SlideShare ist ein Scribd-Unternehmen logo

TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!-02

W
Wayne Norris

The presentation discusses how sensor data and connectivity through devices like cameras, phones, vehicles, and appliances can provide evidence through the "Internet of Evidence" in legal cases. This sensor data, also called the "Internet of Things", is growing exponentially and can support determining timelines, identities, intentions, conditions, and knowledge in legal matters. However, precautions must be taken to properly preserve, analyze, and apply this data as potential evidence. Two case studies are provided as examples.

1 von 34
Downloaden Sie, um offline zu lesen
The TASA Group Presents: The “Internet of Evidence ™” Little Brother is Watching You – And He’s Taking Notes This presentation will be audio broadcast into your computer speakers. Please make sure that your speakers are turned “ON” and the volume is set to a comfortable level. © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
This Webinar Will Cover • Mr. Norris will discuss how sensor data and its connectivity – what he has come to call “The Internet of Evidence ™” can support: • Determination of time lines • Identities of actors/alibis • Intentions of actors • External and environmental conditions • Who knew what, and when they knew it © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
About the Presenter Mr. Wayne B. Norris is a corporate and technical management consultant, software engineer, sales and marketing executive, financial analyst, author, and physicist. He has 45 years of professional experience and 55 years of experience writing computer software, beginning in 1959 at the age of 12. He is a former Chief Scientist in the counterterrorism community and also in the environmental/oil spill community, holds five patents in nuclear sensing technology, and acts as a patent advisor. Mr. Norris has been an expert witness for issues in software, technology, intellectual property, technology industry compensation, and conduct of corporate officers in Federal and State courts. © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
CLE Credit Passcode Information For any state that requires a “passcode” for CLE credit, today’s passcode is Evidence. Thank you, The TASA Group © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
The “Internet of Evidence™” Little Brother Is Watching You – And He’s Taking Notes! Wayne B. Norris 2534 Murrell Road, Santa Barbara, CA 93109-1859 805-962-7703 Voice 805-456-2169 FAX Wayne@WayneBNorris.com http://WayneBNorris.com http://TheInternetOfEvidence.com Using the Vast and Ever-Growing Array of Sensors and Data recorders to Assist in Establishing Truth, Justice, and the American Way [with apologies to Superman]
Sensors Are Devices That Detect [and often record] Data  Modern digital cameras record time, date, and often GPS coordinates INSIDE picture files, in what is known as the Exif Header: http://en.wikipedia.org/wiki/Exchangeable_image_file_format  In addition, that data is written to the file system of the camera  Mobile phones report their location to the carrier several times per minute: http://en.wikipedia.org/wiki/Mobile_phone_tracking  Computer browsers such as Chrome and IE report multiple data back to Google and Microsoft frequently  Social media and mobile applications, from FaceBook to the Starbucks Coffee app on phones, record constantly  Both iOmniscient and General Electric have developed behavioral analytic software for surveillance video analysis 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 6
Sensors Are Devices That Detect [and often record] Data (cont.)  Cars have Event Data Recorders [EDRs] that even record items including SEAT POSITION: http://media.mgnetwork.com/blackbox/  Sensor data can be stored locally or in distributed fashion  “Smart” appliances such as refrigerators, microwave ovens, door locks, and HVAC systems report data to servers.  Servers from iTunes to Amazon to Cox to Comcast to Facebook preserve data sent and received on computers and mobile devices. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 7
 Toll bridges and toll roads, many traffic lights, and police department stolen car units – AND PRIVATE COMPANIES – scan license plate data at entry points and also in cities at large.  Many modern vehicles transmit useful information TO OTHER VEHICLES in the upcoming “V2V” formats.  Workplace computer systems are often required to journal emails, and in some cases, web references, for several years.  Traditional E-Discovery is the springboard. The Internet of Evidence is the extensionof E-Discovery to everyday life. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 8 Sensors Are Devices That Detect [and often record] Data (cont.)
The Net Effect Is That Sensor Data Is Exploding  No less a player than IBM is paying great attention to this phenomenon, in a 1-hour Webcast, “Solving the Big Data Challenge of Sensor Data” http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=ST&htmlfid=IMV14323USEN  The phenomenon will only grow larger with time. 37 billion divices will be Internet connected by 2020. Thought leaders refer to this as the “Internet Of Things” [“IOT”] http://en.wikipedia.org/wiki/Internet_of_Things There is even…  The “Internet of Everything” [“IoE”] http://www.qualcomm.com/solutions/ioe 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 9
