FORENSICS SOFTWARE A VITAL TOOL IN FIGHT AGAINST COMPUTER CRIME

South African companies that want to protect their businesses against computer-related crimes such as fraud and data theft should invest in enterprise forensic software tools that allow them to investigate security breaches and acquire evidence against wrongdoers that will stand up in court.
That's the word from Derek Street, product manager at SecureData Security. He says companies face a range of business risks around their data and IT infrastructure, including theft of intellectual property, white-collar crimes such as fraud, human resources violations, and employees using enterprise computers for illegal or immoral activities.
One of the enterprise's most effective tools against the risks of employees abusing corporate data and computers is offer them the certainty that they will be caught and punished for their actions. Companies therefore need to be able to uncover who was responsible for criminal acts or transgressions against corporate policy and provide solid evidence that can be used to prosecute them or dismiss them.
To address these challenges, companies should look for network-based forensics solutions that provide complete network visibility, and comprehensive, forensic-level analysis of servers and workstations anywhere on a network, Street adds. Such a solution should be able to securely investigate/analyse many machines simultaneously over the LAN/WAN at the disk and memory level without disrupting operations, causing downtime, or alerting the target that he or she is under investigation.
It should also as far as possible, automate time-consuming investigative processes, incident response and eDiscovery. These tools can provide detailed information across the lifecycle of a document, such as who accessed, created or edited a document, whether it was printed or emailed (and by who), and much more, often even if the user has deleted information in a bid to cover his or tracks.
One of the important things to look for in a forensics tool is a track record with courts and law enforcers around the world, proving its ability to acquire data in a forensically sound manner, says Street.

E-Discovery Response Requires Navigation

A company that responded to a discovery request by turning over more than 400,000 pages of undifferentiated documents in an electronic format must provide a "modicum" of guidance about how the material was gathered and organized, a federal magistrate judge has ruled.

Magistrate Judge David E. Peebles ruled that Pass & Seymour, a Syracuse, N.Y., business, failed to either categorize the information under the document headings requested by Hubbell Incorporated, the defendant in Pass & Seymour's copyright infringement action, or to organize the data in an intelligible way.

Hubbell asked for information in what Magistrate Judge Peebles called 72 "wide-ranging and broadly worded" categories. In response, Pass & Seymour delivered the documents in 220 unlabeled computer folders -- the way the company said they were kept in "the ordinary course of business."

Peebles said that was akin to receiving 405,367 pages of documents stuffed into more than 80 bankers' boxes. As such, the response did not meet the company's obligation under the recently amended Rule 34(b)(2) of the Federal Rules of Civil Procedure.

"A party who in response to a discovery demand has chosen to produce documents as they are ordinarily maintained must do just that - produce the documents organized as they are maintained in the ordinary course of producing party's business, with at least some modicum of information regarding how they are ordinarily kept in order to allow the requesting party to make meaningful use of the documents," the magistrate judge wrote in Pass & Seymour v. Hubbell Incorporated, 5:07-cv-00945.

To make information meaningful, parties have to provide their adversaries with some context to help them navigate their way through it, according to the magistrate judge.

Ohio Supreme Court to Hear Digital Public Records Case

The Ohio Supreme Court on Tuesday grappled with the realities of the computer age as it weighed the question of when a “deleted” public record becomes a “destroyed” public record.

At issue is a lawsuit by The Blade seeking to force the Seneca County commissioners to hire a forensic computer expert at county expense to recover deleted e-mails from an 18-month period, some of which the newspaper contends may contain illegal private communications related to the proposed razing of the county’s historic courthouse.

“We’re talking about a very finite amount of time here, and we’re talking about e-mails from two or three people to one another,” said Justice Maureen O’Connor. “It just doesn’t seem to me to be that overwhelmingly burdensome or such a huge task here for the county to not even attempt to comply.”

Fritz Byers, The Blade’s attorney, told the court that the newspaper made a request under the Ohio Public Records Law seeking all e-mails sent, received, or deleted for an 18-month period beginning Jan. 1, 2006. The county provided a “smattering” of e-mails initially, he said, but then, after the paper sued, the county produced 700-plus pages of additional e-mails.

