« January 2005 |
Main
| March 2005 »
Finextra: RBC teams with Starbucks to issue re-loadable credit/loyalty card
International coffee chain Starbucks is teaming with Royal Bank of Canada to launch a hybrid Visa bank card and re-loadable Starbucks card.
The Starbucks Duetto Visa Card will be the first of its kind in Canada. It is modelled on the Bank One Duetto programme introduced by Starbucks and the US bank in October 2003.
When cardholders use the Visa account of their Duetto Card, they earn one per cent of their purchase back in 'Duetto Dollars' which can then be used for purchases at Starbucks, including beverages, food and store merchandise.
New cardholders also receive a one-time pre-load of $10 to their Starbucks Card account after their first Duetto Card Visa purchase, and qualify for quarterly gifts and benefits.
Dave McKay, RBC's senior vice-president, credit cards and financing products in Canada, says: "Having one multipurpose card is going to make it easier and more convenient to pick up that morning coffee or afternoon beverage, and it's also going to change the way we use the plastic in our wallets."
February 17, 2005 at 05:16 AM in Financial Services | Permalink | TrackBack (39) | Top of page | Blog Home
http://www.ncjrs.org/txtfiles1/nij/187736.txt
Foreword The Internet, computer networks, and automated data systems present an enormous new opportunity for committing criminal activity. Computers and other electronic devices are being used increasingly to commit, enable, or support crimes perpetrated against persons, organizations, or property. Whether the crime involves attacks against computer systems, the information they contain, or more traditional crimes such as murder, money laundering, trafficking, or fraud, electronic evidence increasingly is involved. It is no surprise that law enforcement and criminal justice officials are being overwhelmed by the volume of investigations and prosecutions that involve electronic evidence.
Title: Electronic Crime Scene Investigation: A Guide for First Responders
Series: NIJ Guide
Author: National Institute of Justice
Published: July 2001
Subject: Criminal investigation
98 pages
132 bytes
Figures, charts, forms, and tables are not included in this ASCII plain-text file.
To view this document in its entirety, download the Adobe Acrobat graphic file
available from this Web site or order a print copy from NCJRS at 800-851-
3420 (877-712-9279 For TTY users).
---------------------------
U.S. Department of Justice
Office of Justice Programs
National Institute of Justice
Electronic Crime Scene Investigation:
A Guide for First Responders
NIJ Guide
---------------------------
U.S. Department of Justice
Office of Justice Programs
810 Seventh Street N.W.
Washington, DC 20531
John Ashcroft
Attorney General
Office of Justice Programs
World Wide Web Site
http://www.ojp.usdoj.gov
National Institute of Justice
World Wide Web Site
http://www.ojp.usdoj.gov/nij
---------------------------
Electronic Crime Scene Investigation:
A Guide for First Responders
Written and Approved by the
Technical Working Group for
Electronic Crime Scene Investigation
July 2001
---------------------------
U.S. Department of Justice
Office of Justice Programs
National Institute of Justice
This document is not intended to create, does not create, and may not be relied
upon to create any rights, substantive or procedural, enforceable at law by any
party in any matter civil or criminal.
Opinions or points of view expressed in this document represent a consensus of
the authors and do not necessarily represent the official position or policies of
the U.S. Department of Justice. The products and manufacturers discussed in
this document are presented for informational purposes only and do not
constitute product approval or endorsement by the U.S. Department of Justice.
NCJ 187736
The National Institute of Justice is a component of the Office of Justice
Programs, which also includes the Bureau of Justice Assistance, the Bureau of
Justice Statistics, the Office of Juvenile Justice and Delinquency Prevention, and
the Office for Victims of Crime.
---------------------------
Foreword
The Internet, computer networks, and automated data systems present an
enormous new opportunity for committing criminal activity. Computers and
other electronic devices are being used increasingly to commit, enable, or
support crimes perpetrated against persons, organizations, or property.
Whether the crime involves attacks against computer systems, the information
they contain, or more traditional crimes such as murder, money laundering,
trafficking, or fraud, electronic evidence increasingly is involved. It is no
surprise that law enforcement and criminal justice officials are being
overwhelmed by the volume of investigations and prosecutions that involve
electronic evidence.
To assist State and local law enforcement agencies and prosecutorial offices
with the growing volume of electronic crime, a series of reference guides
regarding practices, procedures, and decisionmaking processes for investigating
electronic crime is being prepared by technical working groups of practitioners
and subject matter experts who are knowledgeable about electronic crime. The
practitioners and experts are from Federal, State, and local law enforcement
agencies; criminal justice agencies; offices of prosecutors and district attorneys
general; and academic, commercial, and professional organizations.
The series of guides will address the investigation process from the crime scene
first responder, to the laboratory, to the courtroom. Specifically, the series of
guides will address:
o Crime scene investigations by first responders.
o Examination of digital evidence.
o Investigative uses of technology.
o Investigating electronic technology crimes.
o Creating a digital evidence forensic unit.
o Courtroom presentation of digital evidence.
Due to the rapidly changing nature of electronic and computer technologies and
of electronic crime, efforts will be periodically undertaken to update the
information contained within each of the guides. The guides, and any
subsequent updates that are made to them, will be made available on the
National Institute of Justice's World Wide Web site
(http://www.ojp.usdoj.gov/nij).
---------------------------
Technical Working Group for Electronic Crime Scene Investigation
The Technical Working Group for Electronic Crime Scene Investigation
(TWGECSI) was a multidisciplinary group of practitioners and subject matter
experts from across the United States and other nations. Each of the individual
participants is experienced in the intricacies involved with electronic evidence in
relation to recognition, documentation, collection, and packaging. To initiate the
working group, a planning panel composed of a limited number of participants
was selected to define the scope and breadth of the work. A series of guides
was proposed in which each guide will focus on a different aspect of the
discipline.
The panel chose crime scene investigation as the first topic for incorporation
into a guide.
Planning Panel
Susan Ballou
Program Manager for Forensic Sciences
Office of Law Enforcement Standards
National Institute of Standards and Technology
Gaithersburg, Maryland
Jaime Carazo
Special Agent
United States Secret Service
Electronic Crimes Branch
Washington, D.C.
Bill Crane
Assistant Director
Computer Crime Section
National White Collar Crime Center
Fairmont, West Virginia
Fred Demma
National Law Enforcement and Corrections Technology Center-Northeast
Rome, New York
Grant Gottfried
Special Projects
National Center for Forensic Science
Orlando, Florida
Sam Guttman
Assistant Inspector in Charge
Forensic and Technical Services
U.S. Postal Inspection Service
Dulles, Virginia
Jeffrey Herig
Special Agent
Florida Department of Law Enforcement
Florida Computer Crime Center
Tallahassee, Florida
Tim Hutchison
Sheriff
Knox County Sheriff's Office
Knoxville, Tennessee
David Icove
Manager, Special Projects
U.S. TVA Police
Knoxville, Tennessee
Bob Jarzen
Sacramento County
Laboratory of Forensic Science
Sacramento, California
Tom Johnson
Dean
School of Public Safety and Professional Studies
University of New Haven
West Haven, Connecticut
Karen Matthews
DOE Computer Forensic Laboratory
Bolling AFB
Washington, D.C.
Mark Pollitt
Unit Chief
FBI-CART
Washington, D.C.
David Poole
Director
DoD Computer Forensics Laboratory
Linthicum, Maryland
Mary Riley
Price Waterhouse Coopers, LLP
Washington, D.C.
Kurt Schmid
Director
National HIDTA Program
Washington, D.C.
Howard A. Schmidt
Corporate Security Officer
Microsoft Corp.
Redmond, Washington
Raemarie Schmidt
Computer Crime Specialist
National White Collar Crime Center Computer Crime Section
Fairmont, West Virginia
Carl Selavka
Massachusetts State Police Crime Laboratory
Sudbury, Massachusetts
Steve Sepulveda
United States Secret Service
Washington, D.C.
Todd Shipley
Detective Sergeant
Reno Police Department
Financial/Computer Crimes Unit
Reno, Nevada
Chris Stippich
Computer Crime Specialist
Computer Crime Section
National White Collar Crime Center
Fairmont, West Virginia
Carrie Morgan Whitcomb
Director
National Center for Forensic Science
Orlando, Florida
Wayne Williams
Sr. Litigation Counsel
Computer Crime and Intellectual Property Section
Criminal Division
U.S. Department of Justice
Washington, D.C.
TWGECSI Members
Additional members were then incorporated into TWGECSI to provide a full
technical working group. The individuals listed below, along with those
participants on the planning panel, worked together to produce this guide for
electronic crime scene first responders.
Abigail Abraham
Assistant State's Attorney
Cook County State's Attorney's Office
Chicago, Illinois
Keith Ackerman
Head of CID
Police HQ
Hampshire Constabulary
Winchester, Hants
United Kingdom
Michael Anderson
President
New Technologies, Inc
Gresham, Oregon
Bill Baugh
CEO
Savannah Technology Group
Savannah, Georgia
Randy Bishop
Special Agent in Charge
U.S. Department of Energy
Office of Inspector General
Technology Crime Section
Washington, D.C.
Steve Branigan
Vice President of Product Development
Lucent Technologies
Murray Hill, New Jersey
Paul Brown
CyberEvidence, Inc.
The Woodlands, Texas
Carleton Bryant
Staff Attorney
Knox County Sheriff's Office
Knoxville, Tennessee
Christopher Bubb
Deputy Attorney General
New Jersey Division of Criminal Justice
Trenton, New Jersey
Don Buchwald
Project Engineer
National Law Enforcement and Corrections Technology Center-West
The Aerospace Corporation
Los Angeles, California
Cheri Carr
Computer Forensic Lab Chief
NASA Office of the Inspector General Network and Advanced Technology
Protections Office
Washington, D.C.
Nick Cartwright
Manager
Canadian Police Research Centre
Ottawa, Ontario
Canada
Ken Citarella
Chief
High Tech Crimes Bureau
Westchester County District Attorney
White Plains, New York
Chuck Coe
Director of Technical Services
NASA Office of the Inspector General
Network and Advanced Technology Protections Office
Washington, D.C.
