The Collection of Digital Information - Coursework Example

COMPUTER FORENSICS Name Institution Instructor Course Date Introduction Computer forensics can be defined as the application of different computer tools in the collection of digital information which can serve as evidence in a court of law (Vacca, 2005, p. 6). This is because most computers are vulnerable to attack by external parties or staffs in the organizations for one reason or the other. The need for digital forensics in many corporate organizations has increased in the past few decades (Daniel & Lars, 2012, p. 4). There has been increased cases of computer crimes, which results from poor computer security systems of poor evidence gathering in these organizations. Understanding digital computer forensics is useful in safeguarding vital information, which can be used as evidence in prosecuting an individual who is suspected to commit a computer crime (Weber, 2009). Therefore, proper identification, collection, examination and preservation of digital information is crucial in order for the digital information to qualify as digital evidence. Digital evidence is volatile; hence it is necessary to use digital forensic tools that are able to capture the data without alteration and store it in safe custody. Therefore, in ensuring that companies are ready for digital forensic and safeguarding digital information, which can serve as digital evidence, there is the need for these companies to develop and implement standard procedure that are in line with the legal process in ensuring that the digital information in their computer is safe from the violation or distortion (Haggerty, & Taylor, 2006, p. 14). In addition, establishing the correct tool in gathering digital evidence is crucial in computer forensics. This report examines that various guidelines, which should be considered by a company in developing a business process framework and procedure manual which will help the company to safeguard its digital information which can serve as digital evidence in case of computer crimes. Purpose and Scope of Report The purpose of this report is to develop a holistic approach in accordance with the management decision to manage digital data in the organization. In formulating and implementation of the framework, this research paper presents the guidelines and the policy making process that should be followed in order to manage digital evidence in the organization (Weber, 2009). This report will help the management in developing and implementing the business process and procedure necessary in managing digital evidence. The basis of the report and the board decision is due to the recent trends in the security of digital information. Most of this information regarding an organization is vulnerable to access by hackers and non-authorized personnel. Additionally, Excellor provides surveillance and analysis software applications and is committed to the management of legal digital data which is crucial in security issues. Therefore, the contents of this report present to the management guidelines and forensic tools that are crucial in developing a business process framework that will ensure proper management of digital evidence. Therefore, this paper form the initial proposal for the development of business process framework in managing digital data as digital evidence (Daniel & Lars, 2012, p. 5). The Need For Corporate Forensic There are many crimes in various organizations such as corporate fraud and employee dishonesty which results from data handling in the company. Most of the crimes that involve digital forensics are not able to make it to the court room simply because there is poor presentation of digital information (Weber, 2009). In addition, there is poor security of digital information in most business organizations. This makes it possible for external parties to interfere with the information in the company server. The violation of the company security policy requires investigation. This is because most organizations do not see the need for forensics consideration in order to comply with the legislative requirements in digital evidence (Pangalos et al., 2010, p. 13). There is the need for corporate forensics in order to investigate what happened in cases of crime, who performed what and when was a crime committed. In implementing corporate forensic, the certain procedures and tools should be employed in order for digital information to qualify as digital evidence. This will help the company management to document digital information to present in a court of law, in cases of crimes (Sommer, 2012, p. 13). Guidelines in Digital Forensics The development of this policy framework is based on the existing guidelines on digital evidence. There are different guidelines, which have been developed by various organizations, which include the International Organization on Computer Evidence, International Association of Computer Investigative Specialists, Digital Evidence in the Information Era, and Digital Evidence and Electronic Signature Law Review. Corporate Digital Information as Digital Evidence There is the need for organizations to preserve digital information, which can be used as digital evidence in a court of law. For information to qualify as digital evidence, the right identification, preservation and documentation procedure should be followed in order to maintain the quality and reliability of the digital information. Therefore, in formulating the business process framework and manual, there is the need to identify and outline the procedure involved in the identification and preservation of corporate data to qualify as digital evidence (Weber, 2009). This means that the digital evidence brought into the courtroom should be accurate and complete just like the physical