150 likes | 301 Views
New Zealand Customs Service Electronic Forensic Unit. Who we are. Brent Whale CFCE Electronic Forensic Investigator. Bruce Ellis Senior Customs Officer. The need for Computer Forensics. It came clear to New Zealand Customs in 1998 that a large portion of offending in relation to
E N D
New Zealand Customs Service Electronic Forensic Unit
Who we are Brent WhaleCFCE Electronic Forensic Investigator Bruce Ellis Senior Customs Officer
The need for Computer Forensics It came clear to New Zealand Customs in 1998 that a large portion of offending in relation to the importation of prohibited goods was being undertaken using computer technology The object of a computer forensic investigation is to obtain evidence in cases of computer facilitated offending
What is Computer Forensics ? The collection, preservation, analysis and presentation of computer related evidence utilising secure, controlled methodologies and auditable, evidentially correct procedures
Collection: A complete physical bit-stream image of a target drive is acquired in a completely non-invasive manner. Preservation: The bit-stream is preserved in a read only format onto CD. This enables the original data to be examined at anytime in the future.
Analysis: Specific forensic software tools are utilised to examine data from the suspects computer. Presentation: The presentation of digital evidence in a format that can be understood by non computer literate individuals
Case Study: Operation Green NZ England
Case Study: Operation Green September 2001 NZ resident (Dave) e-mails friend in the UK (Brent) requesting LSD and Ecstasy be sent to NZ via mail Dave utilised the off shore e-mail facility ‘hotmail’ to correspond with Brent. Dave believed that the data from these e-mail transactions were being stored in the USA. Brent contacts Dave and advises him the the ‘acid’ has been sent and is in a red envelope. The importation of the ‘acid’ was undertaken successfully. Dave contacted Brent via e-mail to advise that it had arrived.
Case Study: Operation Green Customs intercept the ‘ecstasy’ at the International Mail Centre Search Warrant undertaken on the residential address of Dave Dave denies all knowledge of the importation Dave is advised that his computer is going to be taken for an electronic examination. Dave is advised that even if he has deleted the information it can still be recovered.
What happens when a file is deleted Data Area
What happened next? Dave was interviewed in regard to the evidence located on his computer Dave admits that he imported the package intercepted by Customs containing the ecstasy. Dave also admits that he imported a package containing LSD (acid). Dave pleads guilty in court to two charges of importation of class A and B controlled drugs and has been sentenced to eight months in prison. Brent arrives in NZ on holiday and is also charged and has been sentenced to six months in prison.
Case Study: Other Offences During the examination of the hard disk drive, child pornography images were also located. WARNING The following image depicts child pornography WARNING
Conclusion Without the forensic capability Brent and Dave would not have been convicted for the importation of controlled drugs.