Fred Cohen
Sandia National Laboratories
Cyber Defender Program
Livermore, California
Fred Cotton
Director of Training Services
SEARCH
The National Consortium for Justice Information and Statistics
Sacramento, California
Tony Crisp
Lieutenant
Maryville Police Department
Maryville, Tennessee
Mark Dale
New York State Police
Forensic Investigation Center
Albany, New York
Claude Davenport
Senior SA
United States Customs Service
Sterling, Virginia
David Davies
Photographic Examiner
Federal Bureau of Investigation
Washington, D.C.
Michael Donhauser
Maryland State Police
Columbia, Maryland
James Doyle
Sergeant
Detective Bureau
New York City Police Department
New York, New York
Michael Duncan
Sergeant
Royal Canadian Mounted Police
Economic Crime Branch
Technological Crime Section
Ottawa, Ontario
Canada
Jim Dunne
Group Supervisor
Drug Enforcement Agency
St. Louis, Missouri
Chris Duque
Detective
Honolulu Police Department
White Collar Crime Unit
Honolulu, Hawaii
Doug Elrick
Iowa DCI Crime Lab
Des Moines, Iowa
Paul French
Computer Forensics Lab Manager
New Technologies Armor, Inc.
Gresham, Oregon
Gerald Friesen
Electronic Search Coordinator
Industry Canada
Hull, Quebec
Canada
Pat Gilmore, CISSP
Director
Information Security
Atomic Tangerine
San Francisco, California
Gary Gordon
Professor
Economic Crime Programs
Utica College
WetStone Technologies
Utica, New York
Dan Henry
Chief Deputy
Marion County Sheriff's Department
Ocala, Florida
Jeff Hormann
Special Agent In Charge
Computer Crime Resident Agency
U.S. Army CID
Ft. Belvoir, Virginia
Mary Horvath
Program Manager
FBI-CART
Washington, D.C.
Mel Joiner
Officer
Arizona Department of Public Safety
Phoenix, Arizona
Nigel Jones
Detective Sergeant
Computer Crime Unit
Police Headquarters
Kent County Constabulary
Maidstone, Kent
United Kingdom
Jamie Kerr
SGT/Project Manager
RCMP Headquarters
Training Directorate
Ottawa, Ontario
Canada
Alan Kestner
Assistant Attorney General
Wisconsin Department of Justice
Madison, Wisconsin
Phil Kiracofe
Sergeant
Tallahassee Police Department
Tallahassee, Florida
Roland Lascola
Program Manager
FBI-CART
Washington, D.C.
Barry Leese
Detective Sergeant
Maryland State Police
Computer Crimes Unit
Columbia, Maryland
Glenn Lewis
Computer Specialist
SEARCH
The National Consortium for Justice Information and Statistics
Sacramento, California
Chris Malinowski
Forensic Computer Investigation
University of New Haven
West Haven, Connecticut
Kevin Manson
Director
Cybercop.org
St. Simons Island, Georgia
Brenda Maples
Lieutenant
Memphis Police Department
Memphis, Tennessee
Tim McAuliffe
New York State Police
Forensic Investigation Center
Albany, New York
Michael McCartney
Investigator
New York State Attorney General's Office
Criminal Prosecution Bureau Organized Crime Task Force
Buffalo, New York
Alan McDonald
SSA
Washington, D.C.
Mark Menz
SEARCH
The National Consortium for Justice Information and Statistics
Sacramento, California
Dave Merkel
AOL Investigations
Reston, Virginia
Bill Moylan
Detective
Nassau County PD
Computer Crime Section
Crimes Against Property Squad
Westbury, New York
Steve Nesbitt
Director of Operations
NASA Office of the Inspector General
Network and Advanced Technology Protections Office
Washington, D.C.
Glen Nick
Program Manager
U.S. Customs Service
Cyber Smuggling Center
Fairfax, Virginia
Robert O'Leary
Detective
New Jersey State Police
High Technology Crimes & Investigations Support Unit
West Trenton, New Jersey
Matt Parsons
Special Agent/Division Chief
Naval Criminal Investigative Service
Washington, D.C.
Mike Phelan
Chief
Computer Forensics Unit
DEA Special Testing and Research Lab
Lorton, Virginia
Henry R. Reeve
General Counsel/Deputy D.A.
Denver District Attorney's Office
Denver, Colorado
Jim Riccardi, Jr.
Electronic Crime Specialist
National Law Enforcement and Corrections Technology Center-Northeast
Rome, New York
David Roberts
Deputy Executive Director
SEARCH
The National Consortium for Justice Information and Statistics
Sacramento, California
Leslie Russell
Forensic Science Service
Lambeth
London, England
United Kingdom
Greg Schmidt
Sr. Investigator
EDS-Investigations/Technical
Plano, Texas
George Sidor
Law Enforcement Security Consultant
Jaws Technologies Inc.
St. Albert, Alberta
Canada
William Spernow
CISSP
Research Director
Information Security Strategies Group
Gartner, Inc.
Suwanee, Georgia
Ronald Stevens
Senior Investigator
New York State Police
Forensic Investigation Center
Albany, New York
Gail Thackeray
Special Counsel-Technology Crimes
Arizona Attorney General's Office
Phoenix, Arizona
Dwight Van de Vate
Chief Deputy
Knox County Sheriff's Office
Knoxville, Tennessee
Jay Verhorevoort
Lieutenant
Davenport Police Department
Davenport, Iowa
Richard Vorder Bruegge
Photographic Examiner
Federal Bureau of Investigation
Washington, D.C.
Robert B. Wallace
U.S. Department of Energy
Germantown, Maryland
Craig Wilson
Detective Sergeant
Computer Crime Unit
Police Headquarters
Kent County Constabulary
Maidstone, Kent
United Kingdom
Brian Zwit
Chief Counsel (former)
Environment, Science, and Technology
National Association of Attorneys General
Washington, D.C.
Chronology
In May 1998, the National Cybercrime Training Partnership (NCTP), the
Office of Law Enforcement Standards (OLES), and the National Institute of
Justice (NIJ) collaborated on possible resources that could be implemented to
counter electronic crime. Continuing meetings generated a desire to formulate
one set of protocols that would address the process of electronic evidence from
the crime scene through court presentations. NIJ selected the technical working
group process as the way to achieve this goal but with the intent to create a
publication flexible enough to allow implementation with any State and local law
enforcement policy. Using its "template for technical working groups," NIJ
established the Technical Working Group for Electronic Crime Scene
Investigation (TWGECSI) to identify, define, and establish basic criteria to
assist agencies with electronic investigations and prosecutions.
In January 1999, planning panel members met at the National Institute of
Standards and Technology (NIST) in Gaithersburg, Maryland, to review the
fast-paced arena of electronic crime and prepare the scope, intent, and
objectives of the project. During this meeting, the scope was determined to be
too vast for incorporation into one guide. Thus evolved a plan for several
guides, each targeting separate issues. Crime scene investigation was selected
as the topic for the first guide.
The initial meeting of the full TWGECSI took place March 1999 at NIST.
After outlining tasks in a general meeting, the group separated into subgroups to
draft the context of the chapters as identified by the planning panel. These
chapters were Electronic Devices: Types and Potential Evidence; Investigative
Tools and Equipment; Securing and Evaluating the Scene; Documenting the
Scene; Evidence Collection; Packaging, Transportation, and Storage; and
Forensic Examination by Crime Category. The volume of work involved in
preparing the text of these chapters required additional TWGECSI meetings.
The planning panel did not convene again until May 2000. Due to the amount of
time that had transpired between meetings, the planning panel reviewed the
draft content and compared it with changes that had occurred in the electronic
crime environment. These revisions to the draft were then sent to the full
TWGECSI in anticipation of the next meeting. The full TWGECSI met again at
NIST in August 2000, and through 2 days of intense discussion, edited most of
the draft to represent the current status of electronic crime investigation. With a
few more sections requiring attention, the planning panel met in Seattle,
Washington, during September 2000 to continue the editing process. These
final changes, the glossary, and appendixes were then critiqued and voted on by
the whole TWGECSI during the final meeting in November 2000 at NIST.
The final draft was then sent for content and editorial review to more than 80
organizations having expertise and knowledge in the electronic crime
environment. The returned comments were evaluated and incorporated into the
document when possible. The first chapter, Electronic Devices: Types and
Potential Evidence, incorporates photographic representations of highlighted
terms as a visual associative guide. At the end of the document are appendixes
containing a glossary, legal resources, technical resources, training resources,
and references, followed by a list of the organizations to which a draft copy of
the document was sent.
---------------------------
Acknowledgments
The National Institute of Justice (NIJ) wishes to thank the members of the
Technical Working Group for Electronic Crime Scene Investigation
(TWGECSI) for their tireless dedication. There was a constant turnover of
individuals involved, mainly as a result of job commitments and career changes.
This dynamic environment resulted in a total of 94 individuals supplying their
knowledge and expertise to the creation of the guide. All participants were
keenly aware of the constant changes occurring in the field of electronics and
strove to update information during each respective meeting. This demonstrated
the strong desire of the working group to produce a guide that could be flexible
and serve as a backbone for future efforts to upgrade the guide. In addition,
NIJ offers a sincere thank you to each agency and organization represented by
the working group members. The work loss to each agency during the absence
of key personnel is evidence of management's commitment and understanding
of the importance of standardization in forensic science.
NIJ also wishes to thank Kathleen Higgins, Director, and Susan Ballou,
Program Manager, of the Office of Law Enforcement Standards, for providing
management and guidance in bringing the project to completion.
NIJ would like to express appreciation for the input and support that Dr. David
G. Boyd, Director of NIJ's Office of Science and Technology (OS&T), and
Trent DePersia, Dr. Ray Downs, Dr. Richard Rau, Saralyn Borrowman, Amon
Young, and James McNeil, all of OS&T, gave the meetings and the document.
A special thanks is extended to Aspen Systems Corporation, specifically to
Michele Coppola, the assigned editor, for her patience and skill in dealing with
instantaneous transcription.
