The document discusses computer forensics and its importance in criminal investigations. Computer forensics plays a vital role due to the prevalence of digital evidence even in typical criminal cases. The summary provides an overview of computer forensics, including its definition, benefits, the role of computer forensic investigators, common cybercrimes, and the forensic investigation process.
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
Slides from the 2014 GRC Conference Presented by:
Jeff Spivey, CRISC, CPP
Vice President of Strategy, RiskIQ, Inc.
President, Security Risk Management, Inc
Adair Barton, CPA, CISA
Vice President of Internal Audit
Dycom Industries, Inc.
and
David A. Less, CISA, CISM
CIO & SVP
Sunteck, Inc.
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
Slides from the 2014 GRC Conference Presented by:
Jeff Spivey, CRISC, CPP
Vice President of Strategy, RiskIQ, Inc.
President, Security Risk Management, Inc
Adair Barton, CPA, CISA
Vice President of Internal Audit
Dycom Industries, Inc.
and
David A. Less, CISA, CISM
CIO & SVP
Sunteck, Inc.
Contact
CSCSS / Centre for Strategic Cyberspace + Security Science
Washington D.C + 571.451.0312
London, United Kingdom +44 2035141784
Australia +61 2 8003 7553
North America +877.436.6746
Middle East + 855.237.8767
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
Computer forensic is the current emerging and the future of the digital world. Computer forensics is the upcoming technology for the crime scene investigation and for the data assessment data discovery and data maintained and data recovery process. Computer forensics can also be used in the retaining the computer technology without major effect to the physical parts of the computer. As the use of technology is increasing day by day and the use of computers to reduce the human efforts and to maximize the efficiency and outcome and also to increase the accessibility of the resources has led others to the misuse of technology. As the technology is increasing the threat to the cyber security and data is also increasing. To reduce the threat for cyber security and to increase the reliability on data and information throughout the network, computer forensics is used as a tool and method to analyse and to reduce the cyber threat to the data and affiliated system on network.
With UFED Physical Analyzer, investigative team helps prove a case for capita...Cellebrite
How a forensic examination team determined the true source of incriminating text and social media messages, in spite of severely damaged mobile devices.
The presentation of 'Management Information System' subject of TEIT under 'University of Pune' INDIA. Author and Teacher: Tushar B Kute
http://www.tusharkute.com
tbkute@gmail.com
2011 Annual Study - U.S. Cost of a Data Breach - March 2012Symantec
Symantec’s 2011 Annual Study: U.S. Cost of a Data Breach reveals negligent insiders are the top cause of data breaches while malicious attacks are 25 percent more costly than other types. The study also found organizations which employ a chief information security officer (CISO) with enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record. The seventh annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 49 U.S. companies from 14 different industry sectors.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Learn about key trends facing the mobile forensics industry this year, including growing device and data backlogs, cloud-based data, and how to manage large quantities of data from multiple disparate sources.
Mental Health and Crime
A PIL in the Supreme Court raises some complex questions, including how can culpability be assessed for sentencing those with mental illnesses By Professor Upendra Baxi
Contact
CSCSS / Centre for Strategic Cyberspace + Security Science
Washington D.C + 571.451.0312
London, United Kingdom +44 2035141784
Australia +61 2 8003 7553
North America +877.436.6746
Middle East + 855.237.8767
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
Computer forensic is the current emerging and the future of the digital world. Computer forensics is the upcoming technology for the crime scene investigation and for the data assessment data discovery and data maintained and data recovery process. Computer forensics can also be used in the retaining the computer technology without major effect to the physical parts of the computer. As the use of technology is increasing day by day and the use of computers to reduce the human efforts and to maximize the efficiency and outcome and also to increase the accessibility of the resources has led others to the misuse of technology. As the technology is increasing the threat to the cyber security and data is also increasing. To reduce the threat for cyber security and to increase the reliability on data and information throughout the network, computer forensics is used as a tool and method to analyse and to reduce the cyber threat to the data and affiliated system on network.
With UFED Physical Analyzer, investigative team helps prove a case for capita...Cellebrite
How a forensic examination team determined the true source of incriminating text and social media messages, in spite of severely damaged mobile devices.