The Net Effect Is That Sensor Data Is Exploding (cont.)  The legal system has no choice but to incorporate this flood of sensor data into its practice.  We now truly have the “Internet of Evidence™” 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 10
The Internet of Evidence Is As Ground Breaking as Fingerprinting or DNA!  The sensor data and the Internet of Evidence™ support:  Determination of time lines  Identities of actors  Alibis  Intent of actors  External and environmental conditions  Who knew what, and when they knew it 1/11/2016 The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 11
The Internet of Evidence Is As Ground Breaking as Fingerprinting or DNA! (cont.) Just as with physical evidence, Internet of Evidence™ is subject to:  Requirements for discovery, seizure, chain of custody, and accurate transcription  Possible tampering, forgery, and counterfeiting, and  Intentional or inadvertent loss or destruction. 1/11/2016 The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 12
Case Study Number 1 – The Data Collection That Didn’t Happen  <Case name withheld at request of subject attorneys>  California Criminal case – molestation of underage female victims by 17-year-old male, July 2011  A family event with parents, defendant, two younger brothers, older married sister, two nieces [6 and 8], and a family friend [11]  Defendant was professionally employed as a paparazzi photographer 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 13
Case Study Number 1 – The Data Collection That Didn’t Happen (cont.)  While sister [nieces’ mom] went shopping, Defendant was asked to:  Take paparazzi photos of 3 girls using Canon EOS 60D DSLR  Download music from iTunes to sister’s laptop  “RIP” some music CDs to sister’s laptop  Sister was gone for 45 minutes  Family barbecue went on as planned  11-year-old reported molestation to girlfriend after starting 7th Grade in September 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 14
Internet of Evidence™ Involvement  Alibi consisted of testimony that the Defendant was too busy doing digital tasks to have committed any crime.  Victim interviews done by male investigator with no specialized training in this area. Psychological evidence is not discussed in this Webinar  Zero digital evidence was preserved, at the discretion of the investigator. Investigator testified there would be nothing of value. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 15
Internet of Evidence™ Involvement (cont.)  Internet of Evidence™ consisted of:  Laptop hard drive  Time / Date stamps of all relevant files  Non-File Area [NFA] data from potential deleted files  Canon memory card  File system data  Exif header data  iTunes transaction data, with time tags  Potential Internet Service Provider packet data  Potential geo-reference data from any cell phones  Other data? 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 16
Internet of Evidence™ Involvement (cont.) Analysis should have included: Reconstruction of activities needed to achieve the digital results shown by the evidence  Some potential operations could be “batched”, but some could not Potential reconstruction of rooms visited by the relevant parties 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 17
Resolution  Trial lasted for about 15 days  14 counts = Life Without Parole, due to age of alleged victims and multiple victim enhancement  Family split – sister on one side, parents siding with Defendant  Nieces recanted testimony  Acquittal on 6 charges; Hung jury on 8 charges; DA deciding whether to re-file 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 18
Analysis  What should have been done:  Impound all Internet of Evidence™ data immediately  Create perfect copies using NIJ-approved passive copy apparatus  Subpoena relevant records from Internet Service Provider, iTunes and/or other vendors  Once Internet of Evidence™ data is secure, THEN determine if data has probative value [it may not!]  If probative value cannot be ruled out, analyze data using qualified experts  If no experts on staff, LOOK ON THE INTERNET! There are specialists all over. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 19
Questions? 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 20
Case Study Number 2 – The Text Message from Who Knows Where  <Case name withheld by request of subject attorneys>  California Criminal contempt case – Wife received text messages on her cell phone with husband’s cell number as callback, in violation of no-contact order  Husband is a business owner, wife is a divorce attorney, disputed custody of 6-year-old daughter  Husband alleged wife knew his cell phone provider password; she or a co-conspirator could have logged into the web account and forged husband’s identity in sending of message  Husband took voluntary polygraph test, registered NDI 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 21
