Computer Forensics Issues - Report Example

Introduction Recent developments in information technology and the increased use of technology in business operations have increased the need to safeguard sensitive and valuable business information from third parties. Such third parties could be cyber-criminals – both within and outside organizations – who use computer technology as a means to commit criminal activities. Computer forensics, in this light, can be seen as the application of different computational techniques to the identification, extraction, examination and preservation of digital information which can serve as evidence in a court of law (Zhang & Lin 649). This is necessary because most of the small digital devices now popularly used in companies for data transmission and storage are vulnerable to attacks by external parties or staff in these organizations for unlawful purposes. The small digital devices include all portable data storage device such as mobile phones, laptops, computer tablets and IPads. These digital devices are portable hence can be carried from one place to another interfering with information security. In addition, these digital devices are useful in identification of the location of the user and tracking information which is useful in digital evidence. There has been an increase in cases of digital crimes, resulting from poor information security systems and poor evidence gathering in these organizations. Moreover, the fact that the small digital evidence is portable means that anyone can get away with it and interfere with the information in the device or the device itself. Understanding and applying digital forensics is useful in safeguarding vital information which can be used as evidence in prosecuting an individual who is suspected of committing a computer crime (Taylor et al 103). This paper, accordingly, explains the recommendations that should be followed in formulating a business process framework for identification, extraction, preservation and documentation of corporate digital evidence with a focus on small personal mobile digital devices. Scope of Report The use of personal digital devices in accessing and transmitting corporate information has been on the rise. This poses security threats to many organizations since information is exchanged between social media and company staff. In formulating and providing suggestions for the implementation of a holistic framework for forensic investigation and data gathering, this research paper presents the guidelines and the policy making processes that should be followed in order to manage digital evidence in Galactic Avionics Corporation (Taylor et al 101). This report will help Galactic Avionics Corporation management in developing and implementing the business processes and procedures necessary in managing digital evidence. The basis for the report and the board decision to commission it is due to recent trends in the security of digital information resulting from the increased use of small digital devices and social media which blur the boundaries between leisure and work. Due to the nature of such small devices and of social media usage, the information transmitted and accessed in this way is vulnerable to access by hackers and non-authorized personnel. Additionally, the company in question provides digital data instrumentation and is committed to the management of legal digital data which is crucial in security issues. Therefore, the content of this report presents to the management team the guidelines and forensic tools that are crucial in developing a business process framework that will ensure proper identification, extractions, examination, documentation and preservation of digital data from small digital devices that are used in the company, in the case that digital evidence is required (Zhang & Lin 649). Background Information The need for digital forensics is due to the increase in digital crimes which pose a threat to corporate information. With the increase in the use of information technology, small digital devices have increasingly been used by organizations as the means of connecting individuals within an organization and within other business organizations (Ali 24). The information which is stored in small digital devices can serve as digital evidence in cases of corporate crimes related to misuse of corporate digital information. Most organizations have been concerned recently about the security of their data, especially due to the increased interaction of company employees with outsiders, especially clients, using personal digital devices (Casey 23). Corporate Digital Information and Data Classification There is the need for organizations to preserve digital information which can be used as digital evidence in a court of law. Therefore, in formulating the business process framework and manual, there is the need to identify and outline the procedures involved in the identification and preservation of corporate data to allow it to qualify as digital evidence. This means that the digital evidence brought into the courtroom should be accurate and complete, just like physical evidence. Additionally, digital evidence should be able to convince the law makers and the judiciary that it is worthy as evidence which is admissible. The manual and business framework should also stipulate the security procedures as well as the compliance processes in the preservation of digital evidence. In the company under discussion, there are different sources of digital information which can be identified, such as system logs, temp files, data and program files, firewall logs, network communicating links, dial up severs (Zhang & Lin 650). The method of capturing vital digital information is also necessary for digital information to qualify as digital evidence. Poor handling and capturing procedures interfere with digital information; hence digital evidence will not be admissible in a court of law. It is crucial for the manual to outline the steps and tools which are to be used in securing the digital information, as well as the procedures to be used in the collection and preservation of digital information. In classifying its data, the business policy framework and procedure manual should include a data classification scheme which includes the following elements: A corporate policy on data protection that will provide the guidelines for classifying data as either confidential or non-confidential. An inventory of all digital data in the company. Assignment of ownership to all corporate information in the company. Choosing the classification schemes in the company which will ensure that digital data is sufficiently protected. Security Systems in Small Digital Devices The information manager in the organization which is being discussed should be able to prevent any loss of information from data sources. This means that there should be a clear protocol which prevents digital corporate information from external threats. In securing the data, the information manager should classify the corporate information into various groups. The protocol should state clearly whether each group of data is restricted data, public data, and corporate data. This will limit the access to certain information by all staff of the organization (Kessler, 2008). Additionally, only authorized persons will be able to access particular information using their authentication passwords. The framework should also include a procedure that will detect unauthorized access of corporate information through internet filters and violation of computer policies. In ensuring that the information on the internet is filtered and restricted, the business process framework should outline the data which should be filtered from the general public. For example, the framework may suggest that all corporate sound and video data will be blocked on the internet. This