National Framework for Digital Forensics: Bangladesh Context

Forensics Geeks: Md. Safiuddin RusselMd. Abu Taher Dulal

Md. Masud ParvezRajib Mahmud

Hasan Al Monsur

Md. Safiuddin Russel Preface... Digitization in our daily life The Need For Digital Forensics

Investigation Framework Objectives

Bangladesh is a young and rapidly growing population is 160 million. According to BASIS 2012 survey the ICT industry is consistently growing 20% to 30% per year. Most of our IT investment focused on Financial, Telecomm and Government sector. Now a day we cannot think a day without Information Technology as we are living on Information Age. We are very quickly accustomed to keeping and using digital information. While we are keeping our processed data on different digital media, security is one of the key issues in contemporary computing and is relevant to a wide range of activities, including software development, networking and system. Some people will then take the advantages of these loosely coupled securities and involved in different crime. Our object in this project is to make a Digital Forensics Framework which will cover Policy, Standard and give a future Guideline for investigation and presentation to law and enforcement agency.

Preface... Digitization in our daily life

The Need For Digital Forensics Investigation FrameworkThe prevention of further malicious events

occurring against the intended “target".The successful tracing back of the events that

occurred which led to the crime, and determining the guilty parties involved.

Bringing the perpetrators of the crime to justice.The improvement of current prevention

mechanisms in place to prevent such an event from occurring again.

Improving standards used by corporate security professionals to secure their respective corporate networks.

How everyone “plugged" into this digital environment can increase their awareness about current vulnerabilities and prevention measures.

ObjectivesAnalyzing the vulnerability and

subsequences of cybercrime scenario in Bangladesh.

Prepare a Policy, Standards and Guideline for different digital forensics components and fine-tuning based on the Bangladesh scenario.

Propose a Generic National Framework for Digital Forensics suitable to map user activity with legal admissibility standards as well as all types of digital crime scene investigations and prosecution of cybercriminal in Bangladesh.

Validate the proposed Digital Forensics Framework based on the Bangladesh Cyber Crime Information.

Hasan Al MonsurMost Popular Existing

Digital Forensics ModelsDigital Forensics Frameworks

Existing Digital Forensics Models Kruse and Heiser Model: These components

focus on maintaining the integrity of the evidence during the investigation. [1] Acquiring the evidence; Authenticating the evidence, and Analyzing the data.

The United States of America’s Department of Justice proposed model. [1]collection; examination; analysis, and reporting.

Existing Digital Forensics Models (Cont.) The Scientific Crime Scene Investigation Model

proposed by Lee. [2] Recognition; Identification; Individualization, and reconstruction.

Brian Carrier and Eugene Spafford [3] proposed yet another model that organizes the process into five groups consisting all in all 17 phases.Readdiness

PhasesDeployment

Phases

Physical Crime Scene

Investigation Phases

Review Phase

Digital Crime Scene

Investigation Phases

Existing FrameworksThe Digital Forensics Research Working Group

(DFRW) developed a framework [4] : Identification; Preservation; Collection; Examination; Analysis;Presentation, and Decision.

Existing Frameworks (Cont.)Reith proposed Framework [5]:

Identification;Preparation; Approach; Strategy; Preservation; Collection; Examination; Analysis;Presentation, and Returning evidence.

Existing Frameworks (Cont.)Framework proposed by Ciardhuáin [6]

Awareness;Authorization; Planning; Notification; Search for and identify evidence; Collection;Transportation; Storage; Examination; Hypothesis; Presentation; Poof/ Defense, andDissemination

Md. Abu Taher DulalProposed Digital Forensics

FrameworkBangladesh Context

Proposed Framework

Pre Process

Awareness

Authorization

Preparation

Planning

Approach

Approach Strategy

Preservation

EvidenceCollectio

n

Transport

Storage

Analysis

Evidence Examinati

on

Hypothesis

EvidenceAnalysis

Presentation

Presentation /

Reporting

Decision / Critics

Post Process

EvidenceReturnin

g

Project Close

Send Project to Archive

Proposed Framework (Cont.) Authorization (approval) Preparation (intelligence for search, adequate toolkits,

operational briefing, task allocation) Approach strategy: that develops a procedure to use in order to

maximize the collection of untainted evidence while minimizing the impact to the victim.

Preservation: which involves the isolation, securing and preservation of the state of physical and digital evidence.

Collection: that entails the recording of the physical scene and duplicate digital evidence using standardized and accepted procedures.

