T

Your Source for Reliable Corporate and Investigative Security Information

A P u b l i c a t i o n o f K e s s l e r I n t e r n a t i o n a l
FRAUDBUSTERS

Technology Edition
Number 1 Vol ume 9
1
upon us in recent years, it has
also revealed a dark side. High-
tech crime has become as wide-
spread and common as street
crimes, and even worse, the vic-
tims usually have no idea
they're under attack until it's too
late. From simple software
piracy to high-level corporate
espionage, techno-crooks work
under the cover of silence and
anonymity. And because their
methods revolve around new
technology, there may not be
laws or police techniques in
place to stop them. Gone are the
simpler days, when a good, old-
fashioned mugging was the pre-
ferred method of theft now
robbers sit in front of a comput-
er screen, swiping credit card
information or passwords from
unsuspecting Internet denizens,
and taking home a lot more than
a few crumpled dollar bills.
Of course, law enforcement
has done its best to keep up with
the bad guys, passing new laws
and developing new techniques
to stop them in their tracks.
Today, criminals are convicted
due to solitary pieces of digital
evidence, files that are physical-
ly nothing more than a series of
magnetic particles. Tracks that
cybercrooks thought they cov-
he past decade has certainly
been memorable technology
has exploded, advancing so rap-
idly that most people simply
can't keep up. The PC that was
considered state-of-the-art at the
turn of the century is now bare-
ly powerful enough to run a
standard operating system.
Wireless technology has
expanded so fast, that customers
can hardly get used to their
phones or PDAs before they are
eclipsed by the next best thing.
Home computer users are surf-
ing the Internet at speeds they
would have thought impossible
only a matter of years ago. Tons
of information is only a mouse
click away, and people are com-
municating with others from all
over the globe without ever get-
ting off their chairs.
Technology has truly changed
the face of business and society
at large by leaps and bounds,
and not since the Industrial
Revolution has something man-
aged to alter the lifestyles of so
many people worldwide.
Impressive? Yes. Amazing?
Perhaps. Dangerous? Without a
doubt.
Because for all the conven-
ience, entertainment and "wow"
value technology has bestowed
ered by deleting incriminating
files are restored and presented
in court. Unscrupulous workers
who cost their employers money
or tarnish reputations are
revealed and dealt with accord-
ingly. How is this all possible?
The answer is simple. The
answer is computer forensics.
Computer forensics, in a
nutshell, is the application of
technical knowledge and inves-
tigative techniques to find, iden-
tify, preserve and present evi-
dence contained within and cre-
ated with computer systems.
The goal of computer forensics
is essentially the same as with
any other investigation, and the
same rules of evidence and legal
processes still apply. Finding
out the who, what, where, when
and why is still the prime direc-
tive of any examiner, only the
methods used to answer those
questions are now considerably
different.
The Bits and Bytes of
Computer Forensics
Whether the need for a
computer forensics expert is for
a large corporation or an indi-
vidual who wants to see what
their son is doing online, the
first rule of computer forensics
is crucial Do not destroy the
evidence. Data can be altered or
completely eradicated very easi-
ly without the knowledge of the
user, and the failure to preserve
data can make or break an
investigation. In fact, simply
opening a single file, or turning
a computer on or off can perma-
nently taint or completely over-
write otherwise useful informa-
tion. IT administrators some-
times believe they are helping
investigators, when in reality
they are actively destroying
potential evidence!
Acquiring such evidence is
clearly a delicate process, and
forensics experts take great care
in the physical and virtual han-
dling of all sources. If hardware
needs to be sent off-site to a lab,
drives and other devices are
carefully packed in foam and
protected from harmful jostling.
On-site acquisition is done as
quickly and discreetly as possi-
ble, without disrupting opera-
tions or arousing suspicion.
When the time comes to
extract evidence, an investigator
will make an exact copy of the
media, not just a copy of the
folder contents. The informa-
tion is written onto a form of
Computer Forensics: Sherlock Holmes in the Information Age
continues on page 6
L
2
Whats Infecting Your Computer?
et's face it the Internet is
getting out of control. A few
years ago, broadband connec-
tions linked lucky users to a ver-
itable ocean of digital informa-
tion and entertainment, with
promises of real-time video and
unparalleled interactivity. But
reality has since hit surfers hard
(especially those on a network
or using a cable modem). The
future, now the present, isn't all
it was cracked up to be. The
Internet is rife with headaches,
so many in fact, that most peo-
ple don't know the difference
between a virus and the Trojan
horse it rode in on.