In addition, NIJ wishes to thank the law enforcement agencies, academic
institutions, and commercial organizations worldwide that supplied contact
information, reference materials, and editorial suggestions. Particular thanks
goes to Michael R. Anderson, President of New Technologies, Inc., for
contacting agencies knowledgeable in electronic evidence for inclusion in the
appendix on technical resources.
---------------------------
Contents
Foreword
Technical Working Group for Electronic Crime Scene Investigation
Acknowledgments
Overview
--The Law Enforcement Response to Electronic Evidence
--The Latent Nature of Electronic Evidence
--The Forensic Process
Introduction
--Who Is the Intended Audience for This Guide?
--What is Electronic Evidence?
--How Is Electronic Evidence Handled at the Crime Scene?
--Is Your Agency Prepared to Handle Electronic Evidence?
Chapter 1. Electronic Devices: Types and Potential Evidence
--Computer Systems
--Components
--Access Control Devices
--Answering Machines
--Digital Cameras
--Handheld Devices (Personal Digital Assistants [PDAs], Electronic
Organizers)
--Hard Drives
--Memory Cards
--Modems
--Network Components
--Pagers
--Printers
--Removable Storage Devices and Media
--Scanners
--Telephones
--Miscellaneous Electronic Items
Chapter 2. Investigative Tools and Equipment
--Tool Kit
Chapter 3. Securing and Evaluating the Scene
Chapter 4. Documenting the Scene
Chapter 5. Evidence Collection
--Nonelectronic Evidence
--Stand-Alone and Laptop Computer Evidence
--Computers in a Complex Environment
--Other Electronic Devices and Peripheral Evidence
Chapter 6. Packaging, Transportation, and Storage
Chapter 7. Forensic Examination by Crime Category
--Auction Fraud (Online)
--Child Exploitation/Abuse
--Computer Intrusion
--Death Investigation
--Domestic Violence
--Economic Fraud (Including Online Fraud, Counterfeiting)
--E-Mail Threats/Harassment/Stalking
--Extortion
--Gambling
--Identity Theft
--Narcotics
--Prostitution
--Software Piracy
--Telecommunications Fraud
Appendix A. Glossary
Appendix B. Legal Resources List
Appendix C. Technical Resources List
Appendix D. Training Resources List
Appendix E. References
Appendix F. List of Organizations
---------------------------
Overview
Computers and other electronic devices are present in every aspect of modern
life. At one time, a single computer filled an entire room; today, a computer can
fit in the palm of your hand. The same technological advances that have helped
law enforcement are being exploited by criminals.
Computers can be used to commit crime, can contain evidence of crime, and
can even be targets of crime. Understanding the role and nature of electronic
evidence that might be found, how to process a crime scene containing potential
electronic evidence, and how an agency might respond to such situations are
crucial issues. This guide represents the collected experience of the law
enforcement community, academia, and the private sector in the recognition,
collection, and preservation of electronic evidence in a variety of crime scenes.
The Law Enforcement Response to Electronic Evidence
The law enforcement response to electronic evidence requires that officers,
investigators, forensic examiners, and managers all play a role. This document
serves as a guide for the first responder. A first responder may be responsible
for the recognition, collection, preservation, transportation, and/or storage of
electronic evidence. In today's world, this can include almost everyone in the
law enforcement profession. Officers may encounter electronic devices during
their day-to-day duties. Investigators may direct the collection of electronic
evidence, or may perform the collection themselves. Forensic examiners may
provide assistance at crime scenes and will perform examinations on the
evidence. Managers have the responsibility of ensuring that personnel under
their direction are adequately trained and equipped to properly handle
electronic evidence.
Each responder must understand the fragile nature of electronic evidence and
the principles and procedures associated with its collection and preservation.
Actions that have the potential to alter, damage, or destroy original evidence
may be closely scrutinized by the courts.
Procedures should be in effect that promote electronic crime scene
investigation. Managers should determine who will provide particular levels of
services and how these services will be funded. Personnel should be provided
with initial and ongoing technical training. Oftentimes, certain cases will demand
a higher level of expertise, training, or equipment, and managers should have a
plan in place regarding how to respond to these cases. The demand for
responses to electronic evidence is expected to increase for the foreseeable
future. Such services require that dedicated resources be allocated for these
purposes.
The Latent Nature of Electronic Evidence
Electronic evidence is information and data of investigative value that is stored
on or transmitted by an electronic device. As such, electronic evidence is latent
evidence in the same sense that fingerprints or DNA (deoxyribonucleic acid)
evidence are latent. In its natural state, we cannot "see" what is contained in the
physical object that holds our evidence. Equipment and software are required
to make the evidence visible. Testimony may be required to explain the
examination process and any process limitations.
Electronic evidence is, by its very nature, fragile. It can be altered, damaged, or
destroyed by improper handling or improper examination. For this reason,
special precautions should be taken to document, collect, preserve, and
examine this type of evidence. Failure to do so may render it unusable or lead
to an inaccurate conclusion. This guide suggests methods that will help preserve
the integrity of such evidence.
The Forensic Process
The nature of electronic evidence is such that it poses special challenges for its
admissibility in court. To meet these challenges, follow proper forensic
procedures. These procedures include, but are not limited to, four phases:
collection, examination, analysis, and reporting. Although this guide
concentrates on the collection phase, the nature of the other three phases and
what happens in each are also important to understand.
The collection phase involves the search for, recognition of, collection of, and
documentation of electronic evidence. The collection phase can involve
real-time and stored information that may be lost unless precautions are taken
at the scene.
The examination process helps to make the evidence visible and explain its
origin and significance. This process should accomplish several things. First, it
should document the content and state of the evidence in its totality. Such
documentation allows all parties to discover what is contained in the evidence.
Included in this process is the search for information that may be hidden or
obscured. Once all the information is visible, the process of data reduction can
begin, thereby separating the "wheat" from the "chaff." Given the tremendous
amount of information that can be stored on computer storage media, this part
of the examination is critical.
Analysis differs from examination in that it looks at the product of the
examination for its significance and probative value to the case. Examination is a
technical review that is the province of the forensic practitioner, while analysis is
performed by the investigative team. In some agencies, the same person or
group will perform both these roles.
A written report that outlines the examination process and the pertinent data
recovered completes an examination. Examination notes must be preserved for
discovery or testimony purposes. An examiner may need to testify about not
only the conduct of the examination but also the validity of the procedure and
his or her qualifications to conduct the examination.
---------------------------
Introduction
This guide is intended for use by law enforcement and other responders who
have the responsibility for protecting an electronic crime scene and for the
recognition, collection, and preservation of electronic evidence. It is not
all-inclusive. Rather, it deals with the most common situations encountered with
electronic evidence. Technology is advancing at such a rapid rate that the
suggestions in this guide must be examined through the prism of current
technology and the practices adjusted as appropriate. It is recognized that all
crime scenes are unique and the judgment of the first responder/investigator
should be given deference in the implementation of this guide. Furthermore,
those responsible officers or support personnel with special training should also
adjust their practices as the circumstances (including their level of experience,
conditions, and available equipment) warrant. This publication is not intended to
address forensic analysis. Circumstances of individual cases and Federal, State,
and local laws/rules may require actions other than those described in this
guide.
When dealing with electronic evidence, general forensic and procedural
principles should be applied:
o Actions taken to secure and collect electronic evidence should not change
that evidence.
o Persons conducting examination of electronic evidence should be trained for
the purpose.
o Activity relating to the seizure, examination, storage, or --transfer of
electronic evidence should be fully documented, --preserved, and available for
review.
Who Is the Intended Audience for This Guide?
o Anyone encountering a crime scene that might contain electronic evidence.
o Anyone processing a crime scene that involves electronic evidence.
o Anyone supervising someone who processes such a crime scene.
o Anyone managing an organization that processes such a crime scene.
Without having the necessary skills and training, no responder should attempt to
explore the contents or recover data from a computer (e.g., do not touch the
keyboard or click the mouse) or other electronic device other than to record
what is visible on its display.
What Is Electronic Evidence?
Electronic evidence is information and data of investigative value that is stored
on or transmitted by an electronic device. Such evidence is acquired when data
or physical items are collected and stored for examination purposes.
Electronic evidence:
o Is often latent in the same sense as fingerprints or DNA evidence.
o Can transcend borders with ease and speed.
o Is fragile and can be easily altered, damaged, or destroyed.
o Is sometimes time-sensitive.
How Is Electronic Evidence Handled at the Crime Scene?
Precautions must be taken in the collection, preservation, and examination of
electronic evidence.
Handling electronic evidence at the crime scene normally consists of the
following steps:
o Recognition and identification of the evidence.
o Documentation of the crime scene.
o Collection and preservation of the evidence.
o Packaging and transportation of the evidence.
The information in this document assumes that:
o The necessary legal authority to search for and seize the suspected evidence
has been obtained.
o The crime scene has been secured and documented (photographically and/or
by sketch or notes).
o Crime scene protective equipment (gloves, etc.) is being used as necessary.
Note: First responders should use caution when seizing electronic devices. The
improper access of data stored in electronic devices may violate provisions of
certain Federal laws, including the Electronic Communications Privacy Act.
Additional legal process may be necessary. Please consult your local
prosecutor before accessing stored data on a device. Because of the fragile
nature of electronic evidence, examination should be done by appropriate
personnel.
Is Your Agency Prepared to Handle Electronic Evidence?
This document recommends that every agency identify local computer experts
before they are needed. These experts should be "on call" for situations that are
beyond the technical expertise of the first responder or department. (Similar
services are in place for toxic waste emergencies.) It is also recommended that
investigative plans be developed in compliance with departmental policy and
Federal, State, and local laws. In particular, under the Privacy Protection Act,
with certain exceptions, it is unlawful for an agent to search for or seize certain
materials possessed by a person reasonably believed to have a purpose of
disseminating information to the public. For example, seizure of First
Amendment materials such as drafts of newsletters or Web pages may
implicate the Privacy Protection Act.
This document may help in:
o Assessing resources.
o Developing procedures.
o Assigning roles and tasks.
o Considering officer safety.
o Identifying and documenting equipment and supplies to bring to the scene.
