SlideShare a Scribd company logo

Project_Paper_ISSC455_Intindolo

Download as DOCX, PDF
John Intindolo
John Intindolo
1 of 13
Running head: COMPUTER FORENSICS 1 Computer Forensics John Intindolo October 17, 2014 ISSC455- Digital Forensics: Investigation Procedures and Response Professor Michael Lewis American Military University
COMPUTER FORENSICS 2 Computer Forensics is vital to criminal cases now more than it has ever been in the past. In the past physical evidence was collected at a crime scene, but in today’s world where everything and everyone is reliant upon technology, digital evidence has become more prevalent even in a typical criminal case. For example, when the police arrive at the scene of a murder there may be digital evidence on the victim’s phone that may help to determine whom may been in recent contact with the victim, which could lead to solving the case. Therefore, due to the vital information that digital evidence can produce, computer forensics plays a role in any type of case. Throughout the course of this paper computer forensics will be discussed, as well as its history, future trends, the role of computer forensics investigators, the fundamental steps required during an investigation, common cyber-crimes, how to properly follow the chain of custody, a list of companies who are available for hire to perform a computer forensic investigation, and a list of tools that can be used to collect digital evidence. Once all of this has been an explained the reader will have a better understanding of why computer forensics plays a vital role in all kinds of criminal cases. Before getting into the different ways that computer forensics can be beneficial, what exactly is computer forensics? According to Welch, computer forensics can best be defined as the study of computer technology and its relation to the law (1997). A more thorough definition would be that computer forensics can be described as the investigation and analysis of evidence via the use of computer techniques and tools during a criminal case so that the evidence may be admissible in a court of law. The most important thing to consider when dealing with computer forensics is that the evidence gathered and analyzed must be preserved (by following the chain of custody throughout the entire process) in order to be used in court. Without preservation of the evidence and the following of the chain of custody all of the hard work put into collecting and analyzing the evidence will be for naught.
COMPUTER FORENSICS 3 So now that the definition of computer forensics is understood, the next issue is to determine the importance or benefits that computer forensics provides. Computer forensics provides many benefits to an organization due to the remarkable upsurge in the amount of cyber-crimes and litigations that large organizations often encounter since computer systems and networks have become so heavily depended on. Some of those benefits include the following: the assurance that an organization’s computer systems and/or networks maintain their integrity, helps to collect pertinent data (in the event of an organization’s computer systems and/or networks being breached) that was destroyed or deleted by the accused and can be used to prosecute, provides the ability to search and analyze large amounts of data both quickly and efficiently which will save an organization both time and money, and to help catch criminals responsible for heinous acts such as child pornography and identity theft (“Advantages and,” 2009). As explained previously, one of the benefits of using computer forensics is to collect valuable data that can be used to prove guilt of someone when an incident has occurred. This does not always need to be used to prosecute in a court of law, in fact in some cases an organization may just use computer forensics to prove the guilt of an employee who has committed a crime. Rather than go through lengthy and oftentimes expensive litigation, the company will simply use the information provided from the computer forensic investigation to terminate the workers employment. For example, when a CEO of a small San Diego publishing company began receiving threatening e-mails and figured someone from inside the company’s IT department was involved he hired a computer forensics expert to investigate. The man hired was Peter Garza the founder of EvidentData and after finding a google search performed by an IT employee using the name of the spyware and the world “legal” which took them to the spyware’s legal disclaimer and proved that the employee knew what they were doing was wrong but proceeded anyway (Zimmerman, 2006, p. 56).
COMPUTER FORENSICS 4 Once this information was brought forth the CEO chose to simply fire the employ rather than proceed to take it to court. Now that the computer forensics has been defined as well as the benefits of using computer forensics explained, the next logical step is to clarify the need for a computer forensic investigator. Computer forensic investigators are specially trained professionals in the art of retrieving data from computers and other storage devices that work with private firms or law enforcement agencies such as the FBI. These highly specialized computer experts have an extensive working understanding of all facets of computers including hard drives and encryption. The need is also compounded by the amount of attacks that take place from inside the organization. According to Vericept Corp., 54 percent of organizations estimate that insiders are responsible for more than half of all internal security breaches (Bavisi, 2006, p. 37). Having a computer forensic investigator will likely keep many of those “insiders” from going through with an attack, because they know that they could easily get caught. As previously mentioned the world today is one that is driven by technology, which shows the need for computer forensic investigators is in high demand in both the public and private sectors. The job responsibilities of a computer forensic investigator starts with being extremely familiar with all facets of computers as mentioned above, but there are many other responsibilities they must meet as well. The main responsibility of an investigator is to recover, analyze, and preserve all digital evidence in such a way that it can be used as evidence in a court of law. Furthermore, it is the investigator’s responsibility to collect the evidence quickly, convey a rough calculation of the damage that the incident has had on the victim, to determine the reason the attacker chose to go through with the