He noted that the commissioners have admitted that some records were deleted.

“If the court doesn’t rule fully in our favor, then it will mean that any official will be able to legally cover his tracks and misdeeds by a simple click on the computer's delete button,” said John Robinson Block, The Blade’s co-publisher and editor-in-chief.

Securing the World Against Terrorists, Scammers, and Thugs

An information technology employee for one of the world's top stock brokerages is let go, but before he leaves, he plants a logic bomb that knocks 3,000 of the firm's workstations offline.

The internal network of a federal agency is penetrated by a drug cartel and used to obscure international communications among various members.

A law firm discovers that an impostor has been using a caller ID generator to call members of the public and pose as one of its attorneys.

These are some of the emergencies today's cyber investigators are expected to respond to, the head of forensics for Chevron told attendees of a security conference Wednesday. Given the ongoing spike in computer-based crime, and new laws requiring firms to store ever more amounts of digital data, the workload will only increase.

"This is a field that is in its infancy," Robert Schperberg, forensics lead for Chevron, said at the MIS Training Institute's IT Security World conference in San Francisco. "In today's environment, it's more needed than ever, especially in the states - if you've heard of the new rules of federal civil procedures."

The rules mandate how businesses must store, gather and safeguard information that's admitted into evidence in federal cases.

Rather than focus on such banal parts of the job, however, Schperberg talked about the ongoing fight he and his counterparts engage in to keep their networks free of scammers, organized crime gangs and even terrorists.

Controversial Forensic Expert Arrested on Child Porn Charge

Early last Thursday, police in Market Harborough and Rugby arrested two forensics experts, Jim Bates and Chris Magee, on charges of "conspiracy to possess indecent images of children". Jim Bates has frequently given testimony in computer forensic and child pornography cases, and had been working on a case along with Magee, who is a director of Cyber Forensics.

The arresting officers also seized large quantities of material, both hard copy and digital, from the two men. This included material that is claimed to be "privileged" within the meaning of the Police and Criminal Evidence Act.

Jim Bates is controversial. He has testified extensively and often in criminal cases, but is best known for his role in defending individuals accused of downloading child porn, and for his criticism of Operation Ore, which resulted in thousands of child pornography arrests in the UK.

Talking to The Register he made it clear that he sees the official investigation of many such cases as systematically flawed. He is scathing of police "experts" in this area, arguing that most lack the expertise to carry out all but the most basic of analyses. According to Bates: “Computer Forensics is not about proving innocence or guilt, but about finding facts and providing them to the court".

Clearly, he is a thorn in the side of authority, but he hasn't exactly helped his cause by misrepresenting his own background. Until recently, he was claiming a BSc in Engineering which he was subsequently shown not to have.

In a hearing at Crown Court earlier this year, Bates was found guilty of perjury for having misrepresented his qualifications. But in closing remarks, Judge Hammond observed that he was "not a charlatan", and further that he had "a real expertise", and had "just embellished his status".

Since being convicted of perjury, Bates has effectively been barred from acting as an expert witness. But he still provides advice on cases, and it was in this capacity that he and Chris Magee visited a Bristol Police station in June of this year.

They went there to clone a hard drive which was central to an ongoing case. According to Bates, this was a procedure he had carried out many times before in similar cases, and there was no hint of any difference in this one.

They examined the machine in situ, carried out tests for presence of malware, and took a video of the proceedings. When they left, they took with them a copy of the original hard drive.

e-DISCOVERY DRIVES LEGAL COSTS UP

As it turns out, companies don’t usually understand the importance of knowledge and document management, until they are legally required to find and hand over all documents. The process of ediscovery is usually complicated by the fact that companies don’t know where their information lives.

Or so says a recent study by the American College of Trial Lawyers and the Institute for the Advancement of the American Legal System.

Turns out, many companies are still not in the habit of retaining and organizing their documents in a logical structure. In fact, it’s so hard to uncover materials related to the legal cases that costs are rising as a result. Out of the 1,400 lawyers surveyed, 87% said that electronic discovery is too costly and driving up the price of litigation.

