1 / 37

Cyber Crimes

Cyber Crimes. Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division. Introduction. RCFL (Regional Computer Forensic Lab) The FBI’s Cyber Investigations New Legislation: Cyber Stalking. Regional Computer Forensic Labs (RCFL).

yves
Download Presentation

Cyber Crimes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division

  2. Introduction • RCFL (Regional Computer Forensic Lab) • The FBI’s Cyber Investigations • New Legislation: Cyber Stalking

  3. Regional Computer Forensic Labs (RCFL) • One-stop, full service forensics laboratory • Training center - to train all LEO • Devoted to the examination of digital evidence in support of criminal investigations www.rcfl.gov

  4. Texas HB 2703 • Law signed June 2003 • Physical evidence not admissible unless lab or other entity accredited • If not accredited, need to retain sample of physical evidence • After Sept. 2005 labs required to be accredited

  5. The RCFL & You • LEO and Private Entity personnel can submit electronic evidence to the RCFL to be examined Or • A law enforcement agency can join the RCFL: • Send an officer to become a computer forensic examiner • RCFL pays for training, equipment, space for that examiner

  6. Training • Provided to any law enforcement personnel free of charge • Use the RCFL classrooms • For class schedule, descriptions and registration: www.ghrcfl.org • Sign up online • Forensic classes • Bag & Tag class / Image Scan class

  7. RCFLs support: • Terrorism • Homicide • National Security • Violent Crimes • Child Pornography • Theft or destruction of Intellectual Property • Fraud

  8. RCFL Services • Laboratory - examination of digital evidence • Technical - advice on preparing search warrants (digital), seizure of digital evidence, techniques for handling digital evidence • Training - Free technical training for both forensic examiners and non-forensic LEO personnel (investigators) • On-Site - RCFL examiners can deploy to locations to execute search warrants on site

  9. To Submit Evidence to the RCFL • Submit only digital evidence • Computers, hard drives, CDs, floppies, USB drives, cameras, telephones • Separate these items from other evidence (paper documents, objects) - store in your own property room • Search warrant or signed consent to search form must be with the evidence • RCFL examiner can also go to a location and make a forensic/digital copy on site (so you do not have to take the owner’s computer)

  10. FY05: What the RCFLs Did For Us • Services - Provided digital data processing for state, local and federal government agencies • Program Growth - Total RCFLs grew to 9. Available to more than 3500 law enforcement agencies in 11 states • National Recognition - Harvard University’s 2005 Innovations in American Government

  11. FY05: What the RCFLs Did For Us • Training - • Digital Forensic tools & techniques • Investigator tools & techniques • Support to Major Investigations • Increased Number of Participating Agencies • 90 total participating agencies • 13 state agencies • 54 local agencies • 23 non-FBI federal agencies

  12. Types of Evidence Examined • Cell Phone Forensic Exams • Audio/Video Forensic Exams • Computer Exams (Windows, Unix, Mac) • Digital Media Exams (USB drives, flash memory, CDs, DVDs, etc…) • Digital Camera Exams

  13. Associate Examiner Initiative • Created by San Diego RCFL • Allows non-FBI RCFL Forensic Examiners to finish their tenure at an RCFL, then return to their parent agency and maintain their certification and skills • Being implemented nationwide during FY06

  14. Case Agent Investigative Review Training (CAIR) • Purpose: for investigators to use the FBI’s Review Net system to review forensic exam results • Review Net: a tool which allows investigators to review the forensic results of an exam via the FBI’s Intranet • CAIR: one-day training course, hands-on, comes with a “refresher CD” so students can refer to it after the course is finished

  15. How an RCFL Works • FBI provides: • Funding, training, laboratory facility • RCFL Director: • Manages the day-to-day operations. The Director is a management level individual from an RCFL member agency (state, local, federal). • Member supervision: • Remains with the officers’ or agents’ “home agency” for non-RCFL matters • Laboratory procedures outlined by the RCFL Program Office, FBIHQ, Laboratory Division

  16. On The Horizon • Expanding the RCFL program: service area growing from 11 to 16 states during FY06 (with a total of 11 RCFLs) • Implementing Review Net: • Currently, only people with access to the FBI’s Intranet can access Review Net. • Soon, RCFL participating members from non-FBI agencies will also access it within an RCFL. • Eventually, participating members from non-FBI agencies will access it from their own office space

  17. On The Horizon • ASCLD/LAB Accreditation - At least four RCFL’s are expected to submit their accreditation applications during FY06 • Adding RCFL Personnel - Increased digital processing caseloads mean more RCFL examiners are needed nationwide

  18. Member Agencies • Participating agencies and their personnel receive: • 7 weeks of forensic examiner training • Exposure to the most technologically advanced computer equipment available • Broad experience in a variety of digital forensics cases • A stake in the management of the RCFL.

