Electronic evidence: More than just a hard drive. March 2015 Publication No. 15-02



Similar documents
Oppression remedies: who should buy out whom, and at what price?

A revised standard for forensic accountants

To gross-up or not to gross-up

Clarity Middle School Survey

Clarity High School Student Survey

Introduction to Cloud Services

CD and DVD drives offered a lot more capacity to install and store files but lacked the convenience of the small floppy disks.

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

Media Trends: Q4 Report

How cloud computing can transform your business landscape

forensics matters Audit negligence: Who is to blame when it all goes wrong? Publication No

Computer Adelaide & Internet City Training Program

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, What Cloud Computing is and How it Works

Shafiq Khan. An Introduction to. Cloud Computing 13/12/2012

forensics matters Advanced interview techniques

TECHconnect Classes for Seniors

How cloud computing can transform your business landscape.

Cloud Computing. What is Cloud Computing?

ICT Safe and Acceptable Use Policy for Students

C. All responses should reflect an inquiry into actual employee practices, and not just the organization s policies.

Computing Services and Systems Development PittStart

Information Technologies and Fraud

Communications report series Report 1 Australians digital lives MARCH 2015

Case study on asset tracing

Investigating the prevalence of unsecured financial, health and personally identifiable information in corporate data

Introduction to Cloud Storage GOOGLE DRIVE

Internet. switchtelecom.com.au. May2014-Version 1

City Surveillance and the Cloud

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for:

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

SMART PHONES. A review based on Android from Samsung Apple IPhones will have very similar operational characteristics

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

Data Protection Act Bring your own device (BYOD)

Key Words: Internet marketing, social media marketing, mobile advertising

About me & Submission details

USES OF INTERNET TECHNOLOGIES IN CHILD SEXUAL ABUSE CASES. Peer to Peer Networking TYPES OF TECHNOLOGY. Presentation Supplement. How can it be used?

Remote Infrastructure Management Emergence of the Cloud-based Helpdesk

ZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery. ZL TECHNOLOGIES White Paper

Case Study: Smart Phone Deleted Data Recovery

Dell Wyse Cloud Connect

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary

device management solutions

Case Study: Cyber Stalking and Spyware in Divorce Cases

The 9 Pillars of Enterprise Mobility

T H E E D U C A T I O N C L O U D. Freedom... a true Cloud based solution for education!

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

CAPABILITY STATEMENT. > Forensic Technology Team < Daniel Hains, Director t (07) e dhains@vincents.com.au w

How To Answer A Question About Your Organization'S History Of Esi

Solve the Dropbox Problem with Enterprise Content Connectors. Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors

Mobile Cloud Computing. Chamitha de Alwis, PhD Senior Lecturer University of Sri Jayewardenepura

The Autonomous Customer 2015: On-hold for Intelligent Customer Service - Global

For example some Bookkeepers are using Dropbox to share the accounting files between them and their client.

endpoint Antivirus Application Control Removable Device Encryption enjoy Data protection

Top Talent is Mobile. Are You?

Cybersecurity Practices of Ohio Investment Advisers; A Summary of Survey Responses

Chapter 19 Cloud Computing for Multimedia Services

Monetizing Mobile Applications How to maximize investment, move up the value chain and expand into new markets

Commercial Security Made Simple with Cloud Video Surveillance

Mobile Testing That s Just a Smaller Screen, Right?

Backing up your digital image collection provides it with essential protection.

2015 USER GROUP CONFERENCE

ABC PRIVACY POLICY. The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services.

