Computer Forensics - Research Paper Example

? Table of Contents Table of Contents 2 Introduction 2 The business problems 3 Online frauds 3 Hacking 3 Virus 4 The process of computer forensics 4 Search and seizure 5 Analysis 5 Preservation 6 Value of computer forensics 6 Protection 7 Prosecution 7 Increased earnings 8 Minimizing computer crimes 9 Systems backups and off-site storage 9 Passwords and Encryption 10 Intrusion detection system 10 Recommendation 11 Conclusion 11 References 12 Abstract This article takes a critical analysis of computer forensics as a way of presenting evidence in courts on matters pertaining to computer crimes. It analyses the problems encountered in the business world as a result of computer crimes. Various computer-related criminal acts are highlighted in the paper. The paper focuses on the importance of computer forensics in collecting, interpreting and presenting evidence relating to cyberspace crimes. The value added by computer forensic to information gathered is also discussed. The paper presents proposals of alternative methods which can be used to protect company data from cyberspace attack. Recommendations are also made on the possible ways of improving the ability to carry out computer forensics. Introduction Computer forensics can be defined as a way of searching and analyzing data stored in computers and other electronic media. Computer forensics aims at forensically examining digital data in order to present facts and opinions concerning the information gained (Yasinsac & RF Erbacher, 2003). It is a relatively young forensic science when compared to the other forensics. The process has been highly misunderstood both in meaning and application. Computer forensics is commonly used to refer to the analysis and reporting of the information collected from the forensic analysis of digital-related media. It is a procedure which has been used for as long as computers have been in use. In recent years, cases of computer crimes have been on the rise. This has necessitated the adoption of computer forensics as a way of trying to nab criminals over the internet. The business problems The spread of computer related crimes has risen as the use of computers increases. In the modern world, almost all people use a computer to perform a duty within the course of the day. People have fallen victims to computer crimes as computers are considered to be safe (Anderson, 1980). Installation of security software in computers has not been able to prevent some of the crimes occurring in the cyberspace nowadays. However, this alone cannot be enough to protect data from access by unauthorized persons. There are numerous cyberspace crimes commonly occurring in modern times. The range of these crimes keeps increasing as technological advancements continue to set in. Online frauds Online frauds have become a common form of computer crimes. There have been a rising number of stock scams instigated by criminal traders over the internet. The effects of these frauds have been adverse on the business world. People have been tricked by conmen online posing to be selling items. Once payment has been done, the delivery of goods bought fails to occur. In the stock market scams, the prices of stocks have been affected by frauds carried out online. These frauds can happen to any company, and there is a need for companies to ensure they protect themselves from possible fraudsters. Hacking This can be termed as the process of illegally accessing protected information in a computer system. It has become a common problem in the computer security framework (Thomas, 2002). Though efforts continue to be made to curb the problem, new technologies keep on being created by the hackers. The problem of hacking has been extensively linked to numerous security system failures. Hacking into national security systems has been identified as a commonly employed tactic by terrorists. When an individual hacks into a company server, he can be able to alter the information contained in the server. Virus These can be defined as programs created to maliciously damage information contained in other systems. Malicious destruction of the information constitutes a crime by the laws of many countries. Manufacturers of computer viruses are, therefore, criminals by definition. Though information can be protected from damage by these malicious programs using antivirus, the problem of viruses persists within the technology industry. As a way of dealing with the problem, computer forensics can be used to trace the manufacturers of these programs. This would inadvertently reduce the cases of manufacturing of these programs. Through computer forensics, these individuals would be caught and prosecuted by the law (Strickland, 2008). The effects of these programs on company computer systems would be dealt with effectively. The process of computer forensics Computer forensics involves collection, analysis and factual presentation of information from electronic media and computers. There are several processes involved in the computer forensics (Strickland, 2008). Just like in any forensics procedure, computer forensics is a procedural form of investigation. Almost all aspects of other forensic forms have been adopted to this method. The development of computer forensics can be attributed to the failure by other forensic procedures to come up with conclusive evidence to try perpetrators of computer related crimes. This procedure aims at providing admissible evidence in computer crimes. The process has been able to integrate all aspects of the other forensic procedures. This facilitates coming up with conclusive evidence, enough to instigate a law suit against computer criminals. The process involves three main phases as discussed below. Search and seizure This is the first stage experts engage in during the process of computer forensics. This stage involves the securing of the equipment as well as the data to be investigated. The importance of doing this is to ensure that nobody accesses the data as changes can easily be made. During this stage, all files are searched and copied to ensure the investigators have the information required. The method of search should ensure that the information contained does not change. At this stage, only the copies are utilized as opening original files may temper with the content. All recoverable, deleted files at this stage are recovered and hidden data accessed. The accessing of hidden data involves decrypting the protected files in order to extract the