new zealand customs service electronic forensic unit
DESCRIPTION
New Zealand Customs Service Electronic Forensic Unit. Who we are. Brent Whale CFCE Electronic Forensic Investigator. Bruce Ellis Senior Customs Officer. The need for Computer Forensics. It came clear to New Zealand Customs in 1998 that a large portion of offending in relation to - PowerPoint PPT PresentationTRANSCRIPT
New Zealand Customs ServiceElectronic Forensic Unit
Brent Whale CFCE
Electronic Forensic Investigator
Bruce EllisSenior Customs Officer
Who we are
The need for Computer Forensics
The object of a computer forensic investigationis to obtain evidence in cases of computer facilitated offending
It came clear to New Zealand Customs in 1998 that a large portion of offending in relation to the importation of prohibited goods was being undertaken using computer technology
What is Computer Forensics ?
The collection, preservation, analysis and presentation of computer related evidence utilising secure, controlled methodologies and auditable, evidentially correct procedures
Collection:
A complete physical bit-stream image of a target driveis acquired in a completely non-invasive manner.
Preservation:
The bit-stream is preserved in a read only format onto CD. This enables the original data to be examined at anytime in the future.
Analysis:
Specific forensic software tools are utilised to examine datafrom the suspects computer.
Presentation:
The presentation of digital evidence in a format that can be understood by non computer literate individuals
Case Study: Operation Green
NZ England
September 2001NZ resident (Dave) e-mails friend in the UK (Brent)requesting LSD and Ecstasy be sent to NZ via mail
Dave utilised the off shore e-mail facility ‘hotmail’ to correspondwith Brent. Dave believed that the data from these e-mail transactions were being stored in the USA.
The importation of the ‘acid’ was undertaken successfully.Dave contacted Brent via e-mail to advise that it had arrived.
Brent contacts Dave and advises him the the ‘acid’ has been sent and is in a red envelope.
Case Study: Operation Green
Customs intercept the ‘ecstasy’ at the International Mail Centre
Search Warrant undertaken on the residential address of Dave
Dave denies all knowledge of the importation
Dave is advised that his computer is going to be taken for anelectronic examination. Dave is advised that even if he has deleted the information it can still be recovered.
Case Study: Operation Green
What happens when a file is deleted
MBR BRFAT 1
Reserved FAT 1
Area FAT 1FAT 2
FAT 2FAT 2
ROOT DROOT D
ROOT D
ROOT D
Data Area
What happened next?
Dave was interviewed in regard to the evidence located on his computer
Dave admits that he imported the package intercepted by Customs containing the ecstasy.
Dave also admits that he imported a package containingLSD (acid).
Dave pleads guilty in court to two charges of importation ofclass A and B controlled drugs and has been sentenced to eight months in prison.
Brent arrives in NZ on holiday and is also charged and hasbeen sentenced to six months in prison.
Case Study: Other Offences
During the examination of the hard disk drive, child pornography images were also located.
WARNING
The following image depicts child pornography
WARNING
Child Porn Image in Hex View
Conclusion
Without the forensic capability Brent and Dave would nothave been convicted for the importation of controlled drugs.
QUESTIONS