MOBILE DEVICE FORENSICS 101: A GENERAL OVERVIEW OF SMARTPHONE INVESTIGATIONS



Similar documents
Case Study: Hiring a licensed Security Provider

Case Study: Smart Phone Deleted Data Recovery

Sensitive Incident Investigations. Digital Risk Management. Forensics Testing.

Lance Eliot Sloves. Computer Forensic Services, Inc Allen St. #743

How To Get A Computer Hacking Program

Case Study: Cyber Stalking and Spyware in Divorce Cases

Digital Forensics for Attorneys Overview of Digital Forensics

SUMMARY SELECTED EXAMPLE ENGAGEMENTS. Jerry Hatchett

Case 9:14-cr KAM Document 135 Entered on FLSD Docket 07/27/2015 Page 1 of 2 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA

Case Study: Mobile Device Forensics in Texting and Driving Cases

Information Technologies and Fraud

Chapter 7 Securing Information Systems

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Certified Digital Forensics Examiner

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

CURRICULUM VITAE. David T. Gallant (USAF Retired) President, Gallant Computer Investigative Services, LLC

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Certified Cyber Security Analyst VS-1160

Services. Computer Forensic Investigations

Presentation Presented By FORENSIC INVESTIGATIVE TEAM

Computer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona

e-discovery Forensics Incident Response

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

WHITE-COLLAR CRIMES IN CALIFORNIA DOMENIC J. LOMBARDO

Ernesto F. Rojas CISSP, DFCP, IAM, IEM, DABRI, PSC, MBA

InfoSec Academy Forensics Track

Presentation Title Presentation Subtitle. The Unique Alternative to the Big Four

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Lance Eliot Sloves. Computer Forensic Services, Inc Allen St. #743

Computer Forensics Preparation

EnCase Enterprise For Corporations

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Attorney General Balderas Criminal Affairs Update to Courts, Corrections & Justice Interim Committee

Curriculum Vitae. Stephen C. Odenthal LPI EnCE Licensed Private Investigator Certified Computer Forensic Examiner

Labor and Employment 2015 Conference

S. Robert Radus, CPA CFE PI Curricula Vitae. Examination of plaintiff, respondent, and defendant books and records to determine:

COMPUTER USE POLICY. 1.0 Purpose and Summary

ATTACHMENT A AFFIDAVIT. A. Introduction 1. I am a Special Agent of the Federal Bureau of Investigation (FBI) and

plantemoran.com What School Personnel Administrators Need to know

Chapter 15 Criminal Law and Procedures

Digital Forensics & e-discovery Services

CERTIFIED DIGITAL FORENSICS EXAMINER

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

CARCO GROUP INC. Leader in Vehicle Pre-Insurance Inspection Management and Technology Development

INCIDENT RESPONSE CHECKLIST

Information Security Policy

Keith Barger MFS, MCSE, CCE

CODE OF ETHICS AND BUSINESS CONDUCT

To do Justice, as no one is above the Law nor beneath its protection.

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

Presented by: Greg Chatten, CEO Forensic Computer Service, Inc (c) Forensic Computer Service, Inc.

What is Digital Forensics?

Computer Forensics US-CERT

MISSISSIPPI IDENTITY THEFT RANKING BY STATE: Rank 32, 57.3 Complaints Per 100,000 Population, 1673 Complaints (2007) Updated December 21, 2008

Niagara County Community College

How To Be A Computer Forensics Examiner

How-To Guide: Cyber Security. Content Provided by

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad

WILLIAM OETTINGER PHONE (702)

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

EC-Council Ethical Hacking and Countermeasures


EnCase Endpoint Security Product Overview

Cyber Security. John Leek Chief Strategist

Contra Costa Community College District Business Procedure SECURITY CAMERA OPERATING PROCEDURE

MISSOURI IDENTITY THEFT RANKING BY STATE: Rank 21, 67.4 Complaints Per 100,000 Population, 3962 Complaints (2007) Updated January 11, 2009

The FBI and the Internet

Preservation and Production of Electronic Records

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009

Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT Research Paper

UNITED STATES DISTRICT COURT DISTRICT OF OREGON Portland Division. V. CRYSTAL COX, Pro Se Defendant