Mobile Technology For Tourism

A Survey on Mobile Forensic for Android Smartphones

IT Peace of Mind. Powered by: Secure Backup and Collaboration for Enterprises

PARKING PRACTICE NOTES Revised March Technology in the Parking industry

Transcription:

Electronic evidence: More than just a hard drive March 2015 Publication No. 15-02

1 Introduction 2 Over the last decade, the computer hard drive has been the main point of data storage and therefore the key source of electronic evidence for investigations and litigation. This has changed rapidly in recent years with the rapid growth of new data storage technologies, such as smart phones, tablet devices and of course cloud storage. In this article, Daniel Walton, a Forensic Technology manager in our Sydney office, discusses potential new sources of electronic evidence, and some examples of their use in our Forensic Technology team s recent work. 2 A new digital landscape Recently there has been a huge explosion in the number of personal electronic devices, triggered by the rapid increase in mobile phone technology and rising internet speeds. Nearly everyone now has a smartphone, with almost their entire lives stored on it, making these devices and internet access the new basic human need (see the image below). Selfactualisation Pursue inner talent Creativity Fulfillment Self-Esteem Achievement Mastery Recognition Respect Belonging - Love Friends Family Spouse Lover Safety Security Stability Freedom from Fear Physiological Food Water Shelter Warmth Original Malsow s Hierachy of Needs Source: Maslow A., Motivation and Personality, Harper, 1970 Selfactualisation Pursue inner talent Creativity Fulfillment Self-Esteem Achievement Mastery Recognition Respect Belonging - Love Friends Family Spouse Lover Safety Security Stability Freedom from Fear Physiological Food Water Shelter Warmth WIFI BATTERY Malsow s Hierachy of Needs 3.0 Source: https://twitter.com/morten/status/503519307402600449 Many people are using their personal devices for both personal and business use meaning information vital to an investigation or litigation could be stored on a phone or tablet (often a device with internal storage capacity similar to desktop computers from ten years ago). Additionally, information could be retained on devices you have never considered might store data, such as in-car GPS navigation devices, gaming consoles or printers. We suggest that the following devices should be considered as potential sources of electronic evidence.

Traditional data sources for electronic evidence New sources of electronic evidence 3 Desktop computers Mobile phones including smart phones Laptop computers GPS navigation devices these devices can record location data Servers including multiple disk storage Multi-Function Printers (MFP s) these devices can store print logs and potentially print jobs USB devices Digital video recorders CD/DVDs Digital voice recorders Floppy disks Digital still cameras including SD/CF cards and other types of memory cards Backup devices including tapes Internet and cloud storage (see callout box below) The Cloud Cloud Computing is the practice of using an on-demand, robust and scalable network of remote computer technologies to store, manage and process data, rather than using local servers or personal computers. Online data storage, also known as cloud storage, has become a popular way of storing data, and it is now easy for users to back up or copy photos, music and other data remotely to the cloud from mobile phones. This means that organisations should be alive to the possibility of Intellectual Property (IP) theft, as it is now so easy for employees to synchronise company data to their own cloud accounts. Cloud storage sites like Dropbox and Google Drive are common in daily use and can be a convenient tool for misappropriating company data. Also, depending on the setup of a users mobile device, some users are storing data in the cloud without even knowing: companies such as Facebook, Google Plus and LinkedIn are storing our information on the cloud. It may also be appropriate to consider these sites as potential sources of electronic evidence in an investigation or as part of litigation.

Internet sources of evidence 4 Social networking sites such as Facebook, LinkedIn and Instagram. Cloud storage sites such as Dropbox, Google Docs and icloud. Communication and chat sites such as Twitter, MSN, Skype Chat and Facebook chat. Commerce sites such as share trading sites, banking sites and auction/ shopping sites such as ebay and Amazon. 3 Recent examples of cases undertaken by our team GPS An insurance claim was being investigated regarding a suspicious claim from the Brisbane floods in 2011. The claimant had claimed that their luxury vehicle had been flooded and that this incident could not be avoided. When an examination of the car s on-board computer and GPS was conducted, the evidence showed that the vehicle had been driven toward the rising floodwaters just before the Brisbane River broke its banks. The claimant s story did not match the data from the vehicle s GPS and, as a result, the claim was denied. DropBox A staff member left a Company A taking company information with them and then set up a Company B in competition. Analysis of their Dropbox usage showed they had uploaded data from Company A to Dropbox toward the end of their employment and then shared and accessed this information from Company B after they had left. Legal action was taken and this information was used in court. Digital still camera/smart phone There was an insurance case in which a claimant claimed to have lost their handbag. This handbag was reported to contain numerous expensive items including a large amount of cash and an ipad. Forensic analysis of the digital photos provided by the claimant showed that these photos had been taken a significant time after the alleged date of loss and just a few hours after the insurance company had asked for photos as proof of the claimed items. The insurance company was then able to decline the claim based on this information.

