The Evidence of a Cybercrime Incident - Research Paper Example

Cybercrime Incidence: Analyzing the Evidence Cybercrime Incidence: Analyzing the Evidence Introduction Computer experts argue that cybercrime is among the fastest growing areas of crime across the globe. They argue that many criminals are taking advantage of the convenience, speed and anonymity provided by the current modern technologies to commit a wide rage of crime. The kinds of crime committed are diverse and ranges from identity theft, attacks against computer systems and data, internet auction fraud, distribution of pornographic images which are abusive to children, and the penetration of online financial services according to Carrier (2006). Other forms of cybercrime include virus deployment, email scams such as phishing and Botnets. Carrier (2006) argues that, the global nature of the internet has created room for criminals to commit any crime anywhere in the world. As such, it has become necessary for all countries to use their domestic offline controls to cover crimes committed in cyberspace. Computer forensic is one of the technologies used in the modern world to either prevent or unearth cybercrime. The most famous computer related crime having been solved using computer forensic is the famous BTK serial killer in America. Experts argue that without computer forensic, probably the police could not have caught up with the man. The objective of this paper is to analyze BTK serial killers case in light of how computer forensic helped in solving it. The paper will detail the procedure used in discovering and investigating the evidence in this case. Finally the paper will conclude by explaining the various types of software that I would use to complete the case. What is computer forensic? McKemmish (1999) define computer forensic as the scientific collection, examination, prevention, authentication, and analysis of digital data to obtain credible information that can be used in a court of law. It is argued that computer forensic is as old as the computer itself. It is used by both federal and local law enforcement agencies in the US for obtaining evidence for criminal cases related to computer crime. The growth in the use of this technology has seen many corporations across the globe hiring computer forensic experts to monitor worker computer activities in a bid to prevent the workers from leaking confidential and critical information of the company or using company computers to commit cybercrime. Computer forensic can also be used for tracking instant messaging, emails, or any other form of computer related communication (McKemmish, 1999). The use of this technology is ultimately necessary especially in the current world of technology. It is reported that computer forensic experts have advanced this technology by going a notch higher in which they can use it to track data real time. It is noted that by suing a systematic approach, a digital computer forensic expert can investigate and identify if a crime has occurred, whoever committed the alleged crime and collect relevant evidence using tools to gather the evidence, required to prove beyond reasonable doughty that a crime has actually been committed. Analysis of how computer forensic caught the notorious serial killer BTK The case of BTK, the notorious serial killer has gone in history book as one of the biggest cybercrime solved using computer forensic. This case is reported to have taken police several years and spending millions of dollars trying to indentify the person behind mysterious killings of 10 people in and around Kansas and Witchita between 1974 and 1991. This translates to close to 17 years. Nevertheless, the identity of the serial killer whom the police had failed to unravel was brought to light just in a matter of hours on February, 2005 using computer forensic. The computer forensic revealed the identity of the man as Dennis Rader (Wenzl et al., 2007). Wenzl et al., (2007) reveal that the case began in January 15, 1975, when Dennis Rader killed four members of Otero family by strangling them to death. He also admitted later on of having killed six more victims all of whom happened to be women. The most amazing thing is that as he killed his victims, Rader teased police by sending some bizarre letters. In the first, he claimed responsibility for being the man behind Otero killings and promised more killings by nicknaming himself BTK (Bind, Torture, Kill) (Wenzl et al., 2007). It is reported that he would at times send the letters direct to the police or resort to emailing them to the media. Despite this entire taking place, the police could not identify who the real person is for more than 30 years. Rader eventually went silent until 2004, when he resumed his communication with the police, by sending them a word document on a floppy disk that was taken by computer forensic experts for thorough examination. The computer forensic experts used EnCase forensic software to pull up a word document that had previously been deleted. Thorough scrutiny by forensic experts revealed that the document had metadata revealing that it was lastly modified by someone named “Dennis” at Christ Lutheran Church. It is then that the forensic experts carried out an examination of the Church’s website, which revealed that Denis Rader worked in the church as the President of the Church’s congressional council (Wenzl et al., 2007). Intense scrutiny of Rader’s background by the police through examination of DNA evidence, the police were able to associate Dennis with BTK killings. At first, Rader pleaded not guilty to the charges but later confessed of having been responsible for the killings and the document (Perumal, 2009). Obtaining Digital Evidence It is noted that just like in any other piece of evidence gathering used in a legal litigation, the information obtained by the computer forensic investigators must follow the laid down rules in a court of laws. They are required to demonstrate beyond reasonable doubt the reliability of the computer equipment, and the way the data was initially entered, method used for storing the data, measures taken to ensure accuracy of data entered, reliability and accuracy of the computer program used for data processing and measures taken to prevent loss of data (Stephenson, 2003). In case the person who has generated the digital evidence refuses to allow his or her computer for examination, then the computer forensic experts are required to ensure that they obtain legal authority to examine, seize and image the person’s computer devices. Carrier (2006) notes that computer forensic experts are also required to document all the work done to a computer plus all the relevant information obtained. It is reported that evidence may sometimes get destroyed or lost in the cause of investigation. Therefore, to prevent such unforeseen loss of digital data, computer forensic investigators are required to follow the under-mentioned guidelines: Handle the original evidence as little as possible so as to prevent altering the evidence Only use tested tools and methods which have previously been tested and validated for reliability and accuracy Avoid exceeding personal knowledge and Document everything done. Types of software that I would use to complete the case One of the forensic software that I would use to complete the case is by using the AMART software device. This is because this software utility is able to acquire data from digital devices and replicate it to any device or images simultaneously (Stephenson, 2003). Like in Rader’s case, it would help in recovering deleted data as well as interpret the file system metadata and perform a remote or on-site preview of the target system. The second software device that I will use is Helix. The reason being, this software has more than 35 tools for incidence response, as well as forensic analysis, such as devices for wiping data from disks like the one sent by Rader, and recovering the windows registry and recovering data from slack space (Stephenson, 2003). Even before Rader could go silence, he is reported to have sent some emails to the media. As such, the best software that could have been used here is the Mailbag Assistant, which is a tool used for searching, organizing and analyzing email send in different formats. This software would indeed assist in providing more information regarding BTK’s identity. Other software that would be suitable for use in completing the case includes Paraban Device Seizer, AccessData Forensic Toolkit, DCFLdd, IsoBuster, and IX Imager (Stephenson, 2003). References Carrier, B.D. (2006). A hypothesis-based approach to digital forensic investigations. CERIAS Tech Report. Purdue University, Center for education and Research in Information Assurance and Security, West Lafayette. McKemmish, R. (1999). What is forensic computing? Canberra Australian Institute of Criminology. Perumal, S. (2009). Digital forensic model based on Malaysian investigation process: IJCSNS International Journal of Computer Science and Network Security, Vol. 9, No. 8, August. 38-44. Stephenson, P. (2003). A comprehensive approach to digital incident investigation. Elsevier Information Security Technical Report. Elsevier Advanced Technology. Walker, C. (2006). Solving crime with computer forensics. Retrieved from: http://ezinearticles.com/?Solving-Crime-with-Computer-Forensics&id=192667 Wenzl, R, Potter, T., Kelly, L., & Laviana, H. (2007). Bind, Torture, Kill: The inside story of the serial killer next door. New York, NY: Wichita Eagle and Beacon Publishing Company. Read More