CHAPTER 1 THE SELECTION OF A RESEARCH APPROACH
Research approaches are plans and the procedures for research that span the steps from broad assumptions to detailed methods of data collection, analysis, and interpretation. This plan involves several decisions, and they need not be taken in the order in which they make sense to us and the order of their presentation here. The overall decision involves which approach should be used to study a topic. Informing this decision should be the philosophical assumptions the researcher brings to the study; procedures of inquiry (called research designs); and specific research methods of data collection, analysis, and interpretation. The selection of a research approach is also based on the nature of the research problem or issue being addressed, the researchers’ personal experiences, and the audiences for the study. Thus, in this book, research approaches, research designs, and research methods are three key terms that represent a perspective about research that presents information in a successive way from broad constructions of research to the narrow procedures of methods.
THE THREE APPROACHES TO RESEARCH
In this book, three research approaches are advanced: (a) qualitative, (b) quantitative, and (c) mixed methods. Unquestionably, the three approaches are not as discrete as they first appear. Qualitative and quantitative approaches should not be viewed as rigid, distinct categories, polar opposites, or dichotomies. Instead, they represent different ends on a continuum (Creswell, 2015; Newman & Benz, 1998). A study tends to be more qualitative than quantitative or vice versa. Mixed methods research resides in the middle of this continuum because it incorporates elements of both qualitative and quantitative approaches.
Often the distinction between qualitative research and quantitative research is framed in terms of using words (qualitative) rather than numbers (quantitative), or better yet, using closed-ended questions and responses (quantitative hypotheses) or open-ended questions and responses (qualitative interview questions). A more complete way to view the gradations of differences between them is in the basic philosophical assumptions researchers bring to the study, the types of research strategies used in the research (e.g., quantitative experiments or qualitative casestudies), and the specific methods employed in conducting these strategies (e.g., collecting data quantitatively on instruments versus collecting qualitative data through observing a setting). Moreover, there is a historical evolution to both approaches—with the quantitative approaches dominating the forms of research in the social sciences from the late 19th century up until the mid-20th century. During the latter half of the 20th century, interest in qualitative research increased and along with it, the development of mixed methods research. With this background, it should prove helpful to view definitions of these three key t ...
CHAPTER 1 THE SELECTION OF A RESEARCH APPROACHResearch approac
1. CHAPTER 1 THE SELECTION OF A RESEARCH APPROACH
Research approaches are plans and the procedures for research
that span the steps from broad assumptions to detailed methods
of data collection, analysis, and interpretation. This plan
involves several decisions, and they need not be taken in the
order in which they make sense to us and the order of their
presentation here. The overall decision involves which approach
should be used to study a topic. Informing this decision should
be the philosophical assumptions the researcher brings to the
study; procedures of inquiry (called research designs); and
specific research methods of data collection, analysis, and
interpretation. The selection of a research approach is also
based on the nature of the research problem or issue being
addressed, the researchers’ personal experiences, and the
audiences for the study. Thus, in this book, research
approaches, research designs, and research methods are three
key terms that represent a perspective about research that
presents information in a successive way from broad
constructions of research to the narrow procedures of methods.
THE THREE APPROACHES TO RESEARCH
In this book, three research approaches are advanced: (a)
qualitative, (b) quantitative, and (c) mixed methods.
Unquestionably, the three approaches are not as discrete as they
first appear. Qualitative and quantitative approaches should not
be viewed as rigid, distinct categories, polar opposites, or
dichotomies. Instead, they represent different ends on a
continuum (Creswell, 2015; Newman & Benz, 1998). A study
tends to be more qualitative than quantitative or vice versa.
Mixed methods research resides in the middle of this continuum
because it incorporates elements of both qualitative and
quantitative approaches.
2. Often the distinction between qualitative research and
quantitative research is framed in terms of using words
(qualitative) rather than numbers (quantitative), or better yet,
using closed-ended questions and responses (quantitative
hypotheses) or open-ended questions and responses (qualitative
interview questions). A more complete way to view the
gradations of differences between them is in the basic
philosophical assumptions researchers bring to the study, the
types of research strategies used in the research (e.g.,
quantitative experiments or qualitative casestudies), and the
specific methods employed in conducting these strategies (e.g.,
collecting data quantitatively on instruments versus collecting
qualitative data through observing a setting). Moreover, there is
a historical evolution to both approaches—with the quantitative
approaches dominating the forms of research in the social
sciences from the late 19th century up until the mid-20th
century. During the latter half of the 20th century, interest in
qualitative research increased and along with it, the
development of mixed methods research. With this background,
it should prove helpful to view definitions of these three key
terms as used in this book:
· Qualitative research is an approach for exploring and
understanding the meaning individuals or groups ascribe to a
social or human problem. The process of research involves
emerging questions and procedures, data typically collected in
the participant’s setting, data analysis inductively building from
particulars to general themes, and the researcher making
interpretations of the meaning of the data. The final written
report has a flexible structure. Those who engage in this form of
inquiry support a way of looking at research that honors an
inductive style, a focus on individual meaning, and the
importance of reporting the complexity of a situation.
· Quantitative research is an approach for testing objective
3. theories by examining the relationship among variables. These
variables, in turn, can be measured, typically on instruments, so
that numbered data can be analyzed using statistical procedures.
The final written report has a set structure consisting of
introduction, literature and theory, methods, results, and
discussion. Like qualitative researchers, those who engage in
this form of inquiry have assumptions about testing theories
deductively, building in protections against bias, controlling for
alternative or counterfactual explanations, and being able to
generalize and replicate the findings.
· Mixed methods research is an approach to inquiry involving
collecting both quantitative and qualitative data, integrating the
two forms of data, and using distinct designs that may involve
philosophical assumptions and theoretical frameworks. The cor e
assumption of this form of inquiry is that the integration of
qualitative and quantitative data yields additional insight
beyond the information provided by either the quantitative or
qualitative data alone.
These definitions have considerable information in each one of
them. Throughout this book, we will discuss the parts of the
definitions so that their meanings will become clear to you as
you read ahead.
THREE COMPONENTS INVOLVED IN AN APPROACH
Two important components in each definition are that the
approach to research involves philosophical assumptions as well
as distinct methods or procedures. The broad research approach
is the plan or proposal to conduct research, involves the
intersection of philosophy, research designs, and specific
methods. A framework that we use to explain the interaction of
these three components is seen in Figure 1.1. To reiterate, in
planning a study, researchers need to think through the
philosophical worldview assumptions that they bring to the
4. study, the research design that is related to this worldview, and
the specific methods or procedures of research that translate the
approach into practice.
Figure 1.1 A Framework for Research—The Interconnection of
Worldviews, Design, and Research Methods
Philosophical Worldviews
Although philosophical ideas remain largely hidden in research
(Slife & Williams, 1995), they still influence the practice of
research and need to be identified. We suggest that individuals
preparing a research proposal or plan make explicit the larger
philosophical ideas they espouse. This information will help
explain why they chose qualitative, quantitative, or mixed
methods approaches for their research. In writing about
worldviews, a proposal might include a section that addresses
the following:
· The philosophical worldview proposed in the study
· A definition of basic ideas of that worldview
· How the worldview shaped their approach to research
We have chosen to use the term worldview as meaning “a basic
set of beliefs that guide action” (Guba, 1990, p. 17). Others
have called them paradigms (Lincoln, Lynham, & Guba, 2011;
Mertens, 2010); epistemologies and ontologies (Crotty, 1998),
or broadly conceived research methodologies (Neuman, 2009).