Here's how to tell the differ-
ence between those potentially
harmful buzzwords, and how to
protect your PC from hackers
and malicious programs:
Virus
A virus is basically a small
program that propagates itself,
infecting programs and various
files on the same computer.
Viruses have a range of effects,
some more damaging than oth-
ers. Some can erase your entire
hard drive, and some are merely
annoyances. No matter what the
effect, however, it is important
to remember that a virus can
only be spread to other comput-
ers by user interaction, such as
transferring the file via file shar-
ing, a physical disk, or as an e-
mail attachment. Of course,
since viruses can infect many
other files without being detect-
ed, users are usually unaware
they are sending their friends
and co-workers contaminated
data.
Worm
A worm is much like a
virus. A worm is self-propagat-
ing, and can have a variety of
effects on a machine, from file
deletion to general slowdown.
Unlike a virus, however, worms
can spread automatically over a
network, infecting one comput-
er after another by taking
advantage of automatic file
sending/receiving features that
are standard on many comput-
ers, but unknown to most users.
Generally, users have no control
over the installation of a worm,
and since they are easy to
spread and modify, anti-virus
programs can not always stop
them from spreading.
Trojan Horse
Trojan horse is a fairly gen-
eral term that refers to a file that
appears to be desirable per-
haps a free game, a funny movie
clip or a hot new song but
actually contains malicious
code that is harmful to your
data. Like a virus, a Trojan
must be sent and executed by a
user, but unlike viruses or
worms, Trojans do not self-
replicate. However, once a
Trojan is executed, there's no
telling what the code within will
do to your computer, and that
includes unleashing embedded
viruses or worms.
Spyware / Adware
Spyware is the latest and
greatest annoyance for many
computer users. Spyware, in
general, is any software that
aids in collecting information
about a user without their
knowledge or consent. These
programs generally do not per-
form any harmful actions (such
as erasing files), but they can
hog system memory and may be
transmitting personal informa-
tion across the Internet. Often,
spyware is unwittingly installed
by users who download free
applications, or is installed
automatically while users
browse certain websites.
Unfortunately, spyware is usu-
ally quite difficult to remove
from computers, and often rein-
stalls itself even after the user
has uninstalled or deleted it.
Adware generally refers to
advertisement-supported soft-
ware or programs that produce
banners, pop-up windows, or a
variety of other irritating ads
that generate revenue for the
company that produced the soft-
ware. Unlike spyware, adware
is typically more up front about
its intentions to harvest infor-
mation or deliver targeted
advertising, but these intentions
are usually hidden among the
rest of the small print in the
software's license agreement,
which most people don't bother
to read.
How to boost your PC's
immune system
As technology keeps
advancing, it's inevitable that
you will someday end up with
unwanted glitches on your com-
puter. However, there are ways
to help reduce the chances of
infection and keep your com-
puter running smoothly.
Install anti-virus software,
update virus definitions regular-
ly, and scan all incoming files.
While not completely foolproof,
an updated virus checker can
help keep harmful viruses,
worms, Trojans and some spy-
ware at bay. McAfee VirusScan
and Symantec's Norton Anti-
Virus are among the most popu-
lar packages.
Set up a firewall. Network
professionals certainly know
the benefit of having a firewall,
but personal computer users
should also set one up to help
keep hackers from infiltrating
your PC and stealing your per-
sonal information.
If you are running Windows,
be sure to download security
updates from Microsoft.
Updates are usually available
every month or so, and contain
important security and opera-
tional patches.
Never open an e-mail attach-
ment unless you are absolutely
sure what it is and where it came
from. Even mail from a friend
could be the result of a virus that
has distributed itself through
your friend's address list.
Never agree to pop up win-
dows that offer software
updates, browser tools, plug-ins,
or anything else that you aren't
100 percent sure of. If you think
you need to download it, you
can always find it at the compa-
ny's website.
Watch out for hidden file
extensions. Only the last exten-
sion of a filename counts, so
that seemingly innocent-looking
family.jpg might actually
be an executable file named
family.jpg.exe. You can set
Windows to display hidden file
extensions in the Folder Options
menu.
Read license agreements for
any software you download.
Remember, very few things are
free in this world, and chances
are if you're downloading a
"free" program, it's probably
adware, or it contains unde-
tectable spyware.
Run updated adware/spyware
elimination software. Good
choices include Spybot - Search
& Destroy by PepiMK Software
and Lavasoft's Ad-aware.