This is not due to their lack of concern for the nature of the marketplace; it is more from a reactionary model as opposed to a proactive one. In most cases, online documents, emails, policies, procedures don’t often live in a well-laid out, easy-to-find format.

Companies are simply not prepared, when it comes to organizing and storing documents.

The study also says that “without a proactive approach to retaining and organizing their electronic documentation, the company has just grown that litigation cost exponentially”.

Such a proactive approach involves the following:

• 
  Storage structure: Implement a formal and stringent document control system, so that costs to litigate can be diminished.
• Searchability: Now that information has been organized sufficiently, make it searchable. Often determining your search terms can help with the organization of documents. Create an organized electronic database or a document retention platform with the ability to quickly search for items. Allowing lawyers to perform a detailed search using document criteria, metadata and content simply saves both parties money.
• Retainability: Have a retention policy in place, which immediately executes “save everything”. Once a company has been served, it must retain all documents related to the litigation. When considering an electronic document management system, one that meets your retention criteria is the best.

These proactive initiatives will save you money should legal issues arise. They will also keep you and your company organized and up-to-date on policies and procedures. Good knowledge management has a funny way of keeping out of trouble.

DOMINO'S SAYS CUSTOMER DATABASE TOO PRIVATE TO SHARE

Having an enormous database of customers, cell phone numbers and addresses from around the country, Domino's Pizza LLC is subject to speculation about abuse of that personal information.
One such article was in a CNET news article, The Internet, a Private Eye's Best Friend. A Brooklyn private investigator, Steven Rambam, observes in the article that the Internet is a goldmine for getting personal information. The article elaborates, "Rambam also gets information from marketing databases that gather information on people's buying habits and preferences from frequent-customer cards, surveys, product registrations, actual transactions, and other activities." It then quotes Rambam, saying, "Domino's has built the biggest consumer database in America, and the U.S. Marshals Service, the New York Police Department and collection agencies are using it to track people down."
Responding to a phone call from Blue MauMau and a follow-up email, Mr. Tim McIntyre, Vice President of Communications at Domino's, issued this statement a few minutes ago that such claims are simply not true.
"We do not sell or give away our customer lists to anyone, despite what this individual claims. He's grossly misinformed. Our customer lists are too important to us, and the trust we have with our customers is too valuable to break. There is no upside for us at all in sharing the information.
There have been a few instances in which our legal department has received subpoenas from law enforcement agencies who want to tie a specific address to a cell phone number. In those cases, we only provide that information - we do not share entire lists. Any business receiving a subpoena from a law enforcement agency is going to cooperate, of course. In the cases in which we have cooperated, the information has led to the arrest of drug dealers and murderers.For that, we will not apologize.
As for the accusation that we share information with collection agencies: again, false. Do we use this information to collect money owed to us? Yes, occasionally. That is the only time we would use that kind of information. We do not sell or share it with others.

PREPARE FOR e-DISCOVERY REQUESTS TO AVOID DISASTROUS LEGAL SANCTIONS AND FINES

If your company was hit with a lawsuit, would you be prepared for an e-discovery request? For instance, does your company have formal e-discovery policies? Do you know what data to store and how long to store it? Does your company provide employees with e-discovery training?
When we surveyed 711 TechRepublic members about e-discovery, we found that many of their companies were ill prepared for e-discovery requests.
Without policies and procedures in place, you could be setting your company up for huge fines and sanctions.
Here’s an excerpt from the E-discovery Special Report, which demonstrates why IT leaders should know the ins and outs about e-discovery:
“…recent decisions in Federal courts, as well as changes to the Federal Rules of Civil Procedure, reflect a shift toward holding respondents — the providers of information requested during discovery –responsible to pay for producing ESI. This responsibility is based on the assumption that a reasonable IT manager understands the need for knowing where his or her organization’s information is kept, whether it should be accessible during discovery, how to provide an environment in which documents and other information can be easily placed and kept on ‘legal hold,’ and the how to implement and use the tools necessary to provide them on demand.”