  19. Examiner Training/Certification Basic Data Recovery Analysis (BDRA) (1 week) Net+ Certification Training (1 week) FBI Boot Camp (2 weeks) A+ Certification Training (2 weeks) Moot Court (1week) National White Collar Crime Center Commercial Vendor Commercial Vendor FBI • Defense attorneys query participants on their examination results • Oral presentation test • Following the course, examiners conduct competency examination on test hard drive and send results to training coordinator • Training culminates in taking nationally recognized A+ certification test • Training culminates in taking nationally recognized Net+ certification test • Training culminates in end-of-course test Examiners must also conduct five searches and five exams under the supervision of an FBI-certified forensic examiner • Complete one advanced FBI-sponsored class per year • Complete two additional outside classes per year • Pass yearly proficiency test To maintain certification:

  20. North TX RCFL (Dallas) Dallas PD FBI - Dallas Division Garland PD Grand Prairie PD Plano PD Richardson PD TX AG US Attorney - NDTX Greater Houston RCFL FBI - Houston Harris County - Pct 4 Constable’s Office Harris County - Pct 5 Constable’s Office Harris County SO Houston PD Pasadena PD Tomball PD RCFLs in Texas

  21. North TX RCFL (Dallas) Chicago RCFL Heart of America RCFL (Kansas City) New Jersey RCFL Silicon Valley RCFL Greater Houston RCFL Intermountain West RCFL (Salt Lake City, Utah) Northwest RCFL (Portland, OR) San Diego RCFL RCFLs Nationwide

  22. RCFLs to be added • Rocky Mountain RCFL - Denver, CO • Miami Valley RCFL - Dayton, OH • Philadelphia RCFL - Philadelphia, PA • Western New York RCFL - Buffalo, NY

  23. www.rcfl.gov • Training Portal - course descriptions, schedule, registration • National Program - employment opportunities, accreditation, locations • Virtual Newsroom - Annual Report, Resource Kit, speeches, statements

  24. Need to Contact the Greater Houston RCFL? Dennis Williams, Director Greater Houston RCFL 713-316-7878 www.rcfl.gov

  25. Break !! Block 2 begins 10:00 am The FBI’s Cyber Investigations New Legislation: Cyber Stalking

  26. Cyber Crimes Overview Types of Cyber Crimes the FBI investigates • Counterterrorism Intrusions • Counterintelligence Intrusions • Crimes Against Children / Exploitation • Intellectual Property Rights Violations • Identity Theft / Fraud

  27. What Does the FBI Consider a Cyber Crime? Is the computer a target? Intrusions Or…. is the computer a tool? • Computer Facilitated Crime/ • Internet Fraud

  28. COMPUTERS AS A TARGET • Intrusion • Motive: • To impair, damage, alter the computer system • To steal valuable data (credit card #s, SSANs) • Can evolve into other substantive violations • An intrusion into a bank for the purpose of stealing $$$ • An intrusion into a business or university database for the purpose ofstealing SSANs

  29. COMPUTERS AS A TOOLComputer Facilitated Crimes • A convenient way to commit a host of crimes • Examples include: • bank fraud • phishing • credit card fraud • child pornography • identity theft • theft of intellectual property

  30. What Does a Hacker Look Like? • Student • Employee • Adolescent • Parent • Competitor • Foreign government

  31. New Legislation: Cyber Stalking • 47 United States Code 223 - telecommunications harassment statute • Amended January 5, 2006 • Section 113 of the Violence Against Women Act - addition to 47 USC 223

  32. Section 113 • Prohibits anyone from using a telephone or telecommunications device without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person • Penalties: Up to 2 years imprisonment or fines

  33. Challenges • The new law is intended to curb free speech • Has a “chilling effect” on First Amendment rights • ACLU: subjective nature of the word “annoy” means law too vague, thus unconstitutional

  34. Who is Affected by this Law? • Internet users: blogs, online bulletin boards/opinion sites, message boards • Advertisers • Political Activists

  35. OPEN DISCUSSION !

  36. Cyber Crimes Heidi Estrada 512-794-3102 Hestrada@leo.gov Austin Resident Agency/San Antonio Division

  37. Lunch !! Return at 1:30 Next Session

More Related