DoD Cyber Crime Center DC3. AFCEA Luncheon

Transcription

1 DoD Cyber Crime Center DC3 AFCEA Luncheon Jim Christy, Special Agent (Ret), HQE Director, Futures Exploration 15 November 2012

2 Definition What is the Definition of Cyber? Slide 1

3 Slide 2

4 Cyber Cyber is much more than just intrusions Intrusions are NOT the only Cyber Crime Number 1 cyber crime in the world is: Production & distribution of Child Pornography Espionage is a crime Terrorism is a crime Slide 3

5 Intrusions Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75- cent accounting error. Intruder breaking into U.S. computer systems and stealing sensitive military and security information., missile bases, and the ultimate sting operation and how one ingenious American trapped a spy ring paid in cash and cocaine, and reporting to the KGB Slide 4 My 1 st Cyber Crime Case

6 DC3 - National Cyber Center DoD Center of Excellence for Digital Forensics Slide 5

7 Defense Computer Forensics Laboratory (DCFL) DC3 Defense Cyber Investigations Training Academy (DCITA) National Cyber Investigative Joint Task Force Analytical Group (NCIJTF-AG) Defense Cyber Crime Institute (DCCI) Defense Industrial Base Collaborative Information Sharing Environment (DCISE) Slide 6 Futures Exploration (FX)

8 Futures Exploration FX Slide 7

9 National Center of Digital Forensics Academic Excellence CDFAE Slide 8

10 CDFAE A partnership between DC3 and educational institutions Standards and quality assurance in Digital Forensic education DCITA training objectives become baseline for education goals DCITA courses accredited by participating academia Increase Digital Forensics candidate pool Save money Prepare students for jobs Slide 9

11 Student Progression Potential Workforce Skilled Workforce Workforce Demand 1 st & 2 nd Learners Slide 10 10

12 Current DACCA Partners DACCA Academic Members Norwich University UTICA College Stevenson University Anne Arundel Community College Howard County Community College Oklahoma State University (OSU) Air Force Institute of Technology (AFIT) Johns Hopkins (Carey Business School) DACCA is CDFAE Governing Board Professional Organization Members American Academy of Forensic Sciences (AAFS) /Forensic Science Education Programs Accreditation Commission (FEPAC) Slide 11

13 CDFAE Now Accepting Applications University of Maryland University Campus University of Texas, San Antonio Champlain College University of Colorado, Colorado Springs Bloomsburg University Capitol College Longwood University Wilmington University Ferris State University Auburn University University of Central Florida Catawba Valley Community College Contact Telephone: Fax: Slide 12

14 100,000 Feet Program not the School is Accredited Students are Certified to a Standard Knowledge, Skills, Application, Validation Covers full education spectrum model Slide 13

15 Benefits of CDFAE DC3 Nationally recognized digital forensic education standard Set Digital Forensic standards Influence broad digital forensic education objectives Students Defined education objectives Validation of Skill Set Employment Differentiator Local Education resources Education Providers Increased student employment opportunity Discriminator of educational excellence in digital forensic Direct input of real world requirements / examples Employers Verifiable Employee Skill Set Job Ready Day 1 Increased candidate pool Slide 14

16 The Dispatch is a daily with major news stories from various external sources. All information can be found via external sources on the world wide web. - Cyber Crime - Government - Intrusion News - Legal - Information of Note - Security Alert - News, Technologies, Techniques DC3 Dispatch To Subscribe to the DC3 DISPATCH: Dispatch@dc3.mil RSS Feed: Slide 15

17 DC3 Digital Crime Scene Challenge Slide 16

18 Crime Scene Challenge Designed to have fun and experience a crime scene scenario. Search for evidence that maybe relevant to an investigation. Slide 17

19 DC3 Digital Crime Scene Challenge - Up to 2-5 team members - Participants don t need any equipment - Read 1 page scenario - Read 1 page interrogation - Enter crime scene with 15 minutes to: - Identify all digital devices - Triage digital devices based on scenario & interrogation to select the one device that has the evidence you need - Retrieve the evidence - Points for each device, and evidence - Tie-Breaker is time Used for CyberPatriot IV National Finals, Defcon Slide 18

20 SUBJECT has 560 GB Hidden on Person 8 GB 4 GB 500 GB 2 GB 4GB 256 MB 4 GB 4 GB 16 GB 4.7 GB 2 GB 50 MB 4 GB 4 GB 712 MB Slide MB 2 GB 16 MB

21 Reference Key -1 Page = 4,800 char - 80 char per line - 60 lines per page - 1 Ream 500 pages pages = 2,400,000 char - 1 Safe drawer = 10 reams or 24,000,0000 char - 5 drawer safe = 120,000,000 char or 120 GB WikiLeaks = 1 DVD = 4.7 GB > 350,000 classified documents and cables Manniquin = 560 GB > 119 Times WikiLeaks Slide 20

22 Defcon Kids Slide 21

23 Defcon: Meet the Feds Slide 22

24 Slide 23

25 Questions Category Rookie Journeyman Master Law & Ethics Investigative Process Digital Forensics Lab Crime Scene Digital Forensics Exam # Correct Needed to Pass Slide 24

26 Certificates Slide 25

27 Where to find it The full version of CSI Cyber can be found at For more information, contact the DC3 Challenge Team at or Slide 26

28 DoD Cyber Crime Conference Conference Slide 27

29 11 th Annual DoD Cyber Crime Conference Focuses on: computer crime incident response intrusion investigations cyber crime law digital forensics information assurance RD&TE Provides opportunity to meet the professionals in other complimentary disciplines Slide 28