Consider using an alternative
to Microsoft's Internet Explorer
browser. Mozilla, Avant
Browser and Opera generally
offer excellent features and
tougher security.
If you do use Internet Explorer
(and most people do), set the
security settings to at least medi-
um to help filter out possible
issues.
Your data, whether it
resides on a home computer or a
company server, is important to
you. For most individuals, it
contains years' worth of work,
photos, and personal informa-
tion. At the corporate level, it is
usually at the center of day-to-
continues on page 3
S
3
Whats Infecting Your Computer?
continued from page 2
day operations, and it likely
contains a wealth of sensitive
records. You can't allow your
systems to be sabotaged by
malicious programmers or devi-
ous freeware.
Sometimes, of course,
viruses and their sinister ilk may
somehow find their way into
your systems and corrupt, even
destroy your important data.
Thankfully, Kesslers skilled
technicians can perform emer-
gency data recovery on any type
of media, and our computer
forensics experts can help you
track down the source of the
electronic assailants. We are
efficient, professional and
effective, and we can provide
insight and solutions to even
your gravest IT issues.
K
You might have heard of the famous "Twinkie
Defense," referring to the 1979 case in which former San
Francisco city supervisor Dan White was found not guilty
of first-degree murder charges, due in part (according to
much of the media) to his diminished mental capacity
thanks to severe depression, and a diet of cola and
Twinkies. While the media blew the actual relevance of
Twinkies to the defense out of proportion (White's psychi-
atrist only suggested that his diet was a sign of his deep-
ening depression), the public outrage over his relatively
light sentence for the murders of Mayor George Moscone
and Supervisor Harvey Milk led to the coining of the
Twinkie Defense term. Now it often refers to a defense in
which the accused attempts to lay the blame for a crime
they clearly committed on something else, such as mental
instability, instructions from a higher power, or a high-
tech saboteur.
One new version of this type of defense places the
blame for computer crime on Trojan horses--executable
files that seem innocuous, but contain malicious code.
Recently, in the United Kingdom, three separate court
cases were decided on the basis that someone else put
code on the defendants' computers via a Trojan horse,
causing their machines to break the law without their
knowledge. Two of these cases involved the presence of
child pornography on the defendants' computers, and both
were acquitted when investigators found evidence of
Trojans that would apparently take the user to kiddie porn
websites. Athird case involved a teen that was accused of
launching a denial-of-service attack on a U.S. server loca-
tion, but he too blamed a Trojan horse, saying it allowed a
hacker to control his computer remotely. Investigators
were not able to find evidence of a Trojan, but the teen
claimed it had erased itself. After experts reviewed this
possibility, he too, was acquitted.
Whether these cases were well-handled is up for
debate. One could argue that the defendants were lying
and investigators were simply not up to the task. Or per-
haps all three defenses were indeed legitimate, and justice
prevailed. Either way, it is likely that this type of defense
will become more common, particularly in child pornog-
raphy cases. Therefore, it is important for law enforce-
ment, lawyers, investigators and the general public to gain
a better understanding as to what Trojans, viruses, and
other electronic attacks can do and how they can ultimate-
ly determine someone's guilt or innocence.
The computer forensics wizards at Kessler
International are among the most knowledgeable in the
world, and can provide you with accurate evidence and
exceptional litigation support. Our experts have years of
technical and investigation experience behind them, so
you can rest assured from Twinkies to Trojan horses,
Kessler's got it covered.
The Trojan Horse Defense
Coming Soon To a Courtroom Near You
Stop Harassing Email
ticks and stones may break
bones, and as most people
unfortunately have come to real-
ize, words can certainly hurt.
Or land you in hot water. Never
was this more true than in our
technologically-facilitated (or
complicated, depending on your
point of view), and increasingly
sensitive and paranoid world,
where nearly all our communi-
cation can be tracked, scanned
for plots and threats, and ulti-
mately produced in a courtroom
in plain black and white.
With all the advanced
methods of keeping tabs on our
fellow citizens, you might think
that people would think twice
before saying, or writing, some-
thing stupid, threatening or ille-
gal. And perhaps they do but
with every new technology
come waves of people who
abuse it, and the Internet is no
exception. Thanks to the mod-
ern miracle of email, unsuspect-
ing folks can now be stalked and
harassed in cutting-edge ways,
and the perpetrators can pull it
off without ever being caught.
Indeed, the allure of anonymity
is one of the main reasons the
Internet became the silicon
monster it is today.
