Computer Forensic Tools:
The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.
Programs for ecovering Deleted Files:
There are various programs that can be used for recovering deleted files such as UndeletePlus, Disk…...
mlaReferences:
DeMarco, M. (2012, March 8). Dharun Ravi Found Guilty in Rutgers Webcam Spying Trial.
NJ.com -- True Jersey. Retrieved December 14, 2013, from http://www.nj.com/news/index.ssf/2012/03/state_to_rest_its_case_against.html
Easttom, C. & Taylor, J. (2011). Computer crime, investigation, and the law (1st ed.). Stamford,
CT: Cengage Learning.
Specialized forensic tools will be necessary to retrieve and analyze deleted, renamed and encrypted data that search tools will overlook. Further, forensic tools will help with complex information correlation. For example, to construct a timeline of events it may be necessary to tie network log stamps and data together with database access and usage logs.
Reporting is the final phase of forensic investigation. Here, the article is weak, only recommending the inclusion of summary information about the event and additional details. In the product review section of the article, there is a mention of forensic tools that allow users to add notes, bookmark sections of data and produce detailed reporting.
The article concludes with a comparison of commercially available forensics tools as well as the availability of many open-source solutions. and, it advises that even if the steps outlined above are followed, it will probably still be necessary to hire an…...
mlaBibliography
Biggs, M. (2005, November 14). Computer forensics: Donning your detective hat. http://www.fcw.com/article91394-11-14-05-Print
Such information is collected using packet sniffers which are programs that can access all information passing through a computer, and not only information particularly sent to the computer. The packet sniffer can either pick all the information, or just selected what is needed, and at the specific time when the information passed through the computer. This is then copied into a given memory. However, for the packet sniffers to be used, the investigators must have proper authorization depending on what they are investigation. This is to help protect the privacy of computer users.
Computer forensics also works by disk imaging. This is a process where all information on a disk is copied in the form of an image and looked into. Disk imaging copies all files, both active and inactive, unlike when creating a backup where one only copies active files. One advantage of disk imaging is that it provides…...
Typically, a database uses either the simple recovery model or the full recovery model. The full recovery model can be supplemented by switching to the bulk-logged recovery model before bulk operations." (Microsoft, 2010 P. 2).
Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with log back ups is equivalent of full database back up. Starting the back up from the log transaction is the best practice to perform a full database back-up. The illustration in Fig 2 reveals the strategy to implement a full back up. As being revealed in the Fig 2, the back up starts from the transaction logs and the next step is to schedule the full database back up and file backups at subsequent interval to satisfy our company requirements.…...
mlaReferences
Allaire, P. Augat, J. Jose, J. et al. (2012). Reduce Costs and Risks for Data Migrations. Hitachi White Paper.
Massachusetts Government (2012).South Shore Hospital to Pay $750,000 to Settle Data Breach Allegations. Boston.USA.
Mahoney, M.V. & Chan, P.K. (2011).PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Department of Computer Sciences Florida Institute of Technology.
Microsoft (2010). Introduction to Backup and Restore Strategies in SQL Server. Microsoft Corporation.
i.e. modifying the domain name system.
7. DNS-ased Phishing ("Pharming"): This offense is based on interference in the domain name searching process by modifying the domain name resolution sending the user to a different IP address.
8. Content-Injection Phishing: The phisher introduces fraudulent content into a legitimate website.
9. Data Theft: Malicious code that collects sensitive information stored within the machines in which it is installed.
10. Man-in-the-Middle Phishing: The phisher takes a position between user's PC and the server filtering, reading and modifying information.
11. Hosts File Poisoning: This is another option for pharming. In this case the attack is carried out by the host's card index hosted on DNS' servers.
12. Spear Phishing: One of the newest phishing strategies. It targets a specific company and uses e-mails to train individuals at various locations. (Frost and Sullivan, nd)
It is reported that the types of websites attacked by phishers include such as banks and customers…...
mlaBibliography
Abu-Nimeh, Saeed, Nappa, Dario, Wang, Xinlei, and Nair, Suku (2007) a Comparison of Machine Learning Techniques for Phishing Detection. Southern Methodist University. APWG eCrime Researchers Summit, October 4-5, 2007, Pittsburgh, PA, USA.