Robert D. Moody, JD CISA CISM ACE

Criminal Investigation. Stolen Identity Refund Fraud (SIRF)

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

DONALD F. CONWAY, CPA, Managing Director, The Mercadien Group

OFFICE OF THE DISTRICT ATTORNEY GEORGE H. BRAUCHLER, DISTRICT ATTORNEY 18TH JUDICIAL DISTRICT

New Hampshire Cyber Crime Initiative Overview Briefing. NH Assistant Attorney General Lucy H. Carrillo Internet Crimes Prosecutor

Transcription:

MOBILE DEVICE FORENSICS 101: A GENERAL OVERVIEW OF SMARTPHONE INVESTIGATIONS Course Description, Objectives, Agenda and Presenters Mobile Device Forensics is the extraction, processing and analysis of information stored on smartphones and tablet devices. Understanding this process, its uses and limitations is essential for attorneys in counseling their clients on discovery issues. This course has been approved for Minimum Continuing Legal Education Credit by the State Bar of Texas Committee on MCLE in the amount of 1.5 credit hours.

MOBILE DEVICE FORENSICS 101, GENERAL OVERVIEW OF SMARTPHONE INVESTIGATIONS COURSE DESCRIPTION: Mobile devices have become key in communication on both a personal and business level. Often, there is no separation between business and personal with the two melding together onto one source of key communication the mobile device. Recent political scandals often involve a digital component which includes emails, text messages, images and social media (i.e. Facebook, Instagram and Twitter, etc.) High profile criminal cases often use computer and mobile device forensics to look for everything from pictures, images and emails to Google search terms. All communication in the modern world takes place on computers and mobile devices (smartphones and tablets). This communication leaves a trail of digital data that can contain discoverable information. The ability to extract the data and analyze it in a forensically sound manner is crucial in both civil and criminal cases. Mobile device forensics focuses specifically on smartphones and tablet devices. While these devices are similar to their laptop and pc counterparts, there are distinct differences in their operating systems that require expertise specific to those devices. Mobile devices have emerged as key sources of data in cases such as: Family Law Contentious Divorce, Child Custody Employment Law Non Compete Enforcement Intellectual Property Law Theft of Intellectual Property, Trademark Disputes Bankruptcy Law Fraud and Hidden Assets Criminal Law Embezzlement and Fraud COURSE OBJECTIVE: This course provides a general overview of the mobile device forensics process to help attorneys counsel their clients on relative discovery issues. At course completion, attorneys should have a basic understanding of the types of data that can be extracted and analyzed, methods for obtaining data, typical smartphone operating systems and the limitations on data recovery specific to those operating systems. AGENDA (90 MINUTE PRESENTATION) 1.5 HOURS CLE CREDIT General overview of computer and mobile device forensics The forensic imaging process What types of mobile devices can be analyzed What types of data can be extracted and analyzed Issues and problems with the extraction of data in a fluid technology landscape Question and answer session 1 P age

PRESENTERS: BRETT DEARMAN, COMPUTER FORENSICS EXAMINER Brett Dearman has performed or participated in over 200 internal investigations of varying complexity from 2002 to present in the role of digital forensics examiner. These include alleged corporate espionage, theft of intellectual property, illegal trading practices, possession and distribution of pornography, and Human Resources related issues. Many of the collections were performed after normal working hours or by covert action. Mr. Dearman performed or assisted with numerous e-discovery initiatives including probable cause for reasonable termination. This includes the preliminary examination of personal computers and/or network servers as part of e- discovery. In the course of these investigations, interaction with attorneys, federal agents and law enforcement officers was common. Case Highlights: Mr. Dearman participated in the role of digital forensic examiner during a Department of Justice investigation regarding illegal natural gas trading practices. Mr. Dearman worked with lead investigation coordinator on direction of the investigation based on relevant evidence as it was discovered. Due to the nature of the employee s work as a commodities trader, the collection of evidence had to be done covertly. The employee took measures to obfuscate activities; however after an exhaustive examination of the collected evidence, a number of key files were recovered from unallocated disk space (deleted files), AOL Instant Messenger conversations and emails. Evidence provided lead to a number of indictments and ultimately, one conviction. (UNITED STATES OF AMERICA v. MICHELLE M. VALENCIA (False Reporting; 7 U.S.C. 13(a)(2) and Wire Fraud; 18 U.S.C. 1343). Mr. Dearman worked with investigators on the matter involving the Securities and Exchange Commission and three Dynegy executives accused of securities fraud. The investigation started with a limited scope, but soon grew to include the collection and examination of a significant number of employee computers. The preponderance of evidence came from a plethora of spreadsheets and other documents, all of which were turned over to investigators. The three executives were then charged and later convicted. (SECURITIES AND EXCHANGE COMMISSION v. GENE S. FOSTER, JAMIE OLIS, HELEN C. SHARKEY) Mr. Dearman performed initial investigation and evidence collection on alleged child pornography case. Over 5,000 graphic images were discovered during a routine digital forensic examination of a personal computer. Once files were identified as child pornography, the FBI was contacted as required by law. Because there was no evidence that the individual was selling or otherwise trafficking in child pornography, the case was turned over to the local police department. Evidence collected was then turned over to the local authority where an arrest was made and charges were filed for the possession of child pornography. 2 P age

