Issues in Cyber Forensics Affecting ICT - Literature review Example

Issues in Cyber Forensics Affecting ICT Name: Institution: Issues in Cyber Forensics Affecting ICT Introduction Internet Evolution as well as ease in applying contemporary technology is noticeably increasing the use of state-of-the-art technology internationally. Basically, development in digital devices like handsets as well as PCs also has enabled the users to work remotely such as at homes. Even so, the vital nature of ICT continues to draw the attention of online hackers who take advantage of it to target users’ information sources like installations for security, very important telecommunication centres, financial institutions, as well as other networks linked with users’ private information (Forte, 2008). Furthermore, internet together with linked technologies have been of assistance to hackers and also prepared aggressors to carry out their unlawful acts whilst safeguarding data confidentiality and secrecy. At the moment, cyber criminals’ trial and conviction is rooted wholly on evidence collected from digital devices (Wright & Golden, 2010). Owing to the rise in cyber crime in recent times, Newville (2001) claim that digital forensics has grown to be of absolute importance taking into consideration that collection and investigating of appropriate evidence for trial has time after time confirmed to be a versatile task. The forensic data analysis essay seeks to provide an insight on current issues in cyber forensics affecting the ICT industry, forensic examiners, and the legal fraternity. Critical Analysis Internet as per Beckett and Slay (2011) has developed into not just a landscape for crime, but as well as a platform for reproducing minor as well as major evidence sources. Currently, cyberspace has turned into a platform where law officers have to frequently get in touch with the public given that forensics investigation require utilisation of directly managed analytical techniques to detect and investigate evidence traces remaining subsequent to a committed felony (Jaishankar, 2010). In sum, cyber forensics involves the acceptance, retrieval, as well as modernization of electronic evidence in addition to its handling in a manner that makes it acceptable in trial, mainly during legal proceedings. Issues in Cyber Forensics Legal Issues According to Boddington (2012) legal issues with regard to investigating cyber crimes and taking legal action involve jurisdictions’ disagreements, handling of the electronic evidence, provisos pertinent for legal enquiries, and the safety of the individual’s privacy. Whilst the country’s constitution presents the legal system platform, hasty developments in ICT sector has offered fresh issues with regard to interpretation of the constitution. Free press as well as speech warranties are applicable to the conventional domains and also the cyberspace, but according to Wright and Golden (2010) the application technique is time and again rooted in facts and state of affairs. Studies associated to digital as well as multimedia forensics with reference to the primary amendment as utilised to cyberspace has thus far, focussed on impartiality of the content. The exceedingly devastating issues like government restriction as well as child pornography, as written by Boddington (2012) have given the courts of law with a concrete overflow of cases relating to digital/electronic evidence. In digital forensics, privacy has as well presented an overloaded research platform. Apparently, right to privacy at odds with the requirement for information relating to unlawful plots and activities as well as terrorist plots and assaults, plough into each other between artistic as well as character beliefs that are not comparable with either case or constitutional law. Hunton (2011) argue that legal action with reference to multimedia as well as digital forensics might crop up based on governmental or constitutional action grounds. Hence, extensive research concerning constitutional issues with regard to digital forensics is imperative as the ICT industry continues to grow. Cyber criminal process involves the legal avenue for establishing whether a person has flouted the criminal law. Whereas there subsist scores of alteration on the legal issues regarding digital forensics, between the most enthralling are challenges that are self-incriminating, which are associated with limited disclosure of encryption keys. Chung et al. (2006) claim that two contemporary developments are most probable to make criminal process as well as digital forensics more complicated. First of all, the role of digital forensics in the cyber criminal process is likely to become growingly more difficult as infrastructures as well as services are drifted to a cloud computing milieu. The epigrammatic nature of cloud computing is projected to make limitations for businesses and persons much less accurate, and additional setting obstacles in the progression of this fields of research. Subsequently, the rapid development of the technologies such as digital footprint lingering during contact as well as handling of these technologies is creating a connected criminal procedure, which according to