Forzieri, Antonio (2008) Reactive Phishing Defenses -- Part 2. 2. Online available at: http://www.symantec.com/connect/blogs/reactive-phishing-defenses-part-2
Gajek, S. & Sadeghi, a. (2008). "A forensic framework for tracing phishers." In the future of identity in the information society. Boston: Springer.
Jakobsson, M. & Myers, S. (2007). Phishing and countermeasures. New York: Wiley.
computer forensics tools and processes used by investigators continually evolve and change over time. Although the material published in the 2008 version of the United States Attorneys' Bulletin includes some stalwart information regarding processes and procedures, the specific issues at stake will have changed drastically in the nearly 8 years since the issue was published. For example, the operating systems and encryption methods would have completely changed from 2008 until 2016. Carroll, Brannon & Song's (2008c) analysis of Vista and its file structure will be outmoded for many individuals or organizations under investigation. Therefore, great care should be taken when investing into computer forensics tools that may be outmoded. Using outmoded tools can seriously jeopardize an investigation and lead to serious loss of credibility on the part of the departments involved and their team leaders. At the same time, computer forensics experts do need to maximize knowledge of retrograde…...
mlaReferences
Carroll, O.L., Brannon, S.K. & Song, T. (2008a). Computer forensics. United States Attorneys' Bulletin 56(1): 1-8.
Carroll, O.L., Brannon, S.K. & Song, T. (2008b). Managing large amounts of electronic evidence. United States Attorneys' Bulletin 56(1): 46-59
Carroll, O.L., Brannon, S.K. & Song, T. (2008c). Vista and BitLocker and Forensics, Oh My! United States Attorneys' Bulletin 56(1): 9-28
Littlefield, M.J. (2008). Demystifying the computer forensic process for trial. United States Attorneys' Bulletin 56(1): 29-45
priorities for any competent computer forensics examiner is the establishment of policies, processes and procedures to govern the structure of your forensics laboratory environment. According to the current Guide to Forensics and Investigations, it is of critical importance that you have first "defined policies, processes, and prescribed procedures before beginning any casework to ensure the integrity of an analysis and its results" (Nelson, Phillips, & Steuart, 2010). In the circumstances described, wherein you have been hired to perform digital investigations and forensics analysis for a company with no preexisting policies, processes or procedures in place, it is paramount that you immediately develop your own guidelines for the operation of your lab environment. The best way to begin would be through carefully researching the forensics lab management guidelines prescribed by the American Society of Crime Lab Directors, which include steps for identifying the duties of your various lab staff members,…...
burgeoning field of computer or digital forensics has multiple applications. As Carroll, Brannon & Song (2008a) point out, the two primary functions of computer forensics include data extraction and data analysis. As with other areas of forensics, methodologies in computer forensics include scientific methods of data collection, data preservation, and data analysis with ultimate goals of documentation or presentation in accordance with the needs and demands of the investigative team. Although computer forensics is relatively new compared to other branches of the field, the methods whereby digital data can be collected and analyzed are systematic to ensure accuracy and validity.
Computer forensics experts should become familiar with the latest operating systems for the purposes of data collection and preservation. For example, Carroll, Brannon & Song (2008b) note that Microsoft Vista's BitLocker provides encryption storage, which has direct ramifications on data extraction and collection by law enforcement. It is also critical…...
mlaReferences
Carroll, O.L., Brannon, S.K. & Song, T. (2008a). Computer forensics. United States Attorneys' Bulletin 56(1): 1-8.
Carroll, O.L., Brannon, S.K. & Song, T. (2008c). Managing large amounts of electronic evidence. United States Attorneys' Bulletin 56(1): 46-59
Carroll, O.L., Brannon, S.K. & Song, T. (2008b). Vista and BitLocker and Forensics, Oh My! United States Attorneys' Bulletin 56(1): 9-28
Littlefield, M.J. (2008). Demystifying the computer forensic process for trial. United States Attorneys' Bulletin 56(1): 29-45
It is thus that technologies which work to yield that crucial data from the memory store of any such device have become so valuable to law enforcement in the age of terrorism. According to the Computer Forensics Tool Testing Program (CFTT), "a cellular forensic tool shall have the ability to logically acquire all application supported data elements present in internal memory without modification" (Ayers, 15)
This is to indicate that such technology should be able to hack into mobile communication devices without detection by the subject, making it a valuable tool in investigating crimes and preventing suspected crimes. The evaluate of its requirements is produced by the CFTT, which is an organization that "provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results." (Ayers, 6)
A major drawback of such technologies, and one that invokes a yet far more complex discussion concerning the…...
mlaWorks Cited:
Ayers, R. (2008). Mobile Device Forensics-Tool Testing. National Institute of Standards and Technology.
