Lawful Intercepts
Lawful Intercepts
System Deployment from Requirement, Designing and Planning to Delivery and Operation
About the Book
For a long time, there is a veil covering lawful intercept. Most of people are thinking it as a tool by police and national security staff to carry on surveillance on ordinary civil people. In reality, lawful interception is an important mean to prevent crimes and terrorism spreading in cyber world now. In order to better present lawful interception at different angles for different readers, like technical staff and LEA planning officers with different working agendas, the organization of this book is divided in to 5 parts:
· The first part is the basic introduction on lawful interception operation with its restriction and boundaries in terms of network surveillance, difference from cyber intelligence, LI readiness with support of legal background, ETSI framework with compliant LI systems for practical deployment.
· The second part is the LI process in LEA side in terms of crime investigation process, cyber evidence acquisition, warrant management for auditing, and network forensic basics for data analysis and presentation.
· The third part is the review of LI systems in terms of law enforcement monitoring management (LEMF) system with warrant management, mediation device, protocol analyzer for content reconstruction, and media gateway for conversion between signaling and media. In this part, IT system planning of some common requirement, such as system sizing, information security, system resilience and business continuity…etc., will be also addressed. Though I worked for LI solution vendor for more than 7 years, I will not particularly specify the brand and model of any solution vendor. What I try to do is to provide the explanation on the de facto functions and feature those LI system should be. This can be reference for those solution vendors and LEA planning officers for the off the shelf products in market.
· The fourth part is the data access at different telecom networks in terms of network infrastructure with both user data plane and control plane of TDM, GSM, GPRS, IMS, Fixed Network, and 4G/5G networks. This part is quite important for LEA and system integrator to negotiate with telecom network administration team to deploy, manage and operate LI systems.
· The fifth part is the project management in terms of project planning, labor planning, budget/cost planning, customer acceptance test, training planning and maintenance planning. Though the focus of this part is at LI system delivery, most of content can be also applied to LI system customization during negotiation between LEA users and solution developers.
· The last part is case study with six true investigation cases handled by LEA through LI process in different countries. I have tried my best to omit the confidential part and present it with the best usage of LI systems in crime investigation.
Expected Readers in the Market
For my job, I have met lot of IT planning staff from LEA department and judicial staff of prosecutor and judge offices in many different countries. From my conversation with them, I understand even those work with crime investigation and legal proceeding everyday still have lots of misunderstanding and regard LI as black box processing, it is quite nature for ordinary civilians to have great fears and prejudice on lawful interception.
Due to some background knowledge needed for understanding LI, this book is written for those who want to know more details about LI operation for their works, such as:
— Officers of LEA in charge of planning, purchase, and deployment of LI systems, and front-end field investigator and lab analysts.
— Telecom network administrators in charge of network management involved with LI process.
— System integrator in charge of LI system deployment and maintenance.
— Solution providers in charge of LI system development and customization.
— Judicial officials in charge of crime legal proceeding.
— People who work with civil right and speech freedom on internet want to know more about LI to eliminate the necessary fearsome and fantasy.
Though some of confidential and sensitive information related to cyber crime detail process in designated cases, LI deployment in some designated TSP data centers, or specific investigation tools used in target telecom networks, I have carefully reviewed it and tried my best to hide these confidential details. Some of my LEA friends also give me advice on it to modify those details.
