StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Malware Forensic Computing - Assignment Example

Cite this document
Summary
Malware Forensic Computing
Forensic computing and malware forensics have become exceptionally significant areas in technological studies demanding special consideration so as to protect the security rights of e-consumers. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.9% of users find it useful
Malware Forensic Computing
Read Text Preview

Extract of sample "Malware Forensic Computing"

?Malware Forensic Computing This report is a discussion about malware used by cyber criminals to do cyber attacks, and respective computer forensics investigation. An introduction has been given which gives a better understanding of the topic. Common cyber crimes and types of malware are discussed. The forensic investigative procedure is explained with the help of a case study. Then, social, ethical and moral issues regarding identity theft have been discussed both from the user’s and the investigator’s side. 2. Introduction Forensic computing and malware forensics have become exceptionally significant areas in technological studies demanding special consideration so as to protect the security rights of e-consumers. Before going into the niceties of the subject matter, let’s first get introduced to what forensic computing actually is and what is malware forensics. 2.1. Computer Forensics Computer forensics or cyber forensics is a very imperative topic in information systems and networks management. Forensics is the structured procedure of gathering, examining and showing facts and evidences to the court of law, and thus, forensic computing is defined as “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT 2008). This involves the seeking, locating and securing the electronic data so as to provide evidence. This electronic or magnetically encoded data may include text messages, databases, pictures, e-mail, websites, spyware, malware, and so on. The evidence collected is strong and indisputable as compared to any other branch of forensic science because a copy that is made of the collected data is identical to the actual data and there is no room left for dispute. The whole concept revolves around the idea that a structured investigation is carried out to find out what exactly happened to the computer, when it happened, how it happened, and who did it. This is just like solving a murder case and performing postmortem. The operator does not know that the evidence information is transparently being created and stored by the computer’s operating system which can only be extracted through computer forensics software tools and techniques. The crimes include misuse of computer systems, attack on computer systems, using a computer system to work against another system, failure of a computer system, and the list continues. Computer forensics security solutions focus not only on recovery but also on prevention of security threats in order to provide securer solutions that are quicker and cheaper than the conventional techniques. These solutions include intrusion detection system (IDS), internet security system, biometric security system, net privacy system, firewall set-ups, network disaster security system, identity theft prevention system, identity management security system, and so on (Vacca 2005: 146). 2.2. Malware Forensics Malware is the malicious code that computer intruders use to do a cyber attack, and malware forensics is the forensic computing techniques used by the investigators to detect and analyze this malicious code or malware (Ligh et al. 2010). Since cyber attackers are becoming increasingly aware if computer forensics techniques, they are designing much more sophisticated malicious codes that are at times hard to detect and analyze. Casey, Malin and Aquilina (2008) state that “By employing techniques that thwart reverse engineering, encode and conceal network traffic, and minimize the traces left on file system, malicious code developers are making both discovery and forensic analysis both difficult.” 2.2.1. Types of Malware The most common instances of malware are the viruses, worms, Trojan horses, scareware, and exploits. Viruses get installed in the computer files through email scams, websites, downloads, etc. Worms work the same way as viruses. Scareware is a malware that resembles anti-virus applications and tells the user to install it to remove detected viruses when it itself contains malicious code that gets embedded in the system’s memory and files. Trojan horses also tend to befool the user by pretending to be real applications. Exploits get embedded in security holes in the operating system or other valid applications. These types of malware intrude the computer system through email attachments, links to malicious websites, storage devices like USBs or CDs, files that are downloaded from the internet, pop-ups and content injection. 3. Backdoor Malware and Identity Theft This section highlights a specific kind of malware called backdoor malware that is used by computer intruders to get full access to the victim’s files and data through bypassing all anti-virus softwares, firewalls and other intrusion detection systems. Identity theft is the crime that involves stealing of a person’s private information “in order to impersonate that person in a legal sense”, according to Vacca (2005: 137). When a person’s identity is stolen, he is at great risk of facing a terrifying number of monetary and individual dealings done in his name by the thief. Identity theft brings great damage to the victim’s name and reputation as the victim is solely left responsible for whatever financial or personal loss he faces. The thief, after stealing the victim’s personal information through backdoor malware, can misuse it by, for instance, applying for loans in the victim’s name, changing his billing address, obtaining driving license, applying for jobs, applying for insurance or new banking accounts, getting authorization for electronic transfers by using the victim’s electronic signature, or any other fraud. If the criminal steals a person’s social security number (SSN), has all chances to get to his detailed personal information, according to Social Security Administration (2009: 2). The thief can then have access to all identification information from the databases and other data repositories that use SSNs as primary keys through the use of malware. He can then use his credit card information to apply for loans, do shopping and the leave the victim to pay the bills. The situation may lead to bankruptcy which can blow the victim out of his senses. However, malware forensics has played its part in helping law enforcement agencies in gathering digital evidence, analyzing the malicious code, and identifying stolen identities as well as the criminals involved (Newman 2009). 