For instance, the entire face
of sexual harassment, itself a
relatively modern concept, was
changed upon the arrival of
email. No more did leering co-
workers need to make unwanted
passes or insensitive comments
in person. Email allowed any-
one to send whatever they wish
to their intended target, and usu-
ally, the sender could remain
toally anonymous. Nameless
hooligans could bombard ene-
mies with scads of junk mail,
introduce system-crippling
viruses, or even worse, deliver
personal threats that could leave
recipients fearing for their own
safety. Worst of all, victims
could hardly do anything to pro-
tect themselves beyond contact-
ing ISP or system administra-
tors, and often, those roads
would lead to nowhere.
However, as the old adage
goes (updated for the 21st
Century, of course), the Net
giveth, and the Net taketh away.
It is possible to track down
those who abuse the freedom of
the online realm, and put a stop
to their high-tech hijinx.
Kessler International has a
wealth of experience in tracking
hostile contact. Our staff of
highly-skilled computer foren-
sics experts will follow the trail
of bits and bytes back to the
source, and bring the authors of
harassing email to justice so
that you can breathe easy once
again.
K
I
4
Automatic Thieving Machines: ATM Frauds Exposed
t's a relatively mundane,
everyday type of task you go
to the ATM, you slide in your
card, you type in your PIN, you
take your cash and you leave.
You've probably done it hun-
dreds, maybe thousands of
times, and chances are you don't
often give security a second
thought. Sure, you keep your
PIN a secret and you keep a
close watch behind you in bad
neighborhoods, but most people
don't expect to get robbed at
their local bank or corner deli
during business hours. And
that's exactly what the criminals
want. Because even though you
might be looking over your
shoulder for hoodlums, today's
technologically-advanced rip-
offs often occur right in front of
the victim's nose.
As surveillance and other
safety features have been inte-
grated over the years into ATMs,
old tricks of the trade have less-
ened in popularity with crooks.
These days, instead of sticking a
gun in someone's back or
smashing open the machine,
thieves often rely on technology
to reap ill-gotten gains.
Increasingly sophisticated
scams can range from simple
card skimmers to complex data
wiretaps, and victims usually
don't know they've been cheated
until they try to withdraw funds
from an empty account. Even
more alarming, the victim usu-
ally plays a major part in the
outlaw's success, unwittingly
giving their PIN away to a total
stranger! In fact, most scams
rely almost solely on the gulli-
bility and the trusting nature of
people who don't know how to
spot an impending case of iden-
tity fraud.
Types of Scams
One of the most effective
scams is known as skimming,
using electronic devices to read
and store information located on
your bank card's magnetic
stripe. Skimming itself is not
particularly new... villainous
restaurant employees have been
using it for years, swiping cred-
it card information when cus-
tomers pay for their meals.
However, it was not until just
recently that readers were
developed by criminals specifi-
cally for perpetrating ATM
fraud.
Usually, the scam consists
of two physical pieces of equip-
ment that are attached to the
ATM. First, a skimmer that is
designed to look like the card
slot of that particular machine is
attached, typically secured with
double-sided tape. This device
often looks very authentic, and
only the very vigilant notice the
difference. Sometimes this
skimmer allows the ATM to
function normally and some-
times it is just a false front, but
either way it reads the info on
the card. In one creative (and
successful) scam, a skimmer
was disguised and labeled as a
"card cleaner," which people
actually used to clean the mag-
netic stripe on their cards!
The second piece of equip-
ment is a small camera, usually
embedded in a long strip or
other seemingly innocuous item
(such as a brochure holder) that
is attached to the top or side of
the ATM. This camera records
the PINs that are input by bank
customers. While this method
is most common, some sophisti-
cated skimming devices are
able to record PINs, and some
crooks place a transparent plas-
tic overlay on the keypad,
which customers think is to
keep the keypad clean, when in
reality microchips in the device
record every keystroke. The
thieves then take all this infor-
mation and produce phony bank
cards with equipment that often
costs less than $200. At that
point, it's only a matter of visit-
ing any ATM to withdraw as
much money as they can.
Another relatively new
scam involves a simple, often
crude device commonly known
as the "Lebanese Loop." The
apparatus used is basically a
thin piece of magnetic tape
(such as videotape) or other
piece of plastic that, when
inserted into an ATM card slot
(excluding those that use the
"dip" method), will prevent the
machine from reading cards,
trapping them inside the slot. In
most cases, when someone
loses their card inside the slot, a
"helpful" stranger advises them
to input their PIN a couple times
and press the cancel button,
claiming it will release the card.