THE BIG DATA DUMP

Dawn Beye’s teenage daughter suffers from anorexia nervosa and had to be treated in hospital at a cost of about $1,000 a day. Horizon Blue Cross Blue Shield of New Jersey, the Beyes’ insurance company, covered one month of the bills but then balked, demanding evidence that the affliction was ‘biologically based’ rather than psychological. So Beye got together with parents of other anorexic and bulimic teenagers and sued. Horizon immediately asked to see practically everything the teenagers had said on their Facebook and MySpace profiles, in instant-messaging threads, text messages, emails, blog posts and whatever else the girls might have done online.

The Beyes’ lawyer, David Mazie at Mazie, Slater, Katz & Freeman, objected on the grounds that Horizon’s demands violated the girls’ privacy. He lost. So harddisks and webpages are being scoured in order for the case to proceed. Gathering and then sifting through all the electronic information that a few teenage girls have generated is excessive and daunting, says Mazie.

And yet almost all information today is electronic, and there is ever more of it. “Things that we would never have put in writing are now in electronic form,” says Rebecca Love Kourlis, formerly a justice on Colorado’s Supreme Court and now the director of an institute at the University of Denver dedicated to rescuing America’s civil-justice system.

This system, she says, was already a ‘sick patient’—with crowded dockets and understaffed courts—but electronic discovery now threatens a lethal ‘spike in fever’. She has seen ordinary landlord-tenant disputes take three years, and divorce cases that might have been merely bitter, but are now digital wars of attrition. She sees cases that are settled only because one party cannot afford the costs of e-discovery: whereas in the past 5% of cases went to trial, now only 2% do. She knows plaintiffs who cannot afford to sue at all, for fear of the e-discovery costs.

For large companies, these costs now run into many millions. Patrick Oot, a lawyer for Verizon, an American telecoms giant that gets sued a lot, says that at the beginning of this decade e-discovery presented “a one-big-case, once-a-year problem”. In most cases, information was still on paper, and its volume thus limited. In the rare event that electronic evidence was requested, 100 gigabytes (GB) was considered a large amount.

Today, says Oot, almost every case involves e-discovery and spits out ‘terabytes’ of information—the equivalent of millions of pages. In an...

Computer Forensics Experts Use Personal GPS to Solve Crimes

Like millions of motorists, Eric Hanson used a Global Positioning System device in his Chevrolet TrailBlazer to find his way around. He probably did not expect that prosecutors would use it, too — to help convict him of killing four family members.

Prosecutors in suburban Chicago analyzed data from the Garmin G.P.S. device to pinpoint where Mr. Hanson had been on the morning after his parents were fatally shot and his sister and brother-in-law bludgeoned to death in 2005. He was convicted of the killings this year and sentenced to death.

Mr. Hanson’s trial was among recent criminal cases in which the authorities used such navigation devices to help establish a defendant’s whereabouts. Experts say such evidence will almost certainly become more common in court as the systems become more affordable and show up in more vehicles.

“There’s no real doubt,” said Alan Brill, a computer forensics expert in Minnesota who has worked with the Federal Bureau of Investigation and the Secret Service. “This follows every other technology that turns out to have information of forensic value. I think what we’re seeing is evolutionary.”

Companies Keep Watch, Covertly

A blend of advanced technology, increased litigation and rising fears about trade secret theft and financial fraud is driving law firms and corporate counsel to the doors of former FBI agents and ex-prosecutors with a knack for solving crimes.

These private investigators report that calls for help from law firms and corporate general counsel have increased substantially in recent years.

Attorneys are looking for assistance on a wide range of problems, including: corporate espionage, intellectual property theft and workplace discrimination claims.

At the core of many of these problems, lawyers note, is a mountain of computer evidence too technical and too overwhelming for attorneys to dissect on their own.

"Most lawyers do not have the technological experience or the accounting expertise to do almost any of the stuff that these guys do," said attorney Alan Brudner, head of litigation and investigations of the U.S. division of UBS Securities LLC, an international financial services firm.

Brudner said that his reliance on former federal agents has grown in recent years. In his 13 years with UBS, he's gone from calling on private investigators only rarely to calling them once a month. He said that's largely the result of increased government regulation, investigations and inquiries into the banking industry.

"They're credible," he said of the hired help. "They've got experience. They know their way around the courthouse and understand how evidence is used and presented in court. There's always a value in talking to these guys."