650 likes | 855 Views
Detective Tracy Perkins. Disclosure…. The Task Force cannot and do not solve Cyber related crimes and make arrest with 40 to 45 minutes. Objectives. Identifying the elements of Internet crimes frequently encountered by law enforcement
E N D
Disclosure… The Task Force cannot and do not solve Cyber related crimes and make arrest with 40 to 45 minutes.
Objectives • Identifying the elements of Internet crimes frequently encountered by law enforcement • Have a better understanding of how to investigate Internet crimes • Have a better understanding of how to document Internet crimes • Methods to capturing electronic evidence
Internet Crimes • Harassment/ Cyberbullying • Sexting • Production, Promoting and Possession of Child Pornography • Enticement of a Child • Sexual Misconduct Involving a Minor • Furnishing Pornographic Materials to a Minor • Sex Trafficking of a Minor • Hacking – Individual accounts / School servers
Harassment Cyber Bullying When a person is tormented, harassed, humiliated, embarrassed, or otherwise targeted in a malicious way by any other person by electronic means. 1st degree If without good cause, engages in any act with the purpose to cause emotional distress to another person, and such act does cause such person to suffer emotional distress
Sexting • The act of electronically sending or receiving explicit messages or images, primarily between mobile phones or tablets
Crimes being committed by kids and adults Sexual Exploitation of a Child- Production of Child Pornography Taking image of yourself or another person, or asking someone to take such an image Promoting Child Pornography Transferring this image to a friend because he doesn’t believe she sent it to you and you want to prove it Possession of Child Pornography Keeping this image/video on your device
Sexual Exploitation of a Minor • A person commits the offense of sexual exploitation of a minor if such person knowingly or recklessly photographs, films, videotapes, produces or otherwise creates obscene material with a minor or child pornography. RsMo (573.023) Missouri Revised Statue- (2017)- Chapter 573, Section 023. Missouri General Assembly website www.moga. mo.gov
Enticement of a Child • A person twenty-one years of age or older commits the offense of enticement of a child if he or she persuades, solicits, coaxes, entices, or lures whether by words, actions or through communication via the internet or any electronic communication, any person who is less than fifteen years of age for the purpose of engaging in sexual conduct. RsMo (566.151) Missouri Revised Statue- (2017)- Chapter 566, Section 151. Missouri General Assembly website www.moga. mo.gov
Sexual Misconduct involving a child • Knowingly exposes his or her genitals to a child less than fifteen years of age under circumstances in which he or she knows that his or her conduct is likely to cause affront or alarm to the child; • Knowingly exposes his or her genitals to a child less than fifteen years of age for the purpose of arousing or gratifying the sexual desire of any person, including the child; • Knowingly coerces or induces a child less than fifteen years of age to expose the child's genitals for the purpose of arousing or gratifying the sexual desire of any person, including the child; or • Knowingly coerces or induces a child who is known by such person to be less than fifteen years of age to expose the breasts of a female child through the internet or other electronic means for the purpose of arousing or gratifying the sexual desire of any person, including the child. • RsMo 566.083 Missouri Revised Statue- (2017)- Chapter 566, Section 083. Missouri General Assembly website www.moga. mo.gov
Furnishing Pornographic Material to a Minor • Knowing of its content and character, he or she • Furnishes any material pornographic for minors, knowing that the person to whom it is furnished is a minor or acting in reckless disregard of the likelihood that such person is a minor; or • Produces, presents, directs or participates in any performance pornographic for minors that is furnished to a minor knowing that any person viewing such performance is a minor or acting in reckless disregard of the likelihood that a minor is viewing the performance; or • Furnishes, produces, presents, directs, participates in any performance or otherwise makes available material that is pornographic for minors via computer, electronic transfer, internet or computer network if the person made the matter available to a specific individual known by the defendant to be a minor. RsMo 573.040 Missouri Revised Statue- (2017)- Chapter 573, Section 040. Missouri General Assembly website www.moga. mo.gov
Sex Trafficking of a Child • Recruits, entices, harbors, transports, provides, or obtains by any means, including but not limited to through the use of force, abduction, coercion, fraud, deception, blackmail, or causing or threatening to cause financial harm, a person under the age of eighteen to participate in a commercial sex act, a sexual performance, or the production of explicit sexual material as defined in section 573.010, or benefits, financially or by receiving anything of value, from participation in such activities…. • It shall not be a defense that the defendant believed that the person was eighteen years of age or older. Missouri Revised Statue- (2017)- Chapter 566, Section 211. Missouri General Assembly website www.moga. mo.gov
Revenge Porn- Nonconsensual of Private Sexual Images 573.110 definitions, 573.112 • A person commits the offense , gains or attempts to gain anything of value, or coerces or attempts to coerce another person to act or refrain from acting, by threatening to disseminate an image or another person, which was obtained under circumstances in which a reasonable person would believe to remain private • who is at least 18 • who is identifiable from the image or information displayed in connection with the image and • who is engaged in a sexual act or intimate parts are exposed.