When this doesn't work, the
frustrated customer leaves,
assuming the machine has sim-
ply devoured the card. Of
course, all the crook has to do
now is remove the tiny contrap-
tion, retrieve the card, and use
the PIN that was acquired by
looking over the victim's shoul-
der (an oft-used method called
"shoulder surfing") to withdraw
cash from any ATM location
they wish.
Another type of ruse is per-
petrated by particularly ambi-
tious thieves who make an
investment in their pilfering,
purchasing their own ATM and
rigging it to collect customer
information. ATMs are widely
available for purchase by indi-
viduals and businesses, often
for less than a couple thousand
dollars. These machines are
generally placed in small stores
and other convenient locales,
much like legitimate ATMs. In
fact, some fraudsters will even
post "out of order" signs on the
real machines that point cus-
tomers directly toward the
phony one! For successful
crooks, the new machine is eas-
ily paid off after a few with-
drawals, and once they've pock-
eted enough cash, it's off to the
next location.
Rounding out the modern
scams is something that's more
or less high-tech robbery, some-
thing that most people could
only imagine happening in a
movie. Sophisticated wiretaps
or "listening devices" can be
used, primarily on stand-alone
ATMs (like those at a mall or
convenience store), to intercept
and sometimes even change
information that is shared
between the machine and the
computer system it connects to,
wherever that may be. With a
few special skills and a laptop
computer, countless account
numbers and PINs can be
recorded and copied to fraudu-
lent cards.
Of course, there are plenty
of lower-tech cons that target
the nave bank customer. One
of the more popular schemes is
for the shyster to call an ATM
user whose card he has found or
stolen, posing as a bank employ-
ee, police officer or other
authority. The PIN is obtained
by telling the user that it is
required by law to give their
PIN to recover the lost card, or
that they must verify their old
PIN to obtain a new one. Either
way, many people readily give
up their number in order to com-
ply with the supposed law, and
soon find their bank account is a
lot lighter.
How to Fend Off ATM Fraud
If there is one silver lining
to this dark cloud, it's that ATM
frauds usually to not result in
great permanent loss for the
bank customer. Banks are all
FDIC insured, and under the
Federal Electronic Fund
Transfer Act, customer liability
is minimal, as long as the loss is
reported as soon as possible.
Some states, for instance, have
followed the lead of credit card
continues on page 5
5
giants Visa and MasterCard, and
capped consumer liability for
ATM and debit card transactions
at $50. However, if the loss is
reported quickly enough, most
customers who are ripped off
will not lose any of their money,
just a portion of their time and
sanity.
Still, there is no reason for
anyone to simply dismiss safety
and privacy when it comes to
ATM use. This type of fraud
cost American banks an estimat-
ed $51 million in 2002, and both
financial institutions and ATM
manufacturers are taking notice.
Increasingly sophisticated alarm
systems, tamper-proofing meth-
ods, and other types of protec-
tion are being developed, such
as software that can track ATM
users' spending habits, flagging
unusual transactions and even
geographical anomalies, just in
case someone halfway across
the globe decides to use your
card the same day as you. Some
legislators want to take it a step
further, and create laws that
would make background checks
and licensing requirements
mandatory for those who wish
to purchase and operate an
ATM. Clearly, the industry is
hoping to curtail the progress of
thieves as much as possible.
However, the losses eventu-
ally become more than just the
corporations' problem, as user
fees continue to pile up to com-
pensate for the damages.
Thankfully, even the simplest
measures can keep you from
becoming a victim of yet anoth-
er ATM flimflam:
Never, under any circum-
stances, give your PIN to any-
one, write it on your card, or
leave it in your wallet or purse.
Make sure nobody can see
you punch in your PIN. Stand
close to the machine and use
your hand to shield the keypad.
Key in your PIN only when
prompted by the ATM screen.
Try to avoid stand-alone
ATMs if possible. These are
usually privately-owned and
more susceptible to fraud. Use
a bank ATM instead.
Avoid ATMs in poorly-lit or
generally unsafe areas, and
leave immediately if you feel
suspicious of people nearby.
Never accept help from
strangers when using an ATM,
and always be wary of people
asking for help.
Never use an ATM with a
blank screen.
Inspect the machine for any
signs of tampering, such as false
card slots or Lebanese Loop
devices.
Never count your cash at the
ATM. Put it away and count it
in a safe location.
Cancel your card immediately
if it is lost, stolen, or retained by
an ATM, and report the incident
to your bank or police.