About the Author
Table of Contents
Table of Contents
Preface
Chapter 1. Introduction
Section I. Lawful Interception as One of Cyber Intelligence Methods
Chapter 2. A Glance at Network Surveillance
2.1. History of Intercept on telecom facility
2.2. Difference between Lawful Interception and Cyber Intelligence
Chapter 3. National LI Mandates
3.1. LI Acts in Different Countries
3.2. General LI Process Flow in LEA side
3.3. Type of Lawful Intercept
3.4. Admissibility of evidence from LI by Court
Chapter 4. LI Framework
4.1. Data Access / Intercept Access Point (IAP)
4.2. Data Delivery
4.3. Data Collection
4.4. Law Enforcement Monitoring Facility
4.5. LI Standard in Different Countries
Chapter 5. Practical Deployment for Lawful Interception
5.1. LI Intercept at TSP side
5.2. HI1 Interface under ETSI
5.3. HI2 Interface under ETSI
5.4. HI3 Interface under ETSI
5.5. File Transferring between Mediation Device and LEMF
5.6. Technical Document with Definition of LI Protocols
5.7. Function of Mediation Device
5.8. HTTPS Traffic under ETSI
5.9. Common LI Systems in the Set of LEMF
5.10. Systems for LI Process
Section II. Lawful Interception for Cyber Investigation Process and e-Evidence Collection
Chapter 6. Nature and Model of Cybercrimes
6.1. Type of Cybercrimes
6.2. Model of Cybercrime
Chapter 7. Cyber Investigation with Evidence Management and Analysis
7.1. International Guidelines of Common Standards
7.2. Requirement of Digital Evidence Collection from LI Systems
7.3. Compliance of LI Systems with Guidelines of Digital Evidence Management
Chapter 8. LI Case Establishment and Final Report Format
8.1. Items for Approval of Lawful Intercept
8.2. Investigation Report
Chapter 9. Network Forensics for Investigation and Data Analysis
9.1. Data Transmission through Network
9.2. Deep Packet Inspection Tool
9.3. Link Analysis
9.4. Time Line Chart
9.5. Content Analysis
9.6. Structure Analysis
Section III. LI Systems
Chapter 10. Law Enforcement Monitor Facility (LEMF): LI Monitor
10.1. LI Monitor
10.2. Subsystem components of LI monitor
10.3. Data Processing with HI2 and H3 files
10.4. General Product Specification of LI Monitor
Chapter 11. Mediation Device
11.1. Mediation device
11.2. Subsystems of mediation device
11.3. Data Flow of mediation device
11.4. Product Specification of mediation device
Chapter 12. Media Gateway
12.1. Function of Mediation Device
12.2. The position of media gateway in LI process
12.3. Media Gateway Products in Market
Chapter 13. Protocol Analyzer and Content Reconstruction System
13.1. Position of Protocol Analyzer in LI Process
13.2. Protocol Analyzer System
13.3. Data Flow of Protocol Analyzer
13.4. General Specification of Protocol Analyzer
Chapter 14. Tactic Wi-Fi Interceptor
14.1. Position of Tactic Wi-Fi Interceptor in LI process
14.2. General Specification of Tactic Wi-Fi Interceptor
Chapter 15. System Capacity and Sizing Planning
15.1. Choices of Hardware, Network and Middleware for LI platform
15.2. Mediation System
15.3. Media Gateway System
15.4. Protocol Analyzer system
15.5. LI Monitor system
15.6. Data Center Planning for LI system
Chapter 16. Business Resilience
16.1. Viewpoints at Hardware Platform and OS Level
16.2. Shared Storage within Cluster
16.2. Network level
16.3. Link level
16.4. Disaster Recovery
16.5. Backup/Archive
16.6. Vulnerability Assessment
16.8. Prevention from External Probing
Chapter 17. Virtual Machine for LI Deployment on VMware vSphere
17.1. The Mechanism of Virtualization Platform
17.2. Functionalities of Virtualization Platform by Hypervisor of VMware vSphere
17.3. Clustering Mechanism of VMware vSphere
17.4. Virtualization Planning for LI Deployment
17.5. Suggested Specification of LI Systems on vSphere Platform
17.6. Conclusion
Section IV. Telecom Network Infrastructure for LI
Chapter 18. Starting Point of LI Process at Telecom Network