Analysis  Internet of Evidence™ issue: If such a forgery were perpetrated via a Web login instead of an actual cell phone, is such a forgery detectable from either the receiving cell phone or from the web record?  Interestingly, no. Text message formats do not retain path data [“Envelope data”]].  Cell phone provider records have envelope data and can be subpoenaed, but are retained for only 10 days, and then are erased. Retrieval actions came TOO LATE. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 22
Resolution  Text message charge dropped.  What should have been done:  Impound all Internet of Evidence™ data immediately  Create perfect copies using NIJ-approved passive copy apparatus  Subpoena relevant records from cell phone provider before destruction date.  THEN analyze to see if data is relevant 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 23
Summary  The Internet of Evidence™ is potentially as much of a game changer to civil and criminal jurisprudence as fingerprinting and DNA analysis were in their day.  Internet of Evidence™ information exists literally everywhere in many contemporary legal matters  Such data may have profound consequences.  [Of course, such data is not magic, and may not exist in all cases. And it may not have probative value.] 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 24
Summary (cont’d)  The safest course is to follow the standards for E-Discovery and evidence in general:  Identify where evidence can possibly be. Time is of the essence  Preserve it - Impound [or at least write-protect] all Internet of Evidence™ data immediately  Subpoena relevant records from Internet Service Provider and/or vendors while it is still available  Preserve writeable media such as hard drives from being overwritten  Gather it - Create perfect copies using NIJ-approved passive copy apparatus  Process it – this might mean forensic recovery or other measures  Review and analyze it to determine what is relevant  Produce it for the Court or for Opposing Counsel, as required 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 25
Summary (cont.)  Once Internet of Evidence™ data is secure, THEN determine if data has probative value  If probative value cannot be ruled out, analyze data using qualified experts  If no experts are on staff, LOOK ON THE INTERNET! There are specialists all over.  The field is so large that no one individual can be an expert on all areas.  Individual specialists may need to research highly case-specific questions.  For large or complex cases, one expert may need to function as a Lead Investigator. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 26
Final Words  The Internet of Evidence™ has only recently arrived, but it is here to stay  There were, literally, ZERO cell phone photos or movies from inside the Twin Towers. Such devices are now the most common platforms for watching NFL games, after TV!  When a new fleet of helicopters arrived with an aviation unit at a base in Iraq, some soldiers sent pictures of the flight line to some “pretty girls” in Sweden with whom they were corresponding... From these photos , Al Qaeda operatives posing as the girls were able to determine the exact location of the helicopters inside the compound and conduct a mortar attack, destroying four of the AH-64 Apaches. http://www.army.mil/article/75165/Geotagging_poses_security_risks/ 1/11/2016 The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 27
Final Words (cont.)  “During Israel’s 2006 war in southern Lebanon with Iranian- backed… Hezbollah, Iranian SIGINT professionals tracked signals coming from personal cell phones of Israeli soldiers to identify assembly points of Israeli troops that may have telegraphed the points of offensive thrusts into Lebanon. “http://defensetech.org/2012/03/15/insurgents-used-cell-phone-geotags-to-destroy-ah-64s-in-iraq/  http://petapixel.com/2012/12/03/exif-data-may-have-revealed-location-of-fugitive-billionaire- john-mcafee/ 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 28
How to Reach Me Wayne B. Norris 2534 Murrell Road, Santa Barbara, CA 93109-1859 805-962-7703 Voice 805-456-2169 FAX Wayne@WayneBNorris.com http://wayneBNorris.com http://TheInternetOfEvidence.com 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 29
QUESTIONS? 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 30
THANK YOU! 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 31
CLE Information This webinar is eligible for CLE credit in CA, IL, MN, MO, NJ, PA, and TX. To ensure you receive your CLE credit, please complete the survey at the end of the presentation. Thank you, The TASA Group © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
The TASA Group In addition to being your best source for testifying and consulting experts, TASA also offers: E-Discovery and Document Management Solutions Free, Interactive Webinars Research Reports on Expert Witnesses: — Challenge History Report 2.0 (CHR2.0) — Professional Sanction Search (PSS) — Expert Profile 360 (EP360) © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
THANK YOU! We will be sending out the a link to an archived recording of this webinar tomorrow morning. The archived recording will also be posted in the Knowledge Center on TASA’s website. If you have any follow-up questions or comments, please email Carol Kowalewski at ckowalewski@tasanet.com. © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319