means that there should be a set of procedures that is useful in alerting the administrator on the need to investigate a possible breach of information security (Sommer 56). This will minimize the unnecessary sharing of confidential information in the company. In addition, the business policy framework should include the procedures and protocols in monitoring the sharing of corporate information in the company using personal digital devices (Ali 25). Corporate Digital Evidence The criterion upon which digital information becomes digital evidence is dependent on the way this data is collected and the methods of identifying and establishing who has committed a crime. In developing the manual, there should be a clear process to be followed in identifying the suspected individual who has committed the offence on digital devices (Pangalos et al 11). It is also necessary to develop a protocol that will establish the source of crime. This will establish to whether the crime was committed intentionally by the user or was due to a remote program installed in the computer. Digital information has certain characteristics that make it qualify as digital evidence. The manual, thus, should include the various features of digital evidence nd how these features can be identified. The digital information can then be copied and modified with ease. However, during copying the evidence should maintain its original form and state. Therefore, digital data should meet certain criteria in terms of collection, preservation, presentation and recovery in order to be regarded as digital evidence. These criteria involve data admissibility, authentication, and reliability (Kessler, 2008). The admissibility of digital evidence entails the ability of the evidence to convince the jury that is of high quality and all procedure to ensure its integrity was followed. This includes formulation of a chain of custody which ensures that the digital evidence is preserved well and maintains its integrity. Therefore, documentation of the chain of custody is important. This will include the storage facility and the details of the custodian. Therefore, in ensuring admissibility of information as digital evidence, the chain of custody should flow and there should be no contradictions in evidence storage and handling. Additionally, there should be sufficient proof to show reliability of the digital evidence. This requires photographic documentation of every step in the identification, transmission and storage of digital evidence. Corporate Policy and Legal Rulings In formulating the business process and framework, the company should clearly address the legalities of monitoring staff behavior in the company. The company should develop policies and regulations that are in line with local and national legal rulings about privacy and employee rights (Pangalos et al 14). The business process framework and procedure manual should also follow the rules of law during their formulation. Moreover, there should be a standard procedure which should be followed in searching for evidence. In this case, the business process framework should include a search warrant form that is issued in case someone is suspected to have committed an offense. In the manual, the procedure for searching individuals should be carefully stipulated in order to ensure that no information is left unfound due to poor searching criteria (Casey 42). The manual should also specify search best practice so that violations of employee rights do not occur. Collection and Preservation of Digital Evidence The company should include a procedure and documentation process for collecting and preserving digital evidence from small digital devices. The trustworthiness, reliability and integrity of digital information depend on the collection methods and preservation methods used. This means that the business process framework and manual for procedures should include digital information gathering procedures that will ensure the integrity of the information. The place where the digital device was collected, date of collection, methods of collection and custodianship of the data should be included in the procedure manual (Seokhee et al 238). The procedures that may be included in the business proves framework and procedure manual could consist of taking photographs of evidence, as well as collection of live data such as RAM and hard disks and drives. In addition, the business process framework and procedure manual should stipulate the procedures that are necessary in preserving the information. The data should be packed in the seal where it will not be revised, damaged or combined with other materials. In order to maintain the custody chain, every step in the packaging must be recorded. This means that the procedure manual should document all the necessary steps involved in the on-site survey, the search procedure and the packaging and delivery of evidence as well as storage of the evidence (Nelson 382). During the collection of digital evidence from small digital device, the business process framework should include the procedure to be used in handling the devices, such as whether the device was left on or off. In the event that an offence has occurred, there is a chain of custody which must be followed in order to maintain the integrity and reliability of the digital evidence. This involves keeping a true copy of the digital information, as well as ensuring that the digital evidence is not altered during its preservation process. Additionally, the chain of custody addresses issues relating to the accuracy of information secured and its durability. The business process framework and procedure manual should document the necessary chain of custody so that the transfer of digital evidence can be clear and precise. This is to avoid tampering with digital evidence before its intended purpose. The chain of custody in digital evidence should include the individual who handled the evidence, and the reasons as to why they are in custody of the evidence, the storage place of the digital evidence, and the authorized personnel for the custody of the digital evidence. The procedure manual should also outline the storage facility requirements and storage bags such as plastic and transparent bags that have tamper proof seals. Since most small digital devices are vulnerable to heat, the mode of transmission should ensure that the devices are not altered during transmission via heat exposure. To ensure that the integrity of the digital evidence is maintained, a limited number of individuals should be allowed to access the digital information that will serve as digital evidence (Zhang & Lin 651) Digital Forensic Tools Certain digital forensic tools are useful in the acquisition, examination and analysis of forensic evidence from small digital devices (Hunt 376). Such digital forensic tools should be used to collect, preserve and examine digital evidence, such as the computer hard drives, in regard to any criminal or unlawful activity like fraud, mismanagement, unauthorized accessing of vital company information and disclosure of corporate data. Since the company serves different clients and stores classified data, the forensic tools to be procured should be of a high standard and allow for high quality data collection, preservation and analysis. Therefore, this forensic tool should meet specified guidelines, which include the ability to make a copy of the digital data in the evidence without tampering with the hard drive or the source of the digital information. Moreover, the tools must be able to search computers or any device which is deemed to contain digital information which can serve as digital evidence in order to detect the data in such machines. Finally, the tools should be accessed only by authorized personnel of the company or the security firm (Sheetz 38). Additionally, the procured digital