COMPUTER FORENSICS 5 act, and also to discover the identity of the attacker. So how does one become a computer forensic investigator? Becoming a computer forensic investigator is not something that happens overnight and requires a lot of commitment. A bachelor’s degree in computer science, information systems security, criminal justice, or another related discipline is just the start. Computer experience as explained previously must constitute all aspects of computers, and law enforcement experience while not required is also something that will certainly help. Some things that are necessary are computer security and investigation certifications such as EnCase Certified Examiner or EnCE, Certified Information Systems Security Professional or CISSP, Certified Information Systems Auditor or CISA, and Security Essentials Certification known as GSEC (“How to become,” 2014). With the issue of computer forensics and the details of what it takes to become a computer forensic investigator out of the way, the next area of focus is the crimes that these people are out to fight against, cyber-crimes. What are cyber-crimes? Cyber-crimes are crimes that are committed on the Internet, and take advantage of the accessibility, anonymity, and speed of the Internet to commit. The accessibility factor simply means that it is rather convenient for criminals to perform a crime on the Internet because they can commit a crime from half way across the globe via the Internet. The anonymity refers to the fact that someone can commit a crime on the Internet without their identity being known by masking their IP address for instance. Lastly, is the criminal’s use of high-speed Internet to commit their crimes and get away before authorities have the chance to catch them. There are many different examples of computer crimes including but not limited to hacking, the spreading of viruses, Trojans, and worms, identity theft, credit card fraud, Denial-of-Service attacks, software and copyright piracy, and child pornography. All of these examples are cyber-crimes, but their
COMPUTER FORENSICS 6 severity varies. For example, there is a huge difference between someone committing copyright piracy by downloading their favorite band’s latest album and a child predator downloading pictures and videos of child pornography. Both cyber-crimes are readily occurring on a daily basis on the Internet, with the latter growing so fast that it has an estimated revenue of $3 billion (Pulido, 2013). When speaking of cyber-crimes such as hacking, the spreading of viruses, Trojan, and worms, DoS attacks, and identity theft there are areas of weakness or vulnerability on a computer system or network that can make the attackers’ job much easier. One such vulnerability that exists is through social engineering. This is when an attacker attempts to trick someone within an organization into revealing (to some degree) or distributing information unknowingly that could disclose private information to the attacker. Some other forms of vulnerabilities that are used to exploit computer systems and networks are unencrypted mail servers, improperly configured firewalls, unpatched software, and weak password management. The important thing to remember is that the organization’s network does not have to be the most secure; it only has to be more secure than others nearby. If good security measures are practiced such as closing open ports, keeping all software updated and patched, encrypting mail servers, practicing the principle of least privileges (where workers are only granted privileges to complete their job duties), and enforcing strong password management then an attacker may look for a weaker target. This is no different than in the wild where a lion will look for a buffalo that is weaker than the rest and falls behind the herd before attacking. The next topic of discussion when dealing with computer forensics is the forensic investigation process. There are a set of fundamental steps that take place in every forensic investigation and they are as follows: first a computer crime must be suspected of being committed, preliminary evidence such as
COMPUTER FORENSICS 7 marking the scene and photographing the scene should be collected, a warrant if necessary must be obtained, first responder procedures are to be performed, evidence is seized securely (in evidence bags), the evidence is then transported to the forensic lab, a working copy of the evidence is created (because the original evidence is never worked off of), an MD5 checksum of any images is performed (to verify their integrity), a chain of custody document is prepared (and any break in this chain could cause the evidence to be thrown out of court), the original evidence is safe and secure from being tampered with, the image copy is used to analyze for evidence, a forensic report is created (to describe every facet of the forensic investigation and the tools used as well), the report is delivered to the client, and if deemed necessary the investigator may testify as an expert witness in court (“Computer Forensics, 2010, p. 1-17). Each of these steps plays an integral role in the investigation process. The reason that an exact image of the original evidence is created is so that the contents of the original are not altered or changed in any way. Sometimes even the lightest change could cause the entire drive to be lost, so it is extremely vital to only work off of the copy of the original evidence. If the original evidence is lost or damaged there is no way that it can be used in court. The chain of custody refers to making sure that every single piece of potential evidence is accounted for at all times from the beginning of the investigation all the way to the end when it is presented to the court. Any time that someone needs to take the evidence for any reason out of the forensic lab it must be documented stating who took it out as well as the date, and the same goes for documenting the evidence being returned. If at any time the evidence is unaccounted for it will be deemed inadmissible because there is no way to validate its integrity or that anyone altered it in some way. So where can this evidence be extracted from? Digital evidence can be found in many places such as computers, laptops, tablets, smart phones, portable hard drives, SIM cards, USB memory sticks, and any other portable
COMPUTER FORENSICS 8 storage devices. Many times the accused will believe that they have deleted the illegal or incriminating data because they emptied their recycle bin, but that does not completely eliminate the data. Instead investigators are able to use forensic tools to retrieve that so-called “deleted” data and use it against the accused. There are many different types of computer forensic tools used by a computer forensic investigator, but some of the simpler tools used prior to extracting evidence include the following: storage bags (wireless and passport), remote chargers, write-block devices, cables, and SIM card readers. Wireless storage bags not only house wireless devices, but they are made of a certain fabric that does not allow any wireless signals to get through. This ensures that someone cannot send out a wireless signal to damage the evidence. Passport bags are used to hold RFID chips and ensure that no one can read the data on them while in the passport bag. Having different chargers for different model laptops and smartphones allows the investigator to extract evidence from a laptop or phone that may have a dead battery. As for write-block devices, they are used as the name suggests, to block anyone from changing or deleting data during an investigation. In addition to the tools named above there are also software tools that are used to assist the investigator throughout the investigation process. Some of the tools used by forensic experts include X- Ways Forensics, SANS Investigative Forensics Toolkit (SIFT), EnCase, Registry Recon, the Sleuth Kit, Volatility. X-Ways Forensics is an all-encompassing tool for forensics investigators that can perform disk imaging and cloning and recover data amongst other things. SIFT is a multi-purpose forensic OS that has all the required tools for a computer forensic investigation. EnCase is another and one of the most popular of all multi-purpose forensic platforms. Registry Recon is used for analyzing the registry, the Sleuth Kit is used for such things as analyzing disk images and carrying out a comprehensive
