Cyber Forensics and Cyber Crime

Question:

Write an essay about the Cyber Forensic.
 

Cyber forensic is an application of investigation that collects and preserve data from computer device for presenting proper evidence (Casey et al., 2014). The term is the context of resolving the case of cyber crime by gathering electronic information in a court of law. Taylor et al., (2014) depict that the faster the technology develops, the more is the chance of intruders to breach the system and hampers the security of the technology as well as the identification, authentication and privacy of an individual. Sometimes people commit offensive activities over the network against governable legislations. This essay mainly focuses on an incident where a person with their supporters uploaded video excerpts of child pornography that the forensic expert intends to find and makes them punishable. This assignment mainly emphasizes on the cyber forensic environment and some of the focused digital evidence respect to that. Furthermore, fundamental principles of the cyber forensics will be discussed along with the found issues and appropriates remedies to resolve those adversities.

Cyber forensics mainly emphasize on the cyber crime which majorly accentuate on the computer content related crime like uploading child pornography video excerpts in the computer network system, incriminating information stored digital information from any organization and breaches of information that results in violence for the Institute (Kerr, 2015). All these activities are illegal to perform, and the people who conduct or are associated with these activities are criminal in the viewpoint of decision-makers in court. Ruan et al., (2013) illustrate that one of the major issues in the cyber crime is uploading the offensive video like child pornography on the internet. One such case is seen in the year 2007 where a person is charged with 16 charges of trafficking those videos in the concerned issue. The person uploaded the video to some internet sites several times using different aliases every time. The Maine State Police Computer Crimes Unit was in charge of this cyber crime to find the prime offender. Nelson et al., (2015) illustrate that these experts investigate from the beginning and find digital evidence by utilizing by the fundamental principle of cyber forensics flow, which they find the issues and take appropriate steps to mitigate the adverse situation. 

In the context of the key principle of the cyber forensic, the rule that is undertaken for collecting data in which the evidence will be handled and have the permissive importance in the court. Some fundamental principle that should be mainly emphasized is the procedure of digital evidence collection without any interruption in the initial data (Gayed et al., 2013). Secondly, all the digital evidence that is obtained during the investigation must be documented carefully to proof the actual circumstance. Lastly, the data that is collected in the forensic process in the cyber crime must be analyzed and manipulated only by the forensically competent experts.

Bashir, (2014) states that, a cyber investigation follows a four step process methodology – the first step is to identify and to collect the electronic devices that may be used as a source of evidence or form where the evidence can be found from the crime scene. Saleem et al., (2014) depict that the second step to consider is the perseverance of the obtained data from the device is fragile and can be hampered quickly. The third phase comprises of the examination of the data to prove the chief culprit of the criminal activity and the final step is to formulate a report so that appropriate punishments can be given to the guilty by the decision-makers of the court (Pringle & Burgess 2014).

Fundamental Principles of Cyber Forensics

The case is handed over to the Maine State Police Computer Crimes Unit and they are first trying to find out the network system or the digital devices from where the criminal operated the system and uploaded those video excerpts. Mark, (2014) portrays that the internet experts also report and locates that several number of child pornography is being uploaded in the photo section of the website. These expert reports to Maine State Police Computer Crimes Unit for finding out evidence by investigating the digital electronic devices like computers, pen-drives and other external hard-drives.

Proceeding in this way, they have found many chat conversation related to the sexual activities with children of 4-6years of age. Moreover, Shulman and Waidner, (2014) many video excerpts also have found of child pornography along with the details of the guiltdepict that the login details on the internet for uploading video were noted down in the audit log. Relying on the obtained evidence a report is being formulated that comprise of the details of all users that are the partner in crime in to that network. 

The third process resembles the examination of the data that is accomplished by taking backup of all the files in an external hard disk so that proper evidence can be safely stored by the forensics. Gayed et al., (2012) demonstrate that an initial systematic scanning of these devices will be installed for scanning all the found evidence, and further assessment will be preceded by the suspected activities that transgress the legislative regulations. Further assessment will be carried out for extracting evidence if fraudulence will be suspected by deviation from one source to the other by the procedure of the crosschecking of the available sources (Harichandran et al., 2016). 

The fourth step will be supported when all the evidence is generated in the log and documented format so that the criminal can get appropriate punishment for their offensive activities (Casey et al., 2014). In the concerned case, the chats between the crime partners are recorded and the login detail of the network is arranged in the log format that makes the judge or the decision-maker of the court take ethical decision for 18 U.S.C. Chapter 110, Sexual Exploitation and Other Abuse of Children.

