PowerPoint 簡報 - Fiscalía de Chile
Download
Report
Transcript PowerPoint 簡報 - Fiscalía de Chile
APEC ACT Workshop, Santiago, Chile
11th-13th June 2013
Use of IT Resources for
Evidence Gathering & Analysis
Raymond SO Wing-keung
Assistant Director
Independent Commission Against Corruption
Hong Kong Special Administrative Region, China
Computing Devices
2
Social Networking Tools
3
Every 60 Seconds on the Internet
370,000+ Minutes
Voice Calls
80,000+ Wall Posts
510,000+ Comments
600+ Videos
(25 Hours+)
Uploaded
168+ Million Emails
Sent
98,000+ Tweets
700,000+
Search
Queries
100+
New Accounts
6,600+
Pictures
Uploaded
(Source: Go-Globe.com)
4
Why Criminals Use IT
• Share information
• Multi-national communication
• Swift action
• Hiding identity
• Process and storage of large amount of data
• ………………….ultimately to avoid detection
5
How do we use IT resources?
6
Digital Forensics
• Data acquisition, recovery, preservation and examination
• Computer
– Email
– Document file…
• Mobile phone
–
–
–
–
–
–
7
Call history
Contact list
Short message
Email
Photo
WhatsApp
Mobile Digital Forensics
Laboratory
• Shielded environment to block communication,
e.g. remote wipe
8
Faraday Bags
9
Technical Tools
• Data recovery
– Recover deleted files
• Information analysis
– Call records
– SMS
– Email…
– WhatsApp
10
Data Recovery Tool
11
Call Record Analysis
12
SMS Analysis
13
Email Analysis
14
ultinational Fast Food Managing Director
Accepted Bribes
Record Digitization System
• Handled > 100,000 pages of bank statement
each year
• Automatic conversion of statements/records
in pre-defined templates into Excel files
• Developed by internal IT experts
16
17
R. D. S.
18
Centralized Storage of
Digital Exhibits
• Storage Area Network (SAN)
– Over 250TB storage
– Connected by fibre channel
• Multiple examiners
can work
collaboratively on
one case
19
ISP Enquiry
• Internet Service Provider (ISP) may provide
– Subscriber information
– Login IP address: for tracing physical location and
subscriber information
– Email content: usually court warrant is needed
– How about ISP or their servers in other jurisdictions?
• Mutual Legal Assistance
20
Challenges (1)
Technical difficulties
• Cloud computing
– Information and evidence are remotely stored
– Liaison with online service providers
• Huge data size
– Storage Area Network (SAN) to keep forensic image
• Data encryption
– Password cracking tool
– Chip level data acquisition
21
Challenges (2)
Admissibility of digital evidence
• Local digital evidence
• Foreign digital evidence
• Expert opinion on chain of evidence
• Admissibility of evidence in court trials
22
The Way Ahead
Capacity Building
• Dedicated expert teams
• Training
• Collaboration with IT counterparts
23
The Way Ahead
International Cooperation
• Formal Cooperation – UNCAC
• Informal Channels – APEC
24
Thank You
www.icac.org.hk