Week 7 Discussion Discussion Topic Task: Reply to this topic Introduction During a criminal investigation, police might confiscate an object they believe was involved in a crime, such as a weapon or an article of clothing. They confiscate the object, document details about it, and keep it safe. It’s important how the police handle the object in case the object is used as evidence for a trial. For a trial, it’s important for the legal prosecutor to show the object is indeed the same object confiscated by the police. Police document their handling of evidence with what’s known as a chain of custody. And the requirement is the same for electronic evidence as it is for physical evidence. Case Study Review the following computer forensics case study of a pharmaceutical company: https://evestigate.com/Case_Studies/Case%20Study%20Prescription%20Drug%20Diversion%20Brand%20Protection.pdf A pharmaceutical company began receiving complaints from its representatives in certain geographical areas that sales of normally high-volume drugs were slowing down considerably. The company’s internal security department as well as the security departments of its major distributors began an investigation. The results of the investigation led the security professionals to believe a significant amount of the company’s product was being diverted from foreign countries into the United States and sold through smaller distributors who specialized in sales to locally, privately owned pharmacies and dispensaries in nursing homes. The diversion activities were immediately reported to the local authorities in the regions as well as to the FDA. An investigation was immediately launched and millions of dollars of diverted drugs and repackaging equipment was seized from several locations, including the warehouses of fully licensed pharmaceutical distributors. Along with the diverted product, the computers and other electronic equipment were also seized. The seizure went smoothly and the company was satisfied as were investigators from the FDA and local law enforcement. However, the case was severely hindered by the fact that the majority of communications between the principals of the distribution companies (foreign nationals) and the foreign suppliers was conducted by e-mail. There were also no significant paper records on site. While the local authorities and the FDA had access to computer forensic labs, both faced similar roadblocks in their investigations. The labs were severely backlogged and the systems were encrypted, fairly complex, and recorded in a foreign language. It became obvious that the investigation would be delayed until one of the labs cleared some high-priority cases and could dedicate the time required to forensically analyze the computers from the seizure. Time was of the essence. Everyone knew that the computer forensics had to begin immediately if the diversion was to cease and the case successfully prosecuted. Because the suspects claimed they were reshipping the drugs outside the U.S. (a legal practice) and had shipping bills that appeared to back this statement up, documentation from the computers was essential. If computer forensic analysis was delayed, it was almost assured that the U.S. attorney’s Office would drop the charges. GDF Involvement The company called in GDF and, working in cooperation with the local authorities as well as with the FDA and U.S. Attorney’s Office, GDF was able to commence computer forensic analysis of the computers seized at the pharmaceutical warehouses and provide the information and artifacts recovered during the computer forensic analysis to the U.S. Attorney’s Office. GDF dispatched a Mobile Computer Forensics Lab and, along with investigators from the U.S Attorney’s Office, created forensically sound copies of the hard drives seized from the warehouses to be used to conduct the computer forensic analysis. Strict chain of custody was maintained and the computer forensics was conducted under the supervision of the U.S. Attorney’s Office following all accepted computer forensic methodologies. The Findings GDF Computer Forensic Specialists were able to decrypt and extract a wealth of information from the systems that were forensically analyzed. By conducting a complete computer forensic analysis of all the data the hard disks contained, GDF was able to provide documentation showing that the diverted drugs were being purchased from distributors in Europe and Canada and being shipped to the U.S. in what appeared to be legitimate transactions. The computer forensic analysis also showed that the distributor had purchased equipment to unwrap the foreign drugs as well as repackaging equipment, all signs of a legitimate drug repackaging and exporting company. GDF’s computer forensic analysts were also able to extract documents showing that the owners of the distributors also controlled several pharmacies in the area as well as several nursing homes and ACLF facilities, all of which appeared to purchase drugs from the distributors. There were also many invoices for custom vitamins shipped to another distributor just two buildings away that appeared to be controlled by the suspects. The Outcome Using the digital evidence the computer forensic specialists gathered, along with the physical evidence, the United States Attorney was able to prove: 1. The distributor was purchasing drugs from foreign sources to be sold within the United States 2. The distributors were engaged in drug diversion for over 10 years 3. The distributor was repackaging vitamins manufactured to appear the same as the prescription drugs and selling and shipping them to Asia 4. The distributor was operating unlicensed pharmacies and nursing homes The primary pharmaceutical company sustained over 13 million dollars a year in lost revenue. In addition, the suspects distributed millions of dollars in counterfeit drugs throughout Asia, potentially endangering the lives of hundreds of innocent people. The suspects were convicted and sentenced in the United States and were being investigated in five other countries. search for the phrase chain of custody for digital evidence. List the steps in maintaining chain of custody for digital evidence. Identify how and what evidence was captured in the above case study.