Bourque, L. (2008). Five Essential Computer Forensics Tools. Enterprise it Planet.
Online at http://www.enterpriseitplanet.com/security/features/article.php/3786046
Zilla Data Nuker
Test: Zilla Data Nuker
Software Title
Files created or downloaded leave a trace even when deleted. These traces allow skilled computer forensic professionals to retrieve the data. Zillasoft, LLC, a New England-based software developing entity provides Zilla Data Nuker that "Shreds sensitive files so they cannot be recovered or undeleted" according to the promotional material for the software. (Zilla Data Nuker 2.0) Zilla Data Nuker is freely downloadable from the ZDNet site at www.zdnet.com or can be obtained directly from the Zillasoft website at www.zillasoft.ws.
Software Functionality
Zilla Data Nuker uses what the company terms as "shredding algorithms" to obliterate data. Ostensibly the software is designed to be used to improve the functionality of a home or office computer by deleting unnecessary files from the hard drive. Zillasoft also claims that the software can function to help protect the user's privacy by completely destroying information targeted by Zilla Data Nuker. This tool…...
mlaReferences
General Test Methodology. v1.9. (2001). National Institute of Standards and Technology
U.S. Department of Commerce. Retrieved from http://www.cftt.nist.gov/Test%20Methodology%207.doc
Kuchta, Kelly J. (2001). Your Computer Forensic Tookit. Information Systems Security, (10) 49.
Retrieved from Academic Search Premier database.
computer used by the employee has either been compromised physically with a password cracking software (EC-Council,2010;Beaver & McClure,2010) or it has bee compromised remotely with the help of a keylogging software.A keylogger is noted by APWG (2006) as a special crimeware code that is designed with the sole intention of collecting information from the end-user terminal. The stolen information includes every strike of the keyboard which it captures.The most sensitive of the captured information are the user's credentials. Keylogger may also be used to refer to the hardware used for this purpose. The employee's password could also have been shoulder-surfed by his immediate neighbor at the workplace. This could be his coworker who manages to peek and see over his shoulder as he types in sensitive authentication information (password)
Strategy to address the issue as well as the necessary steps for resolving the issue
The strategy for addressing this threat is…...
mlaReferences
Anti-Phising Working Group (2006). Phishing Activity Trends Report
http://www.antiphishing.org/reports/apwg_report_feb_06.pdf
Bem, D and Huebner, E (2007).Computer Forensic Analysis in a Virtual Environment. International Journal of Digital Evidence .Fall 2007, Volume 6 (2)
Forensic Lab
Forensic crime labs are important institutions within the criminal justice system and each lab must be up to standard in order for this system to operate at a high and fair level. A good crime lab begins with a good design based on solid fundamentals and thorough planning. The purpose of this essay is to design a digital forensic crime lab that can be used in a university setting. In order to this, the essay will explain the budgeting process while keeping business objectives in mind. The next step of the design will introduce how the physical controls can be used to implement this design. Criteria for success will also be discussed as well as a suggested floor plan to house the lab.
Budgeting
The setting for this digital forensic lab is within a university setting which denotes that funds could most likely be attained for these purposes. In most cases,…...