The presentation of 'Management Information System' subject of TEIT under 'University of Pune' INDIA. Author and Teacher: Tushar B Kute
http://www.tusharkute.com
tbkute@gmail.com
2011 Annual Study - U.S. Cost of a Data Breach - March 2012Symantec
Symantec’s 2011 Annual Study: U.S. Cost of a Data Breach reveals negligent insiders are the top cause of data breaches while malicious attacks are 25 percent more costly than other types. The study also found organizations which employ a chief information security officer (CISO) with enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record. The seventh annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 49 U.S. companies from 14 different industry sectors.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Learn about key trends facing the mobile forensics industry this year, including growing device and data backlogs, cloud-based data, and how to manage large quantities of data from multiple disparate sources.
Mental Health and Crime
A PIL in the Supreme Court raises some complex questions, including how can culpability be assessed for sentencing those with mental illnesses By Professor Upendra Baxi
Feature toggling is a multi-purpose technique for easily turning features on and off. I will describe the concept, different types of feature toggles, some best practices, and give some examples of how Visma currently uses feature toggling.
Earth infrastructure complaints no more a concern nowEarth Infra
Earth Elacasa is one of the best projects of Earth Infrastructures Limited offering 3 & 4 BHK apartments, Located in Sector- 107 Gurgaon. This project is a rare combination of luxury living with amazing features.
Read More
https://medium.com/@earthinfrastructuresltd
Reality against Earth Infrastructure ComplaintsEarth Infra
Elacasa is located in Sector-107 Gurgaon, on the edge of Dwarka Expressway, offering 3 & 4 BHK apartments. Earth Infrastructure is doing well to complete and deliver projects to buyers as soon as possible.
Read More
http://noidabuilders.blogspot.in
Bài giảng Lập trình cơ bản - truongkinhtethucpham.commai_non
Tài liệu này trình bày tổng quan về ngôn ngữ lập trình C - ngôn ngữ lập trình cơ bản mà hầu như những ai học về công nghệ thông tin cũng cần phải biết đến nó.
Kathryn E. ScarboroughEastern Kentucky UniversityMarc Ro.docxtawnyataylor528
Kathryn E. Scarborough
Eastern Kentucky University
Marc Rogers
Purdue University
Kelli Frakes
Eastern Kentucky University
Cristina San Martin
Purdue University
KKaatthhrryynn EE.. SSccaarrbboorroouugghh, PPhh..DD.., professor at the Department of Safety, Security, and Emergency
Management at Eastern Kentucky University, earned her Ph.D. in criminal justice from Sam Houston State
University. She also has an MA in applied sociology with a certificate in women’s studies from Old
Dominion and Norfolk State Universities, and a BS in criminal justice from the University of Southern
Mississippi. Prior to her teaching at Eastern Kentucky University, she was a police officer in Portsmouth,
Virginia, a United States Navy Hospital Corpsman/Emergency Medical Technician, and a chemical depen-
dency technician. In addition to her faculty role, Dr. Scarborough is Director for Research, Evaluation and
Testing for the Justice and Safety Center. Her current teaching and research interests include criminal
investigation, law enforcement technology, cyber crime and security, and police administration.
In her role as director for research, testing and evaluation, she has oversight of more than
70 projects funded by the Department of Homeland Security, the National Institute of Justice/Office of
Science and Technology, the State of Kentucky, and the Department of Defense. She also serves as project
director or codirector of the following projects: National Study on Criminal Investigation, the Digital
Evidence Assessment of Local and State Law Enforcement Organizations, the Rural Cyber Crime
Response and Prevention Team project, Cyber PAAL, and the ASIS International Security Trends project.
MMaarrcc RRooggeerrss,, PPhh..DD.., CISSP, CCCI, is the Chair of the Cyber Forensics Program in the Department of
Computer and Information Technology at Purdue University. He is an associate professor and also a
research faculty member at the Center for Education and Research in Information Assurance and
Security (CERIAS). Dr. Rogers was a senior instructor for (ISC)2, the international body that certifies
information system security professionals (CISSP), is a member of the quality assurance board for
(ISC)2’s SCCP designation, and is Chair of the Law, Compliance and Investigation Domain of interna-
tional Common Body of Knowledge (CBK) committee. He is a former police detective who worked in
the area of fraud and computer crime investigations. Dr. Rogers sits on the editorial board for several
professional journals and is a member of various national and international committees focusing on dig-
ital forensic science and digital evidence. He is the author of numerous book chapters, and journal pub-
lications in the field of digital forensics and applied psychological analysis. His research interests
include applied cyber forensics, psychological digital crime scene analysis, and cyber terrorism.
