Mid-term forensic challenges of E-crime mag.oec. Sasa Aksentijevic,univ.spec.oec. court expert in information and telecommunication technology
ICT forensics key players Police crime investigators (inspectors) Legislative branch investigators (prosecutors, attorneys) Intelligence agencies and military sector ICT court experts (expert witnesses) Private detectives and agencies Companies, NGOs (for internal or external use) FORENSIC REPORTS
ICT forensic reports – Preliminary part: introduction, expertise area, who ordered it, which documentation and evidence was used – Findings: fact gathering, interviews, forensic analysis of evidence, cooperation with police and court, usage of scientific methods, evaluation – Expert opinion: synthetic report that includes explanation of the findings, effects, consequences and importance of discovered facts PROPERTIES – Simple language, clear, logical, all-encompassing – Methods must be explained, evidence evaluated – All findings must be reproducible – expert must be able to answer to all questions from the court, involved parties and lawyers in the process – expert can be required to update the report according to additional requests
ICT forensics principles – The principle of non-tampering with evidence – The principle of identification of evidence material – The principle of usage of evidence copies – The principle of evidence interpretation – The principle of chain-of-custody of evidence – The principle of scientific method
ICT forensics challenges TECHNOLOGY
Technology is becoming more and more complex Legislative investigators and those who issue court orders do not understand issues related to technology: they expect immediate results ignoring any limitations Main constraints: time and money, if the quality of forensic reports is required to remain constant or improved It is increasingly difficult for freelance ICT forensics investigators to conduct investigation Forensic investigators should be involved immediately, not ex-post
ICT forensics is a joint endeavor of those in charge to initiate and conduct investigation, secure evidence, perform forensic analysis and produce/present results. In reality, cooperation between different involved parties is erratic and there are no clear lines between responsibilities. There is no best model (“golden standard”) to achieve results. Exact proceedings depend not only on organizational and technical factors, but also local legislation system, cultural blueprints and even maturity of executive/legislative branch. ICT forensics challenges ORGANIZATION
Field of ICT forensics is very diverse and will be constantly developing. ICT forensics challenges CURRENT FORMS OF ICT CRIME Computer crime Network targeted Computer targeted Spam Fraud Offensive content Harassment Cyber warfare Cyber terrorism Other non specific
The latest developments in the past decade include dealing with: Computer trespass (USA) Cyber bullying Cyber defamation Economic and Industrial Espionage using ICT Internet homicide Internet stalking Internet suicide Internet Wars (1st Internet war: East Timor-Indonesia; Web War One: Estonia South Ossetia-Russia Internet war, 2010 China Telekom, 2010 Stuxnet worm) Online predators Organized crime White collar crime Virtualization ICT forensics challenges NEW FORMS OF ICT CRIME
The rise of new technologies: Mass virtualization (Storage aaS, Software aaS, Platform aaS, Infrastructure aaS –Everything aaS) E-passports, biometrics and personal identity Forensics and storage of CCTV surveillance data Mass event log forensics Nomad computing (mobile phones,notebooks,netbooks,pads) forensics Technology adaptive to the legislative regulation Forensics of bio-computing and nano-computing ICT forensics challenges IMPACT OF NEW TECHNOLOGIES
Mid-term forensic challenges of E-crime (Q&A) mag.oec. Sasa Aksentijevic,univ.spec.oec. court expert in information and telecommunication technology