Beckett and Slay (2011) is more complex. Property Law as mentioned associates to private as well as public property, and utilisation of digital forensics is probably not under public property law, but instead fall below private property law. In essence, the majority of issues rooted in digital forensics as well as property law crop up from the ease upon which property may be gotten, developed and the disagreements associated with derivation of these actions. Secret business deals, as noted by Hunton (2011) are mainly difficult in cyberspace since the security defence boundary has turn out to be more intricate. Prior to the changing of secret business deal into digital formats, a noticeable boundary in the region of the corporal convert might be distinguished and also be impounded. For example, the company’s strategic plan can be confined in a safe; consequently, requiring just physical protection to give surety that one of the key securities attributes, that is privacy, was being maintained. Still, while at risk to other threats associated with physical protection, like that of inside attackers, the secret security is much reduced (Kenneally & Brown, 2005). Cyberspace as per Yen et al. (2011) provides a number of exceptional issues with regard to the security of consumer, given that the unpredictability of e-commerce as well as multi-jurisdictional trade features in cyberspace makes it tough to protect clients from fraudulent traders. Debatably, Dosi and Khanna (2012) affirm that contractors can easily dupe online users, get money, fail to finish the assigned contracts, and successfully go missing. In this case, fastidious demographic clusters are over and over again targeted to be manipulated, and therefore, the legal issues allied with the process of digital forensics must be investigated to smooth the progress of finding way to help out solve this incessant threat. In addition, Martini and Choo (2012) mainatin that customers face setbacks allied with union contracts as well as uncertainty between licensing not being in favour of sales. Additional issues is associated with legal issues are the digital signatures given that research rooted in digital signatures as well as methods to smooth the designing as well as verifying advancements are imperative and by far have an effect on contract law (Ieong, 2006). Technical issues The recent increase in cyber-related crimes has generated the need for more advanced cyber forensics tools as well as methods to detect attacks. Cassim (2009) hold the view that investigators in cyber forensics must possess the equal sets of capability as their foes like online attackers. What’s more, investigators must develop and make use of correct tools as well as channels for carrying out digital forensics; however, there are as well numerous issues that must be resolved, such as technical issues. According to Hunton (2011), technical issues arise from the insufficiency in standardization, as well as the hypothetical structure paucity in the field of digital forensics. Fundamentally, making use of ad-hoc devices together with techniques for the digital evidence induction may as per Wright and Golden (2010) limit the integrity as well as reliability of the proof, primarily in the process of a criminal trial where both the digital evidence together with the employed procedures for collecting it may be disputed. Therefore, to deal with this intricacy, groups as well as unions of practitioners have of late commenced the endeavour to build up proposals to standardize the processes of digital forensics. However, for cyber forensics reliability has even become more complicated. Basically, technical issues entail various inconsistencies in the infrastructure’s different bases as well as applications, and also the physical barriers, which bar forensic investigators from getting access to the sources of evidence. In principle, tracing proof through online platforms present a number of intricacy, especially while examining the timeline and date of the collected information. Besides that, for the majority of forensics paradigms to be employed, Chung, Park, Lee, and Kang (2012) posit that it have to be perceptible that an attack has taken place in order to employ secure processes that can detect and draw together important traces of evidence. So, the type and aspects of the cyber attack must be known when the cyber forensic investigation begins, but still threats cropping up from the online platforms build up exponentially; for example, malignant threats built-in companies database have continued to increase over the years (Forte, 2008). Another technical issue is related with the certainty that when investigators are regularly given an enormous quantity of information, they face intricacies in choosing meaningful or applicable pieces of evidence in the midst of them. To make the investigation progress smooth, Owen and Thomas (2011) assert that techniques for data mining can be used; as a result, during investigation of cyber crimes, information must be gathered whilst servers and computers are still operational. Not counting the technical issues, which are integral in the procedures of cyber Forensics, Ieong (2006) posit that cyber