Lower your withdrawal limits
to an amount that suits you, but
will not allow potential crooks
to empty your account.
And finally don't forget
your card!
While guidelines such as
these seem like common sense,
a majority of people tend to be
relatively careless in their ATM
use, and that's exactly what the
criminals are banking on. By
keeping these tips in mind,
you'll be able to stay a step
ahead of the scoundrels who
aim to cheat the system, and
you can rest easy knowing that
your identity is safe.
K
As computer crime continues to proliferate, and the
demand for system security increases, many companies
are hoping to save time and money by taking matters of
computer forensics into their own hands, purchasing soft-
ware tools and training existing employees to investigate
security breaches and employee abuse. While this in-
house method may seem to be a low-cost solution, it may
not be the best one.
Q: What are some of the main pitfalls of "do-it-yourself"
investigation?
A: First of all, it is important to understand that the
emphasis of any computer investigation, just like any
physical crime scene, is obtaining concrete evidence that
is not altered in any way. By choosing to conduct inves-
tigations themselves, companies and individuals can inad-
vertently tamper with critical evidence. Simply turning a
subject's computer on or off can cause files to be erased,
written, replaced or otherwise altered, and if you are look-
ing to make a case, these corrupted files may be inadmis-
sible in court.
Secondly, by conducting investigations in-house, you
run the risk of raising suspicions among other employees,
or worse, compromising the objectivity of your inquiry.
Many employees watch each other's backs, and there is
always the possibility that you may not be getting a com-
plete report from your company investigator.
Another problem you might encounter is that most IT
workers do not have much legal experience. If you were
to take legal action against a subject, your computer foren-
sics "expert" might not be seen as such in a courtroom,
and may turn out to be useless as a witness. Not many
people have the combination of skills required to conduct
a fair, accurate investigation and hold their own in a court-
room, so if you're in doubt, it's best to call a professional.
Q: What about computer forensic kits? Can't companies
just use the same hardware and software the pros use to
get the same results?
DO-IT-YOURSELF INVESTIGATION
Automatic Thieving Machines
continued from page 4
continues on page 7
Publisher: Kessler International
Editorial Director: Michael Kessler
Editor: Susan Peterson
Written by: Nicholas Vrona
The Kessler Report (V9,N1) Copyright 2004 by Kessler International, 45
Rockefeller Plaza, Suite 2000, New York, NY 10111-2000. The Kessler
Report (V9,N1) is a Trademark of Kessler International. Printed in the
USA. No portion of this newsletter may be reprinted without crediting The
Kessler Report, a publication of Kessler International.
VISIT THE KESSLER INTERNATIONAL WEBSITE:
www.investigation.com
6
media that cannot be altered
(such as a CD-ROM or other
read-only disk), thereby pre-
serving the integrity of the data
obtained from the original disk.
This copied data can now be
scrutinized by investigators for
important information.
However, finding this infor-
mation is no easy process.
Computer forensics has been
described as looking for a nee-
dle in a mountain of needles,
with literally thousands of files
for examiners to pore over. The
procedure requires a great deal
of skill, experience and
patience. Specialized software
is used to help sort through the
labyrinth of both active files
(the files we see) and unallocat-
ed (currently unused) disk space
that may contain temporary or
previously deleted data.
Investigators may also decode
protected or encrypted files, if it
is possible and legally appropri-
ate. In some cases, sophisticat-
ed equipment is used to extract
data from damaged or destroyed
media, such as a floppy disk that
had been cut in half. Still,
despite the wealth of high-tech
gadgetry at many examiners'
disposal, finding evidence often
requires someone who simply
knows what to look for and how
to find it, a skill that only comes
with experience.
Once all this data is gath-
ered and analyzed, the investi-
gator then compiles a detailed
report for their client, after
which they are often called on to
testify at some sort of legal pro-
ceeding. In such cases, it is not
only important for the forensic
expert to possess exceptional
technical knowledge, but the
skills necessary to present the
evidence in a courtroom setting.
The ability to present informa-
tion in a logical, persuasive
manner that a jury can under-
stand, while being able to with-
stand the opposing counsel's
scrutiny, is very valuable and
often makes or breaks a case.
Crimes and Misdemeanors
Computer forensics, while
it is a specialized area of inves-
tigation, can be applied to a vast
variety of crimes and devious
activities, from high-tech sys-
tem security breaches to burgla-
ry. The primary areas in which
computer forensics is used are
law enforcement, private com-
pany investigations, and indi-
vidual consulting.
