New Zealand Customs Service Electronic Forensic Unit
description
Transcript of New Zealand Customs Service Electronic Forensic Unit
![Page 1: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/1.jpg)
New Zealand Customs ServiceElectronic Forensic Unit
![Page 2: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/2.jpg)
Brent Whale CFCE
Electronic Forensic Investigator
Bruce EllisSenior Customs Officer
Who we are
![Page 3: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/3.jpg)
The need for Computer Forensics
The object of a computer forensic investigationis to obtain evidence in cases of computer facilitated offending
It came clear to New Zealand Customs in 1998 that a large portion of offending in relation to the importation of prohibited goods was being undertaken using computer technology
![Page 4: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/4.jpg)
What is Computer Forensics ?
The collection, preservation, analysis and presentation of computer related evidence utilising secure, controlled methodologies and auditable, evidentially correct procedures
![Page 5: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/5.jpg)
Collection:
A complete physical bit-stream image of a target driveis acquired in a completely non-invasive manner.
Preservation:
The bit-stream is preserved in a read only format onto CD. This enables the original data to be examined at anytime in the future.
![Page 6: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/6.jpg)
Analysis:
Specific forensic software tools are utilised to examine datafrom the suspects computer.
Presentation:
The presentation of digital evidence in a format that can be understood by non computer literate individuals
![Page 7: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/7.jpg)
Case Study: Operation Green
NZ England
![Page 8: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/8.jpg)
September 2001NZ resident (Dave) e-mails friend in the UK (Brent)requesting LSD and Ecstasy be sent to NZ via mail
Dave utilised the off shore e-mail facility ‘hotmail’ to correspondwith Brent. Dave believed that the data from these e-mail transactions were being stored in the USA.
The importation of the ‘acid’ was undertaken successfully.Dave contacted Brent via e-mail to advise that it had arrived.
Brent contacts Dave and advises him the the ‘acid’ has been sent and is in a red envelope.
Case Study: Operation Green
![Page 9: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/9.jpg)
Customs intercept the ‘ecstasy’ at the International Mail Centre
Search Warrant undertaken on the residential address of Dave
Dave denies all knowledge of the importation
Dave is advised that his computer is going to be taken for anelectronic examination. Dave is advised that even if he has deleted the information it can still be recovered.
Case Study: Operation Green
![Page 10: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/10.jpg)
What happens when a file is deleted
MBR BRFAT 1
Reserved FAT 1
Area FAT 1FAT 2
FAT 2FAT 2
ROOT DROOT D
ROOT D
ROOT D
Data Area
![Page 11: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/11.jpg)
What happened next?
Dave was interviewed in regard to the evidence located on his computer
Dave admits that he imported the package intercepted by Customs containing the ecstasy.
Dave also admits that he imported a package containingLSD (acid).
Dave pleads guilty in court to two charges of importation ofclass A and B controlled drugs and has been sentenced to eight months in prison.
Brent arrives in NZ on holiday and is also charged and hasbeen sentenced to six months in prison.
![Page 12: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/12.jpg)
Case Study: Other Offences
During the examination of the hard disk drive, child pornography images were also located.
WARNING
The following image depicts child pornography
WARNING
![Page 13: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/13.jpg)
Child Porn Image in Hex View
![Page 14: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/14.jpg)
Conclusion
Without the forensic capability Brent and Dave would nothave been convicted for the importation of controlled drugs.
![Page 15: New Zealand Customs Service Electronic Forensic Unit](https://reader035.fdocuments.in/reader035/viewer/2022062322/56814943550346895db68dc0/html5/thumbnails/15.jpg)
QUESTIONS