information contained in the files (Casey & Stellatos, 2008). This process requires an individual with expert knowledge on data encryption and protection. Analysis This is the second stage of the process of computer forensics. Once data have been extracted the analysis of the data is necessary to determine the relevant categories of data required. The aim of computer forensics is to provide evidence concerning computer crimes. Not all data collected contain evidence linking the crime. The analysis aims at establishing the information related to the crime while neglecting the other contents of the information extracted. This is an essential stage as it limits the volume of data collected only to the relevant information. At this stage, the investigators can be able to define the data needed for the forensics and that needed for the support of the forensics. Analysis stage also takes a look at possible hardware settings that may have affected the information retrieved. This includes aspects like encryption codes among others. Preservation Once analysis has been done, the last stage comes as the preservation of the information. Preservation seeks to establish a safe storage device for the information collected and analyzed so that it can be used in a court as evidence (Strickland, 2008). At this stage, safety of the data becomes essentially crucial. In the event that data get messed up at this stage, the entire process becomes useless. Caution must be applied when preserving data to be used in prosecution of computer related crime. The information must be secured efficiently, from any unauthorized access. This ensures admissibility of the data once produced in a court of law. An investigator may be required to prove, beyond any doubt, that the preserved information was not accessed by any unauthorized persons. Other than unauthorized access, magnetic sources, dust, moisture and other things have been known to temper with digital data. The information storage system must ensure an environment free from these harmful particles. The effects of these contaminants at times can lead to the destruction of all the data stored. Value of computer forensics As a company seeks to implement computer forensics, it is essential to consider whether they add any value to the company or not. The crimes committed on the internet are extremely difficult to trace in terms of the physical address from where they were committed. It, therefore, continues to be essential integration into the security system to adopt the use of computer forensics (Yasinsac & RF Erbacher, 2003). These crimes can significantly harm an organization’s operations. A crime like hacking, which is common, can lead to loss of information stored in a computer. This information may be vital to the operations of the company. For example, the annual financial report of an organization may be hacked into, and the details changed. The implications of such a criminal act may be surmountable and catastrophic. This raises the need to protect the information pertaining to company operations from unauthorized access. Protection The number of crime taking place on the internet seems to be rising. Computer forensics can be able to protect information from getting tampered with by criminals. The adoption of computer forensics within a company environment may scare away criminals who lack the ability to cover their tracks after committing a crime (Whitcomb, 2002). Forensics can be able to trace the route of any computer related crime. This would, therefore, act ensure that should information be lost, it can be possibly retrieved. Laws have been enacted to help litigate computer related crimes. It becomes essential for a company to ensure conformity with these laws by using computer forensic to gather information pertaining to crimes committed against the company. Since the law has allowed, and courts accept computer generated evidence, it is essential for a company to utilize the opportunity. Companies should strategically place themselves in a situation where they can be able to present admissible evidence in courts; should they come under cyberspace attacks. Computer forensic offers that capability. Prosecution The rate of computer crime prosecution has been low in many countries. This can be attributed to the lack of information regarding the crime to be presented in a court of law, in support of the prosecution. Failure to prosecute continues to encourage criminal acts on the computer. Computer forensics can provide the necessary evidence for prosecution of computer related criminal acts (Yasinsac & RF Erbacher, 2003). This would be essential for a company to get relevant remedy to crimes committed. From the prosecution, the company can also be able to get damage payments relating to the lost information. The enactment of several laws relating to prosecution of computer criminals should be an enticement for companies to utilize computer forensics. In the past, laws were ambiguous pertaining to criminal acts on the internet (Sassinsky, 2002). Computer criminals were handed small fines and short sentences. This has changed with the coming of new laws concerning cybercrime. Hefty fines have been charged in the modern times. In a recent case involving identity theft, in September 2011, a US district court charged a man to 14 years in prison for being found guilty of identity theft (United States Department of Justice). Increased earnings Computer forensics would be able to save an organization a lot of money lost through the loss of valuable data. Excessive loss of data continues to expose companies to substantial losses. Integrating computer forensics can immensely increase the ability for a security company to be trusted in terms of recovering lost data. When valuable data gets lost, the operations for a company may be brought to a halt. Computer forensics can enable a company to retrieve any lost data and, therefore, maintain the smooth running of the company operations. The company stands a chance of multiple financial gains by collecting correct information to be used in a law suit (Sassinsky, 2002). The evidence credibility can easily convince a jury about the occurrence of a computer crime. With admissible evidence from computer forensic, the cost of litigating would be immensely reduced as cases would be concluded quickly. Credible evidence can make a company be awarded financial compensations for losses incurred from a crime committed against the company. The use of computer forensic, therefore, becomes inherent in