attackers predominantly make use of different techniques to discourage investigation as well as prosecution. These techniques include erecting obstacles to foil an investigation, to cast off or hide attestation, or even to slot in doubt with regard to the collected proof in the process of prosecution. Ieong (2006) argue that application of encryption develops considerable barriers to the processes of cyber forensics as scores of countries set forth restrictions to the use of cryptography, but conversely, damaged cryptography presents setbacks to the recovery of digital evidence. Inductive, Deductive, and Abductive Reasoning Inductive reasoning can be defined as reasoning from an unambiguous case in point or and develops a collective decree by drawing inferences from inquires to make generalisation. Basically, inductive reasoning is viewed by many as a process of drawing a probable decision from the data configuration that is on the rise. Besides that, Inductive reasoning takes place by assessing unprejudiced observations as well as determining the data universal pattern. On the other hand, deductive reasoning is part of the elemental forms of pertinent reasoning and it begins with a collective proposal or acknowledged proof and breeds an explicit generalisation conclusion. In addition, the vital notion of deductive reasoning is that in case something is based on fact from a general group of things, then this fact is applicable to every group member. Finally, abductive reasoning can be viewed as a form of reasoning wherein one aspires to elucidate applicable evidence by commencing with a number of generally distinguished evidence that had previously been approved and afterward working towards a clarification. Process of Digital Forensic Investigations Digital evidence according to Beckett and Slay (2011) is the data amassed or distributed in binary form crucial for proceedings in the court of law and above all can be found on computer hard drive, PDA, CD, or mobile phones. Investigation as well as prosecution of cyber crimes depends heavily on handling of digital evidence, protection of individual’s privacy, and provisions applicable for legal enquiries. Like other forensic sciences, Ieong (2006) posit that cyber forensics is initiated through a collection of a numerous features or variables, and ends in pattern matching at the heart of such features or variables to facilitate evidence individualisation. Kenneally and Brown (2005) mentioned that network forensics require the connection of different sets of data associated with acts, which often occurs in a number of business social surroundings, and related to electronic evidence covered in and between different sources of data such as Internet newsgroups and computer logs. Importantly, cybercrime forensic investigation entails data mining that is traceable to the operating system, as well as data that is hardly traceable to the operating system. For that reason, the investigator will through data mining discern all files available on the investigated system, and this includes files that are active and can be accessed, as well as undetectable files; such as deleted files, but still with traces, encrypted and hidden files, as well as files that are password-secured (Pan & Batten, 2009). In scores of occasions, data is gathered during a cyber forensics inquest, which is not by and large noticeable or accessible by the ordinary user. This data includes wiped out files as well as fragments that are founded on the space allotted for files that are accessible. For this reason, exclusive know-how and tools are needed to get hold of this digital evidence (Adeyemi, Razak, & Azhan, 2012). When lacking accounts from witness that are applicable to investigate and find out the occurrences that took place at the scene of crime, Chung et al. (2006) claim that forensic investigators examine physical evidence that was collected from a victim or from the scene of crime with a view of providing accurate information with reference to whether the suspect may (or may not) be associated with the investigated crime. In this perspective, physical evidence stands for tangible evidence, and may encompass trace data like, blood stains, fibres, pieces of glass, or saliva. For example, evidence from a report by law enforcement accusing James of stealing computers, can easily be achieved through gathering of tangible evidence from the scene of crime. Subsequent to collection of the evidence, the chain of custody begins, and this chain is conserved until the evidence is rejected. Dosi and Khanna (2012) claim that the chain of custody guarantees unremitting legal responsibility, which arguably is fundamental for the reason that if it is not preserved appropriately, a piece of the evidence can be disallowed in court of law. In this case, the chain of custody can be defined as a list of individuals who were in charge or had custody of the digital evidence from the first time it was received until its last disposition. What’s more, such persons in the chain of custody have to be in the Evidence/Property Custody Document that is initiated after attainment of digital evidence. What’s more, every person involved in the chain of custody