Mid-term forensic challenges of E-crime

mag.oec. Sasa Aksentijevic,univ.spec.oec.court expert in information and telecommunication technology

ICT forensics key players

• Police crime investigators (inspectors)• Legislative branch investigators (prosecutors, attorneys)• Intelligence agencies and military sector• ICT court experts (expert witnesses)• Private detectives and agencies• Companies, NGOs (for internal or external use)

FORENSIC REPORTS

ICT forensic reports

– Preliminary part: introduction, expertise area, who ordered it, which documentation and evidence was used

– Findings: fact gathering, interviews, forensic analysis of evidence, cooperation with police and court, usage of scientific methods, evaluation

– Expert opinion: synthetic report that includes explanation of the findings, effects, consequences and importance of discovered facts

PROPERTIES

– Simple language, clear, logical, all-encompassing– Methods must be explained, evidence evaluated– All findings must be reproducible– expert must be able to answer to all questions from the court, involved parties and

lawyers in the process– expert can be required to update the report according to additional requests

ICT forensics principles

– The principle of non-tampering with evidence– The principle of identification of evidence material– The principle of usage of evidence copies– The principle of evidence interpretation– The principle of chain-of-custody of evidence– The principle of scientific method

ICT forensics challengesTECHNOLOGY

ICT forensics challengesTECHNOLOGY

• Technology is becoming more and more complex• Legislative investigators and those who issue court orders do not understand issues

related to technology: they expect immediate results ignoring any limitations• Main constraints: time and money, if the quality of forensic reports is required to remain

constant or improved• It is increasingly difficult for freelance ICT forensics investigators to conduct investigation• Forensic investigators should be involved immediately, not ex-post

ICT forensics is a joint endeavor of those in charge to initiate and conduct investigation, secure evidence, perform forensic analysis and produce/present results.

In reality, cooperation between different involved parties is erratic and there are no clear lines between responsibilities.

There is no best model (“golden standard”) to achieve results.

Exact proceedings depend not only on organizational and technical factors, but also local legislation system, cultural blueprints andeven maturity of executive/legislative branch.

ICT forensics challengesORGANIZATION

Field of ICT forensics is very diverse and will be constantly developing.

ICT forensics challengesCURRENT FORMS OF ICT CRIME

Computer crime

Network targeted

Computer targeted

Spam

Fraud

Offensive contentHarassment

Cyber warfare

Cyber terrorism

Other non specific

The latest developments in the past decade include dealing with:• Computer trespass (USA)• Cyber bullying• Cyber defamation• Economic and Industrial Espionage using ICT• Internet homicide• Internet stalking• Internet suicide• Internet Wars (1st Internet war: East Timor-Indonesia; Web War One: Estonia 2007 2008 South Ossetia-Russia Internet war, 2010 China Telekom, 2010 Stuxnet worm)• Online predators• Organized crime• White collar crime• Virtualization

ICT forensics challengesNEW FORMS OF ICT CRIME

The rise of new technologies:

• Mass virtualization (Storage aaS, Software aaS, Platform aaS, Infrastructure aaS –Everything aaS) • E-passports, biometrics and personal identity• Forensics and storage of CCTV surveillance data• Mass event log forensics• Nomad computing (mobile phones,notebooks,netbooks,pads) forensics• Technology adaptive to the legislative regulation• Forensics of bio-computing and nano-computing

ICT forensics challengesIMPACT OF NEW TECHNOLOGIES

Mid-term forensic challenges of E-crime(Q&A)

mag.oec. Sasa Aksentijevic,univ.spec.oec.court expert in information and telecommunication technology