Computer forensics is regu-
larly used by law enforcement
agencies as a method of investi-
gating and prosecuting various
crimes. These days, criminals
are using computers to commit
crimes that would not be possi-
ble without them (such as hack-
ing into corporate databases,
stealing passwords and account
information, unleashing viruses,
etc.), as well as crimes that tra-
ditionally did not involve any
sort of advanced technology.
Child pornography and kidnap-
ping, for instance, are among
the most feared and widely pub-
licized crimes that often enlist
the aid of the computers. It's a
parent's worst nightmare to
think that their children could be
lured away by a smooth-typing
pervert, but it happens, and
computer forensics experts are
often called upon to track them
down and collect evidence.
While child pornography
and fraud are the most prevalent
types of computer crimes, even
homicides and grand larcenies
are solved via computer foren-
sics, when villains discuss their
plans with partners online or
compile lists of victims on their
home PC. Virtually any type of
crime can have links to comput-
ers, but what many lawbreakers
don't realize is that the electron-
ic fingerprints they leave behind
(e-mails, documents, instant
messages, etc.) can quite easily
come back to haunt them.
Many private companies
also employ the aid of computer
forensics, whether it is done in-
house or an investigator is con-
tracted by the company. It is no
secret that system security is a
major issue for most businesses,
especially in the wake of the
many viruses, worms and sys-
tem break-ins that have
occurred all over the world in
the past few years, crippling
operations and costing compa-
nies billions of dollars.
Computer forensics is also used
to help companies locate evi-
dence regarding a wide range of
matters, from sexual harassment
to intellectual property theft.
Individuals also call upon
computer forensics specialists
for a variety of reasons, such as
support in medical malpractice
or wrongful death suits, wrong-
ful termination, sexual harass-
ment, discrimination, recover-
ing lost data, or even to find out
what children and spouses are
up to on their computers.
Indeed, computer forensics can
be applied to almost any investi-
gation-worthy subject, and more
and more people are taking
advantage of this technology to
help combat crime and tackle
civil wrongdoings.
The Future of Computer
Forensics
As the world becomes
increasingly reliant on technolo-
gy, it is inevitable that comput-
er-related crimes will only
increase in regularity. As a
result, the field of computer
forensics is destined for an
extremely active future.
Already, forensics software is
littering the security landscape.
Learning institutions are
chomping at the bit to initiate
computer forensics programs,
and students seem just as eager
to learn and find a career in this
rapidly expanding field.
Of course, the future holds
some important questions. Will
there be standards? As of now,
there is no governing body or
certification standards for com-
puter forensics "experts." Many
current certifications are simply
based on certain types of soft-
ware or methodology, some are
open to only certain practition-
ers, and some are nothing more
than marketing gimmicks to sell
more of a particular tool or
training. Most examiners agree
that there needs to be some sort
of standardization so that when
an "expert" conducts an investi-
gation or takes the stand in a
legal proceeding, their client is
actually getting credible, com-
petent support.
Scientific innovations also
need to be considered.
Technology has advanced
tremendously quickly in recent
years, and the bad guys aren't
the ones playing catch-up. As
computer forensics techniques
become more advanced, so will
the methods criminals use to
stay a step ahead of the law.
Encryption, for instance, is
already considered a major
issue, and it is poised to become
an even greater hindrance as
criminals learn more about the
process. Wireless and portable
technology is another big con-
cern it is the wave of the
future, and it's a foregone con-
clusion that scams will prolifer-
ate on our ubiquitous multi-
function handheld devices in the
coming years.
Whatever the future holds
for us, one thing is for certain
computer forensics is here to
stay. The long-shot years are
dead and buried, and the horizon
looks to be packed with exciting
innovations and significant
developments in the field. We at
Kessler International are leading
the charge, and we are ready and
willing to take on any challenge
that comes our way. If you
require the services of a com-
puter forensics expert, give us a
call. Our specialists have the
experience, the knowledge and
the professionalism that will
guarantee a job well done and
another case cracked.
K
Computer Forensics
continued from page 1
7
KESSLERS CORNER
Within the last few years, the field of com-
puter forensics has grown by leaps and bounds.
The investigation of digital devices truly came
to national attention back in 1998, when the dis-
covery of e-mails produced a wealth of evidence
in the Clinton/Lewinsky scandal. Then, in
1999, Microsoft was forced to split up its soft-
ware empire in an anti-trust case that was large-
ly supported by internal electronic correspon-
dence. Soon after that came a series of corpo-
rate busts that put enormous corporations like
Enron out of business. These high-profile cases,
along with the proliferation of high-tech fraud,
gave quick rise to the business of computer
forensics, with everyone from small business
owners to global conglomerates eager to keep
tabs on their employees, and to keep intruders
from infiltrating their systems.