Mr. Dearman performed initial investigation regarding an employee sending proprietary source code to their personal offline storage account from his workstation. Once the activity was detected, it was documented and presented to the corporate security investigator who approved a deeper examination. At that time, it was discovered the employee being investigated had in fact transferred nearly 500 megabytes of source code and in one case, a text file containing the login ID and password of a bank account file transfer site belonging to the company. Mr. Dearman assisted corporate security investigator with the interview of the employee. The results of the interview were reviewed, resulting in the employee s termination. Mr. Dearman performed initial investigation of a potential network intrusion and attempted theft of intellectual property. Mr. Dearman assisted with the digital forensics exam of the laptop suspected of being the source of the activity. It was determined the employee s laptop had inadvertently been infected with a Trojan Horse during a recent visit to a construction site in mainland China. The Trojan allowed Chinese hackers to access the laptop remotely and ultimately, the entire enterprise network. They had been in the process of uploading a number of proprietary engineering drawings when the intrusion was discovered. Evidence gathered by examination exonerated the employee or any wrongdoing while allowing investigators to pursue the hackers. Mr. Dearman created Dynegy s digital forensics lab in 2002 in response to investigations being conducted by the Department of Justice as well as a number of pending civil suits. With the assistance of former FBI and law enforcement officers, he developed the processes and procedures for digital forensic examination including proper evidence collection, processing and storage, chain of custody documentation, examination and reporting. During this process, he was trained on the forensics examination system EnCase (Guidance Software, Inc.) and ultimately obtained their Encase Certified Examiner certification. Certifications: CNE (x2) Certified Netware Engineer COE Certified OS/2 Engineer COLE Certified OS/2 LANServer Engineer MCP Microsoft Certified Professional MCP+I Microsoft Certified Professional + Internet MCSE Microsoft Certified Systems Engineer CMA Certified Metaframe Administrator (Citrix, Inc.) EnCE (x2) Encase Certified Examiner (Guidance Software, Inc.) CISSP Certified Information Systems Security Professional (International Security Certification Consortium) CPE Certified PGP engineer (PGP Encryption) ACE AccessData Certified Examiner - Forensic Toolkit (AccessData, Inc.) 3 P age

