International Law Enforcement and the Importance of Forensics

Anthony Di Bello

Have you noticed? International law enforcement seems to be working together much more cohesively now than in years past. For instance, last week 25 alleged members of the hacker collective “Anonymous” were arrested within countries throughout Europe and South America, including Argentina, Chile, Colombia, and Spain.

There are plenty of other examples, such as last fall when Philippine police arrested four in Manila who allegedly paid a Saudi Arabian group to hack into AT&T. And this past fall there were charges brought against six Estonians and one Russian for allegedly taking part in a massive Internet fraud scheme that infected more than four million systems worldwide. According to this FBI press release computers belonging to NASA, educational institutions, non-profit organizations, commercial businesses, and individuals were affected. The malware secretly altered the settings on infected computers allegedly enabling those behind the attacks to digitally hijack Internet searches and re-route computers to certain websites and advertisements, the FBI said.

A number of years ago we would have never heard of so many arrests. In fact, such arrests were far and few in-between. There are a couple of reasons why we’re seeing more success today. First, there is much - incredibly so - more international cooperation among law enforcement. There’s more data sharing on criminals and suspects, and there’s more co-ordination on arrests and investigations. It became clear, years ago, that cyber-crime is an international phenomenon and required an international solution. We’re now witnesses the results of the efforts of the international law enforcement community from years ago.

However, cyber-crime is also a local phenomenon. And it’s especially local, very much so, when you’re the organization that was breached. However, working with law enforcement in these situations isn’t always easy. Their dockets are full and new cases are pouring in every day. They have to pick and choose the best cases, based on a number of criteria. Such criteria could include the magnitude of the crime and the quality of the evidence gathered.

And that’s an important point: the quality of the evidence you can gather. There’s hardly anything about being breached that an organization can control. You can’t control when you are breached, what specifically the attacker seeks, and how successful the adversary is in their goal (not for lack of trying on your part to defend yourself, of course). Fortunately, you can control the quality of the evidence you gather and how well your incident response team responds.

And this is an area where EnCase Enterprise v7 shines. Investigators can quickly acquire forensically sound data from anywhere, conduct granular analysts, and provide actionable reports to present in court or substantiate that a crime has occurred to law enforcement. Because the last thing you want, aside from being breached in the first place, is for the culprits to get away with it. For more information about EnCase Enterprise v7, visit here.

No comments :

Post a Comment