We see worldviews as a general philosophical orientation about
the world and the nature of research that a researcher brings to a
study. Individuals develop worldviews based on their discipline
orientations and research communities, advisors and mentors,
and past research experiences. The types of beliefs held by
individual researchers based on these factors will often lead to
embracing a strong qualitative, quantitative, or mixed methods
approach in their research. Although there is ongoing debate
5. about what worldviews or beliefs researchers bring to inquiry,
we will highlight four that are widely discussed in the
literature: postpositivism, constructivism, transformative, and
pragmatism. The major elements of each position are presented
in Table 1.1.
The Postpositivist Worldview
The postpositivist assumptions have represented the traditional
form of research, and these assumptions hold true more for
quantitative research than qualitative research. This worldview
is sometimes called the scientific method, or doing science
research. It is also called positivist/postpositivist research,
empirical science, and postpositivism. This last term is called
postpositivism because it represents the thinking after
positivism, challenging the traditional notion of the absolute
truth of knowledge (Phillips & Burbules, 2000) and recognizing
that we cannot be absolutely positive about our claims of
knowledge when studying the behavior and actions of humans.
The postpositivist tradition comes from 19th-century writers,
such as Comte, Mill, Durkheim, Newton, and Locke (Smith,
1983) and more recently from writers such as Phillips and
Burbules (2000).
Postpositivists hold a deterministic philosophy in which causes
(probably) determine effects or outcomes. Thus, the problems
studied by postpositivists reflect the need to identify and assess
the causes that influence outcomes, such as those found in
experiments. It is also reductionistic in that the intent is to
reduce the ideas into a small, discrete set to test, such as the
variables that comprise hypotheses and research questions. The
knowledge that develops through a postpositivist lens is based
on careful observation and measurement of the objective reality
that exists “out there” in the world. Thus, developing numeric
measures of observations and studying the behavior of
individuals becomes paramount for a postpositivist. Finally,
6. there are laws or theories that govern the world, and these need
to be tested or verified and refined so that we can understand
the world. Thus, in the scientific method —the accepted
approach to research by postpositivists—a researcher begins
with a theory, collects data that either supports or refutes the
theory, and then makes necessary revisions and conducts
additional tests.
Table 1.1 Four Worldviews
In reading Phillips and Burbules (2000), you can gain a sense of
the key assumptions of this position, such as the following:
1.Knowledge is conjectural (and antifoundational) —absolute
truth can never be found. Thus, evidence established in research
is always imperfect and fallible. It is for this reason that
researchers state that they do not prove a hypothesis; instead,
they indicate a failure to reject the hypothesis.
2.Research is the process of making claims and then refining or
abandoning some of them for other claims more strongly
warranted. Most quantitative research, for example, starts with
the test of a theory.
3.Data, evidence, and rational considerations shape knowledge.
In practice, the researcher collects information on instruments
based on measures completed by the participants or by
observations recorded by the researcher.
4.Research seeks to develop relevant, true statements, ones that
can serve to explain the situation of concern or that describe the
causal relationships of interest. In quantitative studies,
researchers advance the relationship among variables and pose
this in terms of questions or hypotheses.
5.Being objective is an essential aspect of competent inquiry;
researchers must examine methods and conclusions for bias. For
example, standard of validity and reliability are important in
7. quantitative research.
The Constructivist Worldview
Others hold a different worldview. Constructivism or social
constructivism (often combined with interpretivism) is such a
perspective, and it is typically seen as an approach to
qualitative research. The ideas came from Mannheim and from
works such as Berger and Luckmann’s (1967) The Social
Construction of Reality and Lincoln and Guba’s (1985)
Naturalistic Inquiry. More recent writers who have summarized
this position are Lincoln and colleagues (2011), Mertens (2010),
and Crotty (1998), among others. Social constructivists believe
that individuals seek understanding of the world in which they
live and work. Individuals develop subjective meanings of their
experiences—meanings directed toward certain objects or
things. These meanings are varied and multiple, leading the
researcher to look for the complexity of views rather than
narrowing meanings into a few categories or ideas. The goal of
the research is to rely as much as possible on the partici pants’
views of the situation being studied. The questions become
broad and general so that the participants can construct the
meaning of a situation, typically forged in discussions or
interactions with other persons. The more open-ended the
questioning, the better, as the researcher listens carefully to
what people say or do in their life settings. Often these
subjective meanings are negotiated socially and historically.
They are not simply imprinted on individuals but are formed
through interaction with others (hence social constructivism)
and through historical and cultural norms that operate in
individuals’ lives. Thus, constructivist researchers often address
the processes of interaction among individuals. They also focus
on the specific contexts in which people live and work in order
to understand the historical and cultural settings of the
participants. Researchers recognize that their own backgrounds
shape their interpretation, and they position themselves in the
8. research to acknowledge how their interpretation flows from
their personal, cultural, and historical experiences. The
researcher’s intent is to make sense of (or interpret) the
meanings others have about the world. Rather than starting with
a theory (as in postpositivism), inquirers generate or inductively
develop a theory or pattern of meaning.
For example, in discussing constructivism, Crotty (1998)
identified several assumptions:
1.Human beings construct meanings as they engage with the
world they are interpreting. Qualitative researchers tend to use
open-ended questions so that the participants can share their
views.
2.Humans engage with their world and make sense of it based
on their historical and social perspectives—we are all born into
a world of meaning bestowed upon us by our culture. Thus,
qualitative researchers seek to understand the context or setting
of the participants through visiting this context and gathering
information personally. They also interpret what they find, an
interpretation shaped by the researcher’s own experiences and
background.
3.The basic generation of meaning is always social, arising in
and out of interaction with a human community. The process of
qualitative research is largely inductive; the inquirer generates
meaning from the data collected in the field.
The Transformative Worldview
Another group of researchers holds to the philosophical
assumptions of the transformative approach. This position arose
during the 1980s and 1990s from individuals who felt that the
postpositivist assumptions imposed structural laws and theories
that did not fit marginalized individuals in our society or issues
of power and social justice, discrimination, and oppression that
9. needed to be addressed. There is no uniform body of literature
characterizing this worldview, but it includes groups of
researchers that are critical theorists; participatory action
researchers; Marxists; feminists; racial and ethnic minorities;
persons with disabilities; indigenous and postcolonial peoples;
and members of the lesbian, gay, bisexual, transsexual, and
queer communities. Historically, the transformative writers
have drawn on the works of Marx, Adorno, Marcuse, Habermas,
and Freire (Neuman, 2009). Fay (1987), Heron and Reason
(1997), Kemmis and Wilkinson (1998), Kemmis and McTaggart
(2000), and Mertens (2009, 2010) are additional writers to read
for this perspective.
In the main, these inquirers felt that the constructivist stance
did not go far enough in advocating for an action agenda to help
marginalized peoples. A transformative worldview holds that
research inquiry needs to be intertwined with politics and a
political change agenda to confront social oppression at
whatever levels it occurs (Mertens, 2010). Thus, the research
contains an action agenda for reform that may change lives of
the participants, the institutions in which individuals work or
live, and the researcher’s life. Moreover, specific issues need to
be addressed that speak to important social issues of the day,
issues such as empowerment, inequality, oppression,
domination, suppression, and alienation. The researcher often
begins with one of these issues as the focal point of the study.
