Computer Forensics

Download Report

Transcript Computer Forensics

FSC
Forensics and Computer
Professionals
FORENSICS , COMPUTIG &
PREDICTIVE FRAUD MANAGEMENT
By
Dr Abiodun Osiyemi
President , Association of Forensic Sciences & Expert Witness
(Training Copyright)
1
www.forensicscienceng.com
FSC
Digital / Computer Forensics &
Fraud Detection
2
www.forensicscienceng.com
FSC
Presenter: Dr Abiodun Osiyemi
Dr Abiodun Osiyemi
BSc, MBBS, MSc (Distinction, NG),
MBA, MSc (Forensic Science UK), PhD (Mgt),
CMC, FIMC, MITD, MCFI
President , Association of Forensic Sciences &
Expert Witness
Email: [email protected], Tel: +234-803-300-8505
Website: www.forensicscienceng.com
3
www.forensicscienceng.com
FSC
Can you spot me?
Criminalists-UK 2011!
4
www.forensicscienceng.com
FSC
Crime Scene Investigation !
Doing the right thing
5
www.forensicscienceng.com
FSC
Presentation outline
•
•
•
•
•
•
•
•
Introduction
Definitions
Types of Fraud and Business Scams
Data mining and fraud detection
Digital Forensics & Fraud detection
Admissibility of expert evidence in law courts
Challenges of Fraud Investigation
Conclusion
6
www.forensicscienceng.com
FSC
Introduction
7
www.forensicscienceng.com
FSC
Do you agree?
8
www.forensicscienceng.com
FSC
Financial Crime : The ‘Crack Team’
9
www.forensicscienceng.com
FSC
Introduction
• Fraud is a consistent fact of business life that
affects all sizes of organizations globally
• There is no full proof method to prevent fraud ,
however systematic approach van be used in
minimizing the risk.
• Two main types of fraud are carried out by the
perpetrators i.e. Internal and External fraud.
Internal fraud accounts for higher crime
occurrences in some countries such Australia
10
www.forensicscienceng.com
FSC
• The financial loss as a result of financial
fraud accounts for billions of dollars
annually in various countries.
• Australian business and government lost
$5.8 billion a year and accounted for one
third of all crime occurring in the country
(Australian Institute of Criminology 2003)
11
www.forensicscienceng.com
FSC
Essence of Topic
• In order to accomplish analysis of large amount of
financial information when dealing with fraud and money
laundering, it is important to include Data Mining and
Digital Forensic in the strategies of the financial
institution.
12
www.forensicscienceng.com
FSC
The Fraud Triangle
Commonly Accepted Theory for Internal
Fraud:
• Motivation / Pressure
• Rationalisation
• Opportunity
Pressure
13
Opportunity
AICPA: Condition of fraud
www.forensicscienceng.com
Rationalization
FSC
Forensic Science
Definition:
• Relating to the use of science and technology in the investigation and
establishments of facts or evidence in a court of law
• Relating to or appropriate for courts of law (* Online English
Dictionary)
Forensics derives from Latin word ‘forum’ and applies to any thing that
relates to law
Law & Science
The philosophical foundation of the criminal justice system remains to
protect the innocent and to ensure that the truth emerges for any
matter before the court, thereby ensuring that justice is done.
For law enforcements to keep up with pace of criminal advancements,
other techniques of identifying criminals must develop and Science
has come permanently to the rescue with methods that depend less
on eye witness
14
www.forensicscienceng.com
FSC
Digital Forensics (Computer, Mobile etc)
• The science which aims to identify ,
preserve, collect, validate, analyze,
interpret, document and present digital
evidence stored in electronic sources.
• Digital forensics applies to reconstruction
of events during criminal investigations, or
anticipates unauthorized actions
• DF when combined with Data mining can
be used to effectively pr
15
www.forensicscienceng.com
FSC
Locard’s Principle
Principle of Exchange
• when a person comes into contact with an
object or another person, a cross transfer
of physical (also-Virtual / Electronic)
evidence can occur
www.forensicscienceng.com
FSC
‘Partners’ at work
17
www.forensicscienceng.com
FSC
Fraud Techniques
•
•
•
The “Three-Call” Technique
The Infallible Forecaster
Baits to Lure in
•
•
•
Aspect of Risk
Show of Familiarity
Doing you a favour
•
•
•
•
An understanding of Psychology
Avoidance of Questions
High Pressure Sales Tactics
Fancy Corporate Names
•
Howdy Partner
18
www.forensicscienceng.com
FSC
Corruption
19
www.forensicscienceng.com
FSC
Data Mining & Fraud Detection
20
www.forensicscienceng.com
FSC
Data Mining
This is an extractive process of Information
Also known as Pattern Data Analysis, has been used to
detect fraud as well as tool to improve business
processes and better compete in the market. (Beer &
Diapers story!)
Data is produced at a phenomenal rate and we have more
ability to store information therefore users expect more
sophisticated results
DM- Statistical Analysis + Artificial Intelligence
Objective:
• Fit data to a model
• Obtain potential result that may not be obvious from raw
data
www.forensicscienceng.com
21
FSC
Data Mining
Similar Terms
• Pattern data analysis
• Exploratory data analysis
• Deductive learning
Tough one!