DANIEL WEISS, MANAGING PARTNER Mr. Weiss began his career in the security industry while in graduate school at Northeastern University, where he worked at a maximum security prison in Massachusetts, Walpole State Prison. Mr. Weiss left the public sector and entered the private security sector. During the past 15 years, Mr. Weiss has held managerial positions at Wells Fargo and Chubb. Mr. Weiss was also founder and CEO of EPS Security and Infrastruct Security. Mr. Weiss is the founding Texas partner of McCann Investigations, LLC, a Texas Corporation. Mr. Weiss has been interviewed as a subject matter expert on security by ABC, NBC, CBS, Security Director News, SDM, and Security System News. In addition Mr. Weiss has been featured in the Houston Chronicle and Houston Business Journal. Mr. Weiss brings extensive experience as a security professional in the area of private investigation, computer forensics, loss prevention, electronic security system design, and surveillance. As an industry entrepreneur, Mr. Weiss brings his wealth of knowledge in business with extensive experience in due diligence, private equity and venture capital, and financial controls. Mr. Weiss background supports the unique balance between business and former law enforcement that is a unique hallmark of McCann Investigations. For over 15 years, Mr. Weiss has held a qualified managers license in State of Texas. Mr. Weiss has been directly responsible for hundreds of security assessments for Fortune 1000 companies and government agencies. In addition, Mr. Weiss has had the pleasure of providing investigative services for scores of middle market commercial, industrial and direct to executives. In addition, Mr. Weiss has been utilized as an expert by law firms involving complex civil and criminal matters. During his career in the public and private sector Mr. Weiss has been personally instrumental in: Case Highlights 2002-2012: For the Plaintiff: Peak Completions Mr. Weiss was the lead investigator in a case which involved the theft of intellectual property and non-compete violations. The case involved two current employees in collusion with a former employee who were using Peak s plans and designs to build fracking equipment which was to be used to start a competing company. McCann Investigations facilitated a complex investigation that included computer forensic, mobile forensic, digital surveillance, traditional surveillance, and undercover investigations to gather evidence for Peak. o Peak Completions and Summit vs. Steve Jackson, Everest Completion Tools and Team Oil Tools, LP (pending in Midland, TX) o Peak Completions and Summit vs. Daniel Rojas, Kevin Kippola, Romer Bracho, et al. (pending in Houston, TX) For the Plaintiff: NTTA (North Texas Transit Authority) Mr. Weiss was the lead investigator in an embezzlement, fraud case, and data breach. NTTA discovered that files with customer information that included credit card billing information was being transferred to an unknown location. McCann Investigations first pass of the IT network indicated that the source was an 4 P age

individual in the accounting department. A more in depth investigation revealed that perpetrator was a senior member of the IT staff and was in fact the person who created a false digital trail leading to the accounting department. Mr. Weiss led McCann Investigators in a complex investigation that included computer forensic, and network vulnerability analysis for NTTA. o NTTA referred the case to Dallas County District Attorney For the Trustee: Tax Masters Mr. Weiss was lead investigator for the trustee overseeing the Estate of Tax Masters. The case involved the imaging of over 100 computers, servers, and laptops and the forensic wiping of over 800 electronic storage devices including desktops, printers, IP phones, servers, and other electronic devices. o The case in pending in the Southern District Bankruptcy Court For the Plaintiff: ESP Resources, Inc. - Mr. Weiss was the lead investigator in a case which involved the theft of intellectual property, non-compete violations, and product tampering. The case involved three employees in collusion who were using ESP s plans and designs to reverse engineer a competing chemical that was to be used to start a competing company. McCann Investigations facilitated a complex investigation that included computer forensic, mobile forensic and traditional surveillance to gather evidence for the plaintiff. o ESP Resources, Inc. vs Cottrell Over 500 site security assessments ranging from: o Financial Institutions o Jewelry and Precious Metals Vaults and Storage o High Profile Residences Including Former Government Officials o Petrochemical Facilities o Defense Sector Providers o Public/Private Critical Infrastructure: Dams, Nuclear Power Plants, and Pipelines Investigations: o Network Intrusion: Identification and forensic documentation of a network intrusion of a municipal government agency involving credit card and personal information being stolen. o Non-Compete Enforcement: Numerous cases of forensic documentation of downloaded customer data, conspiracy with current and former employees, and direct theft of company materials. o Intellectual Property Theft: Numerous cases of current and former employees and competitors stealing and damaging company intellectual and physical property. o Harassment and Cyber Stalking: Investigation and forensic documentation of inner company email based harassment and attempt to cover up activity. o Digital Wiretapping: Numerous investigations of cyber wiretapping of servers, desktops, laptops and mobile devices conducted by unwanted parties. o Background Investigations: Provided executive background investigations for management teams for Private Equity and Venture Capital firms. 5 P age

Mr. Weiss also believes in the importance of law enforcement and the private sector working together. Examples of this commitment are found in various committees and associations that he currently serves: Crime Stoppers American Society for Industrial Security Energy Security Council Entrepreneur Organization (EO) 6 P age

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information