Digital Evidence: I know it s there, how do I get it?

Transcription

1 : I know it s there, how do I get it? January 24, 2019 Matthew Rollins Senior Assistant District Attorney Paulding County Judicial Circuit Josh Reed Network Intrusion Forensic Analyst United States Secret Service Four Steps for 1. Identify the Evidence 2. Obtain the Proper Documents 3. Analyze the Evidence 4. Explain to Your Prosecutor 1

2 Identify the Evidence Data requested from a third party - Facebook, phone records, tower dumps Hardware collected to be analyzed - Computer, cell phone, GPS User Data - Name on Account, Account Number Content Data - Text messages, recording, s Obtain the Proper Documents The law is constantly changing When in doubt, get a search warrant. If you have PC, get a search warrant. Obtain the Proper Documents Special thanks to John Regan, Matt Breaden, Mike Morrison, Lenny Carr and many more 2

3 Obtain the Proper Documents 27 different forms Obtain the Proper Documents ELEC EVID QUICK REFERENCE GUIDE 3

4 Analyze the Evidence Find someone who is trained to analyze your evidence Local law enforcement GBI FBI SS Explain to Your Prosecutor Elements of the Crime + Intent 4

5 Matthew Rollins Paulding County District Attorney s Office mrollins@paudling.gov United States Secret Service Electronic Crimes Task Force NIFA Josh Reed Background Began law enforcement career in 1999 Over 1,200 hours of digital forensic specific training Network Intrusion Forensic Analyst, USSS Atlanta Field Office Network Intrusion Incident Response, Computer Forensics, Mobile Data Forensics, Skimming Device Forensics. 5

6 Protection Dual Mission Investigations President President s Family Members Vice-President Vice-President s Family Members Former Presidents Candidates for POTUS and Spouse Candidates for VPOTUS and Spouse Foreign Heads of State Others by appointment Cyber Crimes Network Intrusion Hacking Computer / Internet Fraud Data Breaches Counterfeit Currency Treasury Obligations Financial Crimes Identity Theft Check Fraud Credit Card Fraud Bank Fraud Mortgage Fraud Protective Intelligence USSS Cyber Crimes Investigated Computer/Network Intrusions (Hacking) Malware deployment/botnets Account takeovers Stolen personal identifiable information (PII) Stolen payment card data Money laundering Wire fraud Business Compromise (BEC) Many more Secret Service Cyber Stra Electronic Crimes Task Forces 40 Worldwide Trusted Partnerships Between Law Enforcement, Private Sector & Academia 4,000 Private Sector Partners 2,500 Federal, State, & Local Law Enforcement Partners 350 Academic Partners Coordinated Investigations, Information Sharing, Technical Expertise, and Training 6

7 What is Digital Evidence? - Information stored or transmitted in binary form that may be relied on in court. (NIJ 2016) Forms of Digital Computers/Lap Evidence? Wearables tops Cell Phones Social Media Digital Cameras Artifacts Game Consoles Call Detail Removable Records Devices IoT Devices Vehicle What can we get from these devices???? 7

8 Computers Internet Histories Audio/Video Pictures s Documents OS Artifacts Much more Mobile Devices Internet Histories Audio/Video Pictures s Documents Location Data User Accounts Calendars Notes 8

9 Vehicles Routes/Journeys Vehicle Events Location Data Connected Devices Media Call logs, contacts, text messages 9

10 Special Considerations Collection Legal Presentation Collection Computers On Isolate the system Photograph condition/scene Check for encryption Power down and unplug Off Off is easy.collect Mobile Devices - On Isolate the device Remove the device from the network Faraday bag Off Legal Search Warrants Consent Cloud Data 10

11 Presentation Reporting Each examiner will have their own way of reporting and forensic tool(s) of choice Some level of forensic knowledge will have to be known to have a forensic report hold up in court Testimony Again. Some level of forensic knowledge will have to be known to have a forensic report hold up in court National Computer Forensic Institute Located in (NCFI) Hoover, AL. Partnership between USSS and AL. DA s office Train LE, Prosecutors, and Questions? United States Secret Service Atlanta Field Office Electronic Crimes Task Force Josh.reed@usss.dhs.gov 11