---------------------------
Chapter 1. Electronic Devices: Types and Potential Evidence
Electronic evidence can be found in many of the new types of electronic
devices available to today's consumers. This chapter displays a wide variety of
the types of electronic devices commonly encountered in crime scenes,
provides a general description of each type of device, and describes its
common uses. In addition, it presents the potential evidence that may be found
in each type of equipment.
Many electronic devices contain memory that requires continuous power to
maintain the information, such as a battery or AC power. Data can be easily
lost by unplugging the power source or allowing the battery to discharge. (Note:
After determining the mode of collection, collect and store the power supply
adaptor or cable, if present, with the recovered device.)
Computer Systems
Description: A computer system typically consists of a main base unit,
sometimes called a central processing unit (CPU), data storage devices, a
monitor, keyboard, and mouse. It may be a standalone or it may be connected
to a network. There are many types of computer systems such as laptops,
desktops, tower systems, modular rack-mounted systems, minicomputers, and
mainframe computers. Additional components include modems, printers,
scanners, docking stations, and external data storage devices. For example, a
desktop is a computer system consisting of a case, motherboard, CPU, and
data storage, with an external keyboard and mouse.
Primary Uses: For all types of computing functions and information storage,
including word processing, calculations, communications, and graphics.
Potential Evidence: Evidence is most commonly found in files that are stored on
hard drives and storage devices and media. Examples are:
User-Created Files
User-created files may contain important evidence of criminal activity such as
address books and database files that may prove criminal association, still or
moving pictures that may be evidence of pedophile activity, and
communications between criminals such as by e-mail or letters. Also, drug deal
lists may often be found in spreadsheets.
o Address books.
o Audio/video files.
o Calendars.
o Database files.
o Documents or text files.
o E-mail files.
o Image/graphics files.
o Internet bookmarks/favorites.
o Spreadsheet files.
User-Protected Files
Users have the opportunity to hide evidence in a variety of forms. For example,
they may encrypt or password-protect data that are important to them. They
may also hide files on a hard disk or within other files or deliberately hide
incriminating evidence files under an innocuous name.
o Compressed files.
o Encrypted files.
o Hidden files.
o Misnamed files.
o Password-protected files.
o Steganography.
Evidence can also be found in files and other data areas created as a routine
function of the computer's operating system. In many cases, the user is not
aware that data are being written to these areas. Passwords, Internet activity,
and temporary backup files are examples of data that can often be recovered
and examined.
Note: There are components of files that may have evidentiary value including
the date and time of creation, modification, deletion, access, user name or
identification, and file attributes. Even turning the system on can modify some of
this information.
Computer-Created Files
o Backup files.
o Configuration files.
o Cookies.
o Hidden files.
o History files.
o Log files.
o Printer spool files.
o Swap files.
o System files.
o Temporary files.
Other Data Areas
o Bad clusters.
o Computer date, time, and password.
o Deleted files.
o Free space.
o Hidden partitions.
o Lost clusters.
o Metadata.
o Other partitions.
o Reserved areas.
o Slack space.
o Software registration information.
o System areas.
o Unallocated space.
Components
Central Processing Units (CPUs)
Description: Often called the "chip," it is a microprocessor located inside the
computer. The microprocessor is located in the main computer box on a
printed circuit board with other electronic components.
Primary Uses: Performs all arithmetic and logical functions in the computer.
Controls the operation of the computer.
Potential Evidence: The device itself may be evidence of component theft,
counterfeiting, or remarking.
Memory
Description: Removable circuit board(s) inside the computer. Information
stored here is usually not retained when the computer is powered down.
Primary Uses: Stores user's programs and data while computer is in operation.
Potential Evidence: The device itself may be evidence of component theft,
counterfeiting, or remarking.
Access Control Devices
Smart Cards, Dongles, Biometric Scanners
Description: A smart card is a small handheld device that contains a
microprocessor that is capable of storing a monetary value, encryption key or
authentication information (password), digital certificate, or other information. A
dongle is a small device that plugs into a computer port that contains types of
information similar to information on a smart card. A biometric scanner is a
device connected to a computer system that recognizes physical characteristics
of an individual (e.g., fingerprint, voice, retina).
Primary Uses: Provides access control to computers or programs or functions
as an encryption key.
Potential Evidence: Identification/authentication information of the card and the
user, level of access, configurations, permissions, and the device itself.
Answering Machines
Description: An electronic device that is part of a telephone or connected
between a telephone and the landline connection. Some models use a magnetic
tape or tapes, while others use an electronic (digital) recording system.
Primary Uses: Records voice messages from callers when the called party is
unavailable or chooses not to answer a telephone call. Usually plays a message
from the called party before recording the message.
Note: Since batteries have a limited life, data could be lost if they fail.
Therefore, appropriate personnel (e.g., evidence custodian, lab chief, forensic
examiner) should be informed that a device powered by batteries is in need of
immediate attention.
Potential Evidence: Answering machines can store voice messages and, in some
cases, time and date information about when the message was left. They may
also contain other voice recordings.
o Caller identification information.
o Deleted messages.
o Last number called.
o Memo.
o Phone numbers and names.
o Tapes.
Digital Cameras
Description: Camera, digital recording device for images and video, with related
storage media and conversion hardware capable of transferring images and
video to computer media.
Primary Uses: Digital cameras capture images and/or video in a digital format
that is easily transferred to computer storage media for viewing and/or editing.
Potential Evidence:
o Images.
o Removable cartridges.
o Sound.
o Time and date stamp.
o Video.
Handheld Devices (Personal Digital Assistants [PDAs], Electronic Organizers)
Description: A personal digital assistant (PDA) is a small device that can include
computing, telephone/fax, paging, networking, and other features. It is typically
used as a personal organizer. A handheld computer approaches the full
functionality of a desktop computer system. Some do not contain disk drives,
but may contain PC card slots that can hold a modem, hard drive, or other
device. They usually include the ability to synchronize their data with other
computer systems, most commonly by a connection in a cradle (see photo). If a
cradle is present, attempt to locate the associated handheld device.
Primary Uses: Handheld computing, storage, and communication devices
capable of storage of information.
Note: Since batteries have a limited life, data could be lost if they fail.
Therefore, appropriate personnel (e.g., evidence custodian, lab chief, forensic
examiner) should be informed that a device powered by batteries is in need of
immediate attention.
Potential Evidence:
o Address book.
o Appointment calendars/information.
o Documents.
o E-mail.
o Handwriting.
o Password.
o Phone book.
o Text messages.
o Voice messages.
Hard Drives
Description: A sealed box containing rigid platters (disks) coated with a
substance capable of storing data magnetically. Can be encountered in the case
of a PC as well as externally in a standalone case.
Primary Uses: Storage of information such as computer programs, text,
pictures, video, multimedia files, etc.
Potential Evidence: See potential evidence under computer systems.
Memory Cards
Description: Removable electronic storage devices, which do not lose the
information when power is removed from the card. It may even be possible to
recover erased images from memory cards. Memory cards can store hundreds
of images in a credit card-size module. Used in a variety of devices, including
computers, digital cameras, and PDAs. Examples are memory sticks, smart
cards, flash memory, and flash cards.
Primary Uses: Provides additional, removable methods of storing and
transporting information.
Potential Evidence: See potential evidence under computer systems.
Modems
Description: Modems, internal and external (analog, DSL, ISDN, cable),
wireless modems, PC cards.
Primary Uses: A modem is used to facilitate electronic communication by
allowing the computer to access other computers and/or networks via a
telephone line, wireless, or other communications medium.
Network Components
Local Area Network (LAN) Card or Network Interface Card (NIC)
Note: These components are indicative of a computer network. See discussion
on network system evidence in chapter 5 before handling the computer system
or any connected devices.
Description: Network cards, associated cables. Network cards also can be
wireless.
Primary Uses: A LAN/NIC card is used to connect computers. Cards allow
for the exchange of information and resource sharing.
Potential Evidence: The device itself, MAC (media access control) access
address.
Routers, Hubs, and Switches
Description: These electronic devices are used in networked computer systems.
Routers, switches, and hubs provide a means of connecting different computers
or networks. They can frequently be recognized by the presence of multiple
cable connections.
Primary Uses: Equipment used to distribute and facilitate the distribution of data
through networks.
Potential Evidence: The devices themselves. Also, for routers, configuration
files.
Servers
Description: A server is a computer that provides some service for other
computers connected to it via a network. Any computer, including a laptop, can
be configured as a server.
Primary Uses: Provides shared resources such as e-mail, file storage, Web
page services, and print services for a network.
Potential Evidence: See potential evidence under computer systems.
Network Cables and Connectors
Description: Network cables can be different colors, thicknesses, and shapes
and have different connectors, depending on the components they are
connected to.
Primary Uses: Connects components of a computer network.
Potential Evidence: The devices themselves.
Pagers
Description: A handheld, portable electronic device that can contain volatile
evidence (telephone numbers, voice mail, e-mail). Cell phones and personal
digital assistants also can be used as paging devices.
Primary Uses: For sending and receiving electronic messages, numeric (phone
numbers, etc.) and alphanumeric (text, often including e-mail).
Note: Since batteries have a limited life, data could be lost if they fail.
Therefore, appropriate personnel (e.g., evidence custodian, lab chief, forensic
examiner) should be informed that a device powered by batteries is in need of
immediate attention.
Potential Evidence:
o Address information.
o E-mail.
o Phone numbers.
o Text messages.
o Voice messages.
Printers
Description: One of a variety of printing systems, including thermal, laser, inkjet,
and impact, connected to the computer via a cable (serial, parallel, universal
serial bus (USB), firewire) or accessed via an infrared port. Some printers
contain a memory buffer, allowing them to receive and store multiple page
documents while they are printing. Some models may also contain a hard drive.
Primary Uses: Print text, images, etc., from the computer to paper.
Potential Evidence: Printers may maintain usage logs, time and date information,
and, if attached to a network, they may store network identity information. In
addition, unique characteristics may allow for identification of a printer.
o Documents.
o Hard drive.
o Ink cartridges.
o Network identity/information.
o Superimposed images on the roller.
o Time and date stamp.
o User usage log.
