Premium Essay

Cyber Forensics

In: Social Issues

Submitted By ushaa
Words 5129
Pages 21
International Journal on New Computer Architectures and Their Applications (IJNCAA) 2(1): 127-137
The Society of Digital Information and Wireless Communications, 2012 (ISSN: 2220-9085)

Cyber Forensics: Computer Security and Incident
Response
Virginiah Sekgwathe1, Mohammad Talib2
1
Directorate on Corruption and Economic Crime, Gaborone,
BOTSWANA
veesek@gmail.com
2
Department of Computer Science, University of Botswana,
BOTSWANA
talib@mopipi.ub.bw
ABSTRACT
The intensification of Information and
Communications Technology usage in all facets of life exceedingly amplify the incidents of information security policy breaches, cyber crimes, fraud, commercial crimes, cyber laundering etc, hence require a well developed approach to tackle these incidents in order to realize legally defensible digital evidence. Since electronic evidence is fragile and can easily be modified, finding this data, collecting, preserving, and presenting it properly in a court of law is the real challenge. There is a need for use of semantic analysis to discover underlying security policy requirements and internal power structures and institutionalization of anti cyber attack, antimoney-laundering and regulatory schemes.
The first responders to cyber security incidents often than always are an organization ICT personnel who are technically sound though may be deficient in investigative skill. The scientific standards

of cyber forensics dictates the procedure as it promotes objectivity, a precise and well documented analysis, particularly that the findings maybe used as evidence against the attacker. This paper aims to contribute to the advancement of the cyber forensics discipline with a view to assist the
International community in combating this sophisticated, high-tech, dynamic ever changing phenomenon.

KEYWORDS
Cyber Forensics, Digital…...

Similar Documents

Free Essay

Forensic

...Restoration of Obliterated Marks in Forensic Science Practice and Investigations R. Kuppuswamy Forensic Science Programme, School of Health Sciences, Universiti Sains Malaysia Malaysia 1. Introduction 1.1 The problem A problem of common occurrence in forensic science is the restoration of obliterated serial numbers on the chassis and engine of stolen motor vehicles, firearms, jewellery, valuable tools, and machinery (Nickols, 1956; Wolfer & Lee, 1960; Jackson, 1962; Cunliffe & Piazaa, 1980; De Forest & Gaensslen, 1983; Schaefer, 1987; O’Hara & O’Hara, 1994; Moenssens et al (1995); Heard, 1997; Petterd, 2000; Lyle, 2004; Katterwe, 2006; Seigel, 2007; Mozayani & Noziglia, 2006; Jackson et al (2008); Levin, 2010). Serial numbers or other markings, which are unique to that particular item, are usually marked on the above metal surfaces during the manufacturing process. Criminals alter or obliterate these identification marks during thefts or other illegal uses in order to prevent their identity. On many occasions a fraudulent number would be introduced after removing the original one. In abandoned vehicles all serial numbers are verified in order to detect alterations in the identity of the vehicle (Svensson et al, 1981). Sometimes the serial numbers on firearms are removed more professionally making it hard to distinguish whether the numbers are original or not (Shoshani et al, 2001). Restoration of the original obliterated numbers provides important forensic evidence in......

Words: 10345 - Pages: 42

Free Essay

Types of Forensics

...FORENSICS Forensics, by and large, is the application of science to the legal process. It is an emerging research domain in India. There are many different types of forensic sciences baring their vital presence possibly in every field of human endeavor. Of these, let us now discuss about the computational, cyber and the DNA forensics. COMPUTATIONAL FORENSICS: The development of computational methods or mathematical and software techniques to solve forensic issues is called computational forensics. These methods analyze the evidence beyond human cognitive ability. They scrutinize a large volume of data, which is at any case impossible for a human mind to figure out. In spite of this, we can’t say that these techniques alone would serve our purpose because computational forensics is a field which needs huge collaboration between recognition and reasoning abilities of humans combined with comprehension and analytic abilities of the tool or a machine, which is most of the times, a computer. Computational forensics aids us to model the uncertain. At the crime scenes, we usually get incomplete or broken evidences. These evidences are later on modeled by the computational forensic tool which gives us first clues from its largest biometric database (fingerprints, criminal histories, mug-shots, scar and tattoo, physical characteristics like height, weight, hair and eye color and aliases), which is a collection of significant information regarding the criminals, their criminal......

Words: 1917 - Pages: 8

Free Essay

Forensics

...files of a source drive, to save space on the target drive. Hashing helps check the integrity of the data. Various tools can integrate metadata into the image file But there exits an inability to share an image between different vendors’ computer forensics analysis tools. Like ILook imaging tool IXimager produces IDIF, IRBF, and IEIF but can be read only by ILook. Proprietary format tools produce a segmented file of 650 MB. Maximum file size per segment can be 2 GB. 2. Disk-to-disk copy: UNIX/Linux dd command does disk-to-disk copy. dd command is very easy and effective in a Linux machine. But for that we need equal or larger space in the target disk to copy full image from the source disk. Raw formatting is a technique in which we use dd command to generate image files which are split into smaller segments and are exact bit-by-bit replica of the original disk. These are sequential flat files of the source drive. Hardware and software duplicators are available for disk to disk copy. Hard duplicators like Logicube Talon,etc and software duplicators like SafeBack, EnCase, etc. Raw format is faster data transfers and has the ability to disregard minor data read errors. Versatility is a big deal as the output because many forensics tools can read the raw format, making it a universal acquisition format for most tools. It needs equal storage space as compression option is unavailable. Freeware versions, sometimes might not collect marginal (bad) sectors on the source......

Words: 937 - Pages: 4

Free Essay

Forensic

...Forensic Psychology Abstract: U.S. Supreme Court Rules in Kumho Tire Co. v. Carmichael Case (No. 97—1709. Argued December 7, 1998–Decided March 23, 1999) On March 23, the U.S. Supreme Court ruled in Kumho Tire Co. v. Carmichael, No. 97-1709, that all types of expert evidence are subject to the relevance and reliability ‘gatekeeping’ function that the Supreme Court had