This research also assumes that the inquirer will proceed
collaboratively so as to not further marginalize the participants
as a result of the inquiry. In this sense, the participants may
help design questions, collect data, analyze information, or reap
the rewards of the research. Transformative research provides a
voice for these participants, raising their consciousness or
advancing an agenda for change to improve their lives. It
becomes a united voice for reform and change.
This philosophical worldview focuses on the needs of groups
10. and individuals in our society that may be marginalized or
disenfranchised. Therefore, theoretical perspectives may be
integrated with the philosophical assumptions that construct a
picture of the issues being examined, the people to be studied,
and the changes that are needed, such as feminist perspectives,
racialized discourses, critical theory, queer theory, and
disability theory—theoretical lens to be discussed more in
Chapter 3.
Although these are diverse groups and our explanations here are
generalizations, it is helpful to view the summary by Mertens
(2010) of key features of the transformative worldview or
paradigm:
· It places central importance on the study of lives and
experiences of diverse groups that have traditionally been
marginalized. Of special interest for these diverse groups is how
their lives have been constrained by oppressors and the
strategies that they use to resist, challenge, and subvert these
constraints.
· In studying these diverse groups, the research focuses on
inequities based on gender, race, ethnicity, disability, sexual
orientation, and socioeconomic class that result in asymmetric
power relationships.
· The research in the transformative worldview links political
and social action to these inequities.
· Transformative research uses a program theory of beliefs
about how a program works and why the problems of
oppression, domination, and power relationships exist.
The Pragmatic Worldview
Another position about worldviews comes from the pragmatists.
Pragmatism derives from the work of Peirce, James, Mead, and
Dewey (Cherryholmes, 1992). Other writers include Murphy
(1990), Patton (1990), and Rorty (1990). There are many forms
11. of this philosophy, but for many, pragmatism as a worldview
arises out of actions, situations, and consequences rather than
antecedent conditions (as in postpositivism). There is a concern
with applications—what works—and solutions to problems
(Patton, 1990). Instead of focusing on methods, researchers
emphasize the research problem and question and use all
approaches available to understand the problem (see Rossman &
Wilson, 1985). As a philosophical underpinning for mixed
methods studies, Morgan (2007), Patton (1990), and Tashakkori
and Teddlie (2010) convey its importance for focusing attention
on the research problem in social science research and then
using pluralistic approaches to derive knowledge about the
problem. Using Cherryholmes (1992), Morgan (2007), and our
own views, pragmatism provides a philosophical basis for
research:
· Pragmatism is not committed to any one system of philosophy
and reality. This applies to mixed methods research in that
inquirers draw liberally from both quantitative and qualitative
assumptions when they engage in their research.
· Individual researchers have a freedom of choice. In this way,
researchers are free to choose the methods, techniques, and
procedures of research that best meet their needs and purposes.
· Pragmatists do not see the world as an absolute unity. In a
similar way, mixed methods researchers look to many
approaches for collecting and analyzing data rather than
subscribing to only one way (e.g., quantitative or qualitative).
· Truth is what works at the time. It is not based in a duality
between reality independent of the mind or within the mind.
Thus, in mixed methods research, investigators use both
quantitative and qualitative data because they work to provide
the best understanding of a research problem.
· The pragmatist researchers look to the what and how to
research based on the intended consequences—where they want
to go with it. Mixed methods researchers need to establish a
purpose for their mixing, a rationale for the reasons why
12. quantitative and qualitative data need to be mixed in the first
place.
· Pragmatists agree that research always occurs in social,
historical, political, and other contexts. In this way, mixed
methods studies may include a postmodern turn, a theoretical
lens that is reflective of social justice and political aims.
· Pragmatists have believed in an external world independent of
the mind as well as that lodged in the mind. But they believe
that we need to stop asking questions about reality and the laws
of nature (Cherryholmes, 1992). “They would simply like to
change the subject” (Rorty, 1990, p. xiv).
· Thus, for the mixed methods researcher, pragmatism opens the
door to multiple methods, different worldviews, and different
assumptions, as well as different forms of data collection and
analysis.
Research Designs
The researcher not only selects a qualitative, quantitative, or
mixed methods study to conduct; the inquirer also decides on a
type of study within these three choices. Research designs are
types of inquiry within qualitative, quantitative, and mixed
methods approaches that provide specific direction for
procedures in a research study. Others have called them
strategies of inquiry (Denzin & Lincoln, 2011). The designs
available to the researcher have grown over the years as
computer technology has advanced our data analysis and ability
to analyze complex models, and as individuals have articulated
new procedures for conducting social science research. Select
types will be emphasized in the methods of Chapters 8, 9, and
10—designs that are frequently used in the social sciences. Here
we introduce those that are discussed later and that are cited in
examples throughout the book. An overview of these designs is
shown in Table 1.2.
13. Quantitative Designs
During the late 19th and throughout the 20th century, strategies
of inquiry associated with quantitative research were those that
invoked the postpositivist worldview and that originated mainly
in psychology. These include true experiments and the less
rigorous experiments called quasi-experiments (see, an original,
early treatise on this, Campbell & Stanley, 1963). An additional
experimental design is applied behavioral analysis or single -
subject experiments in which an experimental treatment is
administered over time to a single individual or a small number
of individuals (Cooper, Heron, & Heward, 2007; Neuman &
McCormick, 1995). One type of nonexperimental quantitative
research is causal-comparative research in which the
investigator compares two or more groups in terms of a cause
(or independent variable) that has already happened. Another
nonexperimental form of research is the correlational design in
which investigators use the correlational statistic to describe
and measure the degree or association (or relationship) between
two or more variables or sets of scores (Creswell, 2012). These
designs have been elaborated into more complex relationships
among variables found in techniques of structural equation
modeling, hierarchical linear modeling, and logistic regression.
More recently, quantitative strategies have involved complex
experiments with many variables and treatments (e.g., factorial
designs and repeated measure designs). Designs often employ
longitudinal data collection over time to examine the
development of ideas and trends. Designs have also included
elaborate structural equation models that incorporate causal
paths and the identification of the collective strength of
multiple variables. Rather than discuss all of these quantitative
approaches, we will focus on two designs: surveys and
experiments.
Table 1.2 Alternative Research Design
14. · Survey research provides a quantitative or numeric description
of trends, attitudes, or opinions of a population by studying a
sample of that population. It includes cross-sectional and
longitudinal studies using questionnaires or structured
interviews for data collection—with the intent of generalizing
from a sample to a population (Fowler, 2008).
· Experimental research seeks to determine if a specific
treatment influences an outcome. The researcher assesses this
by providing a specific treatment to one group and withholding
it from another and then determining how both groups scored on
an outcome. Experiments include true experiments, with the
random assignment of subjects to treatment conditions, and
quasi-experiments that use nonrandomized assignments (Keppel,
1991). Included within quasi-experiments are single-subject
designs.
