linux and law enforcement
play

Linux and Law Enforcement Challenges and Opportunities Dr. Joshua - PowerPoint PPT Presentation

Dec 30, 2022 •39 likes •399 views

Linux and Law Enforcement Challenges and Opportunities Dr. Joshua I. James Digital Forensic Investigation Research Laboratory SoonChunHyang University Joshua@cybercrimetech.com http://forensics.sch.ac.kr whoami Dr. Joshua I. James

  1. Linux and Law Enforcement Challenges and Opportunities Dr. Joshua I. James Digital Forensic Investigation Research Laboratory SoonChunHyang University Joshua@cybercrimetech.com http://forensics.sch.ac.kr

  2. whoami • Dr. Joshua I. James – Full-time Linux user for past 6 years – Develop “foss” tools for digital investigators [ http://cybercrimetech.com] – Lecturer/Researcher SCH, KU, KNPU – Consultant: UNODC, INTERPOL, KNPA – Have trained Police / Prosecutors / Judges from over 100 countries on Digital Crime & Investigation – Focus on the automation of digital investigation processes

  3. Overview • What is 'normal' cybercrime? • Linux for Criminals • Linux for Law Enforcement • Linux and Legal Systems • The Law Enforcement community • GitHub's impact on Law Enforcement • Linux Education for Law Enforcement • More than just cyber crime • Conclusions

  4. General Cyber Crime • Cyber crime often targets mass markets – # of attacks against systems correlate to market share ● Desktop: MS Windows to target users, OSx gaining attention ● Servers: Linux-based & MS Windows- based ● Mobile: Linux-based, iOS ● Other embedded: Linux-based

  5. General Cyber Crime • Attacks against Linux-based systems – (Servers / Embedded) Mostly confjguration issues – Software: Not enough app security testing in the community ● Pick a community app, and fuzz it ● Security testing is not easy – Client-side: Social engineering works great! ● Mobile-device app permissions, sometimes helpful ● Android targeted by an estimated 97% of malware in 2013[1] (third-party app stores, apk downloads)

  6. General Cyber Crime • For the average user, they don't notice they are infected until... – Their system stops working – Their bank account looses money – Phone bill is much higher than expected • For the average SMB, they don't notice they are infected until... – Another company / org tells them – Their customers tell them • Most people are infected, and will never know as long as the malware does not afgect their 1) money or 2) user experience (much)

  7. General Cyber Crime • “Normal” cybercrime is actually pretty boring – Low-tech – Basic Fraud / IP theft / Illegal Content • Advanced cybercrime usually related to organized crime and / or Governments • Most advanced cybercrime is not detected / reported • Police will normally only look at crimes their citizens are interested in

  8. General Cyber Crime ● Advanced attacks don't necessarily mean advanced techniques http://www.csoonline.com/article/2137013/network-security/snowden-accused-of-using-hacking-s-greatest-weapon-to-access-nsa-files--wget.html

  9. Linux for Criminals ● Linux is perfect for criminals! – Extremely powerful – Completely customizable – Runs on almost anything – Excellent for automation ● Basic Linux understanding gives you all the tools you need to mess with systems / networks ● Network policies are normally applied to MS Windows systems – Linux lockdown is an afterthought (maybe)

  10. Linux for Criminals ● Now everything is connected, and is used for illegal compute, information stealing, and just messing with people ● DDoS or full control of IoT networks so far is not diffjcult with basic sniffjng ability (made easy in Linux): TV / Lights / Drones http://arstechnica.com/security/2014/07/crypto-weakness-in-smart-led-lightbulbs-exposes-wi-fi-passwords/

  11. Linux for Criminals ● Linux pre-confjgured for hacking (pen-testing) – Kali Linux [http://www.kali.org/] – It is awesome! / It is scary! – Anyone, even as a hobby, can easily learn basic security testing (and break stufg) – Netizens, hactivists and organized crime are learning – Governments and businesses are not

  12. Linux for Criminals ● Criminals: – Have an interest in becoming experts at the technology ● Linux / Unix / Windows / Phones / etc – Have incentive (money) to become experts ● Individuals ● Organized crime