Removable Storage Devices and Media
Description: Media used to store electrical, magnetic, or digital information
(e.g., floppy disks, CDs, DVDs, cartridges, tape).
Primary Uses: Portable devices that can store computer programs, text,
pictures, video, multimedia files, etc.
New types of storage devices and media come on the market frequently; these
are a few examples of how they appear.
Potential Evidence: See potential evidence under computer systems.
Scanners
Description: An optical device connected to a computer, which passes a
document past a scanning device (or vice versa) and sends it to the computer
as a file.
Primary Uses: Converts documents, pictures, etc., to electronic files, which can
then be viewed, manipulated, or transmitted on a computer.
Potential Evidence: The device itself may be evidence. Having the capability to
scan may help prove illegal activity (e.g., child pornography, check fraud,
counterfeiting, identity theft). In addition, imperfections such as marks on the
glass may allow for unique identification of a scanner used to process
documents.
Telephones
Description: A handset either by itself (as with cell phones), or a remote base
station (cordless), or connected directly to the landline system. Draws power
from an internal battery, electrical plug-in, or directly from the telephone
system.
Primary Uses: Two-way communication from one instrument to another, using
land lines, radio transmission, cellular systems, or a combination. Phones are
capable of storing information.
Note: Since batteries have a limited life, data could be lost if they fail.
Therefore, appropriate personnel (e.g., evidence custodian, lab chief, forensic
examiner) should be informed that a device powered by batteries is in need of
immediate attention.
Potential Evidence: Many telephones can store names, phone numbers, and
caller identification information. Additionally, some cellular telephones can store
appointment information, receive electronic mail and pages, and may act as a
voice recorder.
o Appointment calendars/information.
o Caller identification information.
o Electronic serial number.
o E-mail.
o Memo.
o Password.
o Phone book.
o Text messages.
o Voice mail.
o Web browsers.
Miscellaneous Electronic Items
There are many additional types of electronic equipment that are too numerous
to be listed that might be found at a crime scene. However, there are many
nontraditional devices that can be an excellent source of investigative
information and/or evidence. Examples are credit card skimmers, cell phone
cloning equipment, caller ID boxes, audio recorders, and Web TV. Fax
machines, copiers, and multifunction machines may have internal storage
devices and may contain information of evidentiary value.
REMINDER: The search of this type of evidence may require a search
warrant. See note in the Introduction, page 7.
Copiers
Some copiers maintain user access records and history of copies made.
Copiers with the scan once/print many feature allow documents to be scanned
once into memory, and then printed later.
Potential Evidence:
o Documents.
o Time and date stamp.
o User usage log.
Credit Card Skimmers
Credit card skimmers are used to read information contained on the magnetic
stripe on plastic cards.
Potential Evidence: Cardholder information contained on the tracks of the
magnetic stripe includes:
o Card expiration date.
o Credit card numbers.
o User's address.
o User's name.
Digital Watches
There are several types of digital watches available that can function as pagers
that store digital messages. They may store additional information such as
address books, appointment calendars, e-mail, and notes. Some also have the
capability of synchronizing information with computers.
Potential Evidence:
o Address book.
o Appointment calendars.
o E-mail.
o Notes.
o Phone numbers.
Facsimile Machines
Facsimile (fax) machines can store preprogrammed phone numbers and a
history of transmitted and received documents. In addition, some contain
memory allowing multiple-page faxes to be scanned in and sent at a later time
as well as allowing incoming faxes to be held in memory and printed later.
Some may store hundreds of pages of incoming and/or outgoing faxes.
Potential Evidence:
o Documents.
o Film cartridge.
o Phone numbers.
o Send/receive log.
Global Positioning Systems (GPS)
Global Positioning Systems can provide information on previous travel via
destination information, way points, and routes. Some automatically store the
previous destinations and include travel logs.
Potential Evidence:
o Home.
o Previous destinations.
o Travel logs.
o Way point coordinates.
o Way point name.
---------------------------
Chapter 2. Investigative Tools and Equipment
Principle: Special tools and equipment may be required to collect electronic
evidence. Experience has shown that advances in technology may dictate
changes in the tools and equipment required.
Policy: There should be access to the tools and equipment necessary to
document, disconnect, remove, package, and transport electronic evidence.
Procedure: Preparations should be made to acquire the equipment required to
collect electronic evidence. The needed tools and equipment are dictated by
each aspect of the process: documentation, collection, packaging, and
transportation.
Tool Kit
Departments should have general crime scene processing tools (e.g., cameras,
notepads, sketchpads, evidence forms, crime scene tape, markers). The
following are additional items that may be useful at an electronic crime scene.
Documentation Tools
o Cable tags.
o Indelible felt tip markers.
o Stick-on labels.
Disassembly and Removal Tools
A variety of nonmagnetic sizes and types of:
o Flat-blade and Philips-type screwdrivers.
o Hex-nut drivers.
o Needle-nose pliers.
o Secure-bit drivers.
o Small tweezers.
o Specialized screwdrivers (manufacturer-specific, e.g., Compaq, Macintosh).
o Standard pliers.
o Star-type nut drivers.
o Wire cutters.
Package and Transport Supplies
o Antistatic bags.
o Antistatic bubble wrap.
o Cable ties.
o Evidence bags.
o Evidence tape.
o Packing materials (avoid materials that can produce static electricity such as
styrofoam or styrofoam peanuts).
o Packing tape.
o Sturdy boxes of various sizes.
Other Items
Items that also should be included within a department's tool kit are:
o Gloves.
o Hand truck.
o Large rubber bands.
o List of contact telephone numbers for assistance.
o Magnifying glass.
o Printer paper.
o Seizure disk.
o Small flashlight.
o Unused floppy diskettes (3 « and 5 1/4 inch).
---------------------------
Chapter 3. Securing and Evaluating the Scene
Principle: The first responder should take steps to ensure the safety of all
persons at the scene and to protect the integrity of all evidence, both traditional
and electronic.
Policy: All activities should be in compliance with departmental policy and
Federal, State, and local laws. (Additional resources are referenced in
appendix B.)
Procedure: After securing the scene and all persons on the scene, the first
responder should visually identify potential evidence, both conventional
(physical) and electronic, and determine if perishable evidence exists. The first
responder should evaluate the scene and formulate a search plan.
Secure and evaluate the scene:
o Follow jurisdictional policy for securing the crime scene. This would include
ensuring that all persons are removed from the immediate area from which
evidence is to be collected. At this point in the investigation do not alter the
condition of any electronic devices: If it is off, leave it off. If it is on, leave it on.
o Protect perishable data physically and electronically. Perishable data may be
found on pagers, caller ID boxes, electronic organizers, cell phones, and other
similar devices. The first responder should always keep in mind that any device
containing perishable data should be immediately secured, documented, and/or
photographed.
o Identify telephone lines attached to devices such as modems and caller ID
boxes. Document, disconnect, and label each telephone line from the wall
rather than the device, when possible. There may also be other communications
lines present for LAN/ethernet connections. Consult appropriate
personnel/agency in these cases.
Keyboards, the computer mouse, diskettes, CDs, or other components may
have latent fingerprints or other physical evidence that should be preserved.
Chemicals used in processing latent prints can damage equipment and data.
Therefore, latent prints should be collected after electronic evidence recovery is
complete.
Conduct preliminary interviews:
o Separate and identify all persons (witnesses, subjects, or others) at the scene
and record their location at time of entry.
o Consistent with departmental policy and applicable law, obtain from these
individuals information such as:
--Owners and/or users of electronic devices found at the scene, as well as
passwords (see below), user names, and Internet service provider.
--Passwords. Any passwords required to access the system, software, or data.
(An individual may have multiple passwords, e.g., BIOS, system login, network
or ISP, application files, encryption pass phrase, e-mail, access token,
scheduler, or contact list.)
--Purpose of the system.
--Any unique security schemes or destructive devices.
--Any offsite data storage.
--Any documentation explaining the hardware or software installed on the
system.
---------------------------
Chapter 4. Documenting the Scene
Principle: Documentation of the scene creates a permanent historical record of
the scene. Documentation is an ongoing process throughout the investigation. It
is important to accurately record the location and condition of computers,
storage media, other electronic devices, and conventional evidence.
Policy: Documentation of the scene should be created and maintained in
compliance with departmental policy and Federal, State, and local laws.
Procedure: The scene should be documented in detail.
Initial documentation of the physical scene:
o Observe and document the physical scene, such as the position of the mouse
and the location of components relative to each other (e.g., a mouse on the left
side of the computer may indicate a left-handed user).
o Document the condition and location of the computer system, including
power status of the computer (on, off, or in sleep mode). Most computers have
status lights that indicate the computer is on. Likewise, if fan noise is heard, the
system is probably on. Furthermore, if the computer system is warm, that may
also indicate that it is on or was recently turned off.
o Identify and document related electronic components that will not be
collected.
o Photograph the entire scene to create a visual record as noted by the first
responder. The complete room should be recorded with 360 degrees of
coverage, when possible.
o Photograph the front of the computer as well as the monitor screen and other
components. Also take written notes on what appears on the monitor screen.
Active programs may require videotaping or more extensive documentation of
monitor screen activity.
Note: Movement of a computer system while the system is running may cause
changes to system data. Therefore, the system should not be moved until it has
been safely powered down as described in chapter 5.
o Additional documentation of the system will be performed during the
collection phase.
---------------------------
Chapter 5. Evidence Collection
REMINDER: The search for and collection of evidence at an electronic crime
scene may require a search warrant. See note in the Introduction, page 7.
Principle: Computer evidence, like all other evidence, must be handled carefully
and in a manner that preserves its evidentiary value. This relates not just to the
physical integrity of an item or device, but also to the electronic data it contains.
Certain types of computer evidence, therefore, require special collection,
packaging, and transportation. Consideration should be given to protect data
that may be susceptible to damage or alteration from electromagnetic fields
such as those generated by static electricity, magnets, radio transmitters, and
other devices.
Policy: Electronic evidence should be collected according to departmental
guidelines. In the absence of departmental guidelines outlining procedures for
electronic evidence collection, the following procedures are suggested.
Note: Prior to collection of evidence, it is assumed that locating and
documenting has been done as described in chapters 3 and 4. Recognize that
other types of evidence such as trace, biological, or latent prints may exist.