COMPUTER FORENSICS 9 analysis of file systems, and Volatility is used for incident response and malware analysis (“21 popular,” 2012). So with a wide variety of forensic tools that server a multitude of purposes, what kind of companies are available for hire to perform computer forensic investigations? There are many different forensic companies that would be happy to help out an organization with any issues relating to computer forensics. For the purposes of this paper however, only three will be discussed and they are Forensicon, Cyber Investigation Service, and Kroll. Forensicon is a Chicago based forensic company that serves all types of clients ranging from law firms to industrial equipment corporations all the way to healthcare agencies, and are very familiar with many different types of cases including those that involve: digital trade secret theft, digital fraud and white collar cyber-crime, internet investigations, computer forensics expert witness testimony, etc. (“Forensicon,” 2014). Cyber Investigation Services are a forensic company that has been seen on popular television outlets such as FOX News and NBC, and they provide nationwide forensic coverage of forensic services. The most common cases they deal with as the leader in cyber & internet attack defense involves reputation concerns, anti-hacking forensics, and anti-stalking (“Cyber investigation,” 2014). The third forensic company outlined here is Kroll. Kroll is a company that does more than just handle cases involving computer forensics. Besides computer forensics Kroll also has a cyber security division, a data breach and incident response division, and a data breach notification and remediation division. The computer forensics division is known as cyber crime investigation and offers a wide-range of insvestigative solutions such as evidence collection, data analysis, or fraud and internal investigations (“Kroll: Cyber crime,” 2011). So where did computer forensics originate?
COMPUTER FORENSICS 10 Computer forensics history can be traced back all the way back to the 1970’s when military investigators began finding instances of computer-related activity or cyber-crimes, and were looking for a more comprehensive technique to solve these new technical type of crimes (“Computer forensics,” 2011). Once government personnel who were in charge of protecting confidential and secret information saw the complexity of these cyber-crimes, they decided to perform forensic investigations into these security breaches. From there they came up with measures to prevent the security breaches from reoccurring. It was from that point on that the fields of information security and computer forensics began to interweave, and it would eventually come to what is seen today. Knowing where computer forensics originated and where it stands today, what does the future hold for computer forensics? That is an interesting question because it is so heavily relied upon now more than ever before. As the technology has advanced in hardware such as data device storage it has taken longer for investigators to analyze data. The reason for this is because data storage devices that hold more data means that there is more information to be sorted through and examined. This makes the investigation process take longer and should continue to do so as more storage is available in the future. Another trend that should continue into the future is the use of computer forensic tools that should only get better and faster with advancements in technology. That means that as the technology of computer forensic tools advances (meaning faster tools) then it will make analysis faster, and at the least should compensate for the growth in the size of data storage devices. Additionally, another trend in the future that should continue to grow is the amount of people figuring out new ways to crack the latest security practices. Hackers are always one step ahead of those securing and protecting the data, because if it were not for them finding out new ways to break down security measures who would then look for new ways to mitigate vulnerabilities?
COMPUTER FORENSICS 11 In conclusion, it is clear to see that with how heavily reliant people and businesses have become in this day and age with computer technology, the value that computer forensics plays in any criminal case. No matter if it is a murder case, identity theft, the trading of child pornography or even a less heinous crime such as illegally downloading an mp3 file off the Internet, the common denominator in each of these types of crimes is that computer forensics can play an integral role in prosecuting the accused. Since following the chain of custody is vital to the validity of the evidence presented, it is important that everything that may potentially be used as evidence be properly documented. Without properly following the chain of custody the evidence gathered will be inadmissible in a court of law, and could also seriously damage the investigator’s reputation.
COMPUTER FORENSICS 12 References 21 popular computer forensics tools. (2012). Retrieved from http://resources.infosecinstitute.com/computer-forensics-tools/ Advantages and disadvantages of computer forensics. (2009). Retrieved from http://www.anushreepatil.myewebsite.com/articles/advantages-and-disadvantages-of-computer- forensics.html Bavisi, J. (2006). Computer Hacking Forensics Investigators: Reducing Security Breaches. Certification Magazine, 8(3), 36-37. Computer forensics history. (2011). Retrieved from http://www.computerforensicstraining101.com/history.html Computer Forensics: Investigation Procedures and Response. (2010). Published by: Cengage Learning. ISBN: 1-4354-8349-7 Cyber investigation services. (2014). Retrieved from http://sales.cyberinvestigationservices.com/cyber-investigations-page/?utm_term=+cyber +investigation&gclid=CjwKEAjwwo2iBRCurdSQy9y8xWcSJABrrLiS- j6dp7GnJG77DIQjRTo9-wItRJGdWJpn7S71q7e7kRoCSiPw_wcB Forensicon. (2014). Retrieved from http://www.forensicon.com/ How to become a computer forensics investigator. (2014). Retrieved from http://www.degreetree.com/resources/how-to-become-a-computer-forensics-investigator Kroll: Cyber crime investigation. (2011). Retrieved from http://www.krollcybersecurity.com/computer-forensics/cyber-crime-investigation/
COMPUTER FORENSICS 13 References Cont’d. Pulido, M. L. (2013). Child pornography: Basic facts about a horrific crime. Retrieved from http://www.huffingtonpost.com/mary-l-pulido-phd/child-pornography-basic-f_b_4094430.html Welch, T. (1997). Computer crime investigation and computer forensics. Information Systems Security, 6(2), 56. Zimmerman, E. (2006). Digital Detectives. FSB: Fortune Small Business, 16(2/3), 55-57.

