Post on 18-Dec-2015
transcript
Digital CrimeCan Computer Forensics Save Us?
Darren HayesMarch, 2009
Objectives Understanding Crime
Understanding Security Understanding Computer Forensics
Understand Compromises Understand How to be Proactive
Learn how to Investigate Ownership Control Intent
Changes in Digital Crime Criminal Minds
Better understanding of covering tracks Impersonation
International Criminals More influence from international crime
Control of Computers Botnets
RoBOT NETworks 1.5 Million computers infected Uses IRC 70% Spam Botnets
Spamhaus
SpamhausName: “Bad Cow”
Country: Russian Federation
Russian/American spammer. Does "OEM CD" pirated software spam, copy-cat pharmaceuticals, porn spam, porn payment collection, etc. Spams using virus-created botnets and seems to be involved in virus distribution. Partnered with Vlad - aka "Mr. Green"
Xsox Lease Botnets Proxy Attacks DELBOT
Used to render computers useless
Xsox
Hide Identity Russian Business Network Money Mules Anyproxy.net
Russian Web Proxy Server 4,220 US users
Vip72.com Endless supply of Proxy Servers 8,000 US monthly subscribers
Hide Identity Loads.cc
Botnets By hackers for hackers Allows you to spread your malware
Fraud Crew
Fraud Crew
Botnet Crime Credit Card Fraud
Card Forms Preauthorization
Primarily Used for Online Gambling Spam Stock Manipulation Online Poll Manipulation
Network Attacks Spear Phishing
Government contractor compromised
Cellular Phone Forensics
Overview 2002 – First Imaging Software for Cellphones
Made Available 2008 – Memory Dump Available on 40% of
Cellphones Mandate – GPS Chip in Every Cellphone by
2009
Different Forensics Communication through Embedded Chip Different File System Active Memory Storage Smaller Onboard Capacity
iPhone File System Depends on Chip Solid State Memory Larger Storage Capacity Multi-tier Wireless Communication Bit-stream Memory Image Marketing Tracking Device Avg. Memory Capture: 1.4 tb
Blackberry Move from Business Consumer IPD Backup on Desktop
Timestamped Unencrypted 65 Primary databases
Parsed to be viewed
Computer Forensics in Practice?
Enron Fastow, Skilling & Lay found Guilty Hundreds of Employee Computers Examined Thousands of E-mails Researched Documents Required Full Text Search
Capabilities 31 Terabytes (1012 bytes) of Data
(~15 Academic Libraries)
Virginia Tech Massacre Killer: Seung-Hui Cho 32 Murdered Ebay Searches
Scott Peterson Murder Trial Searched Online for
Boats Boat Ramps Tides Knots
Toys R Us Fraud Case Gift Cards Scam
NYC & Chicago Kings County D.A. Evidence
AOL (Login times) Toys R Us (Activity Logs) UPS (Delivery Logs)
Computer
Data Recovered Passwords Websites Visited Emails (Sent / Received) File Creation, Access, Modified, Deletion
Dates & Times
Chat Sessions Files Copied Programs Installed Files Transferred Images Viewed or Saved
Devices Hard Disk Floppy Disk Zip Disk CD DVD Blackberry
USB Tapes TiVo Xbox DVR Smartphone
In the Classroom
Microsoft Applications PowerPoint
Student Presentations Lab Layout Link
Microsoft Applications Excel
Crimes Hardware Inventory Evidence Form Link
Word Research Paper Evidence Form Link
Web Design
Other Applications YouTube Podcasting (www.camstudio.org) Blogging (www.blosxom.com or
www.wordpress.org) Wikis (www.wikispaces.com) Social Networking (www.ning.com) Mashups (www.popfly.com)
Computer Forensics Software Helix (Imaging) FTK (Imager) Invisible Secrets (Steganography) Wireshark (Network Tracking) Snort (Network Intrusion Prevention System) Nmap (Security Auditing) S-Tool (Center for Internet Security) Vmware (Reverse-Engineer Malware)
Resources http://berghel.com/home.php http://www.simson.net/cv/pubs.php http://www.cylab.cmu.edu/ http://www.wireshark.org/ http://www.swgde.org/ http://www.rcfl.gov http://www.ssddfj.org/
Summary Rise in Botnet Activity Anonymous Users Organized Crime Decrease in Password Cracking Increase in Network Attacks Increasing Importance of Mobile Forensics