_____________________________
“Are you
finding what you need?” I asked.
“Some
of it. They have security on top of security.”~ Missing Lynx
If you're writing a contemporary suspense/thriller/crime novel, then digital information is an important angle to consider.
Modern technology makes certain crimes easier to carry out than ever before, indeed there are certain crimes that exist now that were not possible before computers became generalized to the world population.
How many of you have been at the end of an African lottery win phishing expedition? Conversely, if the criminal is not aware of how digital forensics can help an investigation, it can also make crime harder to get away with.
 |
| Map showing the Strategic Alliance Cyber Crime Working Group member countries and lead agencies (Photo credit: Wikipedia) |
Most interrogators working with computerized information are called Digital Forensic Investigators. Apparently calling them computer-geek-cops is frowned upon.
 |
| (Photo credit: Wikipedia) |
They cover such crimes as:
* Cyber bullying* Child porn and child
exploitation
* Pirating - software, music,
videos, and
other copyrighted work
like books.
Link to novalist John
Dolan's blog post
about his experience with
pirating. Just FYI
* Credit card fraud
* Altering medical data for insurance fraud
* Espionage
* Terrorism
* Corporate crimes
* Pharming - Pretending to be a legitimate
organization when they are not
* Phishing - Trying to defraud people
Video Quick Study (3:43) Phishing and Pharming examples
Video Quick Link (3:28) - excellent overview of digital crimes
Video Quick Study (6:44) - This is Josh Moulin who taught at
WPA 2011. He is explaining what he does,
listen carefully to his mode of speech and his
vocabulary. This is not specialized speak
for the interview. This is how he spoke with us.
(Don't go to the website he offers; it is
incorrect).
* Includes tips for how to protect a child on line
* Tips on general computer safety
The first hurtle to jump is just identifying that there is an issue.
* Is this a glitch in a program? A human error? Or, is this a crime?Often times computer crimes are hard to discover.
* Did the person have widely scoped criminal intent such as a
terrorist? Or was this a bored teenager hacking into a system to
see if he could?
Then they start looking for a suspect.
Digital Forensics Experts will:
1 Trace Back - the computer experts try to find the source
computer - computer from which the attack originated - by
following the trail of addresses (IP Addresses)
2. Scrutinize the computer system of the entity that was
compromised called the target.
MOTIVE1 Trace Back - the computer experts try to find the source
computer - computer from which the attack originated - by
following the trail of addresses (IP Addresses)
2. Scrutinize the computer system of the entity that was
compromised called the target.
Once the investigators have narrowed in on the suspect, they need to prove:
* Did the person have motive for perpetrating a crime and what
was it? Motivators might include:
` Curiosity - like hackers to see if they can.
` Money
` Victimization (such as stalking or pedophilia)
` Power/leverage/ revenge
KNOWLEDGE and MEANS
* Believe me, I could have all of the motivation in the world, BUT
if my scheme includes anything more than
using a word processor, you've got the wrong girl.
ACCESS to perpetrate such things as:
* Data mining for materials that would benefit a criminal such as
credit card numbers.
* Logic Bombs - "is a piece of code intentionally inserted into a
software system that will set off a malicious
function when specified conditions are met. For example, a
programmer may hide a piece of code that
starts deleting files, should they ever be terminated from the
company." More information here.
* Opportunity to perform alterations of computer logs to show that
the activity happened at a different time
or date. (Investigators must look at the time/date stamp and make
sure these were not tampered with,
for example)
 |
| English: DCIS special agents investigate cyber crime within DoD. (Photo credit: Wikipedia) |
In order to develop the motive, access, and means, the investigators will collect evidence. Evidence is collected, analyzed, and stored.
Traditional Investigation
1. Interview eye witnesses - did anyone see or hear anything
pertaining to the crime?
pertaining to the crime?
2. Conduct surveillance
* Electronic surveillance might include pretending to be a target
such as posing as a thirteen-year-old girl.
such as posing as a thirteen-year-old girl.
* Discovering if the suspect would have been some how
UNABLE to perform a cyber crime by location,
UNABLE to perform a cyber crime by location,
activity, etc. Ex. a scuba diver would probably have an alibi if
they were underwater.
they were underwater.
* Smart phones with internet capability make this difficult at
times; though again, everything leaves a digital
times; though again, everything leaves a digital
trail, so it might just be helping investigators.
Digital investigation
In order to access digital information from the target computer system, the investigators would need owner permission. If they wish to gather the information from the source computer they will need a warrant.
* The investigators might want to do this surreptitiously so as not
to let the suspect know that they are
to let the suspect know that they are
being investigated.
* They may confiscate the equipment.
COLLECT: 4 strategies for collecting the digital footprint.
 |
| English: A portable Tableau forensic write-blocker attached to a hard disk drive (Photo credit: Wikipedia) |
1. Seizure - bag, tag, and send devices to
the forensics laboratory.