Recommended

Bauer Heather Software Piracy
Bauer Heather Software PiracyBauer Heather Software Piracy
Bauer Heather Software PiracyHeather Bauer
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Final Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayFinal Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayCallum Craigie
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
 
privtechsomeassemb
privtechsomeassembprivtechsomeassemb
privtechsomeassembJonathan Alley
 
Intellectual Property Rights And The Internet
Intellectual Property Rights And The InternetIntellectual Property Rights And The Internet
Intellectual Property Rights And The InternetAdjem
 

Recommended

Bauer Heather Software Piracy
Bauer Heather Software PiracyBauer Heather Software Piracy
Bauer Heather Software PiracyHeather Bauer
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Final Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayFinal Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayCallum Craigie
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
 
privtechsomeassemb
privtechsomeassembprivtechsomeassemb
privtechsomeassembJonathan Alley
 
Intellectual Property Rights And The Internet
Intellectual Property Rights And The InternetIntellectual Property Rights And The Internet
Intellectual Property Rights And The InternetAdjem
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCentre for Strategic Cyberspace + Security Science
 
SEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Devang Barot - SEO2India
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
The Surveillance Project is Real
The Surveillance Project is RealThe Surveillance Project is Real
The Surveillance Project is RealChristos Beretas
 
R15 a0533 cf converted
R15 a0533 cf convertedR15 a0533 cf converted
R15 a0533 cf convertedlillian Kobusingye
 
Its report 050516
Its report 050516Its report 050516
Its report 050516subramanian K
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...Cellebrite
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesTushar B Kute
 
Social engineering
Social engineeringSocial engineering
Social engineeringBola Oduyale
 
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 20122011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 2012Symantec
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimesprincejhulan
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019ENC
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for LegislatorsKristin Judge
 
Cybercrime
CybercrimeCybercrime
CybercrimeMayank Garg
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
Casas susten
Casas sustenCasas susten
Casas sustenmelissa6857
 
Nimlok Brochure 2015 FINAL digital
Nimlok Brochure 2015 FINAL digitalNimlok Brochure 2015 FINAL digital
Nimlok Brochure 2015 FINAL digitalJames Rook
 

More Related Content

What's hot

U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
The Surveillance Project is Real
The Surveillance Project is RealThe Surveillance Project is Real
The Surveillance Project is RealChristos Beretas
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...Cellebrite
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesTushar B Kute
 
Social engineering
Social engineeringSocial engineering
Social engineeringBola Oduyale
 
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 20122011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 2012Symantec
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019ENC
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for LegislatorsKristin Judge
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 

What's hot (20)

U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
 
SEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Cyber crime
SEO2India - Cyber crime
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
 
The Surveillance Project is Real
The Surveillance Project is RealThe Surveillance Project is Real
The Surveillance Project is Real
 
R15 a0533 cf converted
R15 a0533 cf convertedR15 a0533 cf converted
R15 a0533 cf converted
 
Its report 050516
Its report 050516Its report 050516
Its report 050516
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical Challenges
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 20122011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
 
E0334035040
E0334035040E0334035040
E0334035040
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for Legislators
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 

Viewers also liked

Nimlok Brochure 2015 FINAL digital
Nimlok Brochure 2015 FINAL digitalNimlok Brochure 2015 FINAL digital
Nimlok Brochure 2015 FINAL digitalJames Rook
 
Penal 310316
Penal 310316Penal 310316
Penal 310316Ycd Daza
 
Automate All the Things with Grunt
Automate All the Things with GruntAutomate All the Things with Grunt
Automate All the Things with GruntSheelah Brennan
 
науково практична конференція
науково практична конференціянауково практична конференція
науково практична конференціяservisosvita
 
Chhattisgarh State Budget 2016 on Social Media
Chhattisgarh State Budget 2016 on Social MediaChhattisgarh State Budget 2016 on Social Media
Chhattisgarh State Budget 2016 on Social MediaAadeep Bhatia
 
Earth infrastructure complaints no more a concern now
Earth infrastructure complaints no more a concern nowEarth infrastructure complaints no more a concern now
Earth infrastructure complaints no more a concern nowEarth Infra
 
The cleverest
The cleverestThe cleverest
The cleverestzieni4ka
 
Reality against Earth Infrastructure Complaints
Reality against Earth Infrastructure ComplaintsReality against Earth Infrastructure Complaints
Reality against Earth Infrastructure ComplaintsEarth Infra
 
Артеменко В.Б. (ITEA-2011)
Артеменко В.Б. (ITEA-2011)Артеменко В.Б. (ITEA-2011)
Артеменко В.Б. (ITEA-2011)ITEA Conferences
 
Om0012 supply chain management
Om0012 supply chain managementOm0012 supply chain management
Om0012 supply chain managementconsult4solutions
 
Отчет о работе школьного лагеря
Отчет о работе школьного лагеряОтчет о работе школьного лагеря
Отчет о работе школьного лагеряblackcat
 
Raipur Sahitya Mahotsav Case Study and Report
Raipur Sahitya Mahotsav Case Study and ReportRaipur Sahitya Mahotsav Case Study and Report
Raipur Sahitya Mahotsav Case Study and ReportAadeep Bhatia
 
Bài giảng Lập trình cơ bản - truongkinhtethucpham.com
Bài giảng Lập trình cơ bản - truongkinhtethucpham.comBài giảng Lập trình cơ bản - truongkinhtethucpham.com
Bài giảng Lập trình cơ bản - truongkinhtethucpham.commai_non
 