evidence. Additionally, digital evidence should be able to convince the law marker and the judiciary for evidence to be admissible in the case in which it is presented the manual and business framework should stipulate the security procedures and well as the compliance process in the preservation of digital evidence. The method of capturing the vital computer information is also necessary for digital information to qualify as digital evidence. Poor handling and capturing procedure interferes with digital information hence digital evidence will not be admissible in a court of law. It is crucial for the manual to outline the steps and tools that are used in securing the digital information as well as procedures used in collecting and preservation of digital information (Sommer, 2012, p. 29). Securing the System The information manager in the organization should be able to prevent any loss of information from the data sources. This means that there should be a clear protocol, which prevent digital corporate information from external threats. In securing the data, the information manager should be able to set a backup from the main data server which should enable the information officers to set security measures such as firewalls, authentication requirements and authorization passwords. This will limit the access of information be all staffs of the organization (Kessler, 2008). Additionally, only authorized persons will be able to access the information using their authentication passwords. The framework should include a procedure that will detect unauthorized access of corporate information through internet filters and violation of computer policies. In ensuring that the information on the internet is filtered and restricted, the business process framework should outline the data which should be filtered from the general public. For example, the framework may suggest that all corporate sound and video data will be blocked in the internet. This means that there should be a set of procedure that is useful in alerting the administrator on the need to investigate the breach of information security (Taylor et al., 2007, p. 102). How Digital Information Becomes Evidence The criteria in which digital information becomes digital evidence is dependent on the way this data is collected, and the way in establishing the person who has committed the crime. In developing the manual, there should be a clear process in identifying the individual who has committed offense on the computer. This means that there should be a system that has the ability to trace the activities of a user, and the time the user committed the crime (Pangalos et al., 2010, p. 11). It is also necessary to develop a protocol that will establish the source of crime. This will establish as to whether the crime was committed intentionally by the user or was due to a remote program installed in the computer. Digital information had characteristics that make it as digital evidence. The manual should include the various features of digital evidence feature and how these features can be identified. The digital information can be copied and modified with ease. They are not read directly hence most of it is circumstantial. Therefore, digital data should meet certain criteria in terms of collection, preservation, presentation and recovery in order to be regarded as digital evidence. There criteria involves data admissibility, authentication, and reliability (Endicott-Popovsky et al., 2007, p. 7). Corporate Policy and Legal Rulings The company should be able to develop policies and regulations that are in line with the local and national legal rulings (Pangalos et al., 2010, p. 14). The business process framework and procedure manual should also follow the rule of law during its formulation. The issuers that are related to corporate policy and rulings include information hacking, information leakage by an employee, wrongful termination of an employee, anti-spamming, prostitution, identity theft and cyber stalking. Hence, there is the need to incorporate the procedure that will be used to establish whether the committed crime is an offense under civil law or criminal law (Casey, 2006, p. 69). Moreover, there should be a standard procedure which should be followed in searching for evidence. In this case, the business process framework should include a search warrant form, which is issued in case one is suspected to have committed offense. In the manuals the procedure for searching the individual should be well stipulated in order to ensure that no information is left due to poor searching criteria (Casey, 2006, p. 42). Gathering Evidence and Preservation The trustworthy, reliability and integrity of digital information depends of the collection methods and preservation methods (Casey, 2006, p. 627). This means that the business process framework and manual for procedures should be able to include the digital information gathering procedures that will ensure the integrity of the information. The information to be collected may come from theft of trade, fraud, or any committed crime that is related to digital information (Osterburg, & Ward, 2010, p. 450; Shepp, 2010, p. 403). This information provides the link between the person who committed the crime and the victim. In gathering information, the documentation of items will include the serial number of the evidence or computer, the owner of the computer, the time in which different individual access the computer and any tags that are on the evidence. The evidence is collected on the order of its volatility (Vacca, 2005, p. 220). The procedure that may be included in the business proves framework and procedure manual will consist of taking photographs of evidence, collection of live data such as RAM and hard disk and hard drives. In addition, the