to our critical infrastructure are not the same as Cyber criminals stealing from our citizens. However, from the initial look at a crime, say a “Phishing” scam against a bank, a law enforcement investigator does not know if this criminal act is a foreign state attacking our economic system by trying to make the bank fail, or a teenager from one of the old eastern block countries simply scamming unsuspecting customers out of their funds.

Law enforcement from the outset often ignores these crimes due to the investigative complexity of the crime and the lack of training and tools to effective pursue the evidence. The current economic situation is making things even worse for those agency’s who do attempt to address Internet based crime. In California High Tech Crime Task Forces are being shut down due to the budget crisis. The Northern California Computer Crime Task Force has shut down and the San Diego area CATCH Team will shut down on February 16th. Both of these task forces have made a significant impact on criminals using the Internet to commit crimes. Yet, we are allowing them to close and very little is being done to stop it.

The new administration is due to announce the appointment of its new Cyber Czar. I don’t have a hope for the near future with the President saying one thing before his inauguration:

“As president, I’ll make cyber security the top priority that it should be in the 21st century,” … “I’ll declare our cyber-infrastructure a strategic asset and appoint a National Cyber Adviser who will report directly to me.” (from a speech at Purdue University last July)

And doing another, which is by most accounts putting the new Cyber Czar post several layers down in the Department of Homeland Security. If it does end up in DHS it will be another function unable to deal with the national problem, because the appointee will have to facilitate conversations with the FBI and other organizations outside of DHS responsible for Cyber crime investigation. In addition the new Cyber Czar would have to fight for funding within his or her own organization.

As with the intelligence collection and review issues, as determined by the 911 commission, Cyber crime is another area not coordinated nationally with the many different stake holders in the arena. The better model would be to have the Cyber Czar in the White House with positive control over budgets and agency actions responding to the problem. The National Intelligence Director’s position is the best model for this issue. The problem is not for a single agency to try and solve but it should be the responsibility of a single entity to coordinate the response nationally. Cyber crime is dealt with at all levels of law enforcement in this country, from the City police investigator looking into Vice crime on Craig’s list to International Child Porn rings investigated by the FBI. Yet with all this crime occurring there is no coordination of cyber criminal intelligence or investigations from the bottom to the top.

Lastly, the person selected as Cyber Czar should have a concept of operational response to both the Infrastructure Protection space as well as the Cyber crime arena. They are two different animals and require different skill sets, but complementary responses. We will have to wait and see if the President’s pick is up to the challenge and given the proper authority and resources required to accomplish the mission.

Technorati Tags: ,,,,,,

Laid off employees turning to Cyber Crime

Tuesday, February 3rd, 2009

An interesting turn of events, based on the current economy, has employees turning to cybercrime according to Online Learning Info’s blog.  The blog refers to a story by ReadWriteWeb which quotes a report just published by McAfee and Purdue University’s Center for Education and Research in Information Assurance and Security. The report, funded by McAfee, cited concerns including:

“The combination of economic pressures, weak efforts at law enforcement, international differences in perceptions of privacy and security, and the continuing challenges of providing secured computing are combining to place vast amounts of valuable intellectual property (IP) at risk.”

The report says that billions of dollar in Intellectual property are being stolen and that there is little doubt it will increase. Two of the reports five conclusions specifically are targeted at employee behavior:

  • The recession will put intellectual property at risk
  • Employees steal intellectual property for financial gain and competitive advantage

CyberSecurity is an ongoing process that requires companies to “…provide positive control over resources…”   A strong ongoing security process and investigative support team certainly won’t prevent nefarious employee behavior, but it will aid in a company’s ability to respond to the increasing threat.

Cybercrime under the microscope

Wednesday, January 21st, 2009

This week in two separate parts of the world, Adelaide, Australia and Orlando, Florida, cybercrime is being discussed. In both conferences they are discussing the need to collect online evidence. In Orlando at the National Law Center’s Child Defenders Expo local, state and federal law enforcement officers are learning about the methods to prevent and investigate crimes against children on the Internet. In Adelaide, at the e-Forensics 2009 conference sponsored by the University of Adelaide, they are meeting to discussing the ways collecting of Internet evidence to aid in the prosecution of criminal.

Both conferences are addressing the growing need collect evidence from the internet for the purposes of successful prosecutions. In Adelaide, Dr. Sorrell says prosecuting internet criminals is very difficult because evidence may be hard to access: “We’re looking at the way in which that sort of evidence can be presented in court and what needs to be done with that evidence to ensure that it’s accepted by the court.”

Vere software is once again here to the rescue. Our flagship product “WebCase” is the solution that both of these groups need. In fact, Todd Shipley, President of Vere Software is presenting at the National Law Centers conference this week on that very topic. His presentation is entitled “Policing the Internet: Proper Collection of Digital Evidence from the Internet”. As an Internet Investigation tool, WebCase is able to record and collect Internet evidence for the investigator in any country. If the investigator can browse to the location on the Internet, no matter which country it resides in, WebCase can record as evidence the content of a website.