Chapter 24
Digital Evidence
477
M24_SCHM8860_01_SE_C24.QXD 2/4/08 ...
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxwebb00704
Have you ever stopped to consider the trail of breadcrumbs you leave behind every time you browse the internet? From social media posts to online purchases, your digital footprint is expanding with each click. But what if I told you that this seemingly harmless virtual path holds immense significance in solving online crime cases? In an era where cybercriminals are growing more sophisticated by the day, understanding the importance of digital footprints has become crucial for law enforcement agencies and individuals alike. Get ready to dive into a world where every keystroke could be a potential clue in unraveling complex web-based crimes.
10 Criminology in the FutureCriminology in the FutureKristop.docxhyacinthshackley2629
10 Criminology in the Future
Criminology in the Future
Kristopher Freitag, Javielle Watson, Michael Westphal, Starcia Zeigler
CJA/314
April 7, 2014
Judy Mazzucca
Technology is advancing in every aspect of the criminal justice system, from the investigation to the prosecution of the crimes. Crime fighting methodologies have the potential to greatly assist law enforcement in the war on crime. Some experts even think that some software and tools will be able to help prevent crime. (Yeung, n.d.). Methodologies, such as mandating DNA collection programs, biometrics, and implementing cybercrime spyware programs are on the list of the next big things of the future, when it comes to fighting crime. DNA testing helps law enforcement investigate and prosecute crimes, as well as clear the names of those who have been wrongfully convicted. There are currently about twenty states with laws requiring DNA collection at the time of the person’s arrest. The federal government also has this requirement. As, with any controversial subject, DNA testing has its critics. Some are saying that DNA testing is in violation of the Fourth Amendment, especially for those who have not been convicted of a crime. Others are concerned that DNA testing may open the doors for abuse of the genetic information being stored in the databases. (Berson, n.d.). Biometrics are automated methods of recognizing a person based on physiological or behavioral characteristics. Some of the features measured using biometrics are handwriting, voice, iris, hand geometry, vein, retinal, and fingerprints. Biometric based solutions provide personal data privacy, and confidential financial transactions, and are starting to become the foundation of an extensive array of highly secure identification and personal verification solutions. The need for highly secure identification and personal verification technologies is great, due to the increased number of transaction fraud and security breaches. This need is especially great in the areas of local, state, and federal governments. Infrastructures such as electronic banking, health and social services, law enforcement, and retail sales are already taking advantage of, and seeing the benefits of biometric technology. ("The Biometrics Consortium", n.d.).
As we become more and more dependent on technology, the increase of cybercrimes are skyrocketing, which has forced law enforcement to figure out ways of combatting cybercrimes. We have become extremely vulnerable to many cybercrimes, including social media fraud, which consists of cyber criminals using social media to steal the identities of unsuspecting people; and luring people to download malicious materials, or reveal their passwords; corporate security breaches, which consists of cyber criminals exploiting company employees via scams; and phishing, which involves cyber criminals targeting company employees by sending emails that appear to be from someone within the company. ("Homeland .
Globalization has made the use of computer to grow drastically over the years. More people from different parts of the world are coming closer to one another through computers. The World Wide Web has enabled this phenomenon to be possible, but also, it has led to the emergence of cyber crimes. Although law enforcement agencies have come up with security policies, the number of crimes related to computer theft and hacking is still alarming
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
1. Running head: COMPUTER FORENSICS 1
Computer Forensics
John Intindolo
October 17, 2014
ISSC455- Digital Forensics: Investigation Procedures and Response
Professor Michael Lewis
American Military University
2. COMPUTER FORENSICS 2
Computer Forensics is vital to criminal cases now more than it has ever been in the past. In the
past physical evidence was collected at a crime scene, but in today’s world where everything and
everyone is reliant upon technology, digital evidence has become more prevalent even in a typical
criminal case. For example, when the police arrive at the scene of a murder there may be digital
evidence on the victim’s phone that may help to determine whom may been in recent contact with the
victim, which could lead to solving the case. Therefore, due to the vital information that digital evidence
can produce, computer forensics plays a role in any type of case.
