use of it resources for evidence gathering & analysis use of it resources for evidence gathering...
TRANSCRIPT
Use of IT Resources forEvidence Gathering & AnalysisUse of IT Resources forEvidence Gathering & Analysis
Raymond SO Wing-keungAssistant DirectorIndependent Commission Against CorruptionHong Kong Special Administrative Region, China
Raymond SO Wing-keungAssistant DirectorIndependent Commission Against CorruptionHong Kong Special Administrative Region, China
APEC ACT Workshop, Santiago, Chile11th-13th June 2013APEC ACT Workshop, Santiago, Chile11th-13th June 2013
2
Computing Devices
3
Social Networking Tools
4
370,000+ Minutes Voice Calls
98,000+ Tweets100+ New Accounts
80,000+ Wall Posts510,000+ Comments
6,600+ Pictures Uploaded
600+ Videos (25 Hours+) Uploaded
168+ Million Emails Sent
700,000+ Search Queries
(Source: Go-Globe.com)
Every 60 Seconds on the Internet
5
Why Criminals Use IT
• Share information
• Multi-national communication
• Swift action
• Hiding identity
• Process and storage of large amount of data
• ………………….ultimately to avoid detection
6
How do we use IT resources?
7
Digital Forensics• Data acquisition, recovery, preservation and examination• Computer
– Email– Document file…
• Mobile phone– Call history– Contact list– Short message– Email– Photo– WhatsApp
8
Mobile Digital Forensics Laboratory
• Shielded environment to block communication, e.g. remote wipe
9
Faraday Bags
10
Technical Tools
• Data recovery– Recover deleted files
• Information analysis– Call records
– SMS
– Email…
11
Data Recovery Tool
12
Call Record Analysis
13
SMS Analysis
14
Email Analysis
ultinational Fast Food Managing DirectorAccepted Bribes
16
Record Digitization System
• Handled > 100,000 pages of bank statement each year
• Automatic conversion of statements/records in pre-defined templates into Excel files
• Developed by internal IT experts
17
18
R. D. S.R. D. S.
19
Centralized Storage ofDigital Exhibits
• Storage Area Network (SAN)– Over 250TB storage– Connected by fibre channel
• Multiple examiners can work collaboratively on one case
20
ISP Enquiry
• Internet Service Provider (ISP) may provide
– Subscriber information
– Login IP address: for tracing physical location and subscriber information
– Email content: usually court warrant is needed
– How about ISP or their servers in other jurisdictions?
• Mutual Legal Assistance
21
Challenges (1)
Technical difficulties
• Cloud computing– Information and evidence are remotely stored– Liaison with online service providers
• Huge data size– Storage Area Network (SAN) to keep forensic image
• Data encryption– Password cracking tool– Chip level data acquisition
22
Challenges (2)
Admissibility of digital evidence
• Local digital evidence
• Foreign digital evidence
• Expert opinion on chain of evidence
• Admissibility of evidence in court trials
23
The Way Ahead
Capacity Building
• Dedicated expert teams
• Training
• Collaboration with IT counterparts
24
The Way Ahead
International Cooperation
• Formal Cooperation – UNCAC
• Informal Channels – APEC
Thank You
www.icac.org.hk