Technology is Power An Introduction to Computer ... - code detectives

klapdorothypondΚινητά – Ασύρματες Τεχνολογίες

23 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

70 εμφανίσεις

Digital Crime

Can Computer Forensics Save Us?

Darren Hayes

March, 2009


Objectives


Understanding Crime




Understanding Security


Understanding Computer Forensics



Understand Compromises


Understand How to be Proactive


Learn how to Investigate


Ownership


Control


Intent

Changes in Digital Crime


Criminal Minds


Better understanding of covering tracks


Impersonation


International Criminals


More influence from international crime

Control of Computers


Botnets


Ro
BOT

NET
works


1.5 Million computers infected


Uses IRC


70% Spam


Botnets

Spamhaus

Spamhaus

Name: “Bad Cow”

Country: Russian Federation

Russian/American spammer. Does "OEM CD" pirated software
spam, copy
-
cat pharmaceuticals, porn spam, porn payment
collection, etc.
Spams

using virus
-
created
botnets

and seems
to be involved in virus distribution. Partnered with
Vlad

-

aka
"Mr. Green"


Xsox


Lease
Botnets


Proxy Attacks


DELBOT


Used to render computers useless

Xsox

Hide Identity


Russian Business Network


Money Mules


Anyproxy.net


Russian Web Proxy Server


4,220 US users


Vip72.com


Endless supply of Proxy Servers


8,000 US monthly subscribers

Hide Identity


Loads.cc


Botnets


By hackers for hackers


Allows you to spread your malware


Fraud Crew

Fraud Crew

Botnet Crime


Credit Card Fraud


Card Forms


Preauthorization


Primarily Used for Online Gambling


Spam


Stock Manipulation


Online Poll Manipulation


Network Attacks


Spear Phishing


Government contractor compromised



Cellular Phone Forensics

Overview


2002


First Imaging Software for
Cellphones

Made Available


2008


Memory Dump Available on 40% of
Cellphones


Mandate


GPS Chip in Every
Cellphone

by
2009

Different Forensics


Communication through Embedded Chip


Different File System


Active Memory Storage


Smaller Onboard Capacity

iPhone


File System Depends on Chip


Solid State Memory


Larger Storage Capacity


Multi
-
tier Wireless Communication


Bit
-
stream Memory Image


Marketing Tracking Device


Avg. Memory Capture: 1.4
tb

Blackberry


Move from Business


Consumer


IPD Backup on Desktop


Timestamped


Unencrypted


65 Primary databases


Parsed to be viewed


Computer Forensics in Practice?

Enron


Fastow, Skilling & Lay found Guilty


Hundreds of Employee Computers Examined


Thousands of E
-
mails Researched


Documents Required Full Text Search
Capabilities


31 Terabytes (10
12

bytes) of Data


(~15 Academic Libraries)

Virginia Tech Massacre


Killer:
Seung
-
Hui

Cho


32 Murdered


Ebay

Searches



Scott Peterson Murder Trial


Searched Online for


Boats


Boat Ramps


Tides


Knots

Toys R Us Fraud Case


Gift Cards Scam


NYC & Chicago


Kings County D.A.


Evidence


AOL (Login times)


Toys R Us (Activity Logs)


UPS (Delivery Logs)


Computer

Data Recovered


Passwords


Websites Visited


Emails (Sent /
Received)


File Creation, Access,
Modified, Deletion
Dates & Times


Chat Sessions


Files Copied


Programs Installed


Files Transferred


Images Viewed or
Saved


Devices


Hard Disk


Floppy Disk


Zip Disk


CD


DVD


Blackberry


USB


Tapes


TiVo


Xbox


DVR


Smartphone


In the Classroom

Microsoft Applications


PowerPoint


Student Presentations


Lab Layout
Link

Microsoft Applications


Excel


Crimes


Hardware Inventory


Evidence Form
Link


Word


Research Paper


Evidence Form
Link

Web Design

Other Applications


YouTube


Podcasting (
www.camstudio.org
)


Blogging (
www.blosxom.com

or
www.wordpress.org
)


Wikis (
www.wikispaces.com
)


Social Networking (
www.ning.com
)


Mashups

(
www.popfly.com
)

Computer Forensics Software


Helix (Imaging)


FTK (Imager)


Invisible Secrets (
Steganography
)


Wireshark

(Network Tracking)


Snort (Network Intrusion Prevention System)


Nmap

(Security Auditing)


S
-
Tool (Center for Internet Security)


Vmware

(Reverse
-
Engineer Malware)



Resources


http://berghel.com/home.php


http://www.simson.net/cv/pubs.php


http://www.cylab.cmu.edu/


http://www.wireshark.org/


http://www.swgde.org/


http://www.rcfl.gov


http://www.ssddfj.org/


Summary


Rise in
Botnet

Activity


Anonymous Users


Organized Crime


Decrease in Password Cracking


Increase in Network Attacks


Increasing Importance of Mobile Forensics