is legally responsible for every piece of evidence under his/her care. Naturally, digital evidence is responsive, and therefore, curator is made available to presume evidence liability when the investigating administrator drawn in the process of investigation fails to use it. According to Pan and Batten (2009), for the digital evidence to be of use at the time of prosecution, it have to undertake an expedition from crime scene to law court in way that is official and secure in order that all involved parties may be sure that the evidence is not tailored and also that the digital evidence is applicable to the investigated cyber crime. For that reason, to ensure legality prevails, investigators have to abide by the chain of custody, especially during collection and handling of evidence. For example, for James and his associates to be proved guilty for stealing computers and also using hard drives from the stolen computers to get financial data about the company, the investigation have to undertake the chain of custody process, which begins when the investigators collects the first piece of evidence from the scene of crime to when the investigation file is available to the law courts for prosecution. In this regard, the chain of evidence shows evidence of: who searched out for the digital evidence; time as well as location when the evidence was received; who safeguarded the evidence; in addition to who handled the presented evidence. For prosecution to take place there must be a chain of evidence, which involves a person documenting the other individual’s undertakings as well as how the undertaking are carried out in an attempt to present an exceptionally all-inclusive and accurate documentation of handling evidence. According to Ma et al. (2011), date as well as time when actions were taken, partakers bane, and the name of their commander is the most vital element in chain of evidence documentation Validation processes During the validation process, the investigator must at first shut down the computer system , and afterwards record the configuration of the computer hardware and subsequently make the computer system being investigated safe together with its applications, hardware and software. Subsequent to securing the computer system, all storage devices must be backed up, and the investigator should not use or operate the system should. Then the data on every storage devices must be validated, and the investigator must make sure that the gathered digital evidence is not tailored in any way. Following the validation of data, the investigator has to make certain data precision as well as the times linked with data archive. After that, the investigator is required to prepare a search words’ register in view of the fact that state-of-the-art appliances for data storage are exceedingly voluminous, and that is why, it is unfeasible to carry out a physical assessment as well as screening of every data file found on the system’s data storage devices. After preparing the register for search words, the investigators performs a file slack investigation, which according to Ma et al. (2011) is investigation of data storage that is beyond the users’ reach or sight. Later the investigators are required to examine the deleted files, seek for key words, recognize the types of data as well as data storage, examine the functionality of the computer program, and ultimately document the validated evidence prior to presenting it to courts of law for trial. 5.1 Processes to enhance communication Evidently, lack of better communication between the legal practitioner, forensics investigators, as well as law courts is the only extreme hindrance in carrying out legal process with regard to cyber crime. For this reason, perceptible, unambiguous channels for communication between the legal practitioner, forensics investigators, as well as courts of law in addition to the diverse allied agencies that play a crucial part in cyber forensic investigations, from business organisations to police, are very important for joint effort, information-sharing as well as coordinating legal activities. Undoubtedly, insufficient communication as mentioned by Boddington (2012) can result in interruptions for the forensic investigators thus, dissuading endeavours for collecting digital evidence. Therefore, in cyber forensics there is need of creating positive professional correlations given that group effort between legal practitioners, forensics investigators, as well as courts can improve communication. In addition, creating a certified set of rules for contributing to the legal case with regard to the cyber crime case may be of help in ensuring enhanced communication between three agencies (legal practitioners, forensics investigators, and law courts) and also develop strong connections The Preservation and Presentation of digital evidence Digital evidence as per Newville (2001) can be preserved only if the forensic investigator has a storage location that is secure and proves that the data is reliable. Enhanced way of preserving digital evidence is transferring the evidence to a non-rewritable read-only-memory such as Compact Disc (CD), and the investigators must make two copies and