Viewers also liked (20)

Casas susten
Casas sustenCasas susten
Casas susten
 
Nimlok Brochure 2015 FINAL digital
Nimlok Brochure 2015 FINAL digitalNimlok Brochure 2015 FINAL digital
Nimlok Brochure 2015 FINAL digital
 
Penal 310316
Penal 310316Penal 310316
Penal 310316
 
Automate All the Things with Grunt
Automate All the Things with GruntAutomate All the Things with Grunt
Automate All the Things with Grunt
 
науково практична конференція
науково практична конференціянауково практична конференція
науково практична конференція
 
Full essay
Full essayFull essay
Full essay
 
Agility in 2016
Agility in 2016Agility in 2016
Agility in 2016
 
Chhattisgarh State Budget 2016 on Social Media
Chhattisgarh State Budget 2016 on Social MediaChhattisgarh State Budget 2016 on Social Media
Chhattisgarh State Budget 2016 on Social Media
 
Feature toggling
Feature togglingFeature toggling
Feature toggling
 
Earth infrastructure complaints no more a concern now
Earth infrastructure complaints no more a concern nowEarth infrastructure complaints no more a concern now
Earth infrastructure complaints no more a concern now
 
The cleverest
The cleverestThe cleverest
The cleverest
 
Reality against Earth Infrastructure Complaints
Reality against Earth Infrastructure ComplaintsReality against Earth Infrastructure Complaints
Reality against Earth Infrastructure Complaints
 
Артеменко В.Б. (ITEA-2011)
Артеменко В.Б. (ITEA-2011)Артеменко В.Б. (ITEA-2011)
Артеменко В.Б. (ITEA-2011)
 
2014 oecd economic survey of canada
2014 oecd economic survey of canada2014 oecd economic survey of canada
2014 oecd economic survey of canada
 
Om0012 supply chain management
Om0012 supply chain managementOm0012 supply chain management
Om0012 supply chain management
 
Отчет о работе школьного лагеря
Отчет о работе школьного лагеряОтчет о работе школьного лагеря
Отчет о работе школьного лагеря
 
Raipur Sahitya Mahotsav Case Study and Report
Raipur Sahitya Mahotsav Case Study and ReportRaipur Sahitya Mahotsav Case Study and Report
Raipur Sahitya Mahotsav Case Study and Report
 
ADA 3 Slideshare
ADA 3 SlideshareADA 3 Slideshare
ADA 3 Slideshare
 
Professional Work
Professional WorkProfessional Work
Professional Work
 
Bài giảng Lập trình cơ bản - truongkinhtethucpham.com
Bài giảng Lập trình cơ bản - truongkinhtethucpham.comBài giảng Lập trình cơ bản - truongkinhtethucpham.com
Bài giảng Lập trình cơ bản - truongkinhtethucpham.com
 

Similar to Project_Paper_ISSC455_Intindolo

Kathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docx
Kathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docxKathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docx
Kathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docxtawnyataylor528
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxDigital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxwebb00704
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)JIEMS Akkalkuwa
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
Dungogan chap2 lab 1
Dungogan chap2 lab 1Dungogan chap2 lab 1
Dungogan chap2 lab 1ricky098
 
Zamayla chap2 lab 1
Zamayla chap2 lab 1Zamayla chap2 lab 1
Zamayla chap2 lab 1zamayla143
 
Cybercrime
CybercrimeCybercrime
Cybercrimepromit
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
10 Criminology in the FutureCriminology in the FutureKristop.docx
10 Criminology in the FutureCriminology in the FutureKristop.docx10 Criminology in the FutureCriminology in the FutureKristop.docx
10 Criminology in the FutureCriminology in the FutureKristop.docxhyacinthshackley2629
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationAIRCC Publishing Corporation
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationAIRCC Publishing Corporation
 
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONBEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONAIRCC Publishing Corporation
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptxAlAsad4
 

Similar to Project_Paper_ISSC455_Intindolo (20)

Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Kathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docx
Kathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docxKathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docx
Kathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docx
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxDigital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
Dungogan chap2 lab 1
Dungogan chap2 lab 1Dungogan chap2 lab 1
Dungogan chap2 lab 1
 
Zamayla chap2 lab 1
Zamayla chap2 lab 1Zamayla chap2 lab 1
Zamayla chap2 lab 1
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
10 Criminology in the FutureCriminology in the FutureKristop.docx
10 Criminology in the FutureCriminology in the FutureKristop.docx10 Criminology in the FutureCriminology in the FutureKristop.docx
10 Criminology in the FutureCriminology in the FutureKristop.docx
 
Forensics
ForensicsForensics
Forensics
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
 
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONBEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptx
 

More from John Intindolo

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloJohn Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloJohn Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloJohn Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloJohn Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloJohn Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloJohn Intindolo
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloJohn Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloJohn Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloJohn Intindolo
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloJohn Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloJohn Intindolo
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloJohn Intindolo
 
ISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloJohn Intindolo
 
ISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloJohn Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloJohn Intindolo
 

More from John Intindolo (17)

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_Intindolo
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_Intindolo
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
 
ISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloISSC490_Project_John_Intindolo
ISSC490_Project_John_Intindolo
 
ISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloISSC361_Project_John_Intindolo
ISSC361_Project_John_Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_Intindolo
 

