Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT-103-002. Research Paper



Similar documents
Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

BE SAFE ONLINE: Lesson Plan

Ten Deadly Sins of Computer Forensics

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

What are Viruses, Trojans, Worms & Spyware:

EC-Council Ethical Hacking and Countermeasures

Digital Forensics for Attorneys Overview of Digital Forensics

Taxonomy of Anti-Computer Forensics Threats

Data Security Incident Response Plan. [Insert Organization Name]

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements

Introduction to Computer Security

InfoSec Academy Forensics Track

NATIONAL CYBER SECURITY AWARENESS MONTH

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

AN INFORMATION GOVERNANCE BEST

Computer Networks & Computer Security

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Cybersecurity Workshop

Certified Cyber Security Analyst VS-1160

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Digital Citizenship Lesson

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

Digital Forensics. Larry Daniel

Overview of Computer Forensics

Emerging Trends in Malware - Antivirus and Beyond

Information Security Incident Management Guidelines

Website Terms and Conditions

Information Services. Protecting information. It s everyone s responsibility

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Cyber Security Response to Physical Security Breaches

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

Hackers: Detection and Prevention

IRC Forensic Basics. by: James Guess. Internet Relay Chat (IRC) first met the world in the late 1980 s. It was the first

Cyber Security Awareness. Internet Safety Intro.

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure


Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

To Catch a Thief: Computer Forensics in the Classroom

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Loophole+ with Ethical Hacking and Penetration Testing

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Term Report. Forensics for IT

Updated January Hosting and Managed Services Acceptable Use Policy

C-SAVE. Scenario #1 Jake and the Bad Virus. The two major C3 concepts this scenario illustrates are:

Certified Cyber Security Analyst VS-1160

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

COB 302 Management Information System (Lesson 8)

HIPAA Security COMPLIANCE Checklist For Employers

Chapter 7 Securing Information Systems

Cyber Security through Education & Awareness. KSU Police Converged Security: A holistic approach to cyber safety and security. Community Policing

Computer Hacking Forensic Investigator v8

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Emerging risks for internet users

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

BOR 6432 Cybersecurity and the Constitution. Course Bibliography and Required Readings:

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

Running head: AN OVERVIEW OF CLOUD COMPUTING TECHNOLOGY 1. An Overview of Cloud Computing Technology:

Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Certified Digital Forensics Examiner

Topic 1 Lesson 1: Importance of network security

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Certified Digital Forensics Examiner

Data Security 2. Implement Network Controls

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

Small businesses: What you need to know about cyber security

i-safe America Internet Safety Tips for Parents

How to Prevent It What to Do If You Are a Victim

Case Study: Hiring a licensed Security Provider

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Information Technology Cyber Security Policy

How To Get A Computer Hacking Program

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

FKCC AUP/LOCAL AUTHORITY

Keeping you and your computer safe in the digital world.

How To Monitor The Internet In Idaho

CYBER SECURITY STRATEGY AN OVERVIEW

Don t Fall Victim to Cybercrime:

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Cybercrime in Canadian Criminal Law

Computer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Information Security. Annual Education Information Security Mission Health System, Inc.

Information Security

Subject: Computers & Electronic Records. Responsible Party: Part C Coordinator

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Information Technology Policy

Transcription:

1 Computer Forensics: History, Tools and Outlooks By John Burns IT-103-002 Research Paper 02/25/2012 "By placing this statement on my webpage, I certify that I have read and understand the GMU Honor Code on http://academicintegrity.gmu.edu/honorcode/. I am fully aware of the following sections of the Honor Code: Extent of the Honor Code, Responsibility of the Student and Penalty. In addition, I have received permission from the copyright holder for any copyrighted material that is displayed on my site. This includes quoting extensive amounts of text, any material copied directly from a web page and graphics/pictures that are copyrighted. This project or subject material has not been used in another class by me or any other student. Finally, I certify that this site is not for commercial purposes, which is a violation of the George Mason Responsible Use of Computing (RUC) Policy posted on http://universitypolicy.gmu.edu/1301gen.html web site."

2 The information age has forever changed the way people connect with each other and our world as a whole. From the creation of the internet in the 1950's to the use of smart phones, the world is empowered with information. Any person with an Internet service provider (ISP) can search anything using any number of search engines, including Google. Because of the availability of this information, the saying, "it is not what you know it is how fast you can find out." Is truer than ever. Whether they realize it or not, most people are walking around with a very powerful computer/phone in their hands. This allows people to go about the day with all the information the Internet has to offer at their fingertips. Yet, with all the positives of the information age, new categories of crime have emerged as a very large negative. These computer crimes, include the gaining and manipulation of information, is available to us. (Solomon p.4) There is very specific branch of law enforcement, computer forensics, that deals specifically with these new computer crimes. These computer forensic professionals are people whom use computers to hunt, investigate, and present evidence of computer crimes. Most Internet crimes can be classified into black hat hacking, internet scams, corporate fraud, and security concerns such as viruses, worms, and trojan horses. It is important to know the functions and behaviors of each to protect your computer and your data from these threats. First, black hat hacking is the unethical use of computer knowledge and skills to gain access to data used to commit crimes or for personal gain. The term black hat is used to classify the hacker as a bad guy. The term originates from old west movies where the "good guys" wore white hats and the villains wore black hats. This type of hacker is not motivated to improve or build anything, but rather to destroy and plunder. I think of black hackers as the pirates of the internet - they may employ a variety of scams, viruses, worms, and trojan horses to acheive their desired means. They are also known for Internet scams.