Throughout the course of this paper computer forensics will be discussed, as well as its history,
future trends, the role of computer forensics investigators, the fundamental steps required during an
investigation, common cyber-crimes, how to properly follow the chain of custody, a list of companies
who are available for hire to perform a computer forensic investigation, and a list of tools that can be
used to collect digital evidence. Once all of this has been an explained the reader will have a better
understanding of why computer forensics plays a vital role in all kinds of criminal cases.
Before getting into the different ways that computer forensics can be beneficial, what exactly is
computer forensics? According to Welch, computer forensics can best be defined as the study of
computer technology and its relation to the law (1997). A more thorough definition would be that
computer forensics can be described as the investigation and analysis of evidence via the use of
computer techniques and tools during a criminal case so that the evidence may be admissible in a court
of law. The most important thing to consider when dealing with computer forensics is that the evidence
gathered and analyzed must be preserved (by following the chain of custody throughout the entire
process) in order to be used in court. Without preservation of the evidence and the following of the
chain of custody all of the hard work put into collecting and analyzing the evidence will be for naught.
3. COMPUTER FORENSICS 3
So now that the definition of computer forensics is understood, the next issue is to determine the
importance or benefits that computer forensics provides. Computer forensics provides many benefits to
an organization due to the remarkable upsurge in the amount of cyber-crimes and litigations that large
organizations often encounter since computer systems and networks have become so heavily depended
on. Some of those benefits include the following: the assurance that an organization’s computer systems
and/or networks maintain their integrity, helps to collect pertinent data (in the event of an organization’s
computer systems and/or networks being breached) that was destroyed or deleted by the accused and
can be used to prosecute, provides the ability to search and analyze large amounts of data both quickly
and efficiently which will save an organization both time and money, and to help catch criminals
responsible for heinous acts such as child pornography and identity theft (“Advantages and,” 2009).
As explained previously, one of the benefits of using computer forensics is to collect valuable
data that can be used to prove guilt of someone when an incident has occurred. This does not always
need to be used to prosecute in a court of law, in fact in some cases an organization may just use
computer forensics to prove the guilt of an employee who has committed a crime. Rather than go
through lengthy and oftentimes expensive litigation, the company will simply use the information provided
from the computer forensic investigation to terminate the workers employment.
For example, when a CEO of a small San Diego publishing company began receiving
threatening e-mails and figured someone from inside the company’s IT department was involved he
hired a computer forensics expert to investigate. The man hired was Peter Garza the founder of
EvidentData and after finding a google search performed by an IT employee using the name of the
spyware and the world “legal” which took them to the spyware’s legal disclaimer and proved that the
employee knew what they were doing was wrong but proceeded anyway (Zimmerman, 2006, p. 56).
4. COMPUTER FORENSICS 4
Once this information was brought forth the CEO chose to simply fire the employ rather than proceed to
take it to court.
Now that the computer forensics has been defined as well as the benefits of using computer
forensics explained, the next logical step is to clarify the need for a computer forensic investigator.
Computer forensic investigators are specially trained professionals in the art of retrieving data from
computers and other storage devices that work with private firms or law enforcement agencies such as
the FBI. These highly specialized computer experts have an extensive working understanding of all
facets of computers including hard drives and encryption. The need is also compounded by the amount
of attacks that take place from inside the organization.
According to Vericept Corp., 54 percent of organizations estimate that insiders are responsible
for more than half of all internal security breaches (Bavisi, 2006, p. 37). Having a computer forensic
investigator will likely keep many of those “insiders” from going through with an attack, because they
know that they could easily get caught. As previously mentioned the world today is one that is driven by
technology, which shows the need for computer forensic investigators is in high demand in both the
public and private sectors.