  13. Linux for Law Enforcement ● Law Enforcement: – Some have an interest in becoming experts in the technology ● Expert level LE normally move to corporate – Many want minimum knowledge to do their job – Usually no extra incentive to learn new technologies ● Many countries do not recognize / invest in cybercrime investigation ● Many countries have corruption problems ● Altruism only goes so far

  14. Linux for Law Enforcement ● Law Enforcement: – Knowledge greatly depends on region, funding and level of country development – Incentives depend on Government – Investigation technology sometimes dictated by government or legislation ● Always behind

  15. Linux for Law Enforcement ● For cybercrime and digital forensics investigation, most countries are locked into MS Windows – Three most popular investigation toolkits are Windows-based – Most investigation tools are closed- source, commercial

  16. Perception of Linux by LE / Gov. ● Law Enforcement in many countries believe commercial, MS Windows-based software is better for investigations – Point and click – easy to do a basic “investigation” – Easy to understand commercial software licensing and business models

  17. Perception of Linux by LE / Gov. ● Practical: – Linux is HARD ● What is this CLI stufg? ● T oo many commands – “so hard to remember!” ● Piping? ● “I am not a programmer!” – Not easy to get started ● Communities can be very good and very bad

  18. Perception of Linux by LE / Gov. ● Legal: – Evidence derived from Linux / Open Source tools might be accepted in court ● Depends on the country ● Depends on the confjdence / competence of the investigators – Diffjcult to trust Linux ● Who will stand up for Linux in court? ● Belief that Linux is made by hackers in their mom's basement – Community models and licensing models are really, really confusing

  19. Perception of Linux by LE / Gov. ● Legal (cont): – Some (few) countries actually prefer Open Source tools for investigations – Italy : gives priority to free and open source tools for investigations – Why? We can check the source to see exactly what the code is doing – Third-parties can verify the code is working as expected For an interesting discussion, please see: http://www.digital-evidence.org/papers/opensrc_legal.pdf

  20. Linux for Law Enforcement ● Investigators using Linux: – T end to develop their own tools / systems – Automate more of their work – Are very active in investigation and learning – Have support from management ● Expert investigators choose whatever tool works best, regardless of platform (for some tasks commercial, closed-source is necessary)

  21. Linux for Law Enforcement ● Cybercrime Investigation – Usually involves understanding network traffjc and routing – Linux systems have a lot of tools available for network analysis – Systems can easily be employed to collect network traffjc (good or bad) – Many of the VPN/Proxy/T or/Web servers from which LE get their logs are Linux/Unix-based

  22. Linux for Law Enforcement ● Digital Forensic Investigation – Normally involves text / data analysis – Must be able to analyze many difgerent data structures – Need to sort massive amounts of data for each case – Linux has free, built-in tools that are better for some types of digital forensic analysis than expensive commercial tools – Experimental digital investigation tools are normally developed on (or compatible with) Linux systems ● Scripting languages (Perl/Python) very popular with LE

  23. Law Enforcement Community ● Quite closed – Diffjcult to share information – Diffjcult to share data – Many tools and courses developed “for Law Enforcement only” ● Many LE believe that criminals don't know their techniques – Criminals are way ahead

  24. Law Enforcement Community ● Open Source Law Enforcement community is gaining popularity ● Many open source / FOSS projects are being created for digital investigation purposes ● Part of the popularity comes from the “Open Source Digital Forensics Conference” (OSDFcon) held by Basis T echnology (USA)[2] ● Increased interest is also coming from – Open Source Hardware projects – Easier consumer-level customization – Better online instructions

  25. Open Source T ools ● A number of the most popular Linux-based open source tools include: – The Sleuth Kit http://www.sleuthkit.org/ – Guymager http://guymager.sourceforge.net/ – Digital Forensics Framework http://www.digital-forensic.org/ ● Live CD distributions: – DEFT http://www.deftlinux.net/ – CAINE http://www.caine-live.net/ – KALI http://www.kali.org/ ● Many “investigation automation programs” are built on top these systems ● Linux can already handle a lot of investigation tasks 'out-of-the-box' ● Again, many popular tools are cross-platform – Investigators need to support data collection and analysis on every kind of device