business process framework and procedure manual should stipulate the procedures that are necessary in persevering the information. The data should also be packed in the seal where it will not be revised, damaged or added with some other materials. In order to maintain the custody chain, every step in the packaging is recorded. This means that the procedure manual should document all the necessary steps involved in the on-site survey, the search procedure and the packaging and delivery of evidence as well as storage of the evidence (Nelson, 2010, p. 382). Digital Forensic Tools The digital forensic tools assist the law enforcers, the security personnel in an organization and organization management in collecting digital evidence in the appropriate manner possible (Hunt, 2012, p. 376). The digital forensic tools should collect, preserve and examine the digital evidence such as the computer hard drives in regard to any criminal or unlawful activity such as fraud, mismanagement, unauthorized access of vital company information and disclosure of corporate data (Korso, 2009). Since the Excellor serves different security firms and the government, the forensic tool to be procured should be of a high standard and maintain high quality data collection, preservation and analysis. Therefore, the forensic tool should meet the specified guidelines, which include the ability to make a copy of the digital data in the evidence without tampering with the hard drive or the source of the digital information, the tool must be able to search the computer or any device which is deemed to contain digital information, which can serve as digital evidence and detect the data in the computer, and the tools should have limited access to only the authorized personnel of the company or the security firm (Sheetz, 2007, p. 38). Additionally, the procured digital forensic tool should be able to detect anti-forensic devices in the computer or the facility (Rekhis & Boudriga, 2010, p. 34). There are different forensic tools whose procedure may be included in the procedure manual which include forensic acquisition tools, forensic evidence examine and analysis tools. Therefore, the business process framework and procedure manual should determine and identify a program that performs data decryption of digital information that have been encrypted with codes, data extraction from the digital information device and cross reference data from different devices. Identification of the relevant program such as ProDiscover assessment programs is necessary (Nelson, 2010, p. 259). Additionally, there are other digital forensic tools that may be proposed by the business process framework which include first responder tools which give the time and date when information was accessed, the login details of the user and serial numbers of the digital device. Moreover, digital forensic tools should be able to offer authentication to show that the digital data collected was not altered (Narayanan & Ashik, 2012, p. 157). Digital Crime Reporting Lines and Custody Chain In any organization, there should be a reporting line which should be followed in reporting digital evidence crimes. In addition, the staffs in the company should be trained in ways of handling digital information. The business process framework and procedure manual should state and outline the steps that should be followed in reporting cases of corporate crime and offenses that are related to digital information. The staffs should be able to determine the security importance of the information and how to handle it safely (Strickland, 2008). In reporting digital offenses, the digital offense report should contain some vital information, which should be included in the business process framework and procedure manual. The digital information report should clearly state the alleged offense, number of the device used to commit the offense and the date the offense was committed. Therefore, the staffs of the organization should have prior knowledge of reporting and handling of the digital information inn cases of crime. In the event that an offense has occurred there is a chain of custody which must be followed in order to maintain the integrity and reliability of the digital evidence. This involves keeping the true copy of the digital information as well as ensuring that the digital evidence is not altered during its preservation process. Additionally the chain of custody addresses issues relating to the accuracy of information secured and durability (Sheetz, 2007, p. 52). The business process framework and procedure manual should document the necessary chain of custody so that the transfer of digital evidence can be clear and precise. This is to avoid tampering with digital evidence before its intended purpose. The chain of custody in digital evidenced should include the individual who handled the evidence, and the reasons as to why they are in custody of the evidence, the storage place of the digital evidence, and authorizing personnel for the custody of the digital evidence. The procedure manual should also outline the storage facility requirements and storage bags such as plastic and transparent bags that have tamper proof seals. The procedure manual should also stipulate the procedure necessary in the documentation of the chain of custody for the digital evidence. To ensure that the integrity of the digital evidence is maintained, a limited number of individuals should be allowed to access the digital information that will serve as digital evidence (Robbins, 2008). Escalation of Incident Reporting Sometimes there are cases where the digital crime is reported to the relevant authority but there is no action taken in addressing the crime. The business process framework should indicate the necessary steps that should be