mlaReferences
Al Falayleh, M. (2013). Building a Digital Forensic Laboratory For an Educational Institute. American University in the Emirates, 2012. Retrieved from library/web-admin/upload-pdf/00000357.pdfhttp://sdiwc.net/digital -
Mount, M. & Denmark, A. (nd). Digital Forensics: Architectural and Engineering Facility Design Requirements. AIA, . Retrieved from http://www.aia.org/aiaucmp/groups/ek_members/documents/pdf/aiab092706.pdf
Taylor, M. (2012). NIST Offers Guidance on Building 21st Century Forensics Labs. NIST Law Enforcement Standards. Retrieved from http://www.nist.gov/oles/forensics/facilities_forensics.cfm
Vacca, J. & Rudolph, K. (2010). System Forensics, Investigation and Response. Jones & Bartlett Learning; 1 edition (September 24, 2010)
Forensic
According to Elvidge (2014), the first record of the use of forensic entomology is Song Ci (Sung Tz'u), in 13th century China. However, using insects and arthropods like arachnids to aid in forensics investigations is a relatively new field, and one ripe with potential. The most notable applications of forensic entomology are in the identification of time elapsed since death, and the geographic location of death. When applying forensic entomology to homicide and other death studies, the specialist will take into account the various stages of decomposition. Forensic entomology can also be used to elucidate other types of crimes in which any type of decaying organic matter is a clue, in cases of human or animal abuse in which wounds have festered, in analyzing dried blood samples, in the investigation of botanical drug trafficking, and when detecting the presence of drugs in the deceased. Less glamorous but equally as significant…...
mlaReferences
Anderson, G.S. (n.d.). Forensic entomology: the use of insects in death investigations. Retrieved online: http://www.sfu.ca/~ganderso/forensicentomology.htm
Byrd, J.H. (2014). Forensic entomology. Retrieved online: http://www.forensicentomology.com/info.htm
Byrd, J.H. & Castner, J.L. (2009). Forensic Entomology. Boca Raton: CRC Press.
Byrd, J.H., Lord, W.D., Wallace, J.R. & Tomberlin, J.K. (2010). Collection of entomological evidence during legal investigations. Retrieved online: http://www.esf.edu/efb/parry/fsc%20lectures/sampling.pdf
Opportunities abound in the forensics industry today, and the experts suggest that this trend is going to continue to increase in the future. The term "forensics," though, can be applied to a number of different fields; however, all of these disciplines share a common feature in that their work products are specifically used in courts of law or for other legal issues that can mean the difference between life and death in many cases. According to Black's Law Dictionary (1990), the term "forensic" means "belonging to courts of justice," while "forensic engineering" means "the application of the principles and practice of engineering to the elucidation of questions before courts of law" (p. 648). Genetic forensics refers to the diagnosis of otherwise unknown biological material based on analysis of proteins or DNA; this branch of forensics has resulted in hundreds of death row prisoners being freed after they were exonerated through…...
mlaReferences
Avise, J.C. (2004). The hope, hype & reality of genetic engineering: Remarkable stories from agriculture, industry, medicine, and the environment. New York: Oxford University
Press.
Black's law dictionary. (1990). St. Paul, MN: West Publishing Co.
Braga, M. (2004, June 10). Tracking data on dead. Sarasota Herald Tribune, D1.
Computer/Software and the Use of Computer Technology in Investigations
The key advantage of computer forensics is that it can look for and assess loads of data in a swift and efficient manner. Computers are able to search for keywords from hard drives, in various languages. This proves valuable, as cybercriminals are easily able to cross national boundaries over the World Wide Web (Forensic Science, 2009). Computer forensics may be utilized in cases of corporate frauds, thefts, disputes over intellectual property, asset recovery and contract breaches (Forensic Science, 2009).
Important information, which cybercriminals have deleted or which is lost may be recovered and employed as significant court evidence. Professionals in the legal domain can furnish evidences in courts, which were earlier impossible. The field of computer forensics (i.e., electronic evidence) is fairly new; typically, criminal issues are handled through the use of physical evidence. Fortunately, the tool has proven advantageous in the…...
mlaReferences
10 Famous Criminal Cases Cracked by Forensics. (2011, February 1). Retrieved January 15, 2016, from http://www.criminaljusticeschools.org/blog/10-famous-cases-cracked-by-forensics
Forensic Science. (2009). Retrieved January 15, 2016, from http://www.anushreepatil.myewebsite.com/articles/advantages-and-disadvantages-of-computer-forensics.html
University professor helps FBI crack $70 million cybercrime ring. (2012, March 1). Retrieved January 15, 2016, from http://rockcenter.nbcnews.com/_news/2012/03/21/10792287-university-professor-helps-fbi-crack-70-million-cybercrime-ring
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now