March_2010_Newsletter - National White Collar Crime Center

Fallen HeroesTUX4N6 TM - A New Tool for Combating Cyber CrimeAs computers and the Internet havebecome more pervasive in our society,almost any crime imaginable can potentiallyinvolve some form of digital evidence. Newtypes of evidence in common crimes havecalled for new investigatory tools. NW3Creleased a forensically sound computer systemtriage tool named TUX4N6 TM . This tool isa solution-designed for the patrol officer,detective, probation officer and special agentas an easy-to-use program that can be used toquickly and effectively discover probable causewhen doing system triages, “knock and talks”and probation/parole officer visits.In addition to quickly discovering andgathering probable cause for a seizure,TUX4N6 TM aims to alleviate some of thebacklog within computer forensics unitsby moving some of the work from forensicanalysts to investigators and first responders.Oftentimes, investigators and first respondersare primarily interested in key evidentiaryitems on a computer system, such asgraphics and video in sex crimes and IDtheft investigations, spreadsheets and officedocuments in financial crime investigationsand web browsing histories in stalking cases.TUX4N6 TM enables law enforcement officers toquickly peruse computer media for commondata types and export them to external storagemedia for use in building a case.TUX4N6 TM incorporates several automatedsearch features and provides for easyexporting of selected files to external media.TUX4N6 TM also automates many of theprocesses conventionally performed byforensic examiners such as:• Finding and displaying certain data typescommon to specific types of crimes1. Graphics2. Detection of make/model camera (orcamera phone) that took the picture3. Video4. Audioby Nick Newman, NW3C5. Office Documents (documents,spreadsheets, presentations, etc.)• Extracting potentially evidentiaryinformation from common file types1. Web browser history files2. Archive files3. Thumbs.db and Thumbcachethumbnail databasesWhile many system triage/preview toolsexist online, TUX4N6 TM has several uniqueelements that distinguish it from the rest. Asopposed to almost all other on-site previewtools that partially address many possiblescenarios (including but not limited tonetwork forensics, network intrusions, diskimaging, RAM acquisition and analysis, datarecovery, all in one package), TUX4N6 TM isdesigned to do one thing and do one thingwell: preview suspect media in a forensicallysound manner.In addition to being created solely for lawenforcement use, TUX4N6 TM was also designedto be very intuitive and easy to use. TUX4N6 TMwas designed around the philosophy thatdoing a basic system triage should not requirea highly technical skill set. A patrol officerdoes not need to be an automotive engineerto pull over a vehicle for a broken tail-light, sowhy should an officer need a strong computerscience background to do basic computer systeminvestigations?Since TUX4N6 TM was released, we havereceived numerous success stories and copiousfeedback from law enforcement officers allacross the country. The automated functions,ease of use and flexible features have madeTUX4N6 TM a very effective tool for conductingonsite previews and system triages.TUX4N6 TM is available by attending NW3C’sCyber Investigation 101 – Secure Techniquesfor Onsite Preview (STOP) training class. Anyquestions or comments about TUX4N6 TMshould be directed to tux4n6@nw3c.org.February 2010Remembering OurMember Agencies' HeroesKilled in the Line of Duty*Senior Parole AgentEllane AimiuwuIllinois Department ofCorrections, ILTrooper Andrew C.BaldridgeOhio Department ofPublic Safety, OHMajor Timothy J. BergeronTerrebonne ParishSheriff’s Office, LADeputy Sheriff Ken CollierSan Diego County Sheriff’sDepartment, CASergeant Alan J. HaymakerChicago PoliceDepartment, ILCorporal Jeremy McLarenSpring Hill PoliceDepartment, TNDeputy Sheriff William F.Schuck, IIIOconee CountySheriff’s Office, SC*Source www.odmp.org(as of 03-05-10)Member Newsletter March 20103

NW3C Training ClassesCyber Investigation 100 - Identifying and SeizingElectronic Evidence (ISEE)Instruct participants in the basics of recognizing potentialsources of electronic evidence, preparing them torespond to an electronic crime scene, and to safely andmethodically preserve and collect items of evidentiaryvalue to be used in court proceedings.Cyber Investigation 101 - Secure Techniques forOnsite Preview (STOP)For probation/parole, detectives and officers conducting“knock and talk” interviews or spot checks and homevisits. This class utilizes a Linux-based bootable CD topreview a suspect computer system for potential evidencein a forensically sound manner.Cyber Investigation 105 - Basic Cell PhoneInvestigations (BCPI)Designed for first responders, patrol officers, detectives,analysts and computer forensic officers interested ininvestigating cases involving cell phones and other smallscale digital devices.Cybercop 201- Intermediate Data Recovery andAnalysis (IDRA)This course is designed to be the “sequel” to theCybercop 101 (BDRA) course. It covers the forensicexamination of Windows based operating systems onFAT and NTFS File Systems, and includes processing theRecycle Bin, the swap file, the registry, long file namesand other windows features.Advanced Criminal Intelligence Analysis toPrevent Terrorism (ACIAPT)This training helps law enforcement analysts becomeaware of intelligence processes used in the nationalsecurity arena, and law enforcement’s role in theintelligence community.Foundations of Intelligence Analysis Training(FIAT)Designed for state, local, and federal law enforcement,regulatory and other appropriate agency personnel whoneed training in basic criminal intelligence analysisprinciples and methods.Financial Investigations Practical Skills (FIPS)Training benefits investigators, auditors, prosecutors,paralegals, financial analysts, and regulatory personnel whoare learning the fundamentals of conducting successfulfinancial crime investigations.Financial Records Examination and Analysis(FREA)Investigators, Analysts, Auditors, Regulators, Prosecutorsand other law enforcement professionals will benefitfrom this class. Participants gain the skills necessary toorganize, analyze, and present the evidence and indicatorsof fraud found in various financial records.For complete course descriptions, to verify dates and class availability, or to see if newclasses have been added, please visit www.nw3c.org or call toll free 877-628-7674.SUN MON TUE WED THU FRI SAT2 34 5 6 7 8BCPI - Rome, NYFIPS - Knoxville, TNFIAT - Detroit, MIMaySTOP - Rome, NY9 1011 12 13 14 15STOP - Cranberry Township, PAISEE - Indianapolis, IN16 1718 19 20 21122Coming EventsNW3C Outreach EventTuesday. April 13, 20107:30 AM - 3:00 PMCrowne Plaza Springfield, ILRegister at:http://outreach.nw3c.orgVIN Cloning and MotorVehicle Title FraudSeminarTuesday, April 6, 2010Ontario, CA Hosted byOntario Police DepartmentThursday, April 8, 2010The Buttes, A MarriottResort, Tempe, AZTuesday, April 20, 2010Hyatt Regency Columbus,Columbus, OHThursday, April 22, 2010Providence MarriottDowntown, Providence, RIRegister at:http://outreach.nw3c.org/vinFIPS - Madison, WI23302431IDRA- Jacksonville, FLACIAPT - Meridian, IDFREA - Provo, UT25 2627 2829If you have questionsabout an event, contactLoreal Bond atlbond@nw3c.org.Bureau of Justice AssistanceU.S. Department of JusticeThis project was supported by Grant No. 2009-BE-BX-K042 awarded by the Bureau of Justice Assistance.The Bureau of Justice Assistance is a component of the Office of Justice Programs, which also includes the Bureau of Justice Statistics, the NationalInstitute of Justice, the Office of Juvenile Justice and Delinquency Prevention, the SMART Office, and the Office for Victims of Crime. Points of view or opinions in this document are those of theauthor and do not represent the official position or policies of the United States Department of Justice. The National White Collar Crime Center (NW3C) is the copyright owner of this document. This informationmay not be used or reproduced in any form without the express written permission of NW3C. For questions or additional information, please contact Jeannette Toscano, Communications Manager, at jtoscano@nw3c.org.4