• Unaccompanied Animal couriers – The
donkey , the pigeon (Arab world!)
22
www.forensicscienceng.com
FSC
Sources of Data
A: Internal control Data
• Reconciliation failure
• Control total failure
• Exception transactions
• Apparent Errors
B: Basic tips & hotlines
C: Security breaches
D: Pattern data
• Records and inventory falsifications
• Software manipulation
• Control override
23
www.forensicscienceng.com
FSC
Getting started
How easy is it to Uncover hidden information
in these transactions from :
• 100,000,000 cards
• up to 400 transactions per second (peak
hours)
• up to 15,000,000 transactions per day
• 3000,000,000 transactions per year
24
www.forensicscienceng.com
FSC
Data Mining
25
www.forensicscienceng.com
FSC
Data mining Essence!
• Identification of profile variables (Know Your Customer)
• Sampling (very skewed distributions)
• Development of the scoring model
Optimization criterion: what do we optimize: (Before, During & AfterProfile recognition & predictability
• Number of detected fraud transactions?
• E.g. -Number of detected fraud cards?
• Amount of money saved?
Triggers of Likely fraud
• Red flags, Red flags that trigger SAR
• Suspicious Activity Reporting Requirements
26
www.forensicscienceng.com
FSC
•
•
•
•
•
•
Data Mining Challenges
No “universal fraud patterns”
What is normal for one cardholder is
unusual for another
Fraud patterns changing dynamically
Thieves are clever: action => reaction
Huge volumes of data
Hundreds of transactions per second,
millions of accounts
27
www.forensicscienceng.com
FSC
Data Mining
Data mining is also known as Pattern Data
Analysis.
• Data Mining employs different rules such as
association and classification rules therefore
different form database monitoring .
• Normal data monitoring fail because of random
error or loopholes in the controls, monitoring
process and reporting process
28
www.forensicscienceng.com
FSC
Why standard fraud indicators fail!
Standard fraud indicators can fail when
fraudsters intentionally circumvent then by
manipulating the very data that are
normally used to signal possible fraud eg
• Records and inventory classification
• Software manipulation
• Control override
29
www.forensicscienceng.com
FSC
Data Mining Models & Tasks
Data Mining has both models
• Predictive
• Descriptive
Predictive
• Classification
• Regression
• Time series analysis
• Prediction
30
www.forensicscienceng.com
FSC
Data mining process (SEMMA)
•
•
•
•
•
Sampling
Exploration
Modification
Model
Assessment
31
www.forensicscienceng.com
FSC
Data driven fraud detection
• Sample:
Select data with some fraud cases
• Explore: work with sample and identify fraud predictors
• Modify :
consider revising sample and set of
predictors
• Model:
use predictors to develop a prediction mode;
• Assess:
Apply model to test samples. Assess
performance
32
www.forensicscienceng.com
FSC
Data mining & Fraud detection
tools
DATA MINING & BUSINESS INTELLIGENCE SOFTWARE
• The Micro strategy Business Intelligence platform
• SAP Business object
• SAS Data mining
Other Data –driven fraud detection applications and tools
• FraudPoint
• Experian Detect
• The US IRS Electronic Fraud Detection system ,,,
• Actimize employee fraud solution
• FraudLabs – Frauds detection web service
33
www.forensicscienceng.com
FSC
Forensic Techniques & Fraud detection
Essence:
To forensically identify, collect and analyze
financial evidence .
The goal of the investigator is to collect evidence relevant to the fraud
under investigation. Such evidence , when well organised , provides
answers to the classic sleuth’s questions regarding to the possible
fraud: Who, what , when , when , where, how and why.
The most important questions are
What was the fraud?
What was the loss?
34
www.forensicscienceng.com
FSC
Digital / Computer Forensics &
Fraud Detection
35
www.forensicscienceng.com
FSC
Forensic Science is the application of science to legal
matters
special interest to financial crime investigations:
• Digital / Computer forensics
• Mobile phone forensics
• Criminalisitics
• Dactylography
• Forensic Evidence
• Forensic Identification
• Questioned Documentation Examination (Palaeography)
36
www.forensicscienceng.com
FSC
7 S’s of CSI
1.
2.
3.
4.
5.
6.
7.
Securing the Scene
Separating the Witnesses
Scanning the Scene
Seeing the Scene
Sketching the Scene
Searching for Evidence
Securing and Collecting the Evidence
www.forensicscienceng.com
FSC
Sketch the scene & lable
38
www.forensicscienceng.com
FSC
www.forensicscienceng.com
FSC
Digital / Computer Forensics &
Fraud Detection
Collection and Preservation of Evidence at the crime
Scene
• The criminalists are trained to collect evidence at the
crime scene
• They have special training in computer and information
systems, which is becoming more important as computer
criminals become more sophisticated!