Process for identifying issues in cyber forensic investigation comprise of four steps – Collection, Examination, Analysis and reporting.

Figure1: Process of Cyber Forensic Investigation or digital evidence

(Source: Created by Author)

Collection: In this process, the experts seize the digital evidence they found from the criminal. Martini and Choo, (2012) mentions that primarily, the specialists in the cyber forensics explore the cyber-trail and follow the collection method step-by-step procedure so that no single evidence will be left behind. In order to support this process, the expert seizes all the digital media equipment and investigates for the data and information.

Examination: This process signifies the application of the appropriate techniques for identifying and extracting the data from the seized devised. In this process, the experts often copy the found evidence and work on the copied materials to maintain the integrity of the original evidence. This procedure also comprises of the evidence handling and retention by establishing guidelines for prioritizing and assigning examination for the determination of the effective method for finding out the criminal.

Case Study and Investigation Process

Analysis: The obtained evidence that is found from the digital devices are analyzed in this process to prove the criminal activities of the scandalous person. Patrascu and Patriciu, (2013) illustrate that he proceeding of the evidence extraction is also performed here, which signifies the data recovery that is found during the investigation from the criminal’s devices. These experts preserve the obtained evidence from the digital media equipment from the illegal by using standard operating procedures (SOP).

Reporting: In this process, the gathered and the proved data is documented in report format or present in document format to government bodies.

There are several ways by which the cyber investigation can be performed to obtain evidence. Traditionally the data is extracted from the computer by investigation of the hard-drives and examining the content. However, intruders use modern ways of interruptions and expert have to adopt to complete their exploration. The first process is to develop a controlled lab environment for performing imaging of the found evidence that is copying of flash drives, hard drives and other storage devices (Stirland et al., 2014). In context with the selected circumstance, the person store the child pornography videos in their computer hard-disk and other CD-ROMs for later uploads along with their chat conversation is being saved in the drives which contain extensive information regarding the crime they are committing.

The next advance step is the dead analysis. The next procedure that the experts have applied is the Dead analysis of the digital evidence which is also known as dead forensic acquisition or static acquisition. Vaughn et al., (2013) states that this analysis is used when the criminal turn off the computer devices and removing hard-disk protected by robust passwords so that the experts can retrieve no data. However, experts manage to unlock the data even in the turn-off mode of the windows. The criminal in the concerned case when charged by 16 cases for uploading the child pornography turn off all the devices after giving secured passwords that are hard to break. The dead analysis also has the importance of analyzing the fingerprints on equipment for obtaining physical evidence like DNA.  

Moreover, live-analysis technique is used in some cases by the cyber experts where the professionals retrieve data before shutting it down of the system. This analysis helps the experts for finding quick and up-front evidence so that the investigation can be started immediately. Timeframe Analysis, application and file handling and data hiding analysis are a further concern of the experts for resolving the case (Cook et al., 2016). Timeframe analysis resembles the determination of occurred events on a computer system and the associated part of the network. It also reviews the time and date stamps for linking the corrupted files with the time frame to collect appropriate evidence.

Intruders have the tendency to hide their records so that investigators cannot easily identify it. As a result, expert proceeds with a general methodology to find whether the user protects the data intentionally or not by correlating the file header with file extensions for any file matching circumstances. In application and file handling, the forensics expert reviews the file and software in the computer system and then correlating the files name and their extension types with the existing software in the system of equipment (Andress & Winterfeld, 2013). Moreover, in the context of data hiding analysis, encrypted files, password-protected and compressed files is evaluated for concealing the data from the intruder and gain access to the host-protected area (HPA) by using advanced tools. 

Identifying Issues in Cyber Forensic Investigation

Almulla et al., (2013) mentions that the rapid development and implementation of modern technologies make it difficult for cyber analysts to recover evidence from the digital devices like computers, cellphones, tablets and other external hard disks. The general tendency of every human is to save data in secondary devices like hard drives, backup storage media, databases, personal digital devices, Zip drives and virtual any electronic devices. Modern technology also makes the person enable for storing their data in cloud technology so that they can manipulate various data at once. Dezfoli et al., (2013) illustrate that the cyber forensic expert retrieves the preserved data by any individual that is either deleted or inaccessible information through standard computing methods. These experts have a multitude of the court-recognized software program by which the hidden data by the criminal can be identified (Kott et al., 2014). Numerous forensic tools are also available like Wireshark, which is used to analyze the traffic on the network and can assess the information in these system by logging in it. NetworkMiner is another software application that is used by cyber forensics to recover data from the electronic device. The software developers also developed an appropriate application that can help cyber forensics to recover deleted data recover them. EnCase is a Forensic Toolkit that is used for cyber-security and e-discovery. 