30 Conference Stats Conference Registration Overall: Attendees: 1,206 Training 615 Classified Session Attendees Trained Year Year 2001 Year Year Year 2006 Year 2007 Year 2008 Year 2009 Year 2010 Year 2011 Year 2012 Slide 29

31 Wireless Technology Workshop DCITA 2 20 Slide Classes DoD Taught Cyber Twice Crime Conference Org # of Days Slots Adv. Wireless Lab DCITA 1 12 Analyzing Malicious Carrier Files and Common Exploits DCFL 2 14 DCITA Live DCITA 1 48 Essential Tradecraft for Digital Sleuths DCITA 1 12 Intro to Cyber Analysis DCITA 2 14 Intro to Encase for Prosecutors & Case Agents DCITA 1 12 Intro to Server 2008 DCITA 1 20 Intro to Windows 7 DCITA 1 48 Introduction to Malware Analysis DCITA 2 20 Linux Incident Response Fundamentals DCITA 1 18 Linux Incident Response Scripting DCITA 1 20 Mac + VMS = Challenges DCITA 1 12 Mac Forensics DCITA 1 14 Mac Response DCITA 1 14 Pen Testing 101 DCITA 1 20 SANS Lethal Digital Forensics Techniques and Memory Analysis SANS 2 40 Windows Incident Response Fundamentals DCITA 1 18 Windows Incident Response Scripting DCITA 1 20

32 2012 Cyber Crime Conference Slide 31 David McCallum, TV Star from NCIS & Man from Uncle attended

33 Jimbo I think your Conference is DOA! Slide 32

34 DC3 Digital Forensics Challenge Challenges Slide 33

35 DC3 Digital Forensics Challenge Partners 285 UK Teams Slide 34

36 DC3 Digital Forensics Challenge Level 100 Well known solutions (File Signatures, Suspicious Software, Hashing Metadata, etc.) Level 200 Known solutions (Data Hiding, File Headers, Passwords, Registry, etc.) Level 300 Difficult solutions (Intrusions, Cracking, Data Recovery) Level 400 No known unclassified solutions (Encryption, Virtualization, Steganography, etc.) Level 500 Tool development (Data Recovery, Automation, etc.) Slide 35

37 2011 Challenge Winners US Winners Univ AZ US HS Winners Poolesville MD US Community College - AACC Slide 36 US Post Grad-Dakota State Univ

38 2012 Challenge Locations Approved U.S. Teams (658) in 49 states Approved International Teams (514) in 52 countries (excluding U.S.) Arkansas I guess thinks cyber is a fad Slide 37

39 Challenge Team Participation by Affiliation Teams by Affiliation Number of Teams Academic Civilian Commercial Government Military Other Total Teams ,153 1,010 1,147 1,209 Slide 38

40 DC3 Digital Forensics Challenge Exercise Submissions 2012 = 1,356 submissions Level submissions 2011 = 850 submissions Level submissions 2010 = 279 submissions Level submissions Slide 39

41 DC3 Digital Forensics Challenge 2012 Maryland DC3 Digital Forensics Challenge Maryland = 113 teams Virginia = 58 teams Texas = 49 teams California = 41 teams Florida = 29 teams This year we wanted to recognize the Maryland Champions Slide 40

42 Maryland DC3 Digital Forensics Challenge Winners Poolesville High School PHSFalcon4 Beat 112 other Maryland teams High Schools Community Colleges Undergrads Grads Commercial Military Government Slide 41

43 Maryland DFI Challenge MD winners will be recognized Thursday 29 Nov PGCC 1st Annual Maryland Digital Forensics Investigation Conference and Challenge All day briefings and Cyber Crime Case Competitions for MD: High Schools Community Colleges 4 yr colleges & universities Slide 42

44 Who: Maryland High School, Community College & Universities Law Enforcement, public officials & others interested in observing the challenge What: Recognize the winning MD Team of the 2012 DC3 Digital Forensics Challenge Hear engaging and informative briefings Cultivate academic interest When: November 29-30, 2012 Maryland DFI Challenge Slide 43

45 Maryland DFI Challenge Where: Prince George s Community College, Largo, MD Why: Maryland has become, the National Epicenter of Cyber Security To honor Maryland s stature as a hub for digital forensics innovation, training, and recruitment To promote STEM in Maryland How: Register online! Slide 44

46 Produced by: Prince George s Community College CyberWatch Local Advisory Council for Career & Technical Education of Prince George s County (LAC) Participation by: DoD Cyber Crime Center (DC3) Slide 45

47 Teams will have only 20 min to conduct all phases of the investigation to include, Legal Documentation, Investigative Process, Crime Scene Search, Chain of Custody, Lab Exam, and the Trial DAY 1: Thursday, 29 Nov (OPEN TO ALL) Competition, Briefings and DC3 Digital Forensics Tool Expo DAY 2: Friday, 30 Nov (WINNERS ONLY) Pentagon Briefings Register Now! Slide 46

48 DC3 Poster Contest Creative? Artistic? Create a DC3 Poster to promote awareness for DC3, Cyber Crime Investigations, and Digital Forensics Slide 47

49 Challenge.gov Slide 48

50 Contact Information Defense Cyber Crime Center: DoD Cyber Crime Conference To Subscribe to the DISPATCH Send Digital Forensics Challenge Send Jim Christy, Special Agent (Ret) Slide 49

51 DoD Cyber Crime Center DC3 Jim Christy, Special Agent (Ret), HQE Director, Futures Exploration DoD Cyber Crime Center (DC3) Office: Cell: Web: