Home | News | Hacking | Sciences | Technology | Ti 92 | Programming | Free articles | Links | Webmaster


Stopping the cyber-criminals
Thursday, 9 May, 2002, 08:00 GMT 09:00 UK


Hard drive, Eyewire

Computer hard drives can hide criminal activity

By Jane Wakefield
BBC News Online technology staff
Police have adapted their methods to fight the new breed of cyber-criminal, with computer forensics experts often replacing the men in white coats at the scene of a crime.

In Britain, the National Hi-Tech Crime Unit (NHTCU) is responsible for tackling e-crime, an umbrella term for a vastly differing range of offences, including hacking, fraud, child pornography and any offline crime that uses computers.
At the time of its launch last year, the head of the unit, Detective Chief Superintendent Len Hynds, described it as a milestone in modern policing.

As well as advising local police computer crime units, NHTCU gathers intelligence and undertakes forensic investigations.

Searching the hard-drive

E-crime facts
Global cost of e-crime estimated at 1 trillion
I Love You virus cost industry 10bn
Online paedophile rings are one of biggest problems
Political hacking on the rise
One of the most important tools used by computer forensic experts at NHTCU and at 2,000 other law enforcement agencies around the world is EnCase, a piece of software developed by US firm Guidance Software. Investigators place a suspect's hard drive in their forensic computer.
EnCase creates a mirror image of the drive which will be used as evidence in court and has safety features built in to ensure that the original cannot be tampered with. Then EnCase sets about reading the drive's file structure scouting for evidence of criminal activity. Its examination goes beneath the operating system to view all the data, including empty space, unallocated space and Windows swap files in which deleted files and other evidence can be stored.

Proving paedophilia

In order to tackle e-crime effectively, the police have enlisted outside help and a growing number of computer forensic consultancies are emerging. One such is DataSec, a Hertfordshire-based company that assists the police in dealing with cyber-criminals and provides expert witness testimony in relation to computer evidence.


Our job is to prove that the suspect deliberately surfed to illegal pornography and deliberately stored it

Adrian Reid, DataSec
Over half of its computer forensics business was linked to paedophilia, said Managing Director Adrian Reid.

Finding the suspects and the machines they are using to distribute and download child pornography is often the easy part. Using web filters such as SurfControl, the police have automated much of the search for potential paedophiles. Once alerted to a suspect, they revert to old-fashioned police work, often tracking the suspect's movements online for months and finally working with internet service providers to track down his physical identity.

"Then the police seize the computer and our job is to prove that the suspect deliberately surfed to illegal pornography and deliberately stored it," said Mr Reid.

E-mail fraud

DataSec is also increasingly being called on by corporate clients in the fight against fraud and the misuse of company internet and e-mail facilities. One firm suspected that confidential information was being leaked from their organisation.

A DataSec investigation was able to discover that e-mail from board members was being intercepted, locate the source of the redirection and gather evidence which identified the suspect. In another case, a law firm asked for DataSec's help to locate the author of defamatory content published anonymously on a website.


depuis le 30/09/2003