- They are called Computer Analysis and Response Team
(CART) They are Computer – Specialize Criminalists)
40
www.forensicscienceng.com
FSC
Digital Forensics- Extraction Methods
Logical
Extraction
File System
Extraction
Physical
Extraction
www.forensicscienceng.com
FSC
Collusive Relationship: Mobile Forensic Analysis
Caught 3 suspects
Do they know each
other or have they
contacted mutual
parties?
What are the
important
connections?
How do they
communicate?
Is there
investigation
related data?
Were they in the
same place and in
the same time?
42
www.forensicscienceng.com
FSC
Forensic Document Examination - Cheque
www.forensicscienceng.com
FSC
Admissibility of expert evidence
• In the United States of America, there are two general tests for
admissibility. In 1923, in the case of Frye test versus United States
(also referred to as Frye test or general acceptance test) it was held
that the court will go a long way in admitting expert testimony
deduced from scientific principle or discovery which must have
gained general acceptance in a particular field it belongs.
• Also in 1993, in the case of Duabert versus Merrel Dow
pharmaceuticals Inc, the Supreme Court ruled that proof that
establishes the scientist reliability of expert testimony must be
produced before it must be admitted .
• Finally for the FDE to be of important relevance to the justice system
they must have appropriate qualification to qualify to give
expert testimony and be up to date with developments in their
field through continuing education.
44
www.forensicscienceng.com
FSC
Expertise of Computer Analysis and Response Team
They have expertise in 9 areas
• Content
• Comparison
• Transactions
• Extraction
• Deletion
• Format conversion
• Keyword searching
• Password recovery
• Limited source code
45
www.forensicscienceng.com
FSC
The Investigation teams
•
•
•
•
Evidence Response Team (ERTs)
Questioned Documents Unit
Investigative and Prospective graphics unit
Racketeering Records unit
46
www.forensicscienceng.com
FSC
Steps in Forensic Investigations
Note: Great care and discipline must be exercised in preserving
computer and physical evidence
Step 1: Size up the situation
Step 2: Log every detail
Step 3: Conduct the initial survey
Step 4: Assess the possibility of ongoing undesirable activity
Step 5: Power down
Step 6: Check for Booby traps
Step 7: Duplicate the hard drive or other permanent storage unit
Step 8: Analyze the Hard drive
47
www.forensicscienceng.com
FSC
Law Enforcement Database Networks
Many databases are helpful during Investigations and Law
Enforcement agents have access to them especially in the G8
countries, and other ‘developed countries’!
The databases includes:
• Automated Fingerprint Identification System (AFIS=IAFIS)
• National DNA Index System (NDIS)
• Combined DNA Index System (CODIS)
• Financial Crimes Enforcement Network (FinCEN)
• National Law Enforcement Telecommunications Systems (NLETS)
• National Crime Information Center (NCIC) network
48
www.forensicscienceng.com
FSC
Fraud Investigation Challenges
•
Bankings’ role in facilitation of the activity
•
Acceptance of flight capital by western
countries
•
Laws and limitations of other countries
•
Jurisdictional conflicts and lack of international
coordination
•
Bank Secrecy
•
Volume and complexity of international
transfers of funds
www.forensicscienceng.com
FSC
•
Internet based banking
•
Tax heavens as sanctuaries
•
Offshore corporations
•
Having to prove fraudulent transfer
•
Shortfall of reporting requirements
•
Criminals influencing Government and Bank
support
•
The widespread use and acceptance of trade mispricing
50
www.forensicscienceng.com
FSC
Combating Fraud: Measure of Success
“Is there anywhere that the Secret Service won’t come
looking?”
“Anti US regime country, are safest place”
www.forensicscienceng.com
FSC
Conclusion
• Fraud detection is an unending challenge because fraudsters
are forever inventing fraud schemes
• Data Mining must be included in the strategies of financial
institutions to be effective in predictive and other modes of
fraud detection
• Forensic techniques are essential for detection and
investigating frauds if they are to be admissible in the law
courts
• The roles of the regulators, bankers , law enforcement agents
must be defined and effective in fraud control
• An integrated approach would not eliminate fraud completely
but would make a huge impact in detecting and curbing fraud
• CCCOBIN must partner with forensic scientists and other stake
holders to form a formidable winning team as a way forward
52
www.forensicscienceng.com
FSC
Acknowledgements
The reference materials
• Anti money laundering methodology: financial regulations, information security and
digital forensic s working together. Flores . D. A et al
• Fraud : A guide to its prevention , detection and investigation:
PriceWaterHouseCoopers
• William S. Hopwood et al Forensic accounting and Fraud Examination : Second
ediction :
• James Wright : Bank Examinations Techniques
• Wojtek Kowalczyk : Detecting fraud with data mining
• Celebrite – Roy Shamir
• David A. Iacovetti. Financial crimes and emerging criminal trends
• Internet online sources
53
www.forensicscienceng.com
FSC
Thank you
Contact details of Presenter
Dr Abiodun Osiyemi
+2348033008505
CEO: Forensic Science Consultants
[email protected]
www.forensicsciencng.com
54
www.forensicscienceng.com