forensic tools should be able to detect anti-forensic devices in the computer or the facility (Rekhis & Boudriga 34). There are different forensic tools whose procedures may be included in the procedure manual, including forensic acquisition tools, forensic evidence examination and analysis tools. Therefore, the business process framework and procedure manual should determine and identify programs that perform data decryption of digital information that have been encrypted with codes, data extraction from the digital information device and cross reference data from different devices. Identification of the relevant programs, such as ProDiscover assessment programs, is necessary (Nelson 259). Additionally, there are other digital forensic tools that may be proposed by the business process framework which include first responder tools which give the time and date when information was accessed, the login details of the user and serial numbers of the digital device. Moreover, digital forensic tools should be able to offer authentication to show that the digital data collected was not altered (Narayanan & Ashik 157). Examples of forensic tools include PDA Seizure, which is used in the acquisition of digital information from small digital devices, examination of data, and reporting. In addition, there is EnCase which can also be used in the collection and analysis of digital information without tampering with it. Therefore, the business process manual should develop a plan in which the various tools to be utilized in the identification, extraction and examination as well as documentation of forensic evidence are identified and described. Reporting The integrity of digital evidence is dependent on the methods of preservation and handling. In any organization, there should be a reporting line which should be followed in reporting digital evidence crimes. In addition, the staff in the company should be trained in correct ways of handling digital information. The business process framework and procedure manual should state and outline the steps that should be followed in reporting cases of corporate crime and offences that are related to digital information (Ali 26). The staff should be able to determine the security importance of the information and how to handle any breaches safely. In reporting digital offences, the digital offence report should contain some vital information that should be outlined in the business process framework and procedure manual. In this respect, the digital information report should clearly state the alleged offense, the number of the device used to commit the offence and the date the offense was allegedly committed. Therefore, the staff of the organization should have awareness and knowledge of reporting protocols and handling of digital information in cases of crime (Kessler, 2008). Escalation of Incident Reporting The business process framework should indicate the necessary steps to be taken in addressing a crime (Kessler 2008). Upon reporting of criminal cases, the business process framework should include various contexts underpinning assumptions about such cases. For example, such crimes can be assumed to have originated from an external party or a staff member who accessed information without authority or willingly disclosed information to third parties or used corporate information for personal gain at the expense of the company. The business process framework should outline the procedures that will be involved in protecting organizational small digital data systems from access by outsiders. This includes establishing access codes and access cards for every staff member in the organization (Rekhis & Boudriga 39). The business process framework should also state the protocols involved in sharing data between different individuals in the company. In addition, all users of cell phones and personal digital assistants must be issued with login passwords which are unique for every staff member. This will reduce the number of computer crimes in which it is hard to establish who committed the crime. The procedure manual and business process framework should also include a network monitoring system that will monitor the access of computers in the company. Additionally, there should be limited access to the main server room of the organization. The server room should be protected by a highly secure system and the business process framework and procedure manual should outline the persons who are authorized to enter the main server room (Shepp 406). Conclusion and Recommendation In conclusion, the increases in security threats in digital information in various companies have led to development of measures in digital forensic tools. This is because, most of the digital crimes are poorly handles or digital evidence is poorly management such that it because invalid and cannot be used as evidence. This is because the use of media in a company risks the leakage of digital information to third parties who may use the information for unlawful purposes. This report recommends that guidelines should be created and adhered to and the board of directors should adopt these recommendations in developing the business process framework and procedure manual. Therefore, this report recommends that the management board should create a business process framework and procedure manual that will stipulate the procedures required in the management of corporate digital data. These guidelines should also be in line with the local laws that govern digital information so that digital corporate data can become admissible in a court of law. References Ali, K. Digital Forensics Best Practices and Managerial Implications. Computational Intelligence, Communication Systems and Networks (CICSyN). Proceedings from the 2012 Fourth International Conference (2012): 24-26. Print. Casey, E. Digital Evidence and Computer Crime. Academic Press. 2006. Print Hunt, R. New developments in Network Forensics — Tools and Techniques, Networks (ICON), Proceedings from 2012 18th IEEE International Conference, (2012): 376-38. Print Kessler, G. Digital Anti-Forensics and the Digital Investigator. Research Paper, Burlington: Champlain College, 2008. Print Narayanan, A., & Ashik, M. Computer Forensic First Responder Tools," Advances in Mobile Network, Communication and its Applications (MNCAPPS). Proceedings from 2012 International Conference on (2012): 156-159. Print Nelson, B. Guide to Computer Forensics and Investigations. Connecticut: Cengage Learning. 2010. Print Osterburg, James, & Ward, Richard. Chapter 23 - Computers and Technological Crime Criminal Investigation (2010): 547-567. Print Pangalos, G, Ilioudis, C, & Pagkalos, I. The Importance of Corporate Forensic Readiness in the Information Security Framework, Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on, (2010) 12-16. Print Seokhee, Lee, Hyunsang, Kim, Sangjin Lee., & Jongin Lim, Digital Evidence Collection Process with Integrity and Memory Information Gathering, Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop (2005): 236-247. Print Sheetz, M. Computer Forensics: An Essential Guide for Accountants, Lawyers, and Managers. New York: John Wiley & Sons. 2007. Print Shepp, D. Chapter 32 - Crime and Incident Scene Procedures. The Professional Protection Officer (2010): 403-411. Print Sommer, P. Digital Evidence, Digital Investigations and E-Disclosure: A Guide to Forensic Readiness for Organizations, Security Advisers and Lawyers. Information Assurance Advisory Council, (2012): 1-115 Taylor, C., Endicott-Popovsky, B., & Frincke, D. Specifying Digital Forensics: A Forensics Policy approach. Digital Investigation, 4 (2007): 101–104. Print Zhang, Yan, & Lin Ying. Research on the Key Technology of Secure Computer Forensics," Intelligent Information Technology and Security Informatics (IITSI), 2010 Third International Symposium (2010): 649,652. 2010. Print Read More