The job responsibilities of a computer forensic investigator starts with being extremely familiar
with all facets of computers as mentioned above, but there are many other responsibilities they must
meet as well. The main responsibility of an investigator is to recover, analyze, and preserve all digital
evidence in such a way that it can be used as evidence in a court of law. Furthermore, it is the
investigator’s responsibility to collect the evidence quickly, convey a rough calculation of the damage
that the incident has had on the victim, to determine the reason the attacker chose to go through with the
5. COMPUTER FORENSICS 5
act, and also to discover the identity of the attacker. So how does one become a computer forensic
investigator?
Becoming a computer forensic investigator is not something that happens overnight and requires
a lot of commitment. A bachelor’s degree in computer science, information systems security, criminal
justice, or another related discipline is just the start. Computer experience as explained previously must
constitute all aspects of computers, and law enforcement experience while not required is also
something that will certainly help. Some things that are necessary are computer security and investigation
certifications such as EnCase Certified Examiner or EnCE, Certified Information Systems Security
Professional or CISSP, Certified Information Systems Auditor or CISA, and Security Essentials
Certification known as GSEC (“How to become,” 2014).
With the issue of computer forensics and the details of what it takes to become a computer
forensic investigator out of the way, the next area of focus is the crimes that these people are out to fight
against, cyber-crimes. What are cyber-crimes? Cyber-crimes are crimes that are committed on the
Internet, and take advantage of the accessibility, anonymity, and speed of the Internet to commit. The
accessibility factor simply means that it is rather convenient for criminals to perform a crime on the
Internet because they can commit a crime from half way across the globe via the Internet. The
anonymity refers to the fact that someone can commit a crime on the Internet without their identity being
known by masking their IP address for instance. Lastly, is the criminal’s use of high-speed Internet to
commit their crimes and get away before authorities have the chance to catch them.
There are many different examples of computer crimes including but not limited to hacking, the
spreading of viruses, Trojans, and worms, identity theft, credit card fraud, Denial-of-Service attacks,
software and copyright piracy, and child pornography. All of these examples are cyber-crimes, but their
6. COMPUTER FORENSICS 6
severity varies. For example, there is a huge difference between someone committing copyright piracy
by downloading their favorite band’s latest album and a child predator downloading pictures and videos
of child pornography. Both cyber-crimes are readily occurring on a daily basis on the Internet, with the
latter growing so fast that it has an estimated revenue of $3 billion (Pulido, 2013).
When speaking of cyber-crimes such as hacking, the spreading of viruses, Trojan, and worms,
DoS attacks, and identity theft there are areas of weakness or vulnerability on a computer system or
network that can make the attackers’ job much easier. One such vulnerability that exists is through
social engineering. This is when an attacker attempts to trick someone within an organization into
revealing (to some degree) or distributing information unknowingly that could disclose private
information to the attacker. Some other forms of vulnerabilities that are used to exploit computer
systems and networks are unencrypted mail servers, improperly configured firewalls, unpatched
software, and weak password management.
The important thing to remember is that the organization’s network does not have to be the
most secure; it only has to be more secure than others nearby. If good security measures are practiced
such as closing open ports, keeping all software updated and patched, encrypting mail servers,
practicing the principle of least privileges (where workers are only granted privileges to complete their
job duties), and enforcing strong password management then an attacker may look for a weaker target.
This is no different than in the wild where a lion will look for a buffalo that is weaker than the rest and
falls behind the herd before attacking.
The next topic of discussion when dealing with computer forensics is the forensic investigation
process. There are a set of fundamental steps that take place in every forensic investigation and they are
as follows: first a computer crime must be suspected of being committed, preliminary evidence such as
7. COMPUTER FORENSICS 7
marking the scene and photographing the scene should be collected, a warrant if necessary must be
obtained, first responder procedures are to be performed, evidence is seized securely (in evidence
bags), the evidence is then transported to the forensic lab, a working copy of the evidence is created
(because the original evidence is never worked off of), an MD5 checksum of any images is performed
(to verify their integrity), a chain of custody document is prepared (and any break in this chain could
cause the evidence to be thrown out of court), the original evidence is safe and secure from being
tampered with, the image copy is used to analyze for evidence, a forensic report is created (to describe
every facet of the forensic investigation and the tools used as well), the report is delivered to the client,
and if deemed necessary the investigator may testify as an expert witness in court (“Computer
Forensics, 2010, p. 1-17). Each of these steps plays an integral role in the investigation process.