Qualitative Designs
In qualitative research, the numbers and types of approaches
have also become more clearly visible during the 1990s and into
the 21st century. The historic origin for qualitative research
comes from anthropology, sociology, the humanities, and
evaluation. Books have summarized the various types, and
complete procedures are now available on specific qualitative
inquiry approaches (Creswell & Poth, 2018). For example,
Clandinin and Connelly (2000) constructed a picture of what
narrative researchers do. Moustakas (1994) discussed the
philosophical tenets and the procedures of the
phenomenological method; Charmaz (2006), Corbin and Strauss
(2007; 2015), and Strauss and Corbin (1990, 1998) identified
the procedures of grounded theory. Fetterman (2010) and
Wolcott (2008) summarized ethnographic procedures and the
many faces and research strategies of ethnography, and Stake
15. (1995) and Yin (2009, 2012, 2014) suggested processes
involved in case study research. In this book, illustrations are
drawn from the following strategies, recognizing that
approaches such as participatory action research (Kemmis &
McTaggart, 2000), discourse analysis (Cheek, 2004), and others
not mentioned are also viable ways to conduct qualitative
studies:
· Narrative research is a design of inquiry from the humanities
in which the researcher studies the lives of individuals and asks
one or more individuals to provide stories about their lives
(Riessman, 2008). This information is then often retold or
restoried by the researcher into a narrative chronology. Often,
in the end, the narrative combines views from the participant’s
life with those of the researcher’s life in a collaborative
narrative (Clandinin & Connelly, 2000).
· Phenomenological research is a design of inquiry coming from
philosophy and psychology in which the researcher describes
the lived experiences of individuals about a phenomenon as
described by participants. This description culminates in the
essence of the experiences for several individuals who have all
experienced the phenomenon. This design has strong
philosophical underpinnings and typically involves conducting
interviews (Giorgi, 2009; Moustakas, 1994).
· Grounded theory is a design of inquiry from sociology in
which the researcher derives a general, abstract theory of a
process, action, or interaction grounded in the views of
participants. This process involves using multiple stages of data
collection and the refinement and interrelationship of categories
of information (Charmaz, 2006; Corbin & Strauss, 2007, 2015).
· Ethnography is a design of inquiry coming from anthropology
and sociology in which the researcher studies the shared
patterns of behaviors, language, and actions of an intact cultural
group in a natural setting over a prolonged period of time. Data
collection often involves observations and interviews.
· Case studies are a design of inquiry found in many fields,
16. especially evaluation, in which the researcher develops an in-
depth analysis of a case, often a program, event, activity,
process, or one or more individuals. Cases are bounded by time
and activity, and researchers collect detailed information using
a variety of data collection procedures over a sustained period
of time (Stake, 1995; Yin, 2009, 2012, 2014).
Mixed Methods Designs
Mixed methods involves combining or integration of qualitative
and quantitative research and data in a research study.
Qualitative data tends to be open-ended without predetermined
responses while quantitative data usually includes closed-ended
responses such as found on questionnaires or psychological
instruments. The field of mixed methods research, as we know it
today, began in the middle to late 1980s. Its origins, however,
go back further. In 1959, Campbell and Fisk used multiple
methods to study psychological traits—although their methods
were only quantitative measures. Their work prompted others to
begin collecting multiple forms of data, such as observations
and interviews (qualitative data) with traditional surveys
(Sieber, 1973). Early thoughts about the value of multiple
methods—called mixed methods—resided in the idea that all
methods had bias and weaknesses, and the collection of both
quantitative and qualitative data neutralized the weaknesses of
each form of data. Triangulating data sources—a means for
seeking convergence across qualitative and quantitative
methods—was born (Jick, 1979). By the early 1990s, mixed
methods turned toward the systematic integration of quantitative
and qualitative data, and the idea of ways to combine the data
through different types of research designs emerged. These
types of designs were extensively discussed in a major
handbook addressing the field in 2003 and reissued in 2010
(Tashakkori & Teddlie, 2010). Procedures for expanding mixed
methods developed such as follows:
17. · Ways to integrate the quantitati ve and qualitative data, such as
one database, could be used to check the accuracy (validity) of
the other database.
· One database could help explain the other database, and one
database could explore different types of questions than the
other database.
· One database could lead to better instruments when
instruments are not well-suited for a sample or population.
· One database could build on other databases, and one database
could alternate with another database back and forth during a
longitudinal study.
Further, the designs were developed and notation was added to
help the reader understand the designs; challenges to working
with the designs emerged (Creswell & Plano Clark, 2011, 2018).
Practical issues are being widely discussed today in terms of
examples of “good” mixed methods studies and evaluative
criteria, the use of a team to conduct this model of inquiry, and
the expansion of mixed methods to other countries and
disciplines. Although many designs exist in the mixed methods
field, this book will focus on the three primary designs found in
the social and health sciences today:
· Convergent mixed methods is a form of mixed methods design
in which the researcher converges or merges quantitative and
qualitative data in order to provide a comprehensiv e analysis of
the research problem. In this design, the investigator typically
collects both forms of data at roughly the same time and then
integrates the information in the interpretation of the overall
results. Contradictions or incongruent findings are explained or
further probed in this design.
· Explanatory sequential mixed methods is one in which the
researcher first conducts quantitative research, analyzes the
results and then builds on the results to explain them in more
detail with qualitative research. It is considered explanatory
because the initial quantitative data results are explained further
with the qualitative data. It is considered sequential because the
18. initial quantitative phase is followed by the qualitative phase.
This type of design is popular in fields with a strong
quantitative orientation (hence the project begins with
quantitative research), but it presents challenges of identifying
the quantitative results to further explore and the unequal
sample sizes for each phase of the study.
· Exploratory sequential mixed methods is the reverse sequence
from the explanatory sequential design. In the exploratory
sequential approach the researcher first begins with a
qualitative research phase and explores the views of
participants. The data are then analyzed, and the information
used to build into a second, quantitative phase. The qualitative
phase may be used to build an instrument that best fits the
sample under study, to identify appropriate instruments to use
in the follow-up quantitative phase, to develop an intervention
for an experiment, to design an app or website, or to specify
variables that need to go into a follow-up quantitative study.
Particular challenges to this design reside in focusing in on the
appropriate qualitative findings to use and the sample selection
for both phases of research.
· These basic or core designs then can be used in more complex
mixed methods strategies. The core designs can augment an
experiment by, for example, collecting qualitative data after the
experiment to help explain the quantitative outcome results. The
core designs can be used within a case study framework to
deductively document cases or to generate cases for further
analysis. These basic designs can inform a theoretical study
drawn from social justice or power (see Chapter 3) as an
overarching perspective within a design that contains both
quantitative and qualitative data. The core designs can also be
used in the different phases of an evaluation procedure that
spans from a needs assessment to a test of a program or
experimental intervention.
Research Methods
19. The third major element in the framework is the specific
research methods that involve the forms of data collection,
analysis, and interpretation that researchers propose for their
studies. As shown in Table 1.3, it is useful to consider the full
range of possibilities of data collection and to organize these
methods, for example, by their degree of predetermined nature,
their use of closed-ended versus open-ended questioning, and
their focus on numeric versus nonnumeric data analysis. These
methods will be developed further in Chapters 8 through 10.
Researchers collect data on an instrument or test (e.g., a set of
questions about attitudes toward self-esteem) or gather
information on a behavioral checklist (e.g., observation of a
worker engaged in a complex skill). On the other end of the
continuum, collecting data might involve visiting a research site
and observing the behavior of individuals without
predetermined questions or conducting an interview in which
the individual is allowed to talk openly about a topic, largely
without the use of specific questions. The choice of methods
turns on whether the intent is to specify the type of information
to be collected in advance of the study or to allow it to emerge
from participants in the project. Also, the type of data analyzed
may be numeric information gathered on scales of instruments
or text information recording and reporting the voice of the
participants. Researchers make interpretations of the statistical
results, or they interpret the themes or patterns that emerge
from the data. In some forms of research, both quantitative and
qualitative data are collected, analyzed, and interpreted.