Follow your agency's protocol regarding evidence collection. Destructive
techniques (e.g., use of fingerprint processing chemicals) should be postponed
until after electronic evidence recovery is done.
Nonelectronic Evidence
Recovery of nonelectronic evidence can be crucial in the investigation of
electronic crime. Proper care should be taken to ensure that such evidence is
recovered and preserved. Items relevant to subsequent examination of
electronic evidence may exist in other forms (e.g., written passwords and other
handwritten notes, blank pads of paper with indented writing, hardware and
software manuals, calendars, literature, text or graphical computer printouts,
and photographs) and should be secured and preserved for future analysis.
These items frequently are in close proximity to the computer or related
hardware items. All evidence should be identified, secured, and preserved in
compliance with departmental policies.
Stand-Alone and Laptop Computer Evidence
CAUTION: Multiple computers may indicate a computer network. Likewise,
computers located at businesses are often networked. In these situations,
specialized knowledge about the system is required to effectively recover
evidence and reduce your potential for civil liability. When a computer network
is encountered, contact the forensic computer expert in your department or
outside consultant identified by your department for assistance. Computer
systems in a complex environment are addressed later in this chapter.
A "stand-alone" personal computer is a computer not connected to a network
or other computer. Stand-alones may be desktop machines or laptops.
Laptops incorporate a computer, monitor, keyboard, and mouse into a single
portable unit. Laptops differ from other computers in that they can be powered
by electricity or a battery source. Therefore, they require the removal of the
battery in addition to stand-alone power-down procedures.
If the computer is on, document existing conditions and call your expert or
consultant. If an expert or consultant is not available, continue with the following
procedure:
Procedure:
After securing the scene per chapter 3, read all steps below before taking any
action (or evidentiary data may be altered).
a. Record in notes all actions you take and any changes that you observe in the
monitor, computer, printer, or other peripherals that result from your actions.
b. Observe the monitor and determine if it is on, off, or in sleep mode. Then
decide which of the following situations applies and follow the steps for that
situation.
Situation 1: Monitor is on and work product and/or desktop is visible.
1. Photograph screen and record information displayed.
2. Proceed to step c.
Situation 2: Monitor is on and screen is blank (sleep mode) or screen saver
(picture) is visible.
1. Move the mouse slightly (without pushing buttons). The screen should
change and show work product or request a password.
2. If mouse movement does not cause a change in the screen, DO NOT
perform any other keystrokes or mouse operations.
3. Photograph the screen and record the information displayed.
4. Proceed to step c.
Situation 3: Monitor is off.
1. Make a note of "off" status.
2. Turn the monitor on, then determine if the monitor status is as described in
either situation 1 or 2 above and follow those steps.
c. Regardless of the power state of the computer (on, off, or sleep mode),
remove the power source cable from the computer-NOT from the wall outlet.
If dealing with a laptop, in addition to removing the power cord, remove the
battery pack. The battery is removed to prevent any power to the system.
Some laptops have a second battery in the multipurpose bay instead of a floppy
drive or CD drive. Check for this possibility and remove that battery as well.
d. Check for outside connectivity (e.g., telephone modem, cable, ISDN, DSL).
If a telephone connection is present, attempt to identify the telephone number.
e. To avoid damage to potential evidence, remove any floppy disks that are
present, package the disk separately, and label the package. If available, insert
either a seizure disk or a blank floppy disk. Do NOT remove CDs or touch the
CD drive.
f. Place tape over all the drive slots and over the power connector.
g. Record make, model, and serial numbers.
h. Photograph and diagram the connections of the computer and the
corresponding cables.
i. Label all connectors and cable ends (including connections to peripheral
devices) to allow for exact reassembly at a later time. Label unused connection
ports as "unused." Identify laptop computer docking stations in an effort to
identify other storage media.
j. Record or log evidence according to departmental procedures.
k. If transport is required, package the components as fragile cargo (see
chapter 6).
Computers in a Complex Environment
Business environments frequently have multiple computers connected to each
other, to a central server, or both. Securing and processing a crime scene
where the computer systems are networked poses special problems, as
improper shutdown may destroy data. This can result in loss of evidence and
potential severe civil liability. When investigating criminal activity in a known
business environment, the presence of a computer network should be planned
for in advance, if possible, and appropriate expert assistance obtained. It
should be noted that computer networks can also be found in a home
environment and the same concerns exist.
The possibility of various operating systems and complex hardware
configurations requiring different shutdown procedures make the processing of
a network crime scene beyond the scope of this guide. However, it is important
that computer networks be recognized and identified, so that expert assistance
can be obtained if one is encountered. Appendix C provides a list of technical
resources that can be contacted for assistance.
Indications that a computer network may be present include:
o The presence of multiple computer systems.
o The presence of cables and connectors, such as those depicted in the pictures
at left, running between computers or central devices such as hubs.
o Information provided by informants or individuals at the scene.
o The presence of network components as depicted in chapter 1.
Other Electronic Devices and Peripheral Evidence
The electronic devices such as the ones in the list below may contain potential
evidence associated with criminal activity. Unless an emergency exists, the
device should not be operated. Should it be necessary to access information
from the device, all actions associated with the manipulation of the device
should be documented to preserve the authenticity of the information. Many of
the items listed below may contain data that could be lost if not handled
properly. For more detailed information on these devices, see chapter 1.
Examples of other electronic devices (including computer peripherals):
o Audio recorders.
o Answering machines.
o Cables.
o Caller ID devices.
o Cellular telephones.
o Chips. (When components such as chips are found in quantity, it may be
indicative of chip theft.)
o Copy machines.
o Databank/Organizer digital.
o Digital cameras (still and video).
o Dongle or other hardware protection devices (keys) for software.
o Drive duplicators.
o External drives.
o Fax machines.
o Flash memory cards.
o Floppies, diskettes,CD-ROMs.
o GPS
February 16, 2005 at 07:42 AM in Security | Permalink | TrackBack (85) | Top of page | Blog Home
TheStar.com - Government 'vulnerable' to cyber attacks
Digital security lax: Auditor-general
Issue not taken seriously, Fraser says
BRUCE CAMPION-SMITH
OTTAWA BUREAU
OTTAWA—The warning is simple — leave your back door open every night and eventually there'll be a break-in.
That's the message Auditor-General Sheila Fraser has for the federal government and for Canadians after describing lax digital security that leaves its computers full of personal information vulnerable to hackers.
"Sensitive data, including information on the privacy of Canadians, payroll and financial transactions, program information ... are at increased risk of unauthorized disclosure, modification, or loss — possibly without being detected," the auditor-general's report warns.
"In some cases the weaknesses had been exploited and gone undetected."
Citing the growing number of "cyber incidents," Fraser suggests that only luck has spared the government from a major breach of its computer systems.
She expressed frustration that almost three years after it was flagged as a problem, many government computers still don't meet minimum levels of security. "I'm really disappointed this issue isn't being taken more seriously," Fraser said yesterday at a news conference. "It's not just getting the attention it should be within government."
But she stressed that a government that collects a host of sensitive personal information on everything from passports to income tax to employment insurance needs to take action immediately to close the loopholes.
"This is serious and needs to be dealt with," Fraser said. She refused to single out what departments are most vulnerable but cited the government's own survey of 90 departments — 46 responded and only one met standards. Fraser notes how the government's own "vulnerability assessments" revealed "significant weaknesses that could be exploited."
Treasury Board President Reg Alcock said later there are attacks on a "regular basis... everything from minor hackers trying to attack websites through to people coming in at databases.
"We don't know of any ... serious breaches," Alcock said.
He said the government is working on new procedures to ensure departments comply with security standards.
In her report released yesterday, Fraser gave Ottawa passing grades for making improvements on everything from reforming its management of human resources to the licensing and regulation of nuclear reactors.
It was a marked change for Fraser who a year ago used words like "shocking" and "blatant misuse" to lay bare the sponsorship scandal.
Fraser did serve up some tough words yesterday, criticizing the way the government has funnelled billions of dollars to arm's-length foundations that aren't subject to adequate oversight.
And she said the government has been slow to improve the governance of Crown corporations. She found that 15 large Crown corporations reported that more than one-third of board members' terms had expired — some for more than one year. "Recent developments in the private sector have raised the bar for corporate governance and this area will require much more attention," Fraser said.
Alcock later said yesterday that he plans to unveil changes tomorrow to improve the way crown corporations are run.
Fraser also scolded Transport Canada for dragging its feet in its review of the rent it charges the operators of airports, such as Pearson airport. She said the review, launched back in 2001 and still not finished, could have significant financial implications for airports, airlines and even passengers, who could benefit if rents are rolled back.
"It's taken too long to get resolved," she said.
She also raised flags about the way aid money is spent at a time when the federal government is set to hand out tens of millions for tsunami relief.
The Canadian International Development Agency, responsible for handing out $2.6 billion a year in assistance, has moved toward giving grants with little control over how the money is spent, Fraser revealed yesterday.
"Grant payments are usually given with few conditions," the report said.
February 16, 2005 at 07:27 AM in Security | Permalink | TrackBack (6) | Top of page | Blog Home
Finextra: Resona to fight fraud with customer cut-off time for ATMs
Japanese banking group Resona is to allow its customers to designate specific times for ATM use and block cash withdrawals at all other times in a bid to cut cash machine fraud.
A new service will be launched mid-year that will enable account holders to block withdrawals from ATMs operated by Resona and other banks, according to a report by the Kyodo news agency.
Users will be able to specify ATM user times via mobile phones. Customers will be able to change designated times or suspend total use of cash machines.
According to the report, Resona believes the initiative will cost less than other measures to tackle cash machine fruad, such as providing chip-based cards and implementing biometric applications.
Following a series of cash card frauds in Japan, Kyodo says banks are also planning to allow customers to set their own limits on cash withdrawals at ATMs and to compensate customers if they are found not to be responsible for losses caused by fraud.