Project_Paper_ISSC455_Intindolo

  • 1. Running head: COMPUTER FORENSICS 1 Computer Forensics John Intindolo October 17, 2014 ISSC455- Digital Forensics: Investigation Procedures and Response Professor Michael Lewis American Military University
  • 2. COMPUTER FORENSICS 2 Computer Forensics is vital to criminal cases now more than it has ever been in the past. In the past physical evidence was collected at a crime scene, but in today’s world where everything and everyone is reliant upon technology, digital evidence has become more prevalent even in a typical criminal case. For example, when the police arrive at the scene of a murder there may be digital evidence on the victim’s phone that may help to determine whom may been in recent contact with the victim, which could lead to solving the case. Therefore, due to the vital information that digital evidence can produce, computer forensics plays a role in any type of case. Throughout the course of this paper computer forensics will be discussed, as well as its history, future trends, the role of computer forensics investigators, the fundamental steps required during an investigation, common cyber-crimes, how to properly follow the chain of custody, a list of companies who are available for hire to perform a computer forensic investigation, and a list of tools that can be used to collect digital evidence. Once all of this has been an explained the reader will have a better understanding of why computer forensics plays a vital role in all kinds of criminal cases. Before getting into the different ways that computer forensics can be beneficial, what exactly is computer forensics? According to Welch, computer forensics can best be defined as the study of computer technology and its relation to the law (1997). A more thorough definition would be that computer forensics can be described as the investigation and analysis of evidence via the use of computer techniques and tools during a criminal case so that the evidence may be admissible in a court of law. The most important thing to consider when dealing with computer forensics is that the evidence gathered and analyzed must be preserved (by following the chain of custody throughout the entire process) in order to be used in court. Without preservation of the evidence and the following of the chain of custody all of the hard work put into collecting and analyzing the evidence will be for naught.
  • 3. COMPUTER FORENSICS 3 So now that the definition of computer forensics is understood, the next issue is to determine the importance or benefits that computer forensics provides. Computer forensics provides many benefits to an organization due to the remarkable upsurge in the amount of cyber-crimes and litigations that large organizations often encounter since computer systems and networks have become so heavily depended on. Some of those benefits include the following: the assurance that an organization’s computer systems and/or networks maintain their integrity, helps to collect pertinent data (in the event of an organization’s computer systems and/or networks being breached) that was destroyed or deleted by the accused and can be used to prosecute, provides the ability to search and analyze large amounts of data both quickly and efficiently which will save an organization both time and money, and to help catch criminals responsible for heinous acts such as child pornography and identity theft (“Advantages and,” 2009). As explained previously, one of the benefits of using computer forensics is to collect valuable data that can be used to prove guilt of someone when an incident has occurred. This does not always need to be used to prosecute in a court of law, in fact in some cases an organization may just use computer forensics to prove the guilt of an employee who has committed a crime. Rather than go through lengthy and oftentimes expensive litigation, the company will simply use the information provided from the computer forensic investigation to terminate the workers employment. For example, when a CEO of a small San Diego publishing company began receiving threatening e-mails and figured someone from inside the company’s IT department was involved he hired a computer forensics expert to investigate. The man hired was Peter Garza the founder of EvidentData and after finding a google search performed by an IT employee using the name of the spyware and the world “legal” which took them to the spyware’s legal disclaimer and proved that the employee knew what they were doing was wrong but proceeded anyway (Zimmerman, 2006, p. 56).
  • 4. COMPUTER FORENSICS 4 Once this information was brought forth the CEO chose to simply fire the employ rather than proceed to take it to court. Now that the computer forensics has been defined as well as the benefits of using computer forensics explained, the next logical step is to clarify the need for a computer forensic investigator. Computer forensic investigators are specially trained professionals in the art of retrieving data from computers and other storage devices that work with private firms or law enforcement agencies such as the FBI. These highly specialized computer experts have an extensive working understanding of all facets of computers including hard drives and encryption. The need is also compounded by the amount of attacks that take place from inside the organization. According to Vericept Corp., 54 percent of organizations estimate that insiders are responsible for more than half of all internal security breaches (Bavisi, 2006, p. 37). Having a computer forensic investigator will likely keep many of those “insiders” from going through with an attack, because they know that they could easily get caught. As previously mentioned the world today is one that is driven by technology, which shows the need for computer forensic investigators is in high demand in both the public and private sectors. The job responsibilities of a computer forensic investigator starts with being extremely familiar with all facets of computers as mentioned above, but there are many other responsibilities they must meet as well. The main responsibility of an investigator is to recover, analyze, and preserve all digital evidence in such a way that it can be used as evidence in a court of law. Furthermore, it is the investigator’s responsibility to collect the evidence quickly, convey a rough calculation of the damage that the incident has had on the victim, to determine the reason the attacker chose to go through with the