Empfohlen

TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!
TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!
TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!Wayne Norris
 
Digital Forensics Workshop
Digital Forensics WorkshopDigital Forensics Workshop
Digital Forensics WorkshopTim Fletcher
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideAntonio Sanz Alcober
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Reduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsReduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsCellebrite
 

Empfohlen

TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!
TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!
TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!Wayne Norris
 
Digital Forensics Workshop
Digital Forensics WorkshopDigital Forensics Workshop
Digital Forensics WorkshopTim Fletcher
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideAntonio Sanz Alcober
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Reduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsReduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsCellebrite
 
Cybercrime123
Cybercrime123Cybercrime123
Cybercrime123mayurdudhale
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
Icreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisIcreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisMichael Holt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsShreya Singireddy
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Cybercrime
CybercrimeCybercrime
CybercrimeHenrry Romero
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 
Cybercrime (1)
Cybercrime (1)Cybercrime (1)
Cybercrime (1)aw222
 
Cybercrime (1)
Cybercrime (1)Cybercrime (1)
Cybercrime (1)Agustinus Wiyarno
 
Security
SecuritySecurity
SecurityBob Cherry
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptOnkar1431
 
Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215Firoze Hussain
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 

Weitere ähnliche Inhalte

Was ist angesagt?

03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
Icreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisIcreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisMichael Holt
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 
Cybercrime (1)
Cybercrime (1)Cybercrime (1)
Cybercrime (1)aw222
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptOnkar1431
 

Was ist angesagt? (20)

Cybercrime123
Cybercrime123Cybercrime123
Cybercrime123
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 
Icreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisIcreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysis
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed web
 
Cybercrime (1)
Cybercrime (1)Cybercrime (1)
Cybercrime (1)
 
Cybercrime (1)
Cybercrime (1)Cybercrime (1)
Cybercrime (1)
 
Security
SecuritySecurity
Security
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 

Ähnlich wie TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!-02

Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02satyabwati
 
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtDigital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtCell Site Analysis (CSA)
 
Cyber Security as a Service
Cyber Security as a ServiceCyber Security as a Service
Cyber Security as a ServiceUS-Ignite
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull.com
 
AAR Investigation Of Electronic Evidence
AAR Investigation Of Electronic EvidenceAAR Investigation Of Electronic Evidence
AAR Investigation Of Electronic EvidenceJohn Jablonski
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Kolluru N Rao
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)CA.Kolluru Narayanarao
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityAPNIC
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
computer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikcomputer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikamritanshu4u
 

Ähnlich wie TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!-02 (20)

Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th July
 
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
 
N.sai kiran IIITA AP
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA AP
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtDigital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the court
 
Cyber Security as a Service
Cyber Security as a ServiceCyber Security as a Service
Cyber Security as a Service
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
 
AAR Investigation Of Electronic Evidence
AAR Investigation Of Electronic EvidenceAAR Investigation Of Electronic Evidence
AAR Investigation Of Electronic Evidence
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
computer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikcomputer forensics by amritanshu kaushik
computer forensics by amritanshu kaushik
 

Mehr von Wayne Norris

www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304
www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304
www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304Wayne Norris
 
ChevronFisheriesHandbook
ChevronFisheriesHandbookChevronFisheriesHandbook
ChevronFisheriesHandbookWayne Norris
 
SEDS-3-Fold-1-UPDATED
SEDS-3-Fold-1-UPDATEDSEDS-3-Fold-1-UPDATED
SEDS-3-Fold-1-UPDATEDWayne Norris
 

Mehr von Wayne Norris (10)

www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304
www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304
www.sec.gov_Archives_edgar_data_1094750_000093980204001158_form10sb112304
 
ChevronFisheriesHandbook
ChevronFisheriesHandbookChevronFisheriesHandbook
ChevronFisheriesHandbook
 
SEDS-3-Fold-1-UPDATED
SEDS-3-Fold-1-UPDATEDSEDS-3-Fold-1-UPDATED
SEDS-3-Fold-1-UPDATED
 