The reason that an exact image of the original evidence is created is so that the contents of the
original are not altered or changed in any way. Sometimes even the lightest change could cause the
entire drive to be lost, so it is extremely vital to only work off of the copy of the original evidence. If the
original evidence is lost or damaged there is no way that it can be used in court. The chain of custody
refers to making sure that every single piece of potential evidence is accounted for at all times from the
beginning of the investigation all the way to the end when it is presented to the court.
Any time that someone needs to take the evidence for any reason out of the forensic lab it must
be documented stating who took it out as well as the date, and the same goes for documenting the
evidence being returned. If at any time the evidence is unaccounted for it will be deemed inadmissible
because there is no way to validate its integrity or that anyone altered it in some way. So where can this
evidence be extracted from? Digital evidence can be found in many places such as computers, laptops,
tablets, smart phones, portable hard drives, SIM cards, USB memory sticks, and any other portable
8. COMPUTER FORENSICS 8
storage devices. Many times the accused will believe that they have deleted the illegal or incriminating
data because they emptied their recycle bin, but that does not completely eliminate the data. Instead
investigators are able to use forensic tools to retrieve that so-called “deleted” data and use it against the
accused.
There are many different types of computer forensic tools used by a computer forensic
investigator, but some of the simpler tools used prior to extracting evidence include the following:
storage bags (wireless and passport), remote chargers, write-block devices, cables, and SIM card
readers. Wireless storage bags not only house wireless devices, but they are made of a certain fabric
that does not allow any wireless signals to get through. This ensures that someone cannot send out a
wireless signal to damage the evidence. Passport bags are used to hold RFID chips and ensure that no
one can read the data on them while in the passport bag. Having different chargers for different model
laptops and smartphones allows the investigator to extract evidence from a laptop or phone that may
have a dead battery. As for write-block devices, they are used as the name suggests, to block anyone
from changing or deleting data during an investigation.
In addition to the tools named above there are also software tools that are used to assist the
investigator throughout the investigation process. Some of the tools used by forensic experts include X-
Ways Forensics, SANS Investigative Forensics Toolkit (SIFT), EnCase, Registry Recon, the Sleuth
Kit, Volatility. X-Ways Forensics is an all-encompassing tool for forensics investigators that can
perform disk imaging and cloning and recover data amongst other things. SIFT is a multi-purpose
forensic OS that has all the required tools for a computer forensic investigation. EnCase is another and
one of the most popular of all multi-purpose forensic platforms. Registry Recon is used for analyzing the
registry, the Sleuth Kit is used for such things as analyzing disk images and carrying out a comprehensive
9. COMPUTER FORENSICS 9
analysis of file systems, and Volatility is used for incident response and malware analysis (“21 popular,”
2012).
So with a wide variety of forensic tools that server a multitude of purposes, what kind of
companies are available for hire to perform computer forensic investigations? There are many different
forensic companies that would be happy to help out an organization with any issues relating to computer
forensics. For the purposes of this paper however, only three will be discussed and they are Forensicon,
Cyber Investigation Service, and Kroll. Forensicon is a Chicago based forensic company that serves all
types of clients ranging from law firms to industrial equipment corporations all the way to healthcare
agencies, and are very familiar with many different types of cases including those that involve: digital
trade secret theft, digital fraud and white collar cyber-crime, internet investigations, computer forensics
expert witness testimony, etc. (“Forensicon,” 2014).
Cyber Investigation Services are a forensic company that has been seen on popular television
outlets such as FOX News and NBC, and they provide nationwide forensic coverage of forensic
services. The most common cases they deal with as the leader in cyber & internet attack defense
involves reputation concerns, anti-hacking forensics, and anti-stalking (“Cyber investigation,” 2014).
The third forensic company outlined here is Kroll. Kroll is a company that does more than just handle
cases involving computer forensics. Besides computer forensics Kroll also has a cyber security division,
a data breach and incident response division, and a data breach notification and remediation division.
The computer forensics division is known as cyber crime investigation and offers a wide-range of
insvestigative solutions such as evidence collection, data analysis, or fraud and internal investigations
(“Kroll: Cyber crime,” 2011). So where did computer forensics originate?