ensure that the cases number, data, and operator’s signature and name are written on top of each CD. Besides that, electronic evidence can easily be recovered through highly developed technology as well as novel-programmed means for locating the needed evidence. Subsequently, the forensic investigator may make use of file slack as well as analytical guides like applicable search key words. Besides that, the investigator may utilize the accessible tools for analyzing digital evidence like Steganography Detection and Windows Registry Decoder. The digital evidence presented in the court of law must by no means be tailored and the persons tasked with the handling of the digital evidence must be knowledgeable and experienced. Furthermore, a documentation of every procedure utilised to the presented digital evidence have to be preserved and the evidence must be available to the third party. The individual in charge of the forensic investigation has legal responsibility for ensuring that the values as well as laws of the digital evidence are strictly followed. Conclusion In conclusion, it has been argued that the internet has provided a soft spot for criminal activities, but equally the internet offers a platform for retrieving digital evidence. Evidently, cyber space has enabled hackers to carry out their illegal activities secretly, but through cyber forensics hackers and cyber terrorists been brought to justice. Fundamentally, cyber crime draws two key issues: firstly, is the legal issues caused by the intricacy of legal structures across the globe to keep up with the technological advancement rate. Secondly, technical issues, which are caused by the rushed alteration in technology as well as the technical shortfalls that have negative impact to investigation results and prosecution of criminals associated with cyber crime. Based on the analysis, it is evident that validation process is the most imperative part of cyber forensics given that any digital evidence that has not been validated cannot be used in the court of law. References Adeyemi, I. R., Razak, S. A., & Azhan, N. A. (2012). Identifying Critical Features For Network Forensics Investigation Perspectives. International Journal of Computer Science and Information Security, 10(9), 106-128. Beckett, J., & Slay, J. (2011). Scientific underpinnings and background to standards and accreditation in digital forensics. Digital Investigation, 8(2), 114-121. Boddington, R. (2012). A Case Study Of The Challenges Of Cyber Forensics Analysis Of Digital Evidence In A Child Pornography Trial. Proceedings of the Conference on Digital Forensics, Security and Law, (pp. 155-171). Cassim, F. (2009). Formulating specialised legislation to address the growing spectre of cybercrime: a comparative study. Potchefstroomse Elektroniese Regsblad, 12(4), 35-79. Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital forensic investigation of cloud storage services. Digital Investigation, 9(2), 81-95. Chung, W., Chen, H., Chan, W., & S. C. (2006). Fighting cybercrime: a review and the Taiwan experience. Decision Support Systems, 41(3), 669-682. Dosi, R., & Khanna, P. (2012). E-Jurisprudence in the Indian Criminal System: Challenging Cyber Crimes in Every Aspect. Law Technology, 45(1), 1-27. Forte, D. V. (2008). Volatile data vs. data at rest: the requirements of digital forensics. Network Security, 2008(6), 13-15. Hunton, P. (2011). A rigorous approach to formalising the technical investigation stages of cybercrime and criminality within a UK law enforcement environment. Digital Investigation, 7(3-4), 105-113. Ieong, R. S. (2006). FORZA – Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3, 29-36. Jaishankar, K. (2010). The Future of Cyber Criminology: Challenges and Opportunities1. International Journal of Cyber Criminology, 4(1/2), 26-31. Kenneally, E. E., & Brown, C. L. (2005). Risk sensitive digital evidence collection . Digital Investigation, 2(2), 101-119. Ma, G., Wang, Z., Zou, L., & Zhang, Q. (2011). Computer Forensics Model Based on Evidence Ring and Evidence Chain. Procedia Engineering, 15, 3663-3667. Martini, B., & Choo, K.-K. R. (2012). An integrated conceptual digital forensic framework for cloud computing . Digital Investigation, 9(2), 71-80. Newville, L. L. (2001). Cyber crime and the courts--Investigating and supervising the information age offender. Federal Probation, 65(2), 11-17. Owen, P., & Thomas, P. (2011). An analysis of digital forensic examinations: Mobile devices versus hard disk drives utilising ACPO & NIST guidelines. Digital Investigation, 8(2), 135-140. Pan, L., & Batten, L. M. (2009). Robust performance testing for digital forensic tools . Digital Investigation, 6(1-2), 71-81. Rogers, M. K., & Seigfried, K. (2004). The future of computer forensics: a needs analysis survey. Computers & Security, 23(1), 12-16. Wright, F. D., & Golden, G. S. (2010). The use of full spectrum digital photography for evidence collection and preservation in cases involving forensic odontology . Forensic Science International, 201(1-3), 59-67. Yen, Y.-S., Lin, I.-L., & Wu, B.-L. (2011). A study on the forensic mechanisms of VoIP attacks: Analysis and digital evidence. Digital Investigation, 8(1), 56-67. Read More