February 16, 2005 at 07:12 AM in Financial Services | Permalink | TrackBack (17) | Top of page | Blog Home
Bloggers, the new US media watchdogs - Yahoo! UK & Ireland News
WASHINGTON (AFP) - First CBS's Dan Rather, then CNN's Eason Jordan, Internet bloggers have come of age as media watchdogs with their part in the downfall of these influential, high-profile media heads.
Jordan, a top CNN executive responsible for the network's coverage in Iraq, resigned Friday following remarks suggesting the US military was deliberately targeting journalists.
The January 27 comments were initially ignored by mainstream reporters, but picked up and trumpeted across the Internet by an army of bloggers.
Jordan's downfall follows that of veteran CBS television news anchor Dan Rather, who announced he will resign in March after bloggers exposed documents he used in a report critical of President George W. Bush's National Guard service as forgeries.
Jordan made his controversial remarks while participating in a discussion panel at the World Economic Forum in Davos, Switzerland. Organizers have not released a transcript of the event.
Jordan acknowledged the remarks were "not as clear as they should have been," but insisted in a statement that he "never meant to imply US forces acted with ill intent when US forces accidentally killed journalists."
He resigned after two weeks of ferocious criticism on conservative weblogs such as captainsquartersblog.com, nationalreviewonline.com and easongate.com, a slick site dedicated entirely to the controversy.
In the 'old days' of just a few years ago media criticism would appear in the monthly Columbia Journalism Review or in specialized newspaper colums, said Paul Grabowicz at the University of California at Berkeley Graduate School of Journalism.
Now such criticism moves at lightning speed and grows so quickly it cannot be ignored, he said. And despite the heated rhetoric there is also often solid original reporting.
"The ground is shifting and the media is having a difficult time adjusting," Grabowicz said.
Though many of the blogs attacking Jordan are managed by staunch conservatives, the controversy cannot be written off as a right-wing attack on the "liberal" media.
Two left-leaning Democratic legislators at the Davos event swiftly criticized Jordan's remarks. And his performance defended panel moderator David Gergen, a Republican who worked with the first president George Bush.
"They went after him because he is a symbol of a network seen as too liberal by some. They saw blood in the water," Gergen, the editor of US News and World Report, told the Washington Post.
The conservative Wall Street Journal editorial page at first blasted Jordan, but on Monday dismissed the incident as a "kerfuffle."
Jordan "made an indefensible remark from which he ineptly tried to climb down at first prompting. This may be dumb but it wasn't a journalistic felony," the piece read.
The Journal then chastised CNN for failing to show "the good judgement and sense of proportion that distinguishes professional journalism from the enthusiasms and vendettas of amateurs."
Edward Morrisey, also known as "Captain Ed" at captainsquartersblog.com, wrote that bloggers didn't want Jordan's head just because he worked for CNN.
"We wanted accountability for a corporate executive that went overseas on multiple occasions to issue slanderous allegations against the US military simply to drum up business and gain a competitive advantage for access in countries already hostile to the United States," Morrisey wrote Monday.
Mainstream journalists agressivly report only on "acceptable targets" that fit their political beliefs such as "the US military, the Israeli military, the Bush administration and Republicans in general," wrote Morrisey, reflecting the views of many conservative blogs.
Blogs have become an important part of Internet life, according to two surveys in November by the Pew Internet and American Life Project.
Some 27 percent of Internet users read blogs, according to the survey, which reports that some eight million US adults say they have created blogs.
Yet despite its influence, 62 percent of Internet users do not know what a blog is, according to the Pew survey.
A separate survey in December by the software company Perseus Development reported that 4.12 million blogs were created in 2004 by the top eight blog-hosting services.
But of the 3,600 blogs surveyed, 66 percent had not been updated in two months, and many had never updated after they were created.
February 14, 2005 at 09:57 PM in Browsers | Permalink | TrackBack (12) | Top of page | Blog Home
Make Customers Part of Your Team
Guidance for Owners/Managers
One way businesses are helping their employees work better together is with internal company websites — better known as "intranet" sites.
An intranet site creates an online place where your employees — or maybe a project team — can share and collaborate on documents and access project timelines, vacation schedules and other group materials. You navigate an intranet site just the way you do an internet site using Internet Explorer or another web browser.
What if you want to extend this idea to key customers and business partners? Then you need to create an "extranet" site.
You can think of an extranet site as an intranet site opened up to select outsiders. You build and manage the site, but allow your employees and important customers, clients or partners to view and interact with the information there. To ensure security, access to the site requires a valid username and password. You can also restrict which areas and files on your site others can access.
How Businesses Use Extranet Sites
Large companies have been using extranets for years. The automotive industry uses extranet sites extensively to streamline the ordering processes and notify suppliers of parts and design changes. Suppliers in turn use the sites to receive proposals, submit bids, provide documents and even collect payments.
But you don't have to be in the car-building business to operate an extranet. Small businesses have customers, suppliers and partners too. And it's not unusual for small businesses to use extranet sites when they team up with other small businesses on projects. Here are some other examples of how you can use extranet sites that go beyond collaboration benefits:
* Share product manuals. If you are a manufacturer, you can provide self-serve access to user documents and technical specifications that can run to thousands of pages in print format.
* Make online catalogues available. Suppliers and wholesalers can provide vendors with up-to-date catalogue inventory to streamline the purchasing process for both buyers and sellers. They can also offer discounts to customers and feature discounted items.
* Conduct project management. An extranet can serve as a project-management system for keeping contractors on track. Such systems allow in-house teams to monitor external vendors who can use the extranet to report their progress.
* Provide customer service tools. With an extranet you can let your customers log in and view customised account information, track orders and communicate with sales and service staff.
* Offer online training. Online training firms can provide courses and course materials to their clients over extranets.
* Manage supply chains. Extranets can help keep inventory data current and accurate.
* Show sales demonstrations. Extranets allow sales representatives to deliver interactive presentations regardless of a customer's location and without being constrained by trade-show schedules and tight travel budgets.
* Preview web design work. Web designers can use extranets to let customers preview web design projects, adding efficiency to the development process.
Here's more to help you understand and get started with extranets.
Extranet Basics
Here's what an extranet site is and does:
* An extranet site is a private company website you create that is dedicated to enabling you and your partners to work together.
* Users connect to an extranet site the same way they do the internet — with a browser.
* Extranets can host the same types of content as a regular website, including documents, graphics, audio, video and message boards.
* Extranets can be personalised for each client accessing them.
* You can grant or restrict customer and partner access to certain sections of the extranet.
* You can employ antivirus protection and block certain kinds of files from your extranet to help protect your company network.
* A password-protected extranet is essential to provide security and ensure that only those you want accessing your site can.
Extranet Site Benefits
An extranet site can help you save money, speed development times, improve client relationships and boost client loyalty — especially in the business-to-business market. Here's how:
* Cost savings can accrue through reduced paper documents, the elimination of overnight shipping, fewer long-distance calls, reduced travel costs, less postage and lower copying costs.
* Increased productivity will result from automating processes that were once done manually and by ensuring critical information won't get lost in the mail or buried in an e-mail inbox.
* Faster delivery and exchange can occur as information of all types can be posted to an extranet site for immediate access, and also be changed, edited or updated quickly.
* With site access available any time of the day, partners, clients and customers have the flexibility to operate when and where it's most convenient, eliminating the need to schedule meetings and phone calls.
* Customer relations are improved as online interactions will help personalise and extend relationships with your clients.
* Clients will be able to provide feedback and input to your development efforts, making them sense that you appreciate their business needs and viewpoints.
Before You Set Up Your Extranet
Don't launch an extranet without doing some planning. Consider the following:
* What's your goal? Establish what you want to achieve with the extranet and what the customer or partner experience should be. Involve your staff. Make sure employees understand that an extranet might change how they work with customers.
* Security is critical. Use authentication and encryption capabilities to ensure no breach of confidential company information occurs using the extranet. Both customers and your employees should feel comfortable using the extranet's security features.
* What kind? Extranets can be hosted in-house or outsourced, as part of your website or stand-alone. Windows SharePoint Services, a component of Windows Small Business Server 2003, is a tool you can use to create both an intranet and extranet. Windows SharePoint Services has preconfigured intranet sites that can be set up as extranet sites.
* Test your extranet. Check with clients before you move into full production mode to ensure that the extranet is easy to use.
February 12, 2005 at 01:36 PM in Financial Services | Permalink | TrackBack (28) | Top of page | Blog Home
Cryptoflex .NET powered Card from Axalto Makes Smart Cards Easier to Deploy
Amsterdam, November 16, 2004 - Axalto (Euronext:NL0000400653 AXL) announced today the first commercial deployment of Axalto’s .NET-based smart cards to help secure access to Microsoft’s corporate network. Axalto’s Cryptoflex .NET powered smart card is a secure, ultra-miniature personal computing technology that runs a small footprint version of the .NET Framework. The .NET-based smart card provides customizable two-factor authentication as well as full cryptographic capabilities, seamlessly via the standard Microsoft .NET programming tools and interfaces. Microsoft marks the first enterprise deployment of the .NET-based smart card.
“We’re delighted to see smart cards based on the ECMA standards for the core Microsoft .NET technologies,” said Charles Fitzgerald, general manager of platform strategy at Microsoft. “Axalto’s new .NET-based smart card is both a great solution to bring strong, two-factor authentication to the enterprise as well as yet another way for .NET developers to take advantage of their skills and code.”
“The best approach to network access security is to add a microprocessor card into the authentication process. And adding smart cards to Microsoft environments is made even easier by Axalto’s Cryptoflex .NET powered cards,” said Marvin Tansley, vice president, Access, Axalto. “Supporting Microsoft .NET is a natural extension of Axalto’s commitment to innovation around industry standards which enable secure access for many with varied identity management solutions.”
Tens of thousands of Microsoft employees worldwide carry a corporate access badge that secures Microsoft computer systems and facilities. Microsoft will be deploying Axalto’s Cryptoflex .NET powered smart card to its employees for secure remote network access in 2005.
Background:
Despite strong password policies, Microsoft determined that additional forms of authentication were required, especially for those that needed remote access to their corporate network to ensure that remote connections to the network are initiated only by authorized users. To counter the threat of unauthorized access to the Microsoft corporate network, Microsoft chose to deploy smart cards because of the cumulative sum of the products’ reliability, performance, cost, security features, convenience and portability benefits. This approach to logical access security, completed worldwide in 2002 for Microsoft’s 61,000 employees, has substantially increased the overall security of enterprise network assets and data at Microsoft.