3 Our second type of crime is Internet scams, which can be defined by the social engineering of a story via email, chat sites, or other messaging services. There are many types of social engineering techniques, most are centered around convincing the mark (target) to give up some sensitive information. Hackers do this by convincing marks that they are authorized to receive the information.. This sensitive information can then be use to steal money, commit computer crimes using your computer and infecting other computers with a virus. Next, corporate fraud is the manipulation and/ or destruction of papers that may incriminate a company s management/owners. Everyone is familiar with ENRON, the world's largest business failure. Enron was the world s largest communication and energy trading company that filed for bankruptcy. As a result, millions of dollars were lost and all of Enron's employees lost their jobs. Law enforcers found most of the evidence was the various communications on Enron executives' computers and in their E-mails. Computer forensics teams have been created to deal with this type of investigation. Wikipedia.com defines computer forensics as " a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information." I think of it as the practice of finding and preserving data from multiple sources, including lost, deleted and corrupted files, that is pertinent to a criminal case. Computer forensics is an imperative resource for collecting evidence to present in court for computer crimes. Computer Forensics must follow a thorough and systemic searching procedure to ensure the protection and authenticity of evidence. The job of a computer forensics team is to search, preserve, collect, and present the data in a court. Computer forensics is a profession that encompasses the

4 computer science and elements of law that collects and analyzes data off of a computer, storage device, or network that is important to a case (Marcella P.5). Computer forensics professionals can be hired for many reasons, including aiding criminal prosecutions, aiding law enforcement officials, assisting with insurance company verification, and identifying corporate wrongdoing (Bauchner p.11-12). In the instance of gathering criminal evidence in cyber crimes, the computer forensics professionals follow a specific set of procedures. First, law enforcement must obtain a special warrant for seizing a computer. Once the warrant is presented to the accused, the investigators will physically take pictures of the room and the layout of the electronics. Next the officers will secure the electronics and any storage devices that are believed to have data important to the case (Strickland). The storage devices are sent to the labs to be analyzed. Once the evidence is delivered to the computer lab, the forensic investigator will then create a full back up image and second copy of the device. This is for the protection of the evidence and it also allows the investigator to manipulate the disk to find files without compromising the original data. to the investigators look for are electronic tampering, viruses, and worms. There are numerous tools at the investigators disposal. The most current ones are Prodiscovery, AccessData FTX and Mandiant First Response, just to list a few. The Encase suite and Mandiant First Response are the most common and easy to use (Marcella p.113). Through the introduction of powerful soft ware and the experience of the investigator, the analysis of the data can be quickly and accurately sorted and collected. Most computer forensic labs have a standard operating procedure checklist in place. The purposes of these standards are to ensure quality documentation for the computer forensic technician. Every crime lab should have these standard

5 operating procedures or best practices in place to ensure quality. Yet, even with standard operation, there are some challenges that may arise when the technician does their investigation. Computer forensics investigation techniques and operation procedures are not perfect. Technicians face many challenges, including anti-forensics software, viruses, and improper chain of custody of the evidence. First, we will learn about anti-forensics. Anti-forensic software is any software used to hide, encrypt or falsify data that is being investigated (Wikipedia). Anti-forensics has gained more popularity because of the increased use of computer forensics in criminal investigations. Hiding information is done by encrypting data with a program or cipher Next we have viruses. A virus is a code that cannot spread on its own and needs to piggy-back on other programs. There are a lot of similarities between computer viruses and biological viruses. Both need a host to live, both are contagious, and both are not easily spotted without using precautions. Viruses can install a back door to the computer for hackers, record key logs to steal passwords, or just to delete or tamper with data files on the computers infected with the virus. So it is important to check for viruses before starting the computer investigations. The destroying or tampering of evidence on a hard drive is very easy and can be hard to track if not monitored. The destruction of a hard drive can be as easy as smashing it, exposing it to an electromagnet, or reformatting the hard drive. In conclusion, the positives of the creation of computer forensics investigation far outweigh the negatives. It is a great field that benefits everyone. Computer forensics technicians are the unseen detectives that collect, access, and present evidence and data. This is a great comfort for anyone who uses the Internet at home or in his or her business.

6 I learned about security and IT hardening. We brushed the importance of computer forensics and the pros and cons of the trade. The Internet is not going anywhere, and as a result we will always have a need for computer forensics. Now you are empowered with the information to learn more about the tools and maybe join the ranks of other computer forensic investigators ( Reuuscher). There is plenty of schooling available in the Northern Virginia area to become a computer forensic technician.

7 Resources Reuuscher, D. (n.d.). How to Become a Cyber-Investigator. Retrieved February 19, 2012, from http://certification.about.com/cs/securitycerts/a/compforensics.htm Strickland, J. (n.d.). HowStuffWorks How Computer Forensics Works. Retrieved February 19, 2012, from http://computer.howstuffworks.com/computer-forensic.htm Solomon, Michael. (n.d.). Computer Forensics Jumpstart- google books. Retrieved February 19, 2012, from http://books.google.com/books?id=etgiaxaygqac&pg=pa1&source=gbs_toc_r&cad=4#v=on epage&q&f=false Computer forensics - Wikipedia, the free encyclopedia. (n.d.). Retrieved February 19, 2012, from http://en.wikipedia.org/wiki/computer_forensics Marcella, A & Mendendez, D. (2008) Cyber Forensics: a field manual for collecting and examining and presenting Evidence of Computer crimes.. Botan Roca, FL: Aurbach Publishing Bauchner, Elizabeth, 2006, Computer Investigation: forensics the science of crime solving.

8 Broomall, PA : Mason crest Publisher

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information