The basis for the report and the board decision to commission it is due to recent trends in the security of digital information resulting from the increased use of small digital devices and social media which blur the boundaries between leisure and work. Due to the nature of such small devices and of social media usage, the information transmitted and accessed in this way is vulnerable to access by hackers and non-authorized personnel. Additionally, the company in question provides digital data instrumentation and is committed to the management of legal digital data which is crucial in security issues.

Therefore, the content of this report presents to the management team the guidelines and forensic tools that are crucial in developing a business process framework that will ensure proper identification, extractions, examination, documentation and preservation of digital data from small digital devices that are used in the company, in the case that digital evidence is required (Zhang & Lin 649). Background Information The need for digital forensics is due to the increase in digital crimes which pose a threat to corporate information.

With the increase in the use of information technology, small digital devices have increasingly been used by organizations as the means of connecting individuals within an organization and within other business organizations (Ali 24). The information which is stored in small digital devices can serve as digital evidence in cases of corporate crimes related to misuse of corporate digital information. Most organizations have been concerned recently about the security of their data, especially due to the increased interaction of company employees with outsiders, especially clients, using personal digital devices (Casey 23).

Corporate Digital Information and Data Classification There is the need for organizations to preserve digital information which can be used as digital evidence in a court of law. Therefore, in formulating the business process framework and manual, there is the need to identify and outline the procedures involved in the identification and preservation of corporate data to allow it to qualify as digital evidence. This means that the digital evidence brought into the courtroom should be accurate and complete, just like physical evidence.

Additionally, digital evidence should be able to convince the law makers and the judiciary that it is worthy as evidence which is admissible. The manual and business framework should also stipulate the security procedures as well as the compliance processes in the preservation of digital evidence. In the company under discussion, there are different sources of digital information which can be identified, such as system logs, temp files, data and program files, firewall logs, network communicating links, dial up severs (Zhang & Lin 650).

The method of capturing vital digital information is also necessary for digital information to qualify as digital evidence. Poor handling and capturing procedures interfere with digital information; hence digital evidence will not be admissible in a court of law. It is crucial for the manual to outline the steps and tools which are to be used in securing the digital information, as well as the procedures to be used in the collection and preservation of digital information. In classifying its data, the business policy framework and procedure manual should include a data classification scheme which includes the following elements: A corporate policy on data protection that will provide the guidelines for classifying data as either confidential or non-confidential.

An inventory of all digital data in the company. Assignment of ownership to all corporate information in the company. Choosing the classification schemes in the company which will ensure that digital data is sufficiently protected. Security Systems in Small Digital Devices The information manager in the organization which is being discussed should be able to prevent any loss of information from data sources.

Read More