Microsoft ‘s selected .NET-based cards are smart IDs that support both physical and logical access on one smart card. A contactless feature embedded in the card provides the physical access to buildings and offices. The logical access control is provided via a microprocessor contact smart card with specialized security features, large memory for application storage, and implements Microsoft .NET. Secure and reliable cryptographic operations, such as symmetric (DES, AES) and asymmetric (RSA) algorithms are accessible via an implementation of the standard Cryptographic Services architecture of the .NET Framework. This empowers existing solutions that use .NET cryptographic services to be easily modified to use smart cards, bringing enhanced security and customization to .NET solutions, and allowing Microsoft’s internal IT organization to use the same programming tools and skills they employ for other development projects. The .NET-based smart card represents a breakthrough in security technology by providing developers with an innovative and crucial component for building secure. NET connected systems.
The implementation includes a MSIL (Microsoft Intermediate Language) interpreter, application programming interfaces (system libraries needed for execution and smart card specific libraries for communication and security), a converter that turns a CLI (common language infrastructure) compliant binary into a binary file for loading onto the smart card, a set of relevant ECMA specifications of the reference implementation and a comprehensive test suite that verifies the compliance of the reference implementation to the specifications.
About Axalto
Axalto (Euronext: NL0000400653 AXL) is the world's leading provider of microprocessor cards (Gartner Dataquest 2004) — the key to digital networks — and a major supplier of point-of-sale terminals. Its 4500 employees come from 70 nationalities and serve customers in more than 100 countries, with worldwide sales reaching 3 billion smart cards to date. The company has 25 years' experience in smart card innovation and leads its industry in security technology and open systems.
Axalto continuously creates new generations of products for use in a variety of applications in the telecommunications, finance, retail, transport, entertainment, healthcare, personal identification, information technology and public sector markets. Microprocessor cards provide convenience, security and privacy to public and private services operators, their customers and end users.
All trademarks are properties of their respective owners.
For more info, please visit www.axalto.com
February 11, 2005 at 09:16 PM in Smart Cards | Permalink | TrackBack (11) | Top of page | Blog Home
Finextra: MasterCard launches SMS fraud alert system
MasterCard has teamed with mBlox, a provider of mobile messaging services, to launch a fraud prevention system that enables banks to use SMS text messages to report suspicious card transactions to customers.
The system is based on MasterCard's fraud detection tool, Aristion, with SMS functionality added by mBlox.
Customers who have registered for the service will be sent a text message if the bank registers a suspicious payment on their card. Customers can then notify the bank of any fraudulent transactions immediately. MasterCard says the speed of response means cards can be blocked quickly, reducing the number of fraudulent transactions and costs to the bank.
Suspicious transactions are usually dealt with manually and customers are usually notified by call centre staff. MasterCard says the text-based system will cut response times by up to 90% and reduce operational costs for bank by between 20 and 30%.
Andrew Bud, executive chairman of mBlox, says: "SMS is a very powerful tool for financial institutions, and we built our global, carrier-grade infrastructure to meet this high standard."
Banks can integrate the SMS-enabled system with existing fraud detection platforms and write rules that will automatically trigger an SMS message. The system's pre-defined connections to the mBlox mobile infrastructure means the bank does not have to integrate its fraud systems with individual mobile operators or service providers.
MasterCard has launched the service globally but is concentrating initial efforts in Europe due to the high use of mobile phones in the region. Throughout 2005 the service will be extended to Asia Pacific, SAMEA and later to North America.
February 11, 2005 at 07:29 AM in Financial Services | Permalink | TrackBack (5) | Top of page | Blog Home
Finextra: Nokia releases phone shell for contactless payments
Nokia has released a shell for its series 3220 mobile phone that will enable consumers to use the hand set for making contactless payments.
The shell uses near field communications (NFC) technology and allows customers to make payments by pointing the phone at a point-of-sale terminal. Payment information, such as debit and credit card details, is stored in an integrated smart chip in the shell.
Nokia says the NFC system is compatible with existing contactless payment infrastrucutres. Visa says the NFS shell is a natural extension of Visa's contactless programmes, while MasterCard says the development is a natural extension to the PayPass trial it carried out with Nokia in Texas in 2003.
In addition to payments, the NFS technology can also be used for ticketing and Nokia is teaming with German transport firm Rhein-Main-Verkehrsverbund to trial the system on the bus network in Hanau, near Frankfurt.
Peter Preuss, head of strategy and innovation at RMV, says: "NFC enables us to securely store and electronically control tickets in mobile phones... Another important feature of the project is, that the NFC enabled phones are compatible with the contactless smart card infrastructure already installed in Hanau."
Commenting on the new product, Petri Vesikivi, director at Nokia's ventures organisation, says: "Mobile operators can provide payment and ticketing applications to the phone together with service providers such as banks and transportation companies."
The Nokia NFC shell for payment and ticketing will be available in mid 2005 and will be distributed to customers by mobile network operators.
February 10, 2005 at 08:58 AM in Smart Cards | Permalink | TrackBack (6) | Top of page | Blog Home
From Abigail Rayner in New York
Author of Compaq deal leaves with $21m
CARLY FIORINA left Hewlett-Packard last night with a $21 million (£11 million) golden handshake after being sacked as chairman and chief executive of the computer giant.
HP shares, which have crashed by 50 per cent in the five and a half years that Ms Fiorina has led the group, soared 10 per cent in early trading yesterday as the company said that it was seeking a more hands-on chief executive capable of driving profitability.
Her dismissal was a stunning blow to one of America’s most powerful businesswomen and an apparent repudiation of HP’s highly controversial $19 billion acquisition of Compaq Computer in 2002, on which Ms Fiorina had staked her reputation.
The board of HP, however, insisted yesterday that it remained committed to the company’s current business strategy. Robert Wayman, the chief financial officer who was named interim chief executive, said there were no plans to break up the group despite growing pleas from Wall Street to spin off HP’s highly profitable printing business or sell its personal computer unit.
Yesterday Ms Fiorina made no secret of the fact that there had been a boardroom split over strategy and that she was not leaving voluntarily. She said: “While I regret the board and I have differences about how to execute HP’s strategy, I respect their decision.”
HP said that it would begin seeking a permanent new chief executive immediately and is expected to focus its search on external candidates. Yesterday the company named Patricia Dunn, a director since 1998, as its new non-executive chairman.
In her tumultuous years at the helm of HP, Ms Fiorina drew criticism for her autocratic management style, which some investors felt had stifled the company’s growth.
Ms Dunn admitted that discussions over the leadership of HP began several weeks ago. “The final decision was made on February 8,” she said. “It’s not a sudden decision. We have had a series of deliberations over the course of weeks and longer.” She said consultants had been brought in to help “the board make sure it is doing everything it needs to do”.
Ms Fiorina’s departure ends a stormy era at HP, a Silicon Valley icon. She pushed through the Compaq merger as part of a bold plan to remake HP into a computing and services giant that could challenge IBM.
But the merger never delivered the promised results and, as she worked to integrate the two huge companies, Dell leapfrogged HP to become the leading seller of personal computers.
HP’s server, storage and personal computer units have all struggled since the merger and only the company’s star business, imaging and printing, has kept the group looking respectable.
When Ms Fiorina announced her blockbuster plan to merge with Compaq three years ago, critics derided the idea of combining the unprofitable PC businesses of both companies.
Ms Fiorina’s biography was removed from the executive team page of HP’s website long before employees turned up for work to discover that their chief executive had been ousted.
February 10, 2005 at 12:24 AM in Web/Tech | Permalink | TrackBack (6) | Top of page | Blog Home
Pew Internet & American Life Project: Online Banking 2005
Fifty-three million people, or 44% of internet users and one-quarter of all adults, now say they use online banking. Those figures amount to an increase of 47% over the number of Americans who were performing online banking in late 2002. Of all the major internet activities tracked by the Project since its inaugural survey in March 2000, online banking has grown the fastest. Internet users with high-speed connections, those with six or more years of experience, and those between 28-39 years old are the most likely to bank online.
February 9, 2005 at 01:24 PM in Financial Services | Permalink | TrackBack (25) | Top of page | Blog Home
Yahoo! News - Online Banking Growing Rapidly, Survey Finds
WASHINGTON (Reuters) - Nearly half of all U.S. adult Internet users now manage their bank accounts online, making banking the fastest-growing online activity, according to a survey released on Wednesday.
Forty-four percent of U.S. Internet users bank online, up from 30 percent two years ago, the Pew Internet and American Life Project said.
The nonprofit group said banking has grown faster than any other online activity since it began measuring Internet use in March 2000.
People with high-speed connections at home, those between the ages of 28 and 39, and more affluent households were most likely to bank online, the group said.
The survey of 537 Internet users was conducted in November 2004 and has a margin of error of plus or minus 5 percentage points.
February 9, 2005 at 01:20 PM in Financial Services | Permalink | TrackBack (8) | Top of page | Blog Home
Finextra: Stanford Federal Credit Union signs for PassMark authentication system
Stanford Federal Credit Union (SFCU) has implemented PassMark Security's recently-released two-factor two-way authentication system to provide its members with secure online access to accounts and eliminate the threat from phishing.
SFCU says each of its members will receive a secret PassMark - a small image and a phrase - which is displayed to members during log in. If the PassMark is correct members will know the Web site in genuine and that it is safe to enter passwords.
The vendor says the system provides two-way authentication because it verifies the user to the site and the site to the user, and two-factor because it identifies the user's computer hardware as a second factor of authentication.
John Davis, president, SFCU, says: "Online members have always had to prove their identities to us. But with the explosion of 'phishing' attacks, online service providers should have to prove their identities to the consumer. PassMarks give us an effective way to do so."
Bill Harris, co-founder and chairman of PassMark Security, says with the advent of phishing and keylogging attacks, passwords alone are no longer adequate protection for e-commerce.
He adds that the PassMark system offers s