  • 5. COMPUTER FORENSICS 5 act, and also to discover the identity of the attacker. So how does one become a computer forensic investigator? Becoming a computer forensic investigator is not something that happens overnight and requires a lot of commitment. A bachelor’s degree in computer science, information systems security, criminal justice, or another related discipline is just the start. Computer experience as explained previously must constitute all aspects of computers, and law enforcement experience while not required is also something that will certainly help. Some things that are necessary are computer security and investigation certifications such as EnCase Certified Examiner or EnCE, Certified Information Systems Security Professional or CISSP, Certified Information Systems Auditor or CISA, and Security Essentials Certification known as GSEC (“How to become,” 2014). With the issue of computer forensics and the details of what it takes to become a computer forensic investigator out of the way, the next area of focus is the crimes that these people are out to fight against, cyber-crimes. What are cyber-crimes? Cyber-crimes are crimes that are committed on the Internet, and take advantage of the accessibility, anonymity, and speed of the Internet to commit. The accessibility factor simply means that it is rather convenient for criminals to perform a crime on the Internet because they can commit a crime from half way across the globe via the Internet. The anonymity refers to the fact that someone can commit a crime on the Internet without their identity being known by masking their IP address for instance. Lastly, is the criminal’s use of high-speed Internet to commit their crimes and get away before authorities have the chance to catch them. There are many different examples of computer crimes including but not limited to hacking, the spreading of viruses, Trojans, and worms, identity theft, credit card fraud, Denial-of-Service attacks, software and copyright piracy, and child pornography. All of these examples are cyber-crimes, but their
  • 6. COMPUTER FORENSICS 6 severity varies. For example, there is a huge difference between someone committing copyright piracy by downloading their favorite band’s latest album and a child predator downloading pictures and videos of child pornography. Both cyber-crimes are readily occurring on a daily basis on the Internet, with the latter growing so fast that it has an estimated revenue of $3 billion (Pulido, 2013). When speaking of cyber-crimes such as hacking, the spreading of viruses, Trojan, and worms, DoS attacks, and identity theft there are areas of weakness or vulnerability on a computer system or network that can make the attackers’ job much easier. One such vulnerability that exists is through social engineering. This is when an attacker attempts to trick someone within an organization into revealing (to some degree) or distributing information unknowingly that could disclose private information to the attacker. Some other forms of vulnerabilities that are used to exploit computer systems and networks are unencrypted mail servers, improperly configured firewalls, unpatched software, and weak password management. The important thing to remember is that the organization’s network does not have to be the most secure; it only has to be more secure than others nearby. If good security measures are practiced such as closing open ports, keeping all software updated and patched, encrypting mail servers, practicing the principle of least privileges (where workers are only granted privileges to complete their job duties), and enforcing strong password management then an attacker may look for a weaker target. This is no different than in the wild where a lion will look for a buffalo that is weaker than the rest and falls behind the herd before attacking. The next topic of discussion when dealing with computer forensics is the forensic investigation process. There are a set of fundamental steps that take place in every forensic investigation and they are as follows: first a computer crime must be suspected of being committed, preliminary evidence such as
  • 7. COMPUTER FORENSICS 7 marking the scene and photographing the scene should be collected, a warrant if necessary must be obtained, first responder procedures are to be performed, evidence is seized securely (in evidence bags), the evidence is then transported to the forensic lab, a working copy of the evidence is created (because the original evidence is never worked off of), an MD5 checksum of any images is performed (to verify their integrity), a chain of custody document is prepared (and any break in this chain could cause the evidence to be thrown out of court), the original evidence is safe and secure from being tampered with, the image copy is used to analyze for evidence, a forensic report is created (to describe every facet of the forensic investigation and the tools used as well), the report is delivered to the client, and if deemed necessary the investigator may testify as an expert witness in court (“Computer Forensics, 2010, p. 1-17). Each of these steps plays an integral role in the investigation process. The reason that an exact image of the original evidence is created is so that the contents of the original are not altered or changed in any way. Sometimes even the lightest change could cause the entire drive to be lost, so it is extremely vital to only work off of the copy of the original evidence. If the original evidence is lost or damaged there is no way that it can be used in court. The chain of custody refers to making sure that every single piece of potential evidence is accounted for at all times from the beginning of the investigation all the way to the end when it is presented to the court. Any time that someone needs to take the evidence for any reason out of the forensic lab it must be documented stating who took it out as well as the date, and the same goes for documenting the evidence being returned. If at any time the evidence is unaccounted for it will be deemed inadmissible because there is no way to validate its integrity or that anyone altered it in some way. So where can this evidence be extracted from? Digital evidence can be found in many places such as computers, laptops, tablets, smart phones, portable hard drives, SIM cards, USB memory sticks, and any other portable
  • 8. COMPUTER FORENSICS 8 storage devices. Many times the accused will believe that they have deleted the illegal or incriminating data because they emptied their recycle bin, but that does not completely eliminate the data. Instead investigators are able to use forensic tools to retrieve that so-called “deleted” data and use it against the accused. There are many different types of computer forensic tools used by a computer forensic investigator, but some of the simpler tools used prior to extracting evidence include the following: storage bags (wireless and passport), remote chargers, write-block devices, cables, and SIM card readers. Wireless storage bags not only house wireless devices, but they are made of a certain fabric that does not allow any wireless signals to get through. This ensures that someone cannot send out a wireless signal to damage the evidence. Passport bags are used to hold RFID chips and ensure that no one can read the data on them while in the passport bag. Having different chargers for different model laptops and smartphones allows the investigator to extract evidence from a laptop or phone that may have a dead battery. As for write-block devices, they are used as the name suggests, to block anyone from changing or deleting data during an investigation. In addition to the tools named above there are also software tools that are used to assist the investigator throughout the investigation process. Some of the tools used by forensic experts include X- Ways Forensics, SANS Investigative Forensics Toolkit (SIFT), EnCase, Registry Recon, the Sleuth Kit, Volatility. X-Ways Forensics is an all-encompassing tool for forensics investigators that can perform disk imaging and cloning and recover data amongst other things. SIFT is a multi-purpose forensic OS that has all the required tools for a computer forensic investigation. EnCase is another and one of the most popular of all multi-purpose forensic platforms. Registry Recon is used for analyzing the registry, the Sleuth Kit is used for such things as analyzing disk images and carrying out a comprehensive