Conclusion

A circumstance when there is evidence present in the electronic device that is investigated by the forensic expert for a trial court case is known as the digital forensic.  A fundamental principle of the digital evidence is to identify and to collect the electronic devices by seizing the digital devices of the intruder, who is responsible for uploading child pornography in internet sites. The second and the third principle is to preserve the obtained data by examination of the data by the use of appropriate tools and software. The ultimate step is to formulate a report so that the evidence that the person is doing illegal activities can be present in documented way to present it in court. Furthermore, four steps – Collection, Examination, Analysis and reporting of the obtained data from the digital media equipment of the criminal, also assess the process for finding out issues and recovering.  

References

Almulla, S., Iraqi, Y., & Jones, A. (2013, December). A Distributed Snapshot Framework for Digital Forensics Evidence Extraction and Event Reconstruction from Cloud Environment. In Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on (Vol. 1, pp. 699-704). IEEE.

Andress, J., & Winterfeld, S. (2013). Cyber warfare: techniques, tactics and tools for security practitioners. Elsevier.

Bashir, M., Applequist, J. A., Campbell, R. H., DeStefano, L., Garcia, G. L., & Lang, A. (2014, January). Development and dissemination of a new multidisciplinary undergraduate curriculum in digital forensics. InProceedings of the Conference on Digital Forensics, Security and Law (p. 161). Association of Digital Forensics, Security and Law.

Casey, E., Blitz, A., & Steuart, C. (2014). Digital Evidence and Computer Crime.

Cook, A., Nicholson, A., Janicke, H., Maglaras, L., & Smith, R. (2016). Attribution of Cyber Attacks on Industrial Control Systems.

Dezfoli, F. N., Dehghantanha, A., Mahmoud, R., Sani, N. F. B. M., & Daryabar, F. (2013). Digital forensic trends and future. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), 48-76.

Gayed, T. F., Lounis, H., & Bari, M. (2012). Cyber forensics: representing and (im) proving the chain of custody using the semantic web. Proc COGNITIVE, 1923-2012.

Gayed, T. F., Lounis, H., Bari, M., & Nicolas, R. (2013). Cyber Forensics: Representing and Managing Tangible Chain of Custody Using the Linked Data Principles. In The international conference on Advanced Cognitive technologies and Application (IARIA), Valencia (pp. 87-96).

Harichandran, V. S., Breitinger, F., Baggili, I., & Marrington, A. (2016). A cyber forensics needs analysis survey: Revisiting the domain’s needs a decade later. Computers & Security, 57, 1-13.

Kerr, O. S. (2015). Executing Warrants for Digital Evidence: The Case for Use Restrictions on Nonresponsive Data. Texas Tech Law Review (Forthcoming).

Kott, A., Wang, C., & Erbacher, R. F. (2014). Cyber Defense and Situational Awareness. New York: Springer.

Mark, N. (2014). The increasing need for cyber forensic awareness and specialisation in army.

Martini, B., & Choo, K. K. R. (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation, 9(2), 71-80.

Nelson, B., Phillips, A., & Steuart, C. (2015). Guide to computer forensics and investigations. Cengage Learning.

Nestler, V., Harrison, K., Hirsch, M., & Conklin, W. A. (2014). Principles of Computer Security Lab Manual.

Patrascu, A., & Patriciu, V. V. (2013, May). Beyond digital forensics. A cloud computing perspective over incident response and reporting. In Applied Computational Intelligence and Informatics (SACI), 2013 IEEE 8th International Symposium on (pp. 455-460). IEEE.

Ruan, K., Carthy, J., Kechadi, T., & Baggili, I. (2013). Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investigation, 10(1), 34-43.

Saleem, S., Popov, O., & Bagilli, I. (2014). Extended abstract digital forensics model with preservation and protection as umbrella principles.Procedia Computer Science, 35, 812-821.

Shulman, H., & Waidner, M. (2014). DNSSEC for cyber forensics. EURASIP Journal on Information Security, 2014(1), 1-14.

Stirland, J., Jones, K., Janicke, H., & Wu, T. (2014). Developing Cyber Forensics for SCADA Industrial Control Systems. In The International Conference on Information Security and Cyber Forensics (InfoSec2014) (pp. 98-111). The Society of Digital Information and Wireless Communication.

Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. Prentice Hall Press.

Vaughn, R. B., Morris, T., & Sitnikova, E. (2013, January). Development & expansion of an industrial control system security laboratory and an international research collaboration. In Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (p. 18). ACM.