  26. Open Source [Hardware] T ools ● As hardware components become less expensive, investigators can begin to build custom devices for investigation ● FIREBrick http://digitalFIRE.ucd.ie – Hardware write blocker – Disk imaging up to 5Gb/min – Internal storage mirroring and encryption – Free, Open source fjrmware – Fully customizable – Can be built for ~185USD ● Comparable commercial kits ~1,500USD

  27. FIREBrick Forensic Write Blocker

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

764 views • 43 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range of systems ! CC BY-SA 2.0 FHKE, Flickr 2 Whats the difference between Linux on a big thing and Linux on a little thing? ! 3 ! Whats the

900 views • 52 slides
Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

High Performance Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the supercomputers today run Linux. All of the computational clusters in corporations that I know of run Linux. Support for

419 views • 12 slides
Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux Distributions Linux vs Windows Linux Architecture Linux Security 2 What is Linux? Similar Operating System To Microsoft Windows, Sun

1.11k views • 55 slides
230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10% of

889 views • 55 slides
Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

The State of Desktop Linux: Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig www.mylinuxrig.com @steven_ovadia *** Associate Professor/Web Services Librarian LaGuardia Community College About My Linux

458 views • 27 slides
Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux History Linux Architecture Logging in to Linux Command Format Linux Filesystem Directory and File Commands Wildcard Characters

686 views • 19 slides
Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Linux, whats that? The pieces of a Linux system Linux Concepts Distributions Desktop environments Switching to Linux Epilogue Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux system Linux

766 views • 57 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference 2017 Walt Miner ( @VStarWalt ) Community Manager, AGL , The Linux FoundaGon

721 views • 55 slides
Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles & non-road engines in the District of Columbia Kelly Crawford Chief, Compliance and Enforcement Branch Air Quality Division Department of Energy &

132 views • 10 slides
Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows

Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows

Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows Reinstall usually keeps personal files Advantages of Linux More secure Package manager Software installation is easy, fast and secure Keeps

528 views • 15 slides
Impact of Language Access and the Requirements of Title VI on Law Enforcement September 29, 2017

Impact of Language Access and the Requirements of Title VI on Law Enforcement September 29, 2017

Thank you for joining us today! Impact of Language Access and the Requirements of Title VI on Law Enforcement September 29, 2017 2-3:30pm Central Time Michael P. LaRiviere , Victim Services, Salem Police Department This project was supported

663 views • 9 slides
rs ss

rs ss

trt t rss tr trtrs sss strt rs

568 views • 37 slides
Digital Forensic Reconstruction and the Virtual Security Testbed ViSe DIMVA 2006 Andr rnes,

Digital Forensic Reconstruction and the Virtual Security Testbed ViSe DIMVA 2006 Andr rnes,

1 Norwegian University of Science and Technology Digital Forensic Reconstruction and the Virtual Security Testbed ViSe DIMVA 2006 Andr rnes, Norwegian University of Science and Technology Paul Haas, University of California Santa Barbara

433 views • 22 slides
OSAC Update Mark D. Stolorow Director for OSAC Affairs Office of Special Programs National

OSAC Update Mark D. Stolorow Director for OSAC Affairs Office of Special Programs National

National Commission on Forensic Science Washington, DC May 13, 2014 OSAC Update Mark D. Stolorow Director for OSAC Affairs Office of Special Programs National Institute of Standards and Technology Current and Proposed NIST Forensic Science

632 views • 15 slides
Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute intro to Digital Forensics Some challenges scale cloud the encryption boundary anti-forensics Digital Forensics in 2 mins

415 views • 7 slides
Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October

Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October

Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October 2020 for ALL batches. 2 16th Batch Promotions Test Ranks to be Taken All cadets in 16th Batch would be taking the test to promote to the rank of

160 views • 14 slides
A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 } Ph. Besnard 1 egoire 2 E. Gr S. Ramon 2 1 IRIT CNRS UMR 5505 Toulouse, France 2 Universit e dArtois CRIL CNRS UMR 8188 Lens, France A

670 views • 47 slides
Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert Malegiannakis Ricardo Justiniano Introduction - What is Digital Forensics? Digital forensics defined - The process of recovering and interpreting

478 views • 30 slides

More recommend