فا

‫ Cyber Forensics - Computers

IRCAR201206144
ID :IRCAR201206144
Date: 2012-06-17
Technology has taken the world by storm in recent decades; the advent of the computer has completely revolutionized the way humans live, work and play. Particularly, computers have affected businesses in numerous ways, allowing them to run more efficiently. However, there is a dark side to computers, where individuals use them to carry out malicious assaults. These assaults range from fraud and identity theft to hacking, embezzlement and a wide array of other activities. When these individuals are caught, specialists are called upon to seize and gather information from the computers used in crimes. Computer forensics is the science of locating; extracting and analyzing types of data from different devices, which specialists then interpret to serve as legal evidence.
Computer crimes have been happening for nearly 50 years, since computers have been used in production. Evidence can be derived from computers and then used in court against suspected individuals. Initially, judges accepted the computer-derived evidence as no different from other forms of evidence. However, as data became more ambiguous with the advancement of computers, computer-derived evidence was not considered as reliable. Therefore, the government has stepped in and addressed some of these issues. It is important to note that evidence gathered from computers is subject to the same standards as evidence gathered from any other type of crime scene. Computer evidence is like any other evidence; it must be authentic, accurate, complete, convincing to juries, and in conformity with common law and legislative rules (admissible). Thus, the evidence gathered from suspected computer-related crimes must conform to the same standards as other evidence to be credible.
Computer-related Crimes
Since computers are everywhere and have virtually penetrated all industries, computer forensics can be helpful when a computer crime has been committed. Criminal prosecutors use computer evidence in a variety of ways for various types of crimes where incriminating documents or files can be found. For example, in instances of homicide, financial fraud, drug and embezzlement record keeping, and child pornography, prosecutors can hire computer forensics specialists to gather data that can be used in court. Insurance agencies have the ability to mitigate costs if insurance fraud has taken place (e.g., computer evidence that pertains to the possibility of fraud in accident, arson or worker's compensation cases). Civil litigations can use personal and business records found on computers and various media that could possibly bear on discrimination, divorce or harassment cases. Corporations sometimes hire computer forensics specialists to gather evidence when certain threatening issues arise, such as the leak of internal and confidential information, embezzlement, theft, or unlawful access to internal computers. Employees may also hire specialists to build a case against a particular corporation. For example, an employee may try to gather evidence to support a claim of age or race discrimination, or wrongful termination. Should incriminating evidence be discovered from any of the instances mentioned above, it can be used against the accused party in court.
Computer criminals can infiltrate systems on various platforms and commit a wide array of crimes. Typically, the systems that the criminals attempt to penetrate are protected with some type of security device to inhibit access. Some of these crimes include hacking web sites for bank account information, credit card information and personal identification, or stealing trade secrets from a company or government institution. For virtually any crime that is committed using a computer in some form, forensics specialists can be called upon to gather evidence against the accused individuals.
Criminals can use computers in two ways to carry out their activities. First, they may utilize the computer as a repository, also known as a database, to house the information they have acquired. For example, if a criminal is collecting credit card or personal identification information, he/she might create flat files, such as a text file, to copy and record the retrieved information for later use. The criminal can also create a database if he/she has a large list of information to easily run queries against to extract the type of information desired.
Criminals also use computers as a tool to commit crimes. They utilize their ability to connect to the Internet and various other types of networks. The computer simply needs a modem or Ethernet card to connect. The criminal may then connect to bank networks, home networks, office networks or virtual private networks (VPNs). The individual can utilize a number of tools to gain access to these networks and their data. The criminal might also use ghost terminals, which are machines not owned by the individual but used to carry out unlawful activities. For example, a hacker may connect to a computer that he/she hacked on a university campus, and then launch attacks from that computer and possibly store data on it. Agents should consider the possibility that the computer user has stored valuable information at some remote location. Specialists will need to survey and assess various avenues during an investigation, even those that are not immediately obvious at the crime scene.
Source:
Computer forensics overview by Fredrick Gallegos, CISA, CDE, CGFM

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 مرداد 1393

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0