4. Identity Theft and Forensic Investigation Procedure 4.1. Digital Data Before getting into the details of investigative procedure, let’s get to know types of digital data that is to be gathered. There are two types of this data. Persistent data is data which is stored in the computer’s memory or ROM (Read Only Memory) permanently and remains there even if the computer is powered off. Volatile data is data which is stored in RAM (Random Access Memory) and gets deleted when the system is powered off. This volatile data can be of more importance and thus it should be made sure that the computers should be kept on if they were on at the scene of crime. 4.2. Investigative Procedure It is important for computer forensic investigators to follow a structured approach to solve identity theft cases done through backdoor malware (see Figure 1). Computer crime involving ID theft can be grouped as physical security breaches, personnel security breaches, communications and data security breaches, and operations security breaches (Icove et al., cited in Angelopoulou 2007). A detailed investigation of the case requires that the malicious code is analyzed independently to get a more systematic approach towards case solving. The digital examination of the malicious code requires great expertise at the investigator’s end. The evidence or the malicious code that is collected is the valuable asset and has to be dealt with sensitivity as it will help in deciding the specifications of the crime. The detected malicious code is so delicate that it can be altered with one mistaken tap on the keyboard or one inadvertent press of a key. The investigator will have to look for any counterfeit documents, fake checks and bogus bank statement in black and white, in addition to looking for digital evidence residing inside the fraudster’s computer system. According to Angelopoulou (2007), what makes the process lengthy is that the investigator has to go through two investigative categories, that is, going through the victim’s system and through the criminal’s system. The digital data found in the victim’s computer will help in obtaining evidence and that found in the fraudster’s computer will prove it. The main theme of the investigation is that what information might have been stolen (for example, in a financial fraud ID theft, basic things to be investigated are stolen identity, credit record, transactions, billing, and claims for new bank accounts or loans) and what procedure might have been used to steal this information. It is important for the investigator to have a warrant issued first. Pladna states that “just like the need for a warrant to search someone and their property, everyone involved in the computer forensics process needs authorization from the proper authorities to monitor and collect information related to a computer intrusion” (2008: 4). Moreover, clauses of respective laws and legislations must be followed in order to legalize the whole process. Pladna has listed three laws that forensic investigation should follow, namely, “Wiretap Act (18 U.S.C. 2510-22); Pen Registers and Trap and Trace Devices Statute (18 U.S.C. 3121-27); and the Stored Wired and Electronic Communication Act (18 U.S.C 2701-120)”. Both the victim’s and the fraudster’s computers must be kept in the same state in which they were before investigation (Wilson 2008: 20). 5. The Case Study Mr. Smith sent his computer’s hard disk to the computer forensic lab to be scrutinized. He was suspecting one of his employees, Mr. Robert, to be involved in identity theft through the use of backdoor malware which he might have installed in his computer system. How would he expect the forensic investigation to proceed? In such a case, the digital investigation starts on certain basic phases, which include: 5.1. Analysis In this phase, the investigator will have to clearly observe the activities taken place and taking place. He will collect the digital media as input and copy the source which is the hard disk in this case. The source will help in the analysis of ID theft data that will serve as evidence. This analysis will tell whether that data belongs to Mr. Smith or Mr. Robert, and who of the two the victim is. The data has to be analyzed from both the claimant and the suspect’s end because the inputs from the two sides guide the investigation to two different standpoints. 5.2. Hypothesis In this phase, the investigator will have to decide how to proceed and which strategies to follow based on the findings of observation and the evidential data. 5.3. Prediction This phase is to support the hypothesis, like asking questions like who took the data, how was it stored and why was it brought out of the storage. The investigator will make the Mr. Robert’s profile from two inputs- victim and criminal- which will help him in clarifying who is the victim. 5.4. Testing This phase is important so as to evaluate the whole investigative process. During this phase, the digital data will be retrieved to have it examined. After collecting all necessary files to be inspected, the unallocated or free disk space on the hard drive is scrutinized because it may contain traces of deleted files and folders. To restore deleted files which exist as strings, bit-stream-copy method is used (Pladna, 2008: 7). These retrieved files or gathered evidential data have to be protected so as to eliminate chances of inadvertent alterations. 