Instrument data may be augmented with open-ended
observations, or census data may be followed by in-depth
exploratory interviews. In this case of mixing methods, the
researcher makes inferences across both the quantitative and
qualitative databases.
20. Table 1.3 Quantitative, Mixed, and Qualitative Methods
RESEARCH APPROACHES AS WORLDVIEWS, DESIGNS,
AND METHODS
The worldviews, the designs, and the methods all contribute to a
research approach that tends to be quantitative, qualitative, or
mixed. Table 1.4 creates distinctions that may be useful in
choosing an approach. This table also includes practices of all
three approaches that are emphasized in remaining chapters of
this book.
Typical scenarios of research can illustrate how these three
elements combine into a research design.
Quantitative approach: Postpositivist worldview, experimental
design, and pretest and posttest measures of attitudes
In this scenario, the researcher tests a theory by specifying
narrow hypotheses and the collection of data to support or
refute the hypotheses. An experimental design is used in which
attitudes are assessed both before and after an experimental
treatment. The data are collected on an instrument that measures
attitudes, and the information is analyzed using statistical
procedures and hypothesis testing.
Qualitative approach: Constructivist worldview, ethnographic
design, and observation of behavior
In this situation, the researcher seeks to establish the meaning
of a phenomenon from the views of participants. This means
identifying a culture-sharing group and studying how it
develops shared patterns of behavior over time (i.e.,
ethnography). One of the key elements of collecting data in this
way is to observe participants’ behaviors during their
engagement in activities.
21. Qualitative approach: Transformative worldview, narrative
design, and open-ended interviewing
For this study, the inquirer seeks to examine an issue related to
oppression of individuals. To study this, stories are collected of
individual oppression using a narrative approach. Individuals
are interviewed at some length to determine how they have
personally experienced oppression.
Mixed methods approach: Pragmatic worldview, collection of
both quantitative and qualitative data sequentially in the design
The researcher bases the inquiry on the assumption that
collecting diverse types of data best provides a more complete
understanding of a research problem than either quantitative or
qualitative data alone. The study begins with a broad survey in
order to generalize results to a population and then, in a second
phase, focuses on qualitative, open-ended interviews to collect
detailed views from participants to help explain the initial
quantitative survey.
Table 1.4 Qualitative, Quantitative, and Mixed Methods
Approaches
CRITERIA FOR SELECTING A RESEARCH APPROACH
Given the possibility of qualitative, quantitative, or mixed
methods approaches, what factors affect a choice of one
approach over another for the design of a proposal? Added to
worldview, design, and methods would be the research problem,
the personal experiences of the researcher, and the audience(s)
for whom the report will be written.
The Research Problem and Questions
22. A research problem, more thoroughly discussed in Chapter 5, is
an issue or concern that needs to be addressed (e.g., the issue of
racial discrimination). The problem comes from a void in the
literature, and conflict in research results in the literature,
topics that have been neglected in the literature; a need to lift
up the voice of marginalized participants; and “real -life”
problems found in the workplace, the home, the community, and
so forth.
Certain types of social research problems call for specific
approaches. For example, if the problem calls for (a) the
identification of factors that influence an outcome, (b) the
utility of an intervention, or (c) understanding the best
predictors of outcomes, then a quantitative approach is best. It
is also the best approach to use to test a theory or explanation.
On the other hand, if a concept or phenomenon needs to be
explored and understood because little research has been done
on it or because it involves an understudied sample, then it
merits a qualitative approach. Qualitative research is especially
useful when the researcher does not know the important
variables to examine. This type of approach may be needed
because the topic is new, the subject has never been addressed
with a certain sample or group of people, and existing theories
do not apply with the particular sample or group under study
(Morse, 1991). A mixed methods design is useful when the
quantitative or qualitative approach, each by itself, is
inadequate to best understand a research problem and the
strengths of both quantitative and qualitative research (and its
data) can provide the best understanding. For example, a
researcher may want to both generalize the findings to a
population as well as develop a detailed view of the meaning of
a phenomenon or concept for individuals. In this research, the
inquirer first explores generally to learn what variables to study
and then studies those variables with a large sample of
individuals. Alternatively, researchers may first survey a large
number of individuals and then follow up with a few
23. participants to obtain their specific views and their voices about
the topic. In these situations, collecting both closed-ended
quantitative data and open-ended qualitative data proves
advantageous.
Personal Experiences
Researchers’ own personal training and experiences also
influence their choice of approach. An individual trained in
technical, scientific writing, statistics, and computer statistical
programs and familiar with quantitative journals in the library
would most likely choose the quantitative design. On the other
hand, individuals who enjoy writing in a literary way or
conducting personal interviews or making up-close observations
may gravitate to the qualitative approach. The mixed methods
researcher is an individual familiar with both quantitative and
qualitative research. This person also has the time and resources
to collect and analyze both quantitative and qualitative data.
Since quantitative studies are the traditional mode of research,
carefully worked out procedures and rules exist for them.
Researchers may be more comfortable with the highly
systematic procedures of quantitative research. Also, for some
individuals, it can be uncomfortable to challenge accepted
approaches among some faculty by using qualitative and
transformative approaches to inquiry. On the other hand,
qualitative approaches allow room to be innovative and to work
more within researcher-designed frameworks. They allow more
creative, literary-style writing, a form that individuals may like
to use. For those researchers undertaking social justice or
community involvement, a qualitative approach is typically
best, although this form of research may also incorporate mixed
methods designs.
For the mixed methods researcher, the project will take extra
time because of the need to collect and analyze both
24. quantitative and qualitative data. It fits a person who enjoys and
has the skills in both quantitative and qualitative research.
Audience
Finally, researchers write for audiences that will accept their
research. These audiences may be journal editors and readers,
faculty committees, conference attendees, or colleagues in the
field. Students should consider the approaches typically
supported and used by their advisers. The experiences of these
audiences with quantitative, qualitative, or mixed methods
studies can shape the decision made about the choice of design.
Summary
In planning a research project, researchers need to identify
whether they will employ a qualitative, quantitative, or mixed
methods approach. This approach is based on bringing together
a worldview or assumptions about research, a specific design,
and research methods. Decisions about choice of an approach
are further influenced by the research problem or issue being
studied, the personal experiences of the researcher, and the
audience for whom the researcher writes.
WRITING EXERCISES
Identify a research question in a journal article and discuss what
approach would be best to study the question and why.
Take a topic that you would like to study, and using the four
combinations of worldviews, designs, and research methods in
Figure 1.1, discuss a project that brings together a worldview,
designs, and methods. Identify whether this would be
quantitative, qualitative, or mixed methods research. Use the
typical scenarios that we have advanced in this chapter as a
guide.
What distinguishes a quantitative study from a qualitative
25. study? Mention three characteristics.
Additional Readings
Cherryholmes, C. H. (1992, August–September). Notes on
pragmatism and scientific realism. Educational Researcher, 14,
13–17.
Cleo Cherryholmes discusses pragmatism as a contrasting
perspective from scientific realism. The strength of this article
lies in the numerous citations of writers about pragmatism and a
clarification of one version of pragmatism. Cherryholmes’s
version points out that pragmatism is driven by anticipated
consequences, reluctance to tell a true story, and the idea that
there is an external world independent of our minds. Also
included in this article are numerous references to historical and
recent writers about pragmatism as a philosophical position.