SEDS
SEDSSEDS
SEDS
 
US8785864
US8785864US8785864
US8785864
 
US8410451
US8410451US8410451
US8410451
 
US8357910
US8357910US8357910
US8357910
 
US8288734
US8288734US8288734
US8288734
 
US8080808
US8080808US8080808
US8080808
 
US7573044
US7573044US7573044
US7573044
 

TheInternetOfEvidence(tm)-LittleBrotherIsWatchingYou-AndHe'sTakingNotes!-02

  • 1. The TASA Group Presents: The “Internet of Evidence ™” Little Brother is Watching You – And He’s Taking Notes This presentation will be audio broadcast into your computer speakers. Please make sure that your speakers are turned “ON” and the volume is set to a comfortable level. © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
  • 2. This Webinar Will Cover • Mr. Norris will discuss how sensor data and its connectivity – what he has come to call “The Internet of Evidence ™” can support: • Determination of time lines • Identities of actors/alibis • Intentions of actors • External and environmental conditions • Who knew what, and when they knew it © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
  • 3. About the Presenter Mr. Wayne B. Norris is a corporate and technical management consultant, software engineer, sales and marketing executive, financial analyst, author, and physicist. He has 45 years of professional experience and 55 years of experience writing computer software, beginning in 1959 at the age of 12. He is a former Chief Scientist in the counterterrorism community and also in the environmental/oil spill community, holds five patents in nuclear sensing technology, and acts as a patent advisor. Mr. Norris has been an expert witness for issues in software, technology, intellectual property, technology industry compensation, and conduct of corporate officers in Federal and State courts. © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
  • 4. CLE Credit Passcode Information For any state that requires a “passcode” for CLE credit, today’s passcode is Evidence. Thank you, The TASA Group © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
  • 5. The “Internet of Evidence™” Little Brother Is Watching You – And He’s Taking Notes! Wayne B. Norris 2534 Murrell Road, Santa Barbara, CA 93109-1859 805-962-7703 Voice 805-456-2169 FAX Wayne@WayneBNorris.com http://WayneBNorris.com http://TheInternetOfEvidence.com Using the Vast and Ever-Growing Array of Sensors and Data recorders to Assist in Establishing Truth, Justice, and the American Way [with apologies to Superman]
  • 6. Sensors Are Devices That Detect [and often record] Data  Modern digital cameras record time, date, and often GPS coordinates INSIDE picture files, in what is known as the Exif Header: http://en.wikipedia.org/wiki/Exchangeable_image_file_format  In addition, that data is written to the file system of the camera  Mobile phones report their location to the carrier several times per minute: http://en.wikipedia.org/wiki/Mobile_phone_tracking  Computer browsers such as Chrome and IE report multiple data back to Google and Microsoft frequently  Social media and mobile applications, from FaceBook to the Starbucks Coffee app on phones, record constantly  Both iOmniscient and General Electric have developed behavioral analytic software for surveillance video analysis 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 6
  • 7. Sensors Are Devices That Detect [and often record] Data (cont.)  Cars have Event Data Recorders [EDRs] that even record items including SEAT POSITION: http://media.mgnetwork.com/blackbox/  Sensor data can be stored locally or in distributed fashion  “Smart” appliances such as refrigerators, microwave ovens, door locks, and HVAC systems report data to servers.  Servers from iTunes to Amazon to Cox to Comcast to Facebook preserve data sent and received on computers and mobile devices. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 7
  • 8.  Toll bridges and toll roads, many traffic lights, and police department stolen car units – AND PRIVATE COMPANIES – scan license plate data at entry points and also in cities at large.  Many modern vehicles transmit useful information TO OTHER VEHICLES in the upcoming “V2V” formats.  Workplace computer systems are often required to journal emails, and in some cases, web references, for several years.  Traditional E-Discovery is the springboard. The Internet of Evidence is the extensionof E-Discovery to everyday life. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 8 Sensors Are Devices That Detect [and often record] Data (cont.)
  • 9. The Net Effect Is That Sensor Data Is Exploding  No less a player than IBM is paying great attention to this phenomenon, in a 1-hour Webcast, “Solving the Big Data Challenge of Sensor Data” http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=ST&htmlfid=IMV14323USEN  The phenomenon will only grow larger with time. 37 billion divices will be Internet connected by 2020. Thought leaders refer to this as the “Internet Of Things” [“IOT”] http://en.wikipedia.org/wiki/Internet_of_Things There is even…  The “Internet of Everything” [“IoE”] http://www.qualcomm.com/solutions/ioe 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 9
