A document detailing investigative tools and materials utilized by the FBI when conducting cyber investigations. The document was distributed by the Oklahoma Bankers Association after being provided by a local branch of the FBI Cyber Division.
The purpose of this paper is to describe the SRA Memory Grabber system, which provides memory access to a running and password protected laptop through the use of a small PC Card inserted into the PCMCIA slot of the laptop. The Memory Grabber device shown in the figure below is operating system agnostic; working on Microsoft Windows, Linux, and MacOS and is available today as a production unit for use with Express Card and Card Bus laptop systems.
California Computer And Technology Crime High Tech Response Team (CATCH) Overview, December 2003.
Bundeskriminalamt German Federal Police Forensic Analysis of Cell Phones and SIM Cards, 2008.
If you encounter an Apple iPhone where the phone is locked with a Passcode, keep in mind the hand set only allows 5 Passcode attempts before locking out phone. This work-around is limited to iPhones with firmware versions 1.1.2 and earlier. The workaround was disabled on version 1.1.3 in February 2008. Data can be retrieved from the SIM card as well as from the phone handset. To remove the SIM card, place a paperclip in the hole at the top of the phone. Force must be applied to get the SIM holder to pop-up. The SIM card will be inside a plastic tray and can be easily removed. Process the SIM card as normal.
The Silicon Valley High Technology Task Force, also known as the Rapid Enforcement Allied Computer Team (REACT), is a partnership of 17 local, state, and federal agencies, with the Santa Clara County District Attorney’s Office designated as the lead agency. The REACT Task Force is one of five in the State of California and authorized under California Penal Code 13848. All Agents of the React Task Force are either California Peace Officers and/or U.S. Federal Agents.
U.S. DOJ Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations
According to the Supreme Court, a “‘seizure’ of property occurs when there is some meaningful interference with an individual’s possessory interests in that property,” United States v. Jacobsen, 466 U.S. 109, 113 (1984), and the Court has also characterized the interception of intangible communications as a seizure. See Berger v. New York, 388 U.S. 41, 59-60 (1967). Furthermore, the Court has held that a “‘search’ occurs when an expectation of privacy that society is prepared to consider reasonable is infringed.”
This Guide provides general guidelines for Internet service provider compliance with law enforcement and national security evidence gathering authorities. It is not intended to constitute or be a substitute for legal advice provided to individual clients on the basis of particular facts. In light of the law’s complexity, Internet service providers should consult counsel regarding questions about the law.
U.S. Secret Service manual on best practices For seizing electronic evidence, October 9, 2006.
More than five-hundred pages of law enforcement sensitive guides concerning Microsoft Windows 7/Vista Advanced Forensics Topics.
The Network Intrusion Responder Program (NITRO) was designed by the U.S. Secret Service’s National Computer Forensics Institute to introduce law enforcement officers to basic network intrusion investigation techniques.
FBI FOUO brief on Mobile Forensics, May 28, 2009.
THE U.S. SECRET SERVICE
Investigates . . .
Fraud involving U.S. financial obligations and securities
Crimes affecting other federally insured financial institutions
Threats against the President & other government officials
Access Device fraud