Computer/ Digital Forensics - Report Example

?Computer/ Digital Forensics: Introduction: It is a fact that computer has become an integral part of our social and private life, but it is the mostvulnerable form of communication and is prone to all kinds of challenges and obstacles. These challenges come in form of security breaches, viruses, Trojans, spam, and many more forms that leave it as the least secure network. The case is further worsened by the fact that there is lack of awareness and sense towards safe operations amongst the common users and the members and the professionals who are designated to make this medium a better and safer one for all kinds of functions of daily life. A vigorous mechanism needs to be devised that can look into all the aspects pertinent to the cyber security and forensic field. Cyber forensic is one of the fields designated to hunt down and mitigate any possible loophole and trace that may result in cyber insecurity and pilferage. Aims: The aim of this study is to determine and evaluate the overall scenario that entails the present day cyber world and specific regions. For this purpose the first and basic step is to identify what particular aspects must be fulfilled and what areas must be highlighted. This comes in form of developing the understanding of what level of awareness exists between the masses, and those who are assigned the duty and task of making the computing world a safer one. Assessment of the level of preparation that exists, and the mindset that is created about it is part of the overall study and research which would enable getting a better understanding of the situation at hand and hence further improvements in the respective field. The paper stresses for joint working and collaboration in this form which would enable tracking down the culprits and offenders right in on the spot. Background: Analogy to the naturally occurring Katrina has been made in this paper, in form of cyber calamity that is the viruses, Trojans, spams, hackers, and have been termed as, as lethal as hurricanes and other natural events which uproot the entire places once they hit the place. There is an evident lack of knowledge on behalf of the professionals inducted, as well as the counter measures in terms of the organizations in place, and policies that may be devised to make the computing experience a better one and overall digital domain a safer one. The nature of cyber crimes is not just limited to financial scams and embezzlements rather all kinds of threats and challenges are faced. Ranging from child abuse, to blackmailing, life threats, privacy breaching, and many more similar events which may come in the fold of abuse and civil rights violation. One similar case was noticed in 2004 when an individual who came to be known as Mr. Swirl(Greengard 2006), took the entire web world by storm by uploading inappropriate pictures of him with minors and which was clearly in the fold of child abuse conducted over the medium of internet . This came up as a challenge to the cyber experts who aimed to confront him and bring him out of the unknown corner of the world where he was operating from and uploading the undesired pictures continuously. Through extensive search and other processes, the criminal was comprehended, and it was done so through the tracking of the basic route and basic I.D in form of the I.P address being used and the network over which the connection was established. This was in joint collaboration of the forensic team, Interpol and other related organizations and without the help of each of them this would not had been possible since each of them specializes in their own domain and with restrictions and limitations outside their field of specialty. This is one of the many events and incidents that are taking place daily on the internet and most of it goes unnoticed since there is no clear regulation nor any combined mechanism which would enable each of them to reduce the chances of such exploitation. Scope of digital forensics: Digital forensics is not just limited to mere study of the physical devices that may have been used, such as the computer, hardware in particular rather it entails a long section . any element that may have been used to achieve the nefarious objectives entails the scope of digital forensic science and investigation, any I.P address that is being used, any server address being used, any email being sent, or connection being established from any ad hoc network, all these make up for the scope of digital forensic study which takes this into account and make sure that no part is left unnoticed for it may hold valuable information. Even in case of the financial scams, the credit cards being used, the timings and the physical addresses, a all these are brought under study for the purpose of forensic science and investigation. The use of cameras, or any other digital device, which may lead to its abuse over the digital medium entails the study of cyber crime and forensic science and must not be ignored in any way if the protective functioning of the cyber field is to be achieved in true spirit and letter. Technical aspect: On technical fronts, using methods like algorithm usage, digital signal processing, image segmentation, the background tracing, all these are done under the domain of technical field of forensic science, and without their services the field of forensic science would be an incomplete one, this was seen in case of Mr. Swirl, in 2004 where the technical team made use of effective algorithm for tracing down the various elements through comparisons and matching of segments within the pictures that were being uploaded on the internet. Fragile nature of forensic science: Computer forensic is a delicate field and requires specialty and expertise, thereby need is to establish a comprehensive approach towards the overall situation at hand. The findings and the report shared is part of the internal work and shared only to provide an insight as to what is the present state of protection against cyber threats. The report highlights three basic elements and functions of the cyber forensic field, which are as follows: Identification in the first step of the challenges and potential loopholes in the network Preservation, which comes in form of gathering of data and recording of the material that may be available Third in line is analysis based on the data collected in the first two steps, And the final important step is that of presentation which is often in non technical language for better understanding by the people outside the technical domain. Seeing that these four areas are not fulfilled the paper suggests four steps in detail which would enable a better implementation of the overall cyber forensic art. The paper points out (BHASKAR 2006) that there is clear lack of communication and synchronous operations between the working agencies. Since various agencies are involved on technical level, federal level as well as the forensic departments which work in their own domain to counteract any possible event as such, and each of them, if they operate without communication and exchange of information and expertise would yield no positive output from the entire work. There by this report stresses the need for effective communication and response between the entities involved in order to make better use of their services and expertise. Multi Stage Intelligence and Analysis Sharing Centre(MSISAC) is one entity that is in place for the purpose of overcoming any hurdles and creating a communication link between the various entities in place in order to make the overall