  • 9. COMPUTER FORENSICS 9 analysis of file systems, and Volatility is used for incident response and malware analysis (“21 popular,” 2012). So with a wide variety of forensic tools that server a multitude of purposes, what kind of companies are available for hire to perform computer forensic investigations? There are many different forensic companies that would be happy to help out an organization with any issues relating to computer forensics. For the purposes of this paper however, only three will be discussed and they are Forensicon, Cyber Investigation Service, and Kroll. Forensicon is a Chicago based forensic company that serves all types of clients ranging from law firms to industrial equipment corporations all the way to healthcare agencies, and are very familiar with many different types of cases including those that involve: digital trade secret theft, digital fraud and white collar cyber-crime, internet investigations, computer forensics expert witness testimony, etc. (“Forensicon,” 2014). Cyber Investigation Services are a forensic company that has been seen on popular television outlets such as FOX News and NBC, and they provide nationwide forensic coverage of forensic services. The most common cases they deal with as the leader in cyber & internet attack defense involves reputation concerns, anti-hacking forensics, and anti-stalking (“Cyber investigation,” 2014). The third forensic company outlined here is Kroll. Kroll is a company that does more than just handle cases involving computer forensics. Besides computer forensics Kroll also has a cyber security division, a data breach and incident response division, and a data breach notification and remediation division. The computer forensics division is known as cyber crime investigation and offers a wide-range of insvestigative solutions such as evidence collection, data analysis, or fraud and internal investigations (“Kroll: Cyber crime,” 2011). So where did computer forensics originate?
  • 10. COMPUTER FORENSICS 10 Computer forensics history can be traced back all the way back to the 1970’s when military investigators began finding instances of computer-related activity or cyber-crimes, and were looking for a more comprehensive technique to solve these new technical type of crimes (“Computer forensics,” 2011). Once government personnel who were in charge of protecting confidential and secret information saw the complexity of these cyber-crimes, they decided to perform forensic investigations into these security breaches. From there they came up with measures to prevent the security breaches from reoccurring. It was from that point on that the fields of information security and computer forensics began to interweave, and it would eventually come to what is seen today. Knowing where computer forensics originated and where it stands today, what does the future hold for computer forensics? That is an interesting question because it is so heavily relied upon now more than ever before. As the technology has advanced in hardware such as data device storage it has taken longer for investigators to analyze data. The reason for this is because data storage devices that hold more data means that there is more information to be sorted through and examined. This makes the investigation process take longer and should continue to do so as more storage is available in the future. Another trend that should continue into the future is the use of computer forensic tools that should only get better and faster with advancements in technology. That means that as the technology of computer forensic tools advances (meaning faster tools) then it will make analysis faster, and at the least should compensate for the growth in the size of data storage devices. Additionally, another trend in the future that should continue to grow is the amount of people figuring out new ways to crack the latest security practices. Hackers are always one step ahead of those securing and protecting the data, because if it were not for them finding out new ways to break down security measures who would then look for new ways to mitigate vulnerabilities?
  • 11. COMPUTER FORENSICS 11 In conclusion, it is clear to see that with how heavily reliant people and businesses have become in this day and age with computer technology, the value that computer forensics plays in any criminal case. No matter if it is a murder case, identity theft, the trading of child pornography or even a less heinous crime such as illegally downloading an mp3 file off the Internet, the common denominator in each of these types of crimes is that computer forensics can play an integral role in prosecuting the accused. Since following the chain of custody is vital to the validity of the evidence presented, it is important that everything that may potentially be used as evidence be properly documented. Without properly following the chain of custody the evidence gathered will be inadmissible in a court of law, and could also seriously damage the investigator’s reputation.
  • 12. COMPUTER FORENSICS 12 References 21 popular computer forensics tools. (2012). Retrieved from http://resources.infosecinstitute.com/computer-forensics-tools/ Advantages and disadvantages of computer forensics. (2009). Retrieved from http://www.anushreepatil.myewebsite.com/articles/advantages-and-disadvantages-of-computer- forensics.html Bavisi, J. (2006). Computer Hacking Forensics Investigators: Reducing Security Breaches. Certification Magazine, 8(3), 36-37. Computer forensics history. (2011). Retrieved from http://www.computerforensicstraining101.com/history.html Computer Forensics: Investigation Procedures and Response. (2010). Published by: Cengage Learning. ISBN: 1-4354-8349-7 Cyber investigation services. (2014). Retrieved from http://sales.cyberinvestigationservices.com/cyber-investigations-page/?utm_term=+cyber +investigation&gclid=CjwKEAjwwo2iBRCurdSQy9y8xWcSJABrrLiS- j6dp7GnJG77DIQjRTo9-wItRJGdWJpn7S71q7e7kRoCSiPw_wcB Forensicon. (2014). Retrieved from http://www.forensicon.com/ How to become a computer forensics investigator. (2014). Retrieved from http://www.degreetree.com/resources/how-to-become-a-computer-forensics-investigator Kroll: Cyber crime investigation. (2011). Retrieved from http://www.krollcybersecurity.com/computer-forensics/cyber-crime-investigation/
  • 13. COMPUTER FORENSICS 13 References Cont’d. Pulido, M. L. (2013). Child pornography: Basic facts about a horrific crime. Retrieved from http://www.huffingtonpost.com/mary-l-pulido-phd/child-pornography-basic-f_b_4094430.html Welch, T. (1997). Computer crime investigation and computer forensics. Information Systems Security, 6(2), 56. Zimmerman, E. (2006). Digital Detectives. FSB: Fortune Small Business, 16(2/3), 55-57.