  • 10. The Net Effect Is That Sensor Data Is Exploding (cont.)  The legal system has no choice but to incorporate this flood of sensor data into its practice.  We now truly have the “Internet of Evidence™” 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 10
  • 11. The Internet of Evidence Is As Ground Breaking as Fingerprinting or DNA!  The sensor data and the Internet of Evidence™ support:  Determination of time lines  Identities of actors  Alibis  Intent of actors  External and environmental conditions  Who knew what, and when they knew it 1/11/2016 The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 11
  • 12. The Internet of Evidence Is As Ground Breaking as Fingerprinting or DNA! (cont.) Just as with physical evidence, Internet of Evidence™ is subject to:  Requirements for discovery, seizure, chain of custody, and accurate transcription  Possible tampering, forgery, and counterfeiting, and  Intentional or inadvertent loss or destruction. 1/11/2016 The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 12
  • 13. Case Study Number 1 – The Data Collection That Didn’t Happen  <Case name withheld at request of subject attorneys>  California Criminal case – molestation of underage female victims by 17-year-old male, July 2011  A family event with parents, defendant, two younger brothers, older married sister, two nieces [6 and 8], and a family friend [11]  Defendant was professionally employed as a paparazzi photographer 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 13
  • 14. Case Study Number 1 – The Data Collection That Didn’t Happen (cont.)  While sister [nieces’ mom] went shopping, Defendant was asked to:  Take paparazzi photos of 3 girls using Canon EOS 60D DSLR  Download music from iTunes to sister’s laptop  “RIP” some music CDs to sister’s laptop  Sister was gone for 45 minutes  Family barbecue went on as planned  11-year-old reported molestation to girlfriend after starting 7th Grade in September 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 14
  • 15. Internet of Evidence™ Involvement  Alibi consisted of testimony that the Defendant was too busy doing digital tasks to have committed any crime.  Victim interviews done by male investigator with no specialized training in this area. Psychological evidence is not discussed in this Webinar  Zero digital evidence was preserved, at the discretion of the investigator. Investigator testified there would be nothing of value. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 15
  • 16. Internet of Evidence™ Involvement (cont.)  Internet of Evidence™ consisted of:  Laptop hard drive  Time / Date stamps of all relevant files  Non-File Area [NFA] data from potential deleted files  Canon memory card  File system data  Exif header data  iTunes transaction data, with time tags  Potential Internet Service Provider packet data  Potential geo-reference data from any cell phones  Other data? 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 16
  • 17. Internet of Evidence™ Involvement (cont.) Analysis should have included: Reconstruction of activities needed to achieve the digital results shown by the evidence  Some potential operations could be “batched”, but some could not Potential reconstruction of rooms visited by the relevant parties 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 17
  • 18. Resolution  Trial lasted for about 15 days  14 counts = Life Without Parole, due to age of alleged victims and multiple victim enhancement  Family split – sister on one side, parents siding with Defendant  Nieces recanted testimony  Acquittal on 6 charges; Hung jury on 8 charges; DA deciding whether to re-file 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 18
  • 19. Analysis  What should have been done:  Impound all Internet of Evidence™ data immediately  Create perfect copies using NIJ-approved passive copy apparatus  Subpoena relevant records from Internet Service Provider, iTunes and/or other vendors  Once Internet of Evidence™ data is secure, THEN determine if data has probative value [it may not!]  If probative value cannot be ruled out, analyze data using qualified experts  If no experts on staff, LOOK ON THE INTERNET! There are specialists all over. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 19
  • 20. Questions? 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 20
  • 21. Case Study Number 2 – The Text Message from Who Knows Where  <Case name withheld by request of subject attorneys>  California Criminal contempt case – Wife received text messages on her cell phone with husband’s cell number as callback, in violation of no-contact order  Husband is a business owner, wife is a divorce attorney, disputed custody of 6-year-old daughter  Husband alleged wife knew his cell phone provider password; she or a co-conspirator could have logged into the web account and forged husband’s identity in sending of message  Husband took voluntary polygraph test, registered NDI 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 21
  • 22. Analysis  Internet of Evidence™ issue: If such a forgery were perpetrated via a Web login instead of an actual cell phone, is such a forgery detectable from either the receiving cell phone or from the web record?  Interestingly, no. Text message formats do not retain path data [“Envelope data”]].  Cell phone provider records have envelope data and can be subpoenaed, but are retained for only 10 days, and then are erased. Retrieval actions came TOO LATE. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 22