Crotty, M. (1998). The foundations of social research: Meaning
and perspective in the research process. Thousand Oaks, CA:
Sage.
Michael Crotty offers a useful framework for tying together the
many epistemological issues, theoretical perspectives,
methodology, and methods of social research. He interrelates
the four components of the research process and shows in a
table a representative sampling of topics of each component. He
then goes on to discuss nine different theoretical orientations in
social research, such as postmodernism, feminism, critical
inquiry, interpretivism, constructionism, and positivism.
Kemmis, S., & Wilkinson, M. (1998). Participatory action
research and the study of practice. In B. Atweh, S. Kemmis, &
P. Weeks (Eds.), Action research in practice: Partnerships for
social justice in education (pp. 21–36). New York: Routledge.
26. Stephen Kemmis and Mervyn Wilkinson provide an excellent
overview of participatory research. In particular, they note the
six major features of this inquiry approach and then discuss how
action research is practiced at the individual, the social, or at
both levels.
Lincoln, Y. S., Lynham, S. A., & Guba, E. G. (2011).
Paradigmatic controversies, contradictions, and emerging
confluences revisited. In N. K. Denzin & Y. S. Lincoln, The
SAGE handbook of qualitative research (4th ed., pp. 97–128).
Thousand Oaks, CA: Sage.
Yvonna Lincoln, Susan Lynham, and Egon Guba have provided
the basic beliefs of five alternative inquiry paradigms in social
science research: (a) positivism, (b) postpositivism, (c) critical
theory, (d) constructivism, and (e) participatory. These extend
the earlier analysis provided in the first and second editions of
the handbook. Each is presented in terms of ontology (i.e.,
nature of reality), epistemology (i.e., how we know what we
know), and methodology (i.e., the process of research). The
participatory paradigm adds another alternative paradigm to
those originally advanced in the first edition. After briefly
presenting these five approaches, they contrast them in terms of
seven issues, such as the nature of knowledge, how knowledge
accumulates, and goodness or quality criteria.
Mertens, D. (2009). Transformative research and evaluation.
New York: Guilford.
Donna Mertens has devoted an entire text to advancing the
transformative paradigm and the process of transformative
research. She discusses the basic features of the transformative
paradigm as an umbrella term, provides examples of groups
affiliated with this paradigm, and links the paradigm to
quantitative, qualitative, and mixed methods approaches. In this
book she also discusses the research procedures of sampling,
27. consent, reciprocity, data collection methods and instruments,
data analysis and interpretation, and reporting.
Phillips, D. C., & Burbules, N. C. (2000). Postpositivism and
educational research. Lanham, MD: Rowman & Littlefield.
D. C. Phillips and Nicholas Burbules summarize the major ideas
of postpostivist thinking. Through two chapters, “What is
Postpositivism?” and “Philosophical Commitments of
Postpositivist Researchers,” the authors advance major ideas
about postpositivism—especially those that differentiate it from
positivism. These include knowing that human knowledge is
conjectural rather than unchallengeable and that our warrants
for knowledge can be withdrawn in light of further
investigations.
https://edge.sagepub.com/creswellrd5e
Students and instructors, please visit the companion website for
videos featuring John W. Creswell, full-text SAGE journal
articles, quizzes and activities, plus additional tools for research
design.
BROWSER FINGERPRINTING
1
BROWSER FINGERPRINTING
2
Browser Fingerprinting
28. Steven A. Bruner (4151593)
American Military University
ISSC630
1 May 2022
The hacking process is said to have started in the year 2013,
November, this is when these attackers were able to first breach
the OPM networks. This group or an attacker, was basically
referred to as XI. This name was used by the data breach report
of the congressional OPM. Though the XI were not capable of
accessing any personnel data at that time, they were able to
exfiltrate manuals as well as IT system architecture information.
In actual life, the fingerprints of an individual are unique to
only you. When it comes to the online world, it becomes the
browser configurations that might end up pointing to a person.
Though most of individuals tend to utilize similar browsers,
their hardware or software configurations tend to be quite
different in that they are in a position to act effectively as the
IDs of the users.
The browser fingerprinting enables an individual to acquire the
granular information regarding every single parameter of the
said configuration. For example, it might make it possible to
learn the type of default language that has been set for the
browser by the user, get to identify the installed fonts among
others. Like the human fingerprint, the browser of an individual
is known for having a set of traits that are unique and once that
might be traced back to the user as well as anything that they
get end up doing on the internet. Whenever a person ends up
browsing via the internet, most of the web portals get to capture
some amount of the said information, like the size of the screen,
29. the type of the browser to provide an appropriate experience
(Durey, et.al, 2021, July).
Additionally, browser fingerprinting might as well be utilized
for identification in addition to tracking. Websites can record
all sorts of data regarding an individual through use of their
fingerprint, then have it connected to other fingerprints that are
same with an aim of getting a picture that is precise of the
user’s browsing behavior as well as their websites activities.
The main objective of using the fingerprinting browser is to
acquire the most information in relation to their identity and
personality, getting to know a person’s website visitor
depending on their own browser configuration. This becomes
quite of great use in case it is put within the context of
cybersecurity in addition to prevention of fraud, whereby,
specific parameters might be immediately pointing to
configurations that are suspicious. For example, the
fingerprinting browser might be able to detect when the users
depend on spoofing or emulators. Tool, who is supposed to
advance one’s suspicions regarding their intentions on the users
website.
Since the said fingerprints are quite unique, they as well operate
as the user IDs. This permits the advertisers as well as the
marketers to monitor the users all over the web in addition to
delivering the targeted content depending on the outline
activities of a person. It is also of extreme importance to
understand that the browser fingerprinting happens to be a
practice that is contentious, which is the reason as to why
different several privacy advocacies groups have ended up
developing anti-fingerprinting as well as anti-tracking tools
plus techniques. The actual swirls in addition to lines
configuration, known for making up an individual’s fingerprints
are perceived to be unique to a person. In a similar way, a
user’s browsers fingerprinting can be defined as a set of
information that is gathered from a person’s laptop or a phone
every time it is utilized, enabling the advertisers to
automatically link back to the user (Pugliese, et.al, 2020).
30. The Fingerprinting browser is perceived to be a term that is
umbrella definition for means if identifying a particular browser
through querying. The JavaScript CSS as well as APIs features
are practicing the same all-over different domains within
making use of cookies. For example, being able to understand
the version of the operating system that is in use, might result
into zero-day attacks or lead to know. This is achievable
through regular utilization of the User Agent queries. There are
several organizations that are proprietary fonts such as Google
Sans. When the proprietary font gets installed on the system of
a user, it becomes an effective bet that the user works for the
said organization or the fact that they had the font pirated. This
is capable of being tested maybe in CSS or the JS.
The browser fingerprinting happens to be a permissionless as
well as a stateless technique used in generating an identifier on
their own server side in addition to using an available, strong to
utilize the available storage on the side of the client plus have it
stored. As a result of all these, it is very possible to utilize
these browser fingerprinting in ensuring that the hackers and
any attackers are traced.