Now, computer forensics is one of the
fastest growing fields in the nation. One
University of Massachusetts professor called it
"the hottest thing since sliced bread." People
involved in law enforcement and information
technology are flocking to computer forensics
training seminars, hoping to become digital
detectives, and an increasing number of colleges
and universities are offering computer forensics
as a major of study. Clearly, the business is
expanding at a phenomenal rate, and the
demand for competent, well-trained profession-
als is continually growing.
However, as with any expanding entity, the
pool of skill and talent is destined to become
diluted. Training courses are available to almost
anyone who wants to try their hand at becoming
a cyber-sleuth, some entirely online-based.
There are even "computer forensics boot
camps" that promise to train IT workers in the
matters of computer crime in a matter of days.
Certifications are relatively easy to acquire, and
many IT professionals who suffered when the
tech bubble burst are now taking advantage of
this revolution, opening new computer forensics
businesses left and right. In addition, many
companies are taking matters into their own
hands, training their own people to handle the
security of their information assets.
Ultimately, while the number of computer
investigators increases, the percentage of true
experts in the field will inevitably become
smaller and smaller. It is also important to
remember that anyone can claim to produce
results, but not everyone can back up those
claims. Kessler International can. Our com-
puter forensics experts have the benefit of years
of experience, superior technical knowledge,
and unmatched investigative skills. We have the
utmost dedication to our clients, and we guaran-
tee complete professionalism and discretion, no
matter what. That's our promise that's the
Kessler International difference.
Sincerely,
Michael G. Kessler
President & CEO
The Growing Field of Computer Forensics
Q& A
A: While most professional
investigators use hardware
and software that would be
available to IT and security
departments, the key differ-
ence is analysis. Software
merely collects data it
doesn't scrutinize the data and
sort out incriminating evi-
dence. And, again, without
the right experience, you may
end up tainting otherwise use-
ful information. The process
of acquiring data, sorting
through it, and analyzing the
findings is extremely delicate,
and should be left up to some-
one who not only has the nec-
essary technical knowledge,
but the investigative expertise
as well.
Q: Won't an in-house inves-
tigation save money, as
opposed to hiring an outside
firm?
A: Not necessarily. If you
combine the costs of lost pro-
ductivity, training, software,
equipment, and a possible
lengthy stay in court, the bills
could add up very rapidly,
and your one-time in-house
investigation could end up
costing you much more than
you anticipated. In addition,
you may not come up with
complete and accurate results,
and this could seriously affect
the litigation process.
The worst-case scenario,
of course, would be that your
entire inquiry turns out to be a
waste of time, effort and
money. Bringing in an expe-
rienced computer forensics
team is ultimately a more
cost-effective route. They
have the equipment, the
know-how, the experience,
and the legal expertise to get
the job done the right way.
Don't take any chances. Call
a professional and get the
results you're looking for.
continued from page 5
Kessler International
Computer Forensics Services
Forensic Examinations
On-Site Acquisition
Data Recovery
Cyber Evidence Gathering
Document Discovery
Password Recovery
Tracing Hostile Contact
Electronic Risk Control
Litigation Support
Expert Witness Services
World Headquarters
45 Rockefeller Plaza - Suite 2000
New York, NY 10111-2000
OFFICES WORLDWIDE
KESSLER INTERNATIONAL
Corporate Investigative Strategies
In this edition of The Kessler Report:
Take an in-depth look at the practice of computer forensics
Get the latest on ATM scams and learn how to protect yourself
Learn how to keep your PC free from viruses, spyware and more
Find out how to put an end to harassing emails
See why an in-house investigation may not be such a good idea
All this and more, only in The Kessler Report!
8
K E S S L E R I N T E R N A T I O N A L
4 5 R o c k e f e l l e r P l a z a - S u i t e 2 0 0 0
N e w Y o r k , N Y 1 0 1 1 1 - 2 0 0 0
Toll Free: 800-932-2221
Phone: 212-730-2433
Fax: 212-730-2433
Web: www.investigation.com
Email: mail@investigation.com
In addition to cost effective, thorough
investigative services, the clients of
Kessler International are assured the
highest levels of discretion and sensitivity
to individual situations. We never sell or
rent client lists, or in any way reveal the
details of our investigations.
GUARANTEE OF DISCRETION