digital evidence

DIGITAL EVIDENCE
A New Generation in Criminal Investigations
INTRODUCTION
Assistant Attorney General Chris Kelly
Managing Attorney
Cybercrime Division
Massachusetts Office of Attorney General
Martha Coakley
www.maagocybercrime.org
Cyber Crime
Changed Definitions, and Law Enforcement Priorities
EARLY DIGITAL EVIDENCE/
CYBER CRIME PRIORITIES
PRIORITIES - THEN
PRIORITY TARGETS
Phreaking
Hacking
Espionage
Fraud
Email Scams
Auction Fraud
Child Exploitation
Credit Card Theft
source: www.wikipedia.com
EMERGING DIGITAL EVIDENCE/
CYBER CRIME PRIORITIES
THE CYBER-CRIMINAL
PRIORITIES – NOW
Most haven’t changed
What is significant is what is
added to the list
Gangs/Organized Crime
Narcotics
Rape
Murder
Terrorism
source: www.wikipedia.com
www.myspace.com
Enhancing Criminal Cases with
Digital Evidence
CONVICTED WITH
DIGITALEVIDENCE
ZACCARIAS MOUSSAOUI –
“THE 20TH HIJACKER”
•
FBI analysis of his laptop and
computers and the laptop of his
roommate, Mukkarum Ali, and two
computer at University of Oklahoma
•
Email, other documents admitted at trial
•
Convicted in 2006 of conspiring to kill
Americans – sentenced to the Colorado
Supermax prison for life
source: www.wikipedia.com
CONVICTED WITH
DIGITALEVIDENCE
Exhibit FO05521.11 01-455-A
United States v. Moussaoui
CONVICTED INTERNET
OFFENDER
COMMONWEALTH v. AARON
JOHNSTON
• Convicted Texas sex offender
• Traveled 2,500 miles to meet a
girl from Boston he met online
• Traveled by bus
• Extradition to Texas in 2008
INVESTIGATIONS WITH
INTERNET EVIDENCE
CONVICTED WITH
DIGITALEVIDENCE
NEIL ENTWISTLE
• Killed wife Rachel and baby daughter
Lillian
• Arrested in London, 2006 after fleeing
the United States
• Several days of digital evidence
testimony at trial
• Internet history included Google search
“how to kill with a knife”
• Convicted and sentenced to life in prison
source: www.bostonherald.com
INVESTIGATIONS WITH
INTERNET EVIDENCE
CONVICTED WITH
DIGITALEVIDENCE
COMMONWEALTH v. MARK
ANTHONY
•
•
•
•
•
Convicted sex offender in AZ
Entices countless young women
Lives underground
SJC Opinion
Pleads after several days of trial
CONVICTED WITH
DIGITALEVIDENCE
COMMONWEALTH v. MARK ANTHONY
Source: www.whdh.com
CONVICTED WITH
DIGITAL EVIDENCE
BARBERSHOP
• 14 locations
• 50 hi-tech
investigators
• 33 computers, 44
mobile devices, 400
media
• Citrix network
Source: www.wbztv.com
CONVICTED WITH
DIGITAL EVIDENCE
COMMONWEALTH v. JAMES BENECHE
and JESSICA DEAN
• Beneche and Dean murder Beneche’s former
girlfriend and his son
• Mother’s body dumped near a pond
• Son’s dead body thrown out third story
window in a trash bag when police approach
• Evidence included significant AOL email
transmissions
• Other email evidence and web search
offered by MSP forensic examiner
Source: www.boston.com
Meeting New Challenges,
Now and in the Future
STATE AND LOCAL
CASE PRIORITIES
•
Violent crime
•
Sexual assault
•
Fraud, larceny and identity theft
•
Narcotics and organized criminal activity
•
Harassment, stalking, etc.
•
Intellectual property theft
•
Child Exploitation (‘Butner Study’ Published
at Journal of Family Violence: Volume 24,
Issue 3 (2009), Page 183)
OTHER ISSUES OF INTEREST
TO LAW ENFORCEMENT
•
Protection of government networks
•
Data in the clouds
•
Balancing privacy concerns
•
American cultural permissiveness
•
Licensing of forensic examiners
•
Lab certification
•
Resources
TECHNICAL CHALLENGES
TO LAW ENFORCEMENT
*At the end of 2008 there were more than 3.6 billion mobile subscriptions
worldwide (www.rcrwireless.com)
*Universal functionality of many devices including smart phones, GPS
devices, and game stations
*Surveillance systems – proprietary digital systems
*Encryption
*Users becoming more sophisticated
*Educating judges and lawyers
Closing Issues - Training Model
Closing Issues – New First Responder
Model
‘The Red Flag Method’ of Digital Evidence
Seizure (aka STOP PULLING THE PLUG!)
‘RED FLAG’ MODEL
EXAMPLES
Observe and document the open applications and files on the
desktop for items indicative of active encryption, remote
storage, and open files of evidentiary value.
‘RED FLAG’ MODEL
EXAMPLES
Wireless Antenna
(vary in type)
Standard Network
Cable
8 pin connect
‘RED FLAG’ MODEL
EXAMPLES
DEVICE RECOGNITION
Source: www.pcworld.com
Closing Issues – A Changing Dynamic
in Court
Reverse negative trends and take
advantage of the technology…