The most popular method that the websites use in obtaining a
user’s data is through use of cookies. Cookies are small text
files packets that are stored by a computer, which tends to
comprise of a particular data that might offer the websites data
to enhance the experience of the users. The websites are known
for remembering in addition to tracking the personal computers
as well as devices through having the cookies loaded onto the
computer of a person. Each time a person gets to visit any
website, the browser automatically downloads cookies. When
the same website is visited once again, the browser ends up
assessing the data packets in addition to providing the user with
an experience that is personally customized (Iqbal, et.al, 2021,
May).
The am I unique website is a comprehensive list that is made up
of 19 points of data. The attributes that are most significant
constitutes of; enabled cookies, the platform that is currently in
31. use, the kind of the browser in addition to its version as well as
the computer that is in use by the user, in addition to if the
tracking of cookies of the computer have been blocked.
References
Durey, A., Laperdrix, P., Rudametkin, W., & Rouvoy, R. (2021,
July). FP-Redemption: Studying browser fingerprinting
adoption for the sake of web security. In International
Conference on Detection of Intrusions and Malware, and
Vulnerability Assessment (pp. 237-257). Springer, Cham.
https://link.springer.com/chapter/10.1007/978-3-030-80825-
9_12
Iqbal, U., Englehardt, S., & Shafiq, Z. (2021, May).
Fingerprinting the fingerprinters: Learning to detect browser
fingerprinting behaviors. In 2021 IEEE Symposium on Security
and Privacy (SP) (pp. 1143-1161). IEEE.
https://ieeexplore.ieee.org/abstract/document/9519502/
Pugliese, G., Riess, C., Gassmann, F., & Benenson, Z. (2020).
Long-Term Observation on Browser Fingerprinting: Users’
Trackability and Perspective. Proc. Priv. Enhancing Technol.,
2020(2), 558-577.
https://sciendo.com/downloadpdf/journals/popets/2020/2/article
-p558.pdf
1
2
32. PSYCHOLOGICAL ASPECTS BEHIND THE OMP ATTACK
Steven A. Bruner (4151593)
American Military University
ISSC630
24 April 2022
PSYCHOLOGICAL ASPECTS BEHIND THE OMP ATTACK
In June 2015, the US OPM stated that their data innovation
frameworks had been attacked through cyberspace. The personal
information of 4.2 million current and former government
employees may have been compromised due to this incident.
OPM then discovered a variety of cyber-attacks during the same
month that compromised the information of 21.5 million
individuals who had records in databases, including background
checks on potential housing candidates
This breach was one of the most significant to occur in a
governance framework in recent memory. The Einstein
framework of the Office of Country Security (DHS) was used to
identify this incident. As part of its Einstein framework, the
DHS keeps a close eye on government Internet use for any signs
of potential cyber threats (Fruhlinger, 2020). The attackers were
33. able to get in using security credentials belonging to a KeyPoint
Government
Solution
s salesperson. This person did “federal background checks and
worked on OPM frameworks” to get access to OPM frameworks
(Hinck & Maurer,2019).
“At an insights conference, an admiral, executive of the
National Security Organization (NSA), and chief of the U.S.
Cyber Command, Michael Rogers, did not reveal who may be
responsible for the hack (es)” (Hinck & Maurer,2019).
However, James Clapper (Chief of National Insights) said the
next day in the same speech that China was the leading suspect
in the breaches. If China had access to the material gleaned
during the attack, it was unclear how it may utilize it.
Only a few experts disagreed with the theory that China is
compiling a comprehensive list of government officials to
identify US government officials and what their specific roles
are. Spearphishing emails may trick recipients into establishing
an interface or connection that will provide access to the
general computer framework, which is another option for
discovering the data.
Yu Pingan
The FBI charged Chinese malware broker Yu Pingan for his role
34. in distributing malware. The allegations say that Pingan
supplied hackers with malware that enabled them to gain access
to many US-based computer networks. The Sakula Trojan was
also included in this group. On August 21st, at Los Angeles
International Airport, he was taken into custody by LAPD
officers. Two unidentified hackers were said to have
collaborated with Pingan on a harmful attack against U.S. firm
networks between April 2011 and January 2014 (Fruhlinger,
2020).
One of the tools used in the OPM attack was also used in an
Anthem data compromise in 2015. Pingan pled guilty to his
role in the plot. Sakula was used to help him breach OPM, he
acknowledged. However, even though he was not explicitly tied
to the OPM attack, the same malware he used in Anthem led
authorities to suspect him of involvement in that incident.
The deep panda group
Hacker group Deep Panda is supported by the Chinese
government. They were thought to have been involved in the
OPM issue. “Patterns uncovered in the Internet's address book,
known as the domain registration system, connect Deep Panda
to the Anthem and Premera breaches” (Finnemore, & Hollis,
2016). Deep Panda often registers similar-looking domains on
the web that closely resemble the ones they want to use as a
redirect. Wellpoint may be found at we11point.com. Anthem
35. used to be known by this name.
Because of the OPM breach, iSIGHT discovered a trend of
similar-sounding names being used to create these bogus
domains. According to domain registration data, several similar
OPM websites were also found. Despite the evidence
discovered, they still had some doubts and other reasons to
believe that they weren't responsible.
X1 & X2
The Congressional OPM data breach report named two groups:
X1 and X2. They merely called themselves these organizations
since they didn't want to say who was responsible or even know
who they were. Exfiltrating manuals and the IT system
architecture were the only things the X1 gang could not get its
hands on. The attackers' attempts to infiltrate the networks of
multiple contractors (such as USIS and KeyPoint) doing
background checks on federal personnel with access to OPM
computers were well-documented by December of that year.
OPM intended to perform a system reset in March 2014 to
eliminate any intruders from the system. As an alternative, an
entirely different group, X2, could gain access to the system by
exploiting the credentials of a different resource.
However, this vulnerability went undetected, and as a result,
when the whole system was purged, it was not deleted. X1 and
X2 have not been identified as belonging to the same
organization or even a single individual. They may still work
36. together even if they aren't the same person. THIS BELIEF
WAS FORMED because X1 had obtained information that may
have been advantageous to X2's goals. Deep Panda (as
previously discussed) was also unclear as to whether he was one
of them.
Psychological profiles
Understanding why certain crimes are committed, establishing
profiles of prospective suspects, and connecting crimes to
individuals or groups will continue to be important to its
success. Behavior analysis employs both inductive and
deductive approaches. In deductive investigations, a suspect's
characteristics may be hypothesized based on the investigation
of certain components of the case. According to inductive
reasoning, a suspect has the characteristics of an offender
because of their generalization from empirical research.
Analyzing behavior patterns and comparing them is an
important element of behavioral science. Criminals may not be
aware that their actions are comparable to others'. According to
the definition, "signature actions are generally indications of
some desire or drive the suspect seeks to appease" (Rogers,
2016).
When Deep Panda does criminal conduct, they follow the same
procedure. As a result, they were suspected of involvement
based on their profile. Although X2's domain names (Steve
37. Rogers', Tony Stark's, etc.) looked to have some wit, it was hard
to tell. These names may represent a certain style. Using these
names to showcase their work and/or to guarantee that what
they produced is remembered by others, they may have done so.
Behavioral analyses may also be used to determine whether a
criminal or a group of criminals are responsible for various
crimes. An investigator would be looking for a comparable
modus operandi (MO) or conduct in these scenarios. MOs have
learned behaviors that might alter as a person grows older or
improves their abilities.