5.5. Presentation When the evidence has been collected and analyzed, the investigator will take it to a separate place where the computer forensic report is prepared for presentation to the court. 6. Required Softwares The ID theft through backdoor malware investigative procedure requires a number of special softwares and hardware tools. The investigator must be well equipped with softwares that help to make backups of the digital data, encrypt and decrypt the data and track Internet Protcol addresses. He should have complete knowledge of software for data recovery and system restore. Moreover, there is a very helpful hardware imaging tool that makes bit-by-bit copies of digital data. The forensic investigator must have good knowledge of how to use these tools so as to successfully accomplish the task. 7. Ethical, Moral and Social Issues There are some socio-ethical issues regarding malware forensic computing and identity theft that should be considered both at the system’s user’s end and at the forensic investigator’s end. 7.1. For System’s User It is important to educate the users of computer systems and the internet about “intellectual property rights issues, privacy/ surveillance issues, access to data issues and issues of human-computer interaction” (Stahl, Carroll-Mayer & Norris 2006: 298). They should know that the other person’s identity is something that is his own property and not theirs; that they have no right upon others’ personal information, and they cannot use or disclose it without the owner’s permission. 7.2. For Forensic Investigator Since computer forensics is a newly emerging field, not much has been written and said about ethical norms for the admissibility of evidence to the court. However, the security professionals should be familiar with laws and legislation that have been passed in order to make sure that malware attacks like identity theft do not take place. They should be aware of privacy rights and ethical and moral clauses found in these laws so that they may be able to better solve the case. They must know what legal issues are involved in handling a standalone computer system. Only then, the evidence will be admissible in the court. Before starting the investigative procedure, an investigator must have a search warrant issued before handling the suspect’s computer system. The magistrate is liable to issue the search warrant after the investigator submits and affidavit that should state the cause of investigation and the limits of the suspect’s privacy that is going to be violated. The time that the computer is to be analyzed is also pre-decided by the magistrate or the warrant. 8. Summary Since, the number of computer users is increasing day by day, cyber crime is also increasing at the same rate, and identity theft done through the use of malware is one such crime. It intimidates our computers and personal safety. The identification security breach is always there thanks to highly technical tools and malware helping the criminals to carry out the crime easily. Computer forensics has, however, helped a great deal in analyzing the malicious code and recovering from ID theft cases. The procedure might be lengthy but time can be saved by following a well-structured approach as described in this report. There are laws regarding e-consumers’ data protection that need to be followed. The malware forensic investigators have to be very specific in following rules and regulations in order to make their evidence admissible to the court. They have to follow the socio-ethical norms and respect the citizens’ liberty. The users must be aware of the risk they face while storing their personal information in their computer systems so that they play their role in combating the malwares leading to identity theft. Figure 1. Structured Approach to Investigative Procedure References Angelopoulou, O 2007, ‘The “solitary” of ID theft towards computer crime incidents’, ID Theft: A Computer Forensics’ Investigation Framework, viewed 9 August 2011, Casey, E, Malin, CH, & Aquilina, JM 2008, ‘From malware analysis to malware forensics’, Malware Forensics: Investigating and Analyzing Malicious Code, illustrated edn., Syngress, USA. Ligh, M, Ligh, MH, Adair, S, Richard, M, & Harstein, B 2010, Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, illustrated edn., John Wiley and Sons, USA. Newman, RC 2009, Computer Security: Protecting Digital Resources, Jones & Bartlett Publishers, USA. Pladna, B 2008, ‘Procedures for gathering evidence’, Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them’ viewed 9 August, 2011, Social Security Administration 2009, ‘Identity theft and your social security number’, Social Security (Publication No. 05-10064), viewed 9 August, 2011, Stahl, B, Carroll-Mayer, M, & Norris, P 2006, ‘Legal, professional, and ethical consent’, Forensic Computing: The Problem of Developing a Multidisciplinary University Course, viewed 9 August 2011, US-CERT 2008, ‘What is computer forensics?’ Computer Forensics, viewed 9 August 2011 Vacca, JR 2005, ‘Identity theft’, Computer Forensics: Computer Crime Scene Investigation, 2nd edn., Cengage Learning, USA. Wilson, D 2008, ‘Scene of the crime vs. the crime scene’, Forensic Procedures for Boundary and Title Investigation, illustrated edn., John Wiley and Sons, USA. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Malware Forensic Computing Assignment Example | Topics and Well Written Essays - 2500 words”, n.d.)
Retrieved de https://studentshare.org/information-technology/1390673-malware-forensic-computing
(Malware Forensic Computing Assignment Example | Topics and Well Written Essays - 2500 Words)
https://studentshare.org/information-technology/1390673-malware-forensic-computing.
“Malware Forensic Computing Assignment Example | Topics and Well Written Essays - 2500 Words”, n.d. https://studentshare.org/information-technology/1390673-malware-forensic-computing.
  • Cited: 1 times