process of cyber forensics more effective and protective in this regard. However this entity is technical in its outlook and mostly deals with the forensic issues based on the technical nature of the material and events that may incur. The report highlights that is an urgent need for creating more awareness in terms of the field, its specialties and the challenges faced, on legal front, technical as well as the law enforcing aspects The processes undertaken: The law enforcement agencies along with the cyber field have to create a proper mechanism in order to counteract and confront the menace of cyber crime, for this purpose a process had to be designed and crafted, and without the process no clear solution could be extracted. The process enables adopting a methodical approach to the entire scheme, and each step complements other in a certain way. This starts with the identification of a problem, which is a basic concept of any problem resolution method, regardless of computing or non computing research, the first step to any approach should be that of identifying and it comes in form of knowing what to do, how to do, and when exactly to do and in what manner to go about it. This is followed by the second step which relates to the comparison of the various facts and situation extracted, based on the second step of comparison and matching, the third step taken is that of response to the situation, the response can be either of the short term strategy, emergency level handling, or dealing with the process and problem in a passive manner as it may not be of a critical nature. This step is followed by the fourth one which comes in form of the analysis and storage processes, once the first three steps are performed, the fourth one is that of final evaluation and future strategy devising. The overall process is handled in a loop back structure with the fourth stage leading back to the first, the loopback mechanism makes it more effective since an iterative approach would enable better understanding of the situation and possible overcoming of any loophole that may have been left in the first cycle. Other strategies adopted: A more comprehensive strategy involves relatively larger number of steps and actions, which starts with identification of possible attack and pilferage from a particular user, and once the possibility and evidence is collected of a possible action, the identity and other relevant information is being traced and routed out to further notice their actions and thereby prevent a large scale damage that might be in offing. The noticing level includes collecting of data, assessing it, comparing it with various variables, looking ahead and checking the possible impacts of it, its possible execution, the target areas, and various other factors which would enable tracing an insurgent entity in time. any element and any user on internet that poses any form of threat, or has any plan in offing to damage any link, any flow of transmission between two nodes and terminals can be termed as an insurgent and outside force who may create problem in one way or the other. From the study of steps undertaken, it is being evaluated that the individual effort by the respective entities is not as effective as would be that of collective team effort by various law enforcing entities. Legal domain: Cyber forensic is a sensitive field and it involves the legal consideration in a direct manner, for example the material collected is highly vulnerable to the temperament, change and loss, even the finger prints can result in tempering of the data and information collected, thereby need is to make the legal aspect more secure and for this purpose more protection is needed for the purpose of cyber forensic evidence that may be collected. Providing protection to the collected material and other similar factors consideration need to be taken in to account and according to the report, the present state of cyber security is deficient in this regard. Need is to bring along legal experts into the field and provide more shelter to the experts in their working and provide them further defense and protection in the courts where the non technical information is to be presented. While mostly the forensic material collected is often in technical jargon, thereby it is the duty of the panel and the non technical unit to translate it into a presentable and layman terminology and bring it to their understanding at the same time ensuring that the data may not get changed or tempered in any intended or unintended manner. Obstacles faced are not just in the technical domain, rather the legal and evidence protection are two other areas which need to be looked into in order to make the field of forensic science and computing more effective . Apart from the methodical approach and the processes that may be taken, the paper suggests possible solutions towards the reduction of the chances of cyber offenses, these have been provided in form of double option strategy, the first one is creating of a centralized organization in form of National Incident Management System( N.I.M.S), while the latter is that of processes which has been explained as to how to go about the overall process and make the cyber field more effective, following these processes will enable better execution and understanding of this field and hence better cyber world with less threats. Recommendations: To make the field of forensic science more enhanced, new tools, techniques and other related products and technologies must be made available to the people who are enrolled in this field. The cases that are often confronted by the panel require state of the art technology, resources and skill to comprehend them and create a strategy according to it. A cumulative approach based on technical, legal, and managerial guidance would enable extracting the true aim out of the process of cyber forensic and this has been stressed in this paper through the findings and the subsequent observations based on those findings. Ensuring that the data being retrieved is in its original form, and further the fact that the data and evidences so collected remain in their original form throughout the process of cyber surveillance and forensic process. This is being technically termed as the live acquisition of the evidence and it must be ensured that the system where the live acquisitioned material is kept is kept free from any virus or other similar material that may hazardous in nature. The speed with which the cases are being solved is another area, and there are cases which require in time measures in order to prevent major damages that may incur incase no active steps are taken, for this purpose improvement is also needed in terms of the speed with which the cases are being handled and data is being retrieved. Ability to handle and facilitate multiple work stations are few of the concerns that must be addressed in this regard. Facilitating the systems and networks with support for large data files, through the use of effective data base systems and files retrieving machines is another method and recommendation that will help tracking down the menace that exists in various forms. Distributed work stations in form of multiple servers, multiple networks can make the processes easier and faster to handle (RICHARD & ROUSSEV 2006). References: BHASKAR, R. (2006). State and Local Law Enforcement is not Ready for a CYBER KATRINA. COMMUNICATIONS OF THE ACM. Greengard, S. (2006). On the Digital Trail. communications of the acm. RICHARD, G. G., & ROUSSEV, V. (2006). Next-Generation DIGITAL FORENSICS. COMMUNICATIONS OF THE ACM. Read More