4 Conclusion 5 It s always important to consider the many different types of devices that are now available to store information, or which are perhaps storing information without the user s knowledge! Whilst personal computers and file servers are still relevant data sources, it is important to make sure that all potentially useful sources of evidence are obtained and reviewed by forensic technology specialists, as they could be pivotal in proving or disproving a case. Furthermore, obtaining data from the cloud is often complex, so when faced with an investigation or litigation, we suggest that acquisitions of cloud data are undertaken by experienced forensic technology specialists to avoid the risk of data modification. About the author Daniel Walton Manager Sydney +61 8257 3087 dwalton@kordamentha.com Daniel has 4.5 years experience in the area of computer forensic investigations, working on corporate frauds, financial crimes, e-discovery, intellectual property theft and contractual disputes. This has included assisting investigations of law enforcement and regulatory bodies with the execution of a number of Anton Pillar Orders and Search Warrants. Daniel has a broad range of technical skills forged in over 20 years computer networking, systems administration, data storage systems, and data recovery experience.

KordaMentha Forensic We provide clarity and objectivity to organisations when the commercial stakes are high, and the evidence is critical to the outcome. Our specialist forensic tools, rigorous analysis and clear presentation of the financial, factual and electronic information provides insights that are otherwise hidden in the detail of a dispute, investigation, or review. Melbourne Owain Stone +61 3 8623 3410 ostone@kordamentha.com Robert Cockerell +61 3 8623 3355 rcockerell@kordamentha.com Stephen Helberg +61 3 8623 3488 shelberg@kordamentha.com Craig Macaulay +61 3 8623 3373 cmacaulay@kordamentha.com Anthony Hodgkinson +61 3 8623 3307 ahodgkinson@kordamentha.com Brittany Lincoln +61 3 8623 3426 blincoln@kordamentha.com Sydney Andrew Ross +61 2 8257 3051 aross@kordamentha.com John Temple-Cole +61 2 8257 3077 jtemplecole@kordamentha.com Nigel Carson +61 2 8257 3080 ncarson@kordamentha.com Paul Curby +61 2 8257 3050 pcurby@kordamentha.com Alex Bell +61 2 8257 3053 abell@kordamentha.com Perth Grant Whiteley Director +61 8 9220 9331 gwhiteley@kordamentha.com Brisbane David Van Homrigh +61 7 3338 0220 dvanhomrigh@kordamentha.com Brian Wood +61 7 3338 0250 bwood@kordamentha.com Adelaide Stephen Duncan +61 8 8223 8106 sduncan@kordamentha.com Briston Talbot Associate Director +61 8 8223 8114 btalbot@kordamentha.com Singapore Matthew Fleming +65 6593 9363 mfleming@kordamentha.com Subscribe to our publications at kordamentha.com/subscribe Learn more about our forensic services at kordamentha.com/forensic This publication, and the information contained therein, is prepared by KordaMentha Forensic s and staff. It is of a general nature and is not intended to address the circumstances of any particular individual or entity. It does not constitute advice, legal or otherwise, and should not be relied on as such. Professional advice should be sought prior to actions being taken on any of the information. The authors note that much of the material presented was originally prepared by others and this publication provides a summary of that material and the personal opinions of the authors. Limited liability under a scheme approved under Professional Standards Legislation.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information