18.1. The Network Environment and Concerns in TSP Site
18.2. LI Requirements in LEA side
18.3. Evolution of Telecom Network Technologies
18.4. Choice of Intercept Access Point
18.5. Subscriber ID
18.6. Type of Intercepted Data
18.7. Role of Mediation Device
Chapter 19. LI at Terrestrial Telecom Networks
19.1. Circuit Switch and Softswitch Network
19.2. IP Media Subsystem Network (IMS)
19.3. Fixed Data Network
Chapter 20. LI at Wireless Telecom Networks
20.1. GSM Network
20.2. GPRS Network
20.3. LTE network
20.4. Proposed LI Deployment at 5G Network
Chapter 21. LI on HTTPS Traffic
21.1. HTTPS Mechanism
21.2. Global Governance on Certificates
21.3. The Need of Intermediate PKI Certificate for Lawful Interception
21.4. Deployment of LI System on HTTPS for Cybercrime Investigation
21.5. The Proposed Availability of PKI Certificate for LI
Section V. Plans for LI Deployment Project
Chapter 22. LI Project Preparation
22.1. Objective for LI Deployment and Development
22.2. LI Project Preparation Task List
22.1. Work Scope Definition
22.2. Cost Estimation
22.3. Scheduling
22.4. Cost of Labor Planning for Project
Chapter 23. Management for Project Delivery
23.1. Management Functions
23.2. System Test
23.3. Customer Acceptance Testing
Chapter 24. LI Deployment Planning after Project Delivery
24.1. Training program
24.1.1. On-site Training
24.1.2. Off-site Training
24.2. Maintenance Service
Chapter 25. Software Development Planning
25.1. Product Design Process
25.2. Product Development Tool
Section VI. Case Study with Lawful Interception Operation
Chapter 26. Case 01: LI Deployment in the Data Center of APP Service Provider
26.1. Objective
26.2. Background
26.3. Common Backend of Social Communication Service
26.4. LI Deployment for ETSI Compliance
26.5. Concerns of High Availability
Chapter 27. Case 2: LI Deployment Integrated with both Circuit Switching and Packet Switching Networks
27.1. Objective
27.2. Background
27.3. Conceptual Implementation based on ETSI
27.4. Requirement and Network Environment in the Case
27.5. LI deployment
Chapter 28. Case 3: Investigation on VoIP Phishing
28.1. Objective
28.2. Background
28.3. Track down by Local Investigation
28.4. Track by Lawful IRI Records
Chapter 29. Case 4: Conduct Lawful Intercept at Radio Access Network of 3G/4G Network
29.1. Objective
29.2. Background
29.3. Object Positioning on Mobile Phone
29.4. Positioning Calculation by GPS in the Lab
29.5. RF Positioning
29.6. Measurement of BTS by Mobile Tracking Device
Chapter 30. Case 5: Tactic LI Application – Crime Investigation on Drug Dealing Case by Wi-Fi Interceptor
30.1. Objective
30.2. Background
30.3. Passive lawful Wi-Fi Intercept
30.4. Active lawful Wi-Fi Intercept
30.5. Distributed Wi-Fi Interception
30.6. Case of drug dealing investigation in Internet Café
30.7. Data integrated into ETSI compliance LI process
Chapter 31. Case 6: Lawful Interception on Breach Trust of Former Employee in High Tech Company
31.1. Objective
31.2. Background
31.3. Digital Criminal Data Collection
31.4. Legal Procedure and Final Sentence
Chapter 32. Conclusion
32.1. Telecom Technologies
32.2. APPs Used by Cyber Criminals
32.3. Juristic Environment
32.4. IoT Platform
32.5. Data Analysis
32.6. Investigation Process
32.7. IT Security Requirement due to Virtualization
Appendix A – Building a Simulated Lawful Interception Lab
A.1. Objective of Simulated LI Lab
A.2. The Deployment of LI Simulation Lab
A.3. The Operation Procedure
A.4. The Target Simulated Service Network
A.5. The Role of Each LI Device
A.6. Simulated Lawful Interception Procedure
A.7. Data Analysis
A.8. Equipment List for LI Simulation Lab
A.9. The Conceptual Deployment
A.10. Conclusion
Appendix B - LI Ready Country List
Appendix C - XML and Its Application in Lawful Interception
Appendix D - Introduction on ASN.1
Appendix E - Acronym List
Reference
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