10. COMPUTER FORENSICS 10
Computer forensics history can be traced back all the way back to the 1970’s when military
investigators began finding instances of computer-related activity or cyber-crimes, and were looking for
a more comprehensive technique to solve these new technical type of crimes (“Computer forensics,”
2011). Once government personnel who were in charge of protecting confidential and secret
information saw the complexity of these cyber-crimes, they decided to perform forensic investigations
into these security breaches. From there they came up with measures to prevent the security breaches
from reoccurring. It was from that point on that the fields of information security and computer forensics
began to interweave, and it would eventually come to what is seen today.
Knowing where computer forensics originated and where it stands today, what does the future
hold for computer forensics? That is an interesting question because it is so heavily relied upon now
more than ever before. As the technology has advanced in hardware such as data device storage it has
taken longer for investigators to analyze data. The reason for this is because data storage devices that
hold more data means that there is more information to be sorted through and examined. This makes the
investigation process take longer and should continue to do so as more storage is available in the future.
Another trend that should continue into the future is the use of computer forensic tools that
should only get better and faster with advancements in technology. That means that as the technology of
computer forensic tools advances (meaning faster tools) then it will make analysis faster, and at the least
should compensate for the growth in the size of data storage devices. Additionally, another trend in the
future that should continue to grow is the amount of people figuring out new ways to crack the latest
security practices. Hackers are always one step ahead of those securing and protecting the data,
because if it were not for them finding out new ways to break down security measures who would then
look for new ways to mitigate vulnerabilities?
11. COMPUTER FORENSICS 11
In conclusion, it is clear to see that with how heavily reliant people and businesses have become
in this day and age with computer technology, the value that computer forensics plays in any criminal
case. No matter if it is a murder case, identity theft, the trading of child pornography or even a less
heinous crime such as illegally downloading an mp3 file off the Internet, the common denominator in
each of these types of crimes is that computer forensics can play an integral role in prosecuting the
accused. Since following the chain of custody is vital to the validity of the evidence presented, it is
important that everything that may potentially be used as evidence be properly documented. Without
properly following the chain of custody the evidence gathered will be inadmissible in a court of law, and
could also seriously damage the investigator’s reputation.
12. COMPUTER FORENSICS 12
References
21 popular computer forensics tools. (2012). Retrieved from
http://resources.infosecinstitute.com/computer-forensics-tools/
Advantages and disadvantages of computer forensics. (2009). Retrieved from
http://www.anushreepatil.myewebsite.com/articles/advantages-and-disadvantages-of-computer-
forensics.html
Bavisi, J. (2006). Computer Hacking Forensics Investigators: Reducing Security
Breaches. Certification Magazine, 8(3), 36-37.
Computer forensics history. (2011). Retrieved from
http://www.computerforensicstraining101.com/history.html
Computer Forensics: Investigation Procedures and Response. (2010). Published by: Cengage
Learning. ISBN: 1-4354-8349-7
Cyber investigation services. (2014). Retrieved from
http://sales.cyberinvestigationservices.com/cyber-investigations-page/?utm_term=+cyber
+investigation&gclid=CjwKEAjwwo2iBRCurdSQy9y8xWcSJABrrLiS-
j6dp7GnJG77DIQjRTo9-wItRJGdWJpn7S71q7e7kRoCSiPw_wcB
Forensicon. (2014). Retrieved from http://www.forensicon.com/
How to become a computer forensics investigator. (2014). Retrieved from
http://www.degreetree.com/resources/how-to-become-a-computer-forensics-investigator
Kroll: Cyber crime investigation. (2011). Retrieved from
http://www.krollcybersecurity.com/computer-forensics/cyber-crime-investigation/
13. COMPUTER FORENSICS 13
References Cont’d.
Pulido, M. L. (2013). Child pornography: Basic facts about a horrific crime. Retrieved from
http://www.huffingtonpost.com/mary-l-pulido-phd/child-pornography-basic-f_b_4094430.html
Welch, T. (1997). Computer crime investigation and computer forensics. Information Systems
Security, 6(2), 56.
Zimmerman, E. (2006). Digital Detectives. FSB: Fortune Small Business, 16(2/3), 55-57.