the litigation process of cyberspace criminal acts. Minimizing computer crimes The prosecution of computer crime criminals cannot be the only way of fighting computer related crimes. Computer forensics can be employed, in any organization to help fight computer based crimes. Computer criminals have come up with the use of anti-forensic programs making investigation immensely difficult (Whitcomb, 2002). The ant-forensics can be able to alter information file. This creates enormous difficulty to investigators when they try to retrieve information during an investigation. An organization can, however, adopt methods of operation limiting the probability of a computer crime occurring. Numerous methods have been used. These act as alternatives to going through the process of computer forensics to nab a criminal. Some of the alternative methods employed are discussed below. Systems backups and off-site storage Criminal attacks in computer systems vary from one another. While some may only copy information, others alter the information by deleting, adding new information or changing the contained information. Provision of back-up systems may offer a perfect solution to such elements. The back-up system provides the information attacked in the original form in was stored (Strickland, 2008). An organization can also provide an off-site storage containing back up information. The off-site storage would normally not be connected to the internet. Most computer crimes occur through the internet. Providing a storage system free from internet access can secure information in the event of an attack. Off-site storage can help in cases where the attack does not come from the internet. In burglary cases, for example, an off-site storage may assist an organization recover any data lost during the attack. Passwords and Encryption Passwords are used as a way of identification of users in the world of technology. Though they can be cracked, the offer minimum protection as not all criminals may be able to crack the password (Thomas, 2002). When using passwords, the essential idea is to ensure that the password is only known by those with the authority to access the information protected. It is essential to keep changing and updating password when there are changes within the ranks of those with the password code. Encryption software needs to be combined with the use of passwords to increase the protection offered by passwords. Encryption can make cracking a password extremely difficult even to the experts. It is essential to combine these aspects and, therefore, achieve increased data security. Intrusion detection system These are devices or software installed in systems, to constantly monitor network or system of any malicious activity taking place. Some of them can be able to deny access upon detection of abnormal activity. Companies need to set policies regarding what constitutes an abnormal activity within the context of its system. Intrusion detection systems report any detections of attempted unauthorized access to information (Anderson, 1980). This forms an essential aspect of security provision. When an alert is sent to the relevant authority, action can be taken to prevent a possible fraud from taking place. Computer forensics process can be started to try and detect the location from where the attempted access was instigated. Intrusion detection systems can play a significant role in the process of computer forensics. When investigating possible sources of crime, these systems can be used as traps for alerting investigators when a fraud has been attempted. Recommendation Any data security company needs to ensure protection of the data contained in its sever as in order to maintain is clients. Computer forensics forms an indispensable part of securing data from theft and other computer related crimes. This cannot, however, be over relied upon as the only way of dealing with the issues emanating from computer related crimes. The world of technology keeps on changing and so should the systems used in computer forensics. The use of intrusion detection systems should be adopted in the quest of establishing computer forensics. These IDS would enable the detection of a crime before it can occur. As the adage goes “prevention is better than cure” ,the intrusion detection systems act as preventions to the crime, while computer forensic comes in when the crime has occurred. The application of the IDS software can extensively enhance the functionality of the computer forensic (Yasinsac & RF Erbacher, 2003). Early detection of a crime will allow a short time for cover ups to be set up. This can increase the probability of nailing a criminal once computer forensic investigations have begun. Conclusion The extensive use of computers in the 21st century can be linked to the rise of the new criminal act of cyberspace crime. The shortcomings of forensic procedures in handling evidence collection in cases relating to computer crimes have been numerous. Computer forensic, however, can be termed as the solution towards creating an admissible evidence in such cases (Strickland, 2008). Though computer forensic has not been fully adopted, its attributes show that it possesses keen ability to present viable evidence in courts concerning computer crimes. The forensic method, however, faces surmountable challenge in dealing with programmers who constantly seek ways to elude the forensic process. Technology advancements also make the application of this method difficult. The method can, however, employ the same new technology to advance its features. It becomes essential to adopt computer forensic as the world globalizes and computer crimes advance. References Anderson, J. P. (1980). Computer Security Threat Monitoring and Surveillance. Washington: James P. Anderson Co. Casey, E., & Stellatos, G. J. (2008). The impact of full disk encryption on digital forensics. Operating Systems Review , 93–98. Sassinsky, J. (2002). Cyberclues Making the Case for Using Computer Evidence. The New York Law . Strickland, J. (2008). How Computer Forensics Works. Retrieved from http://computer.howstuffworks.com/computer-forensic.htm. Thomas, D. (2002). Hacker Culture. University of Minnesota Press. Whitcomb, C. M. (2002). An Historical Perspective of Digital Evidence:International Journal of Digital Evidence. Retrieved from https://utica.edu/academic/institutes/ecii/publications/articles/9C4E695B-0B78-1059-. Yasinsac, A., & RF Erbacher, D. M. (2003). Computer forensics education. IEEE Security & Privacy. Read More