Because of this, other people may have been led to assume that
they are the same person. If OPM was about to do a complete
system reset, X1 may have learned of this and could not access
the system. The individual or group would then have to develop
a new strategy to preserve their position in the system after they
realize this may happen.
They may have had to alter their entry strategy to accomplish
this. There is a chance that X2 may have been spotted earlier if
they had used the same technique. X1 was able to install
keyloggers after gaining in using legitimate employees'
credentials. There is a possibility that X1 and X2 are the same
individuals because X2 had also utilized personnel credentials
(Soesanto, 2019). The only way to remain in was to modify at
least a portion of their MO. This backdoor and a means of
maintaining their access were created with the aid of malware.
38. Conclusion
The OPM hack was a complex case, as evidenced by the
preceding paragraphs. Psychological profiles are a tool for
analyzing people's thoughts and feelings. However, they can
only help if there is actual evidence to back up their claims.
Two people can come to different conclusions based on how
they profile. Rather than a fact, an individual's profile is more
of a hypothesis in need of verification. It's only a personal
viewpoint if that's the case.
It is also possible that those who profile may not consider all of
the relevant factors. For example, a profiler unfamiliar with
technology may be unable to make certain connections that a
profiler knowledgeable about technology can. To facilitate these
connections, it may be helpful to have two people working
together. Then, it may be easier to reach a conclusion and
gather the relevant evidence.
39. References
The OPM hack explained: Bad security practices meet China's
Captain America | CSO Online
Finnemore, M., & Hollis, D. B. (2016). Constructing norms for
global cybersecurity. American Journal of International
Law, 110(3), 425-479. retrieved from: Constructing Norms for
Global Cybersecurity | American Journal of International Law |
Cambridge Core
Fruhlinger, J. (2020). The OPM Hack Explained: Bad Security
Practices Meet China’s Captain America| CSO Online. Chief
Security Officer (CSO) by International Data Group (IDG),
February, 12, 2020.retrieved from: CSO | Security news,
features and analysis about prevention, protection and business
innovation. (csoonline.com)
Hinck, G., & Maurer, T. (2019). Persistent enforcement:
criminal charges as a response to nation-state malicious cyber
activity. J. Nat'l Sec. L. & Pol'y, 10, 525. retrieved from:
Persistent Enforcement: Criminal Charges as a Response to
Nation-State Malicious Cyber Activity 10 Journal of National
Security Law and Policy 2019-2020 (heinonline.org)
Rogers, M. K. (2016). Psychological profiling as an
investigative tool for digital forensics. In Digital Forensics (pp.
45-58). Syngress. retrieved from: Psychological profiling as an
40. investigative tool for digital forensics - ScienceDirect
Soesanto, S. (2019). The Evolution of US Defense Strategy in
Cyberspace (1988–2019). ETH Zurich. retrieved from: The
Evolution of US Defense Strategy in Cyberspace (1988 – 2019)
- Research Collection (ethz.ch)
2
United States Office of Personnel Management (OPM) Incident
Steven A. Bruner (4151593)
American Military University
ISSC630
17 April 2022
The US Office of Personnel Management (OPM) announced in
July 2015 that it had been the target of a successful cyber -
attack. The data that was leaked included extensive information
about background investigations, security clearance applications
41. and investigations, and fingerprint cards. The digital data
breach was one of the most significant in history and its effects
continue to be felt by both federal employees and their families.
This post will provide a summary of the key aspects
surrounding the case as well as some key or critical pieces of
data found by investigators. Next, it will analyze what could
have been done differently during this investigation based on
this specific situation as well as share insight into investigative
procedures. Lastly, it will give a few suggestions on what could
be done better in terms of future such incidents.
Summary of Key Aspects of the Case
The OPM hack was an attack that began at least as far back as
October 2014. It wasn't until May 2015 that the US government
publicly acknowledged it had occurred. The hackers were able
to obtain personal data on more than 22 million individuals.
This included the names, addresses, and Social Security
numbers of 4.2 million people; information regarding 1.1
million background investigations; and approximately 21.5
million sets of fingerprints, including 1.1 million that were not
available elsewhere in federal databases or other sources
(Finklea et al., 2015). In June 2015, the Office of Personnel
Management announced that it had begun work to implement
new security protocols and that the breach had not been fully
contained.
Key or Critical Pieces of Data Found
42. Investigators were able to retrieve the malware used by the
hackers. This "malware" had a unique signature; this is like
when you have a computer virus, just as with malware, it will
have some type of "signature" that identifies it. With this
specific cyber-attack, it was a set of tools used known as
"Dewdrop." They were able to identify those responsible for the
attack by looking at the digital footprints they left behind. This
included where they came from and where they went after they
committed their crime or crimes. One of the more interesting
things found was the way in which they were able to keep this
breach under wraps for so long. They had been able to mask
their tracks and hide their locations. It wasn't until they tried to
move their data that they were caught (Finklea et al., 2015).
They were moving it over the internet, something that normally
is an easy task with all the tools available today. However,
because of how clean this hackers work was, it made it easier
for them to be caught as every time you go online you have a
unique identifier (IP address). Investigators were able to
identify four people responsible for this attack, three from
China and another from Pakistan.
In terms of what could have been done differently, investigators
were able to identify the individuals responsible for the attack
and locations they were based out of. However, to stop this type
of crime from happening again, it would be helpful to get a
better understanding as to why they are doing this. Their
43. reasoning is most likely going to give us some insight into how
we can prevent similar attacks in the future. It is difficult to say
whether investigators will ever be able to uncover a motive for
this attack (Finklea et al., 2015). Even though they were able to
identify who committed the attack and where they were located,
they were unable to get any information as far as why they did
it or how much data was taken before it was discovered.
In terms of search warrants and evidence that would be
collected, investigators would need to gather certain types of
information. Their first step is to identify the malicious code
and who created it as well as where it originated from. Once
they have determined who is responsible for this breach, they
will gather all available digital data related to the case. This
includes phone logs, financial records, emails, IP addresses
used, social media accounts/profiles (Facebook and Twitter),
and device data such as computer fingerprints or any digital
artifacts left behind on a computer or mobile device.
Suggestions for Future Investigations
In terms of future investigations and how they could be
improved, the OPM should make sure they have adequate
security measures in place to prevent future breaches. They
could also improve their communication with investigators to
make sure they know when things happen and provide adequate
information as soon as possible. Investigators should also make
sure that an investigation has enough manpower to
44. expeditiously complete a project.
I am not sure if there were any things that could have been done
differently but I think we can all agree it was an incredibly
large breach in terms of the amount of people impacted by this
attack. It could have been prevented by establishing better
security measures. This is concerning to me as more and more
sensitive data is stored on the internet and many companies do
not have adequate security measures in place. Although OPM
worked quickly to notify individuals who were potentially
impacted by this breach, I believe they could have done a better
job of contacting all those potentially impacted by this attack. It
is difficult to say whether investigators will ever be able to
uncover a motive for this attack. Even though they were able to
identify who committed the attack and where they were located,
they were unable to get any information as far as why they did
it or how much data was taken before it was discovered.
References
Finklea, K., Christensen, M. D., Fischer, E. A., Lawrence, S.
V., & Theohary, C. A. (2015, July). Cyber intrusion into US
office of personnel management: In brief. LIBRARY OF
CONGRESS WASHINGTON DC CONGRESSIONAL
RESEARCH SERVICE.
https://apps.dtic.mil/sti/citations/ADA623611