Remember the Basics • Who committed the crime (usernames, names, age, identify victim, age • What crime was committed? Describe image/video be professional language of content • Where was the crime committed- location of incident, jurisdiction, • When was the crime committed- date, approximate time, • How was the crime committed- Device used, website/app accessed (securing the evidence)
Facebook/Instagram Investigations • Identify the actual user names of victim and suspect by clicking on their main profile picture . Look in URL • https://www.facebook.com/julie.bradshaw.775?ref=bookmarks • https://www.instagram.com/krissyh_grl/?hl=en • Option to take over the account (signed consent) • Option to download the victims Facebook page ONLY! • Preservation Request through Facebook.com/records (both) • Search Warrant • Screenshots (Camera or Snipping Tool)
SnapChat • Snapchat is a photo messaging app that allows users to send video, texts and photographs to other Snapchat users with the interesting catch that your “Snaps” will disappear after an allotted time
Snapchat • Before sending legal request you must • identify the username on the account. • It is possible without the username Snapchat • can locate by either a phone number or email address. • If need be use a camera to photograph obvious elements of a crime that are within plain view on the device- Snapchat encrypts messages, so cell phone exaction might not be successful. • Saving messages on the devices….must hold down to save • DON’T go on a FISHING expedition and use COMMON SENSE • Use the Snapchat law enforcement guide • Be prepared to submit additional paperwork to Snapchat- Preservation order
Twitter • Before sending legal request visit Guidelines for law enforcement/Twitter Help Center. https://twitter.com/mo_chic1970 • If need be use a camera to photograph obvious elements of a crime that are within plain view on the device • DON’T go on a FISHING expedition and use COMMON SENSE • Be prepared to submit additional paperwork to Twitter • Refer to law enforcement guide • Send in preservation request
OBJECTIVES • Identify the Federal law that allows Law enforcement to preserve data under U.S.C. Title 18 2703(f) • Finding the service providers information to request the preservation order and getting the data preserved. • Requesting court documents subpoena vs. search warrant • Applying for search warrants in your jurisdiction for electronic data • Analyzing the documents received from the subscriber
Preservations Orders U.S.C. Title 18 2703(f) • What is this order? • Stored Communication Act • Protects “Stored wire and electronic communications and transactional records” held by a third party i.e . Facebook, Email, Phone companies, Etc • What does this mean for Law Enforcement? • Upon request by L.E. in writing , the service provider SHALL take all necessary steps to preserve records or other evidence pending a court order • How long is the preservation order good for? • The preservation order is good for 90 days • Can be extended for an additional 90 days upon RENEWAL request. www.uscode.house.gov (2015) Title 18 Section 2703
Getting the information for your Preservation • Do have the identifiers for the account? • Yes…..then proceed to the next step • Need to have the identifier….You cannot request the records by using the persons first and last name. • Preparing the request- **MUST HAVE** • Must be on a department letterhead • Must have and identify clearly the identifier/username and date range • Must list what records to be secured • Must have your SIGNATURE • Most Service Providers have Law Enforcement Guides….Review and know what that provider retains. NOTE- you will only get what you ask for! • Always a question--- Who do I send this preservation order to? • Go to www.search.org • Mention the preservation in your report
Sample Preservation www.bcsdcybercrimes.com If a provider has their own preservation order use their form. If no form, then use the sample. • Facebook / Instagram use the law enforcement portal at • www.facebook.com/records
Subpoena vs. Search warrant Can be very confusing and down right frustrating!
Requesting court document- Subpoenas • Subpoenas- (Grand Jury or Investigative Subpoena) • Basic Subscriber Information • Usually entitles the basic information on an account, such as: • Name of account holder and address • Account registration (creation date with an IP (Internet Protocol) Address • IP Logs • Basic phone call logs • Credit device used to set up account • Any Email beyond 180 days old • Bank Records • ALSO, PLACE A DISCLAIMNER FOR NON-DISCLOSURE ORDER • REMEMBER, if you don’t ask for the record you won’t get the data, don’t assume!! Refer to a LAW ENFORCEMENT GUIDE from the Provider, if possible.
Requesting Court Document- Search Warrant • Search warrants for Electronic Data will get information beyond basic subscriber records. This will get data considered as the “Expectation of Privacy” • Search Warrants will get the following: • Subscriber records (More detailed) • Instant messages maintained on the ISP servers • Potentially deleted content • Email Content (current and older) • Detailed Phone Records • Tower records for Cell Phones • Live Text Messages- Before purge • Deleted Content (?) Not a guarantee • ALSO, PLACE A DISCLAIMNER FOR NON-DISCLOSURE ORDER REMEMBER, if you don’t ask for the record you won’t get the data, don’t assume!! Refer to a LAW ENFORCEMENT GUIDE from the Provider, if possible.
Analyze the documents…what’s the next step • Some records can be confusing to read • If your having trouble, contact the Task Force or another LE who’s worked a case with the Provider • Cross check your records with the date requested to validate the Provider pulled the correct information • Further identified data from records will lead to additional search warrants (i.e. IP addresses, email accounts or additional phone numbers) • Affidavit and records need to be placed in evidence for safekeeping • Child related crimes. If data contains CP, this data remains in state custody under RsMo 573.038. Place in evidence! Never disseminate!
Additional sites • www.maxmind.com Use this site for Geo-Locate site on an IP address Example 24.217.211.2 • New IP address called IPv6 • http://www.whois.com/ Example website-ultimatemayhem.net
Use www.search.org to find the location to send court orders
Digital Evidence Part III
Objectives • Be able to identify types of electronic items capable of storing useful data • Collect evidence while maintaining forensic integrity and minimizing data loss • Properly and accurately document items of physical electronic evidence • Be able to describe what happens to both deleted and live data when a device is previewed and recognize when a live preview should or should not be used • Explain what forms of evidence are common of forensic analysis