* Ever growing number of devices with
huge amounts of memory makes long
back logs.
* No way to differentiate between items
that might contain evidence and items that
have no relevance.
2. Onsite Imaging
* Time consuming
* Issues of contamination
3. Digital Triage with Boot CD or Thumb
Devices
* Cannot cope with cell phones, GPSs or
similar devices
* Can contaminate the data that is being
harvested.
4. Onsite collection with specialized equipment such as Spektor
* The one in this video was developed for investigators who do not specialize in digital forensics. So your
Joe-cop could collect the evidence with maximum forensic control.
* Can handle cell phones and GPS devices.
Video Quick Study (4:53) Promotes Spektor - but is a good quicky-overview of the collection techniques
 |
| English: A Tableu internal forensic write-protection module (Photo credit: Wikipedia) |
Once the device is in the hands of the investigator:
1. They make back up copy (working copy)* Original data must stay intact allows it to be presented later in original condition if needed in court.
* Making the copy is called imaging.
* Working Copy Master (the original copy) is used to make
more copies. The original WCM is archived along with the
original data.
* Investigators work on one of the other versions - if it is
somehow corrupted then the investigators can
make a fresh copy from the WCM
Plot point: How are the investigators sure that the copy is correct? They use a hash value - program that converts data into whole numbers that are added up. These sums are compared and if they match, then investigators know that they have an exact replication. This is a very cool little piece to manipulate in a plot line so I'm including this LINK to an academic paper concerning its use.
 |
| Image found on Facebook |
a. USB
b. SCSI small computer interface
c. Computer firewires link to howstuffworks article
The machine is placed inside of a
protective box that prevents
someone at a remote location
from communicating with the data
and, for example, wiping the hard
drive.
Analyze - specifically and carefully
Preserve - with a documented chain of custody to maintain the integrity of the evidence for presentation in court.
DATA STORAGE -
Where do people (the good guys and the bad guys) look for data?Slack space - where data goes when your heroine thinks she deleted it.
 |
| (Photo credit: Wikipedia) |
numbers could be found here by
investigators
* Hackers can go and harvest that same kind
of data
Browser history (opening individual files)
Keyword search
Metadata searches ex:
*who created it
* when
* where was it received and by whom
Video Quick Study (5:07) Great easy-to-understand description of why data doesn't disappear when your heroine deletes her files.
Another way Digital Forensics Investigators gather evidence is cell phones via GPS.
Cell phones will ping off of a cell tower and give a general location. This can help establish an alibi; it can
also place a criminal in the vicinity of the crime. Investigators have to be careful in areas that have many cell towers because there can be bleed over. This happens when someone is near the overlapping area of two towers. PLOT TWIST if there is bleed over, it could put your heroine near the scene of the crime instead of in bed reading a good book like Virginia Is for Mysteries. (yup, I just unabashedly plugged my anthology!) Your heroine's lawyer might just use bring in an expert to testify on this very subject. Where was she the night of the murder? - Can't tell from her cell phone pings.
But this is all very cops and robbers. Your plot line runs more along the line of a savvy heroine who isn't taken advantage of. By anyone. What can she do? Your heroine doesn't have to be a forensic security geek - she can get simple tools like Recover It. LINK (quicky advertising video that shows this in action)
Pertinent Laws:
Cable Communications Policy Act 1984 linkElectronic Communications Privacy Act 1986 link
Digital Milennium Copyright Act 1998 link
USA Patriot Act 2001 (Uniting and Strengthening America Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) link
See how this article influenced my plot lines in my novella MINE and my novel CHAOS IS COME AGAIN.
Thank you so much for stopping by. And thank you for your support. When you buy my books, you make it possible for me to continue to bring you helpful articles and keep ThrillWriting free and accessible to all.
Thank you so much for stopping by. And thank you for your support. When you buy my books, you make it possible for me to continue to bring you helpful articles and keep ThrillWriting free and accessible to all.
Great information! Intelligent stuff and likely too much for a country bumpkin like me to comprehend... :-) Thanks for all this digital soup! As if my mind could wrap itself around it... There might come a time for this old geezer! Hope your 2014 is happy, prosperous, and without too many hitches.
ReplyDeleteHey Billy Ray,
DeleteThank you for your kind regards - I hope the same for you and your wife. You know this stuff is easier when you have teens in the house. I just call them in when I'm at defcon 1 with technology. They sigh, roll their eyes, and feel vastly superior - it usually takes a bribe like "no chores tonight if you help." LOL - use what you've got.
Digital forensic analysis of computers, laptops & servers can reveal emails, documents and spreadsheets that are often key to investigating theft of intellectual property including copyright, trademarks, patents and trade secrets.
ReplyDeleteThank you so much for adding this information!
DeleteCheers,
Fiona