CHECK THESE SAMPLES OF Malware Forensic Computing

Investigating Dynamic Malware Analysis Tool

The paper "Investigating Dynamic malware Analysis Tool" describes certain possible ways through which such malicious programs can be terminated.... hellip; malware is a type of malicious software, which has been major software through which intruders steal crucial information out of organizations.... The continuous evolutionary patterns of the malware designs have raised difficult for the analysts in terms of identifying and terminating such programs from slipping into systems in an undetected manner....
27 Pages (6750 words) Case Study

Cybercrime Investigation and Digital Forensics

This report provides a detailed description of the investigation procedure from the perspective of a cyber forensic company's lead forensics investigator which would help in identifying and prosecuting a potential breach incident that happened in a healthcare company.... Our investigation team comprises of security and digital forensic professionals who work in close coherence with highly experienced corporate investigators and a well-trained background verification team (“Investigating a data breach,” n....
9 Pages (2250 words) Assignment

Computer Forensics Professional Certifications

In regard to a uter forensic, the demand is high especially in the police stations due to the need of understanding computer and related issues in the law enforcement line of work computer forensics involves the analysis and investigation of computing devices for the purpose of using that knowledge to provide witness in a court of law.... Computer forensic analysts also have a lot of importance to companies.... It is of importance in analyzing the various aspects required of a computer forensic professional before acquiring certification....
5 Pages (1250 words) Research Paper

Independent Expert Witness Use of Computer Forensic

At the basic level, computer forensics is the analysis of information contained within and created with computer systems, and techniques and methodologies are used for conducting computing investigations typically in the interest of figuring out what happened when it happened, how it happened, and who was involved.... The paper "Independent Expert Witness Use of Computer forensic" highlights that generally, now many educational institutions are offering computer forensics degrees, and related education has become a minimum requirement to stay competitive in the industry....
10 Pages (2500 words) Coursework

Comparing and Contrasting Android and iOS Forensics

This paper ''Comparing and Contrasting Android and iOS Forensics'' tells that A physical forensic examination is different from a logical one, as applicable to mobile devices like iOS and Android.... While physical and logical methods are applicable for extraction of data for forensic purposes, analytical methods are better as they use communication protocol provided by the mobile device....
5 Pages (1250 words) Report

The Evolution of Digital Crime

The paper 'The Evolution of Digital Crime' presents the internet which is not only dominating personal information search but also commercial activities, business transactions, and government services.... Very unfortunately, the use of the internet has now been seen as a social privilege.... hellip; Several people are now rushing to be part of the experience that this open network presents rather than learning about how to use it responsibly....
6 Pages (1500 words) Case Study

Cloud Computer Forensics

Cloud computing deals with these issues by offering various computer applications through the internet instead of them being fixed directly on the client's computer.... Cloud computing ForensicsIn cloud computing, a central server is hosted with application which carries out maintenance and updates where the cost is spread among all the users and paid through subscription fee.... A survey that was conducted by AppLabs, a firm involved in software testing, around 30 per cent of the companies listed in the Forbes 2000 were using cloud applications with another 20% planning to make use of cloud computing in one year's period (Krutz & Vines, 2010)....
14 Pages (3500 words) Essay

Corporate Digital Forensic Investigations

Cloud computing has emerged as a new approach to delivering information communications technology to companies and other organizations.... Cloud computing provides technology-enabled services to organizations through the internet (Plunkett et al.... Cloud computing has emerged as a new approach to delivering information communications technology to companies and other organizations.... Cloud computing provides technology-enabled services to organizations through the internet (Plunkett et al....
6 Pages (1500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us