Well, I'm sitting in the (very nice) Qantas Business Class Lounge here at the Auckland Airport, and I'm happy to report that the two events that were delivered in Australia and New Zealand were a huge success! Both events were sold out, and I can see why. The sessions were really well done and provided loads of information. I always consider it a privilege to be asked to speak at events such as this, and I hope my audiences enjoyed our chats. Thank you for sharing your valuable time with me. As always, I think I learned as much as I taught.
I also want to give a shout out and heartfelt thanks to the fine federal agents who assisted me in my computer investigations sessions. Paul Reedy from the AFP provided some valuable insight into investigations and forensics during the Australia closing keynote (aka "locknote") and Scott, Luke, and Matt (also AFP agents) helped drive a very interesting customer "Ask the Feds" Q&A session in Gold Coast. They showed some amazing pictures of crime scenes and what it is they encounter when they show up onsite. Absolutely nasty. (Piece of advice: If you're committing a cybercrime....please take 2 minutes to wipe the slime off your keyboard.....you're going to get caught eventually....and they may go easier on you.) Unfortunately, I'm not allowed to share the photos....but if you did get to see them....you know what I'm talking about. As these fine agents mentioned during the session, if you're interested in a role with the AFP, please feel free to check the AFP website for more info.
Not to be outdone, Simon and Barry helped me provide a tremendous session in New Zealand. Simon and Barry are both with the New Zealand Police Electronic Crime Lab and get to see a lot of interesting things as well. They also took the opportunity to share with us the role they play in not only cybercrime, but also how the contribute when a computer is used in a narcotics or homicide investigation. I especially liked the story of the homicide suspect who named a file on his computer "HowToCommitThePerfectHomicide.doc". Simply amazing.
The key points that all of these agents stressed were:
Well, I hope that everyone learned as much during these sessions as I did. It was a valuable opportunity to hear from the guys out there actually fighting eCrime for a living. Thanks to the Australian Federal Police and the New Zealand Police for their assistance!
Thanks everyone who attended and for the hospitality of your two fine nations. Cheers mates!
Sadly, I think that it needs to be started, restarted, and stated again that one of the biggest things to keep in mind for internally executed forensics that later involve legal cases or law enforcement is honesty, particularly if you are at that point because your internal folks could get you to the point of knowing something is seriously wrong but really dont have the expertise to effectively handle the incident further.
The whole "Honesty as a best practice" bit is very true and one would assume would be something known without having to be said but my experience would point otherwise.
Great point Falconic! It can not be stated enough! If you do anything to the data, even if it's something horrible like a "nuke and pave", just let the investigators know about it. I had a chat with some of the fine FBI agents here in Dallas, and they summed it up nicely: "We're not there to make you a victim twice." Just be honest. It'll serve you well.