use of it resources for evidence gathering & analysis use of it resources for evidence gathering...
TRANSCRIPT
![Page 1: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/1.jpg)
Use of IT Resources forEvidence Gathering & AnalysisUse of IT Resources forEvidence Gathering & Analysis
Raymond SO Wing-keungAssistant DirectorIndependent Commission Against CorruptionHong Kong Special Administrative Region, China
Raymond SO Wing-keungAssistant DirectorIndependent Commission Against CorruptionHong Kong Special Administrative Region, China
APEC ACT Workshop, Santiago, Chile11th-13th June 2013APEC ACT Workshop, Santiago, Chile11th-13th June 2013
![Page 2: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/2.jpg)
2
Computing Devices
![Page 3: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/3.jpg)
3
Social Networking Tools
![Page 4: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/4.jpg)
4
370,000+ Minutes Voice Calls
98,000+ Tweets100+ New Accounts
80,000+ Wall Posts510,000+ Comments
6,600+ Pictures Uploaded
600+ Videos (25 Hours+) Uploaded
168+ Million Emails Sent
700,000+ Search Queries
(Source: Go-Globe.com)
Every 60 Seconds on the Internet
![Page 5: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/5.jpg)
5
Why Criminals Use IT
• Share information
• Multi-national communication
• Swift action
• Hiding identity
• Process and storage of large amount of data
• ………………….ultimately to avoid detection
![Page 6: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/6.jpg)
6
How do we use IT resources?
![Page 7: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/7.jpg)
7
Digital Forensics• Data acquisition, recovery, preservation and examination• Computer
– Email– Document file…
• Mobile phone– Call history– Contact list– Short message– Email– Photo– WhatsApp
![Page 8: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/8.jpg)
8
Mobile Digital Forensics Laboratory
• Shielded environment to block communication, e.g. remote wipe
![Page 9: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/9.jpg)
9
Faraday Bags
![Page 10: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/10.jpg)
10
Technical Tools
• Data recovery– Recover deleted files
• Information analysis– Call records
– SMS
– Email…
![Page 11: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/11.jpg)
11
Data Recovery Tool
![Page 12: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/12.jpg)
12
Call Record Analysis
![Page 13: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/13.jpg)
13
SMS Analysis
![Page 14: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/14.jpg)
14
Email Analysis
![Page 15: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/15.jpg)
ultinational Fast Food Managing DirectorAccepted Bribes
![Page 16: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/16.jpg)
16
Record Digitization System
• Handled > 100,000 pages of bank statement each year
• Automatic conversion of statements/records in pre-defined templates into Excel files
• Developed by internal IT experts
![Page 17: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/17.jpg)
17
![Page 18: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/18.jpg)
18
R. D. S.R. D. S.
![Page 19: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/19.jpg)
19
Centralized Storage ofDigital Exhibits
• Storage Area Network (SAN)– Over 250TB storage– Connected by fibre channel
• Multiple examiners can work collaboratively on one case
![Page 20: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/20.jpg)
20
ISP Enquiry
• Internet Service Provider (ISP) may provide
– Subscriber information
– Login IP address: for tracing physical location and subscriber information
– Email content: usually court warrant is needed
– How about ISP or their servers in other jurisdictions?
• Mutual Legal Assistance
![Page 21: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/21.jpg)
21
Challenges (1)
Technical difficulties
• Cloud computing– Information and evidence are remotely stored– Liaison with online service providers
• Huge data size– Storage Area Network (SAN) to keep forensic image
• Data encryption– Password cracking tool– Chip level data acquisition
![Page 22: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/22.jpg)
22
Challenges (2)
Admissibility of digital evidence
• Local digital evidence
• Foreign digital evidence
• Expert opinion on chain of evidence
• Admissibility of evidence in court trials
![Page 23: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/23.jpg)
23
The Way Ahead
Capacity Building
• Dedicated expert teams
• Training
• Collaboration with IT counterparts
![Page 24: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/24.jpg)
24
The Way Ahead
International Cooperation
• Formal Cooperation – UNCAC
• Informal Channels – APEC
![Page 25: Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent](https://reader036.vdocument.in/reader036/viewer/2022062423/56649e2c5503460f94b1b714/html5/thumbnails/25.jpg)
Thank You
www.icac.org.hk