Computer Analysis Response Team
advertisement
2001 National Sheriffs’ Association Conference Emerging Computer Issues for 21st Century Law Enforcement SSA Dara K. Sewell Computer Analysis Response Team Computer Forensics Application of science and engineering to the legal problem of digital evidence. Latent evidence Requires expertise, training and tools Computer Forensics Evidence Lab A Pile of Hard Disks as Evidence Computers in Crime White Collar Crime – – – – Violent Crime – – – Drugs Gambling National Infrastructure Protection – – – Kidnapping Extortion Crimes Against Children Organized Crime – – Wire Fraud Bank Fraud Health Care Fraud Intellectual Property Computer Intrusions Technical Support for Other Crimes IP for Telecommunication, Energy, Oil &Gas Storage, Banking & Finance, Water, Emergency Services & Government Operations Domestic Terrorism – – – – Attempts Or Actual Bombing Cases Involving Threats RICO Terrorism Weapons of Mass Destruction Gigabytes Processed Per Year 45000 40000 35000 30000 25000 20000 15000 10000 5000 0 FY 1998 FY 1999 FY 2000 May-01 Computer Crimes E-mail Extortion Threats On-line Child Pornography On-line Gambling Offshore Money Laundering Websites Organized Crime Cyber-Terrorism Infrastructure Attacks Hate Crimes On-line Threats/Stalking On-line Narcotic Sales Computer Component Theft Viruses/Worms Telecommunication Fraud Chip Fraud Counterfeiting Securities Fraud Is the computer a tool, target, or storage medium? Computer Analysis Response Team Responsible for all Digital Related Evidence Acquisition Total Number of Forensic Examiners DOS – Safeback Image 180 Examination 160 140 120 100 80 FBI approved DOS tools to validate results. Presentation 60 40 20 0 1995 1996 1997 1998 1999 2000 2001 HTM format FBI Basic Digital Evidence Training & Certification A+ Certification (2 wks) Basic Forensics (1wk) FBI Forensic Process Boot Camp (1wk) Moot Court Boot Camp (1wk) Elective Training (2wk) Mentoring Process 5 Searches & 5 Examination Annual Assessment Test Cost Approximately $10,000 Yearly update training – – – – FBI Advance Training (1wk) Elective Training (2wk) Technical Conference (1wk) Cost Approximately $7600 FBI Digital Evidence Processing Equipment Desktop – – – – – Yearly upgrade cost approximately $12,500 Yearly Supply Budget for expendable items SCSI Card, CDROM 2 Hard Drive Removable drive bays 512 MB Ram Laptop (Extra Hard Drive) CDRW Magneto Optical Drive Tape Drive Printer Palm Pilot Travel Cases Cables Cost Approximately $25,000 – – – – – – – Hard Drives CDROM (Only) Magneto Opticals Zips Jaz Tapes Floppy Disks Specialized Training Macintosh – HFS and HFS Plus File systems Linux – Ext 2 file system – Basic Forensics/Advanced Forensics ACES-Automated Computer Examination System – Windows NT Network System Administration (Commercial) – CNA/CNE – MCSE Lab Structure Multi-agency Multi-jurisdictional Both sworn and non-sworn law enforcement personnel. Organized Separation of Duties: – imaging, analysis, and research and development functions. Rotate examiners between these assignments, allowing each to develop a variety of skills. Data Storage procedures Regional Computer Forensic Laboratories - RCFL San Diego, CA – 17 Members 7 Police Departments San Diego District Attorney’s Office Navel Criminal Investigative Service DEA US Customs Service Defense Criminal Investigative Service FBI Dallas, TX – 14 Members 9 Police Departments Attorney General’s Office FBI RCFL Expansion FBI Funded RCFL (Comply with FBI Standards) – 3-6 in the next 2 years – FBI CART Training – FBI Protocol – FBI CART Certified – Starting October 2001 – FBI CART Training (Quality Assurance/Quality Control) – All examiners can work FBI case – FBI Protocol – FBI CART Certified (Quality Assurance/Quality Control) – All examiners can work FBI case FBI Affiliate RCFL Others – Only FBI examiners will work FBI cases New Technology Thanks to: Dara K. Sewell Supervisory Special Agent Federal Bureau of Investigation United States Department of Justice Quantico, VA