taken in addressing the crime (Kessler, 2008). In such situations, the business process framework should assume different cases in which the crime should have occurred (Robbins, 2008). The crime can be assumed to have originated from an external party or a staff member who accessed information without authority or willingly disclosed information to third parties of used corporate information for personal gain at the expense of the company. The business process framework should outline the procedure that will involve protecting the organization computer from access by outsiders. This includes establishing access codes and access cards for every staff. This access cards and access codes will be used to access the computer in the organization (Rekhis & Boudriga, 2010, p. 39). In addition, all users of the computers will be served with login passwords, which is unique for every staff member. This will reduce the cases of computer crimes that are hard to establish who committed the crime. The procedure manual and business process framework should also include a network monitoring system that will monitor in which the information technology administrator in the organization will use to monitor the access of computers in the company. Additionally, there should be limited access to the main server room of the organization. The server room should be served with a highly secure system and the business process framework and procedure manual should outline the persons who are authorized to the main server room (Strickland, 2008). Conclusion and Recommendation In any organization, computer forensics is concerned with guideline that protect the digital information in the company. The need for digital forensics in many corporate organizations has increased in the past few decades. There has been increased cases of computer crimes, which results from poor computer security systems of poor evidence gathering in these organizations. This is because, the use of media in a company risks the digital information to other third parties who may use the information for other purposes. Therefore, there is the need for companies to ensure that digital information is safeguarded in the company. This is to make sure that during fraud or computer crimes, it is easy to locate the offender and the crime committed in the organization. The guidelines in this report explain the various ways in which the company can protect its digital information so that it can serve as digital evidence. This report recommends that the guidelines should be adhered, and the board of directors should adopt it in developing the business process framework and procedure manual. Therefore, this report recommends that the management board should create a business process framework and procedure manual that will stipulate the procedure in the management of corporate digital data. These guidelines should also be in line with the local laws that govern digital information so that the digital corporate data can become admissible in a court of law. References Casey, E., 2006. Digital Evidence and Computer Crime. Academic Press Endicott-Popovsky, B., Frincke, D., & Taylor, C., 2007. A Theoretical Framework for Organizational Network Forensic. Journal of Computers, 2 (3): pp. 1-11 Daniel, L., & Lars, D., 2012. Chapter 1 - Digital Evidence Is Everywhere. Digital Forensics for Legal Professionals, pp. 3-9 Haggerty, J., & Taylor, M., 2006. Managing corporate computer forensics. Computer Fraud & Security. 2006 (6): pp. 14 - 16. Hunt, R., 2012. New developments in network forensics — Tools and techniques, Networks (ICON), 2012 18th IEEE International Conference, pp. 376-381 Kessler, G., 2008. Digital Anti-Forensics and the Digital Investigator. Research Paper, Burlington: Champlain College. Korso, M., 2009. Two Popular Anti-Forensic Techniques. November 24, 2009. (Online). Available at: Accessed on 03-05-2013. Narayanan, A., & Ashik, M., 2012. Computer Forensic First Responder Tools," Advances in Mobile Network, Communication and its Applications (MNCAPPS), 2012 International Conference on, vol., no., pp. 156-159, 1-2 Aug. 2012 Nelson, B., 2010. Guide to computer forensics and investigations. Connecticut: Cengage Learning Osterburg, J., & Ward, R., 2010. Chapter 23 - Computers and Technological Crime Criminal Investigation, pp. 547-567. Pangalos, G., Ilioudis, C., & Pagkalos, I., 2010. The Importance of Corporate Forensic Readiness in the Information Security Framework, Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on, pp. 12-16 Rekhis, Slim., & Boudriga, N., 2010. Formal Digital Investigation of Anti-forensic Attacks. Systematic Approaches to Digital Forensic Engineering (SADFE), 2010 Fifth IEEE International Workshop, pp. 33-44. Robbins, J., 2008. An Explanation of Computer Forensics. (Online). Available at: Accessed on 04-05-2013 Sheetz, M., 2007. Computer Forensics: An Essential Guide for Accountants, Lawyers, and Managers. New York: John Wiley & Sons Shepp, D., 2010. Chapter 32 - Crime and Incident Scene Procedures. The Professional Protection Officer, pp. 403-411 Sommer, P., 2012. Digital Evidence, Digital Investigations and E-Disclosure: A Guide to Forensic Readiness for Organisations, Security Advisers and Lawyers. Information Assurance Advisory Council, pp. 1-115 Strickland, J., 2008. How Stuff Works. (Online). Available at: Accessed on 04-5-2013 Taylor, C., Endicott-Popovsky, B., & Frincke, D., 2007. Specifying digital forensics: A forensics policy approach. Digital Investigation, 4 (2007); pp. 101–104. Vacca, J., 2005. Computer forensics: computer crime scene investigation, Volume 1. Connecticut: Cengage Learning Weber, T., 2009. Cybercrime threat rising sharply”, BBC News. (Online). Available at: http://news.bbc.co.uk/2/hi/business/davos/7862549.stm Accessed on 04-05-2013 Read More