comp ter forensics it’s notcomputer forensics: it’s … ter forensics it’s notcomputer...

Comp ter Forensics It’s NotComputer Forensics: It’s Not Just for Computers Anymore

Shauna Woody-Coussens

y

Shauna Woody CoussensCFE, AVA

Lanny MorrowEnCE

It is estimated over 85% of all infractions & crimes committed today contain a digital signaturetoday contain a digital signature

- CSI/FBI survey

BKD Forensics Institute

Digital Signatures Can Be… Email & instant message conversations Websites visited & files downloaded Listing of recent documents opened Installed software (Yes, even if it has been uninstalled) Contents of documents recently printed Every time the computer is started or shut down List of applications recently run When computer was put into service

Wh CD /DVD b d When CDs/DVDs were burned Record of every device ever plugged into computer


Computer Forensics Can be Useful with Regard toRegard to… Computers Cell phonesCe p o es Copiers/scanners/printers Fax machines iPods/MP3 players iPads Video surveillance tapes Video surveillance tapes Medical robotics Construction cranes Railroad crossing arms GPS devices


Computers

Active filesD l d fil Deleted files

Registry information Metadata Metadata Email Chat logs Chat logs Internet history, cache, URLs temporary

internet files


Cell Phones No longer merely telephones Taken on computer capabilitiesa e o co pu e capab es

• Large data storage capacity• Internet connection

Document creation review revision &• Document creation, review, revision & storage in multiple formats

• File encryption• Photo, audio & video creation, editing &

storage


Cell Phones

Data extraction of logical & deleted data, such as:• Call logs (incoming/outgoing missed)• Call logs (incoming/outgoing, missed)• Calendar entries• Contact lists• Text messages• Emails• Locations of use with Wi-Fi & cell towers• Internet use files (history/cookies/bookmarks)• Skype use files (contacts/calls/chat)• Facebook use files (contacts/chat)• Facebook use files (contacts/chat)


Cell Phone Camera


Copiers-Scanners-Printers-Fax Machines

Many models have hard drives just like computersdrives just like computers

Data generally not encrypted & easily recoverable

Few people know data is il bl f thavailable from these

machines


Copiers-Scanners-Printers-Fax Machines

http://www.cbsnews.com/video/watch/?id=6412572n&tag=contentMain;contentBody


iPods-MP3 Players

iPod/mp3 devices can store audio, video & photo-based filesbased files • Portable & inconspicuous devices capable of storing large

amounts of dataWhil d t i t dil i bl th d i it i dil• While data is not readily viewable on the device, it is readily accessible when attached via a USB cable to a computer


iPads

With large storage capabilities of 16GB to 64GB & Wi-Fi capabilities recovery of data is plentifulWi-Fi capabilities, recovery of data is plentiful• Pictures, video & audio files• Calendar entries• Contact lists• Emails• Chat files• Locations of use with Wi-Fi &

cell towers• Internet use files (history/cookies/bookmarks)Internet use files (history/cookies/bookmarks)• Facebook use files (contacts/chat)


Video Surveillance Common mistake is forgetting proper preservation Date/time stamps will changea e/ e s a ps c a ge Very tight window for recovery of deleted video, if any Many types of systems, all

handled differently


Medical Robotics

Track logins & all commands issued by surgeonby surgeon

Takes video & screen captures Resident hard drive just like aResident hard drive just like a

computer hard drive Deleted data is recoverable


Construction Cranes

“Black Box” records every vital statistic of operationvital statistic of operation

Data of critical importance to OSHA & other parties

Requires specialized tools & software to extract & interpret d tdata


Railroad Crossing

Date/time arms & lights were operating Data kept relative to train proximity Data kept relative to train proximity

when arms/lights activated


GPS Navigation Devices

GPS device information includes both logical & deleted datalogical & deleted data• User-entered home location• BlueTooth paired devices• Device stored route data• User-entered Points-of-Interest (POI) data• User-defined favorite locations• Stored user data files such as

pictures, videos, audio & text• Route data can beRoute data can be

extracted & imported into Google Maps/Google Earth


GPS

Most common brands have standard USB ports to pull datadata

Forensic software used to extract data & present in useful format

Software can work with Google Earth to display location & date/time data


GPS


GPS

The handheld MX300 uses telematics & wireless communications to offer the user more than just acommunications to offer the user more than just a personal navigation device (PND). It’s also an entertainment device capable of serving as an ebook reader, storage for photos & graphics, voice recorder, digital video or music player, online TV viewer & a way to surf the Internet & read emails. It even has VoIPsurf the Internet & read emails. It even has VoIP capabilities & can send SMS messages in case of emergency.htt // 24 7 l / l / d i t j t f d i ihttp://www.24-7pressrelease.com/press-release/gps-devices-not-just-for-driving-directions-anymore-148309.php


Challenges Faced

Increasing size of digital media Wide availability of encryption Wide availability of encryption Growing variety of operating systems & file formats Individuals owning multiple devices Individuals owning multiple devices Clouds-off-site management of data 4G cellular technology4G cellular technology Virtual machines Solid state drives & deleted file recoveryy


Recent Happenings

8th Circuit Court deems cell phone a computer (United States v. Neil Scott Kramer, 10-1983)States v. Neil Scott Kramer, 10 1983)


Questions?Questions?

Shauna [email protected]

816.701.0250

bkd / i /F i /i tit twww.bkd.com/service/Forensics/institute


comp ter forensics it’s notcomputer forensics: it’s … ter forensics it’s notcomputer...

Documents