Examination: which involves an in-depth systematic search of evidence relating to the suspected crime.

Analysis: which involves determination of the significance, reconstructing fragments of data and drawing conclusions based on evidence found.

Presentation: that involves the summary and explanation of conclusions.

Returning evidence: that ensures physical and digital property is returned to proper owner.

Md. Masud ParvezCyber Crime Cases Reported in BangladeshCases Validate Proposed Digital Forensics

Framework.

Cyber Crime Cases Reported in BangladeshCase No. Case description

01

To Submit a report, A central bank probe blamed the lax monitoring of Sonali Bank's treasury division for the illegal transfer of $250,000 to a Turkish bank. The treasury division did not even perform its own duty,” Bangladesh Bank said in its probe conducted in July last year. In June 2013, the passwords of two officials of the state-run commercial bank's Shilpa Bhaban corporate branch were used to send payment instructions for $250,000 and €250,000 to Sonali Bank UK within a space of five days.

02 To Submit a report, A university teacher was posting a comment on Facebook wishing the death for Prime Minister Sheikh Hasina.

03Mr. X sent himself spoofed e-mails, which were supposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery.

04 Malicious Mail to Foreign Diplomatic Mission and Other VIPs05 Use of e-mail for illegal activities 06 Illegal Prostitution Promotion Sites from Bangladesh

07 To submit a report on usage of certain computers for making pornography and indecent films.

Cases Validate Proposed Digital Forensics Framework.

Case No Descr ip t i on

Awareness

Authorization

Preparation

Planning

Approach

Preservation

Collection

Transport

Storage

Examination

Hypothesis

Analysis

Presentation

Decision

Retuning Evidence

01 Sonali Bank treasury blamed for illegal cash transfer 

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

02To Submit a report, A university teacher was posting a comment on Facebook wishing the death for Prime Minister Sheikh Hasina.

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

03

Mr. X sent himself spoofed e-mails, which were supposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery.

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

04 Malicious Mail to Foreign Diplomatic Mission and Other VIPs

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

05Report summit for Illegal Prostitution Promotion Sites from Bangladesh

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

06To check a report on usage of certain computers for making pornography and indecent films.

N N N N N N Y Y Y Y Y Y Y Y Y

Rajib MahmudChallengesExpected OutcomesUpcoming Activity Plan & Timeline

Challenges Device Diversity Volume of Evidence Video and Rich Media Encryption Anti-forensics Virtualization Live Response Distributed Evidence Usability & Visualization Education & Certification Embedded Systems Corporate Governance & Forensic Readiness Monitoring Tools Data Volumes Counter Forensics Networked Evidence

A Generic National Framework for Digital Forensics Investigation in Bangladesh ContextDigital Forensics Investigation ProcessDigital Forensics PoliciesStandards for investigation processGuideline for Digital Forensics Investigation

Expected Outcomes

SL Activities Expected Deadline

1Preparing a generic Policy for the Bangladesh context based on the framework developed.

April 23, 2015

2Preparing a set of Standards for every components so that digital forensics investigation will be proceed in a organized manner.

April 30, 2015

3Proposing a Guideline that how the digital forensics investigation will be proceed.

May 05, 2015

4 Project Final Presentation May 08, 2015

Upcoming Activity Plan & Timeline

Reference [1] Framework for a Digital Forensic Investigation Michael Kohn1,

JHP Eloff2 and MS Olivier3 1mkohn@cs.up.ac.za, et al, Information and Computer Security Architectures Research Group (ICSA) Department of Computer Science University of Pretoria

[2] Casey, E.: Digital Evidence and Computer Crime, 2nd Edition, Elsevier Academic Press, 2004.

[3] Brian Carrier and Eugene H Spafford,(2003) Getting Physical with the Investigative Process International Journal of Digital Evidence. Fall 2003,Volume 2, Issue 2.

[4] National Institute of Justice. Results from Tools and Technologies Working Group, Goverors Summit on Cybercrime and Cyberterrorism, Princeton NJ, 2002.

[5] Reith, M., Carr, C. and Gunsch, G.:An Examination of Digital Forensic Models, International Journal of Digital Evidence. Fall 2002, Volume 1, Issue 3, 2002.

[6] Ciardhuáin, SO.: An Extended Model of Cybercrime Investigations, International Journal of Digital Evidence. Summer 2004, Volume 3, Issue1, 2004.

Thank you for your patience