  • 23. Resolution  Text message charge dropped.  What should have been done:  Impound all Internet of Evidence™ data immediately  Create perfect copies using NIJ-approved passive copy apparatus  Subpoena relevant records from cell phone provider before destruction date.  THEN analyze to see if data is relevant 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 23
  • 24. Summary  The Internet of Evidence™ is potentially as much of a game changer to civil and criminal jurisprudence as fingerprinting and DNA analysis were in their day.  Internet of Evidence™ information exists literally everywhere in many contemporary legal matters  Such data may have profound consequences.  [Of course, such data is not magic, and may not exist in all cases. And it may not have probative value.] 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 24
  • 25. Summary (cont’d)  The safest course is to follow the standards for E-Discovery and evidence in general:  Identify where evidence can possibly be. Time is of the essence  Preserve it - Impound [or at least write-protect] all Internet of Evidence™ data immediately  Subpoena relevant records from Internet Service Provider and/or vendors while it is still available  Preserve writeable media such as hard drives from being overwritten  Gather it - Create perfect copies using NIJ-approved passive copy apparatus  Process it – this might mean forensic recovery or other measures  Review and analyze it to determine what is relevant  Produce it for the Court or for Opposing Counsel, as required 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 25
  • 26. Summary (cont.)  Once Internet of Evidence™ data is secure, THEN determine if data has probative value  If probative value cannot be ruled out, analyze data using qualified experts  If no experts are on staff, LOOK ON THE INTERNET! There are specialists all over.  The field is so large that no one individual can be an expert on all areas.  Individual specialists may need to research highly case-specific questions.  For large or complex cases, one expert may need to function as a Lead Investigator. 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 26
  • 27. Final Words  The Internet of Evidence™ has only recently arrived, but it is here to stay  There were, literally, ZERO cell phone photos or movies from inside the Twin Towers. Such devices are now the most common platforms for watching NFL games, after TV!  When a new fleet of helicopters arrived with an aviation unit at a base in Iraq, some soldiers sent pictures of the flight line to some “pretty girls” in Sweden with whom they were corresponding... From these photos , Al Qaeda operatives posing as the girls were able to determine the exact location of the helicopters inside the compound and conduct a mortar attack, destroying four of the AH-64 Apaches. http://www.army.mil/article/75165/Geotagging_poses_security_risks/ 1/11/2016 The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 27
  • 28. Final Words (cont.)  “During Israel’s 2006 war in southern Lebanon with Iranian- backed… Hezbollah, Iranian SIGINT professionals tracked signals coming from personal cell phones of Israeli soldiers to identify assembly points of Israeli troops that may have telegraphed the points of offensive thrusts into Lebanon. “http://defensetech.org/2012/03/15/insurgents-used-cell-phone-geotags-to-destroy-ah-64s-in-iraq/  http://petapixel.com/2012/12/03/exif-data-may-have-revealed-location-of-fugitive-billionaire- john-mcafee/ 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 28
  • 29. How to Reach Me Wayne B. Norris 2534 Murrell Road, Santa Barbara, CA 93109-1859 805-962-7703 Voice 805-456-2169 FAX Wayne@WayneBNorris.com http://wayneBNorris.com http://TheInternetOfEvidence.com 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 29
  • 30. QUESTIONS? 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 30
  • 31. THANK YOU! 1/11/2016The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes! 31
  • 32. CLE Information This webinar is eligible for CLE credit in CA, IL, MN, MO, NJ, PA, and TX. To ensure you receive your CLE credit, please complete the survey at the end of the presentation. Thank you, The TASA Group © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
  • 33. The TASA Group In addition to being your best source for testifying and consulting experts, TASA also offers: E-Discovery and Document Management Solutions Free, Interactive Webinars Research Reports on Expert Witnesses: — Challenge History Report 2.0 (CHR2.0) — Professional Sanction Search (PSS) — Expert Profile 360 (EP360) © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319
  • 34. THANK YOU! We will be sending out the a link to an archived recording of this webinar tomorrow morning. The archived recording will also be posted in the Knowledge Center on TASA’s website. If you have any follow-up questions or comments, please email Carol Kowalewski at ckowalewski@tasanet.com. © 2014 The TASA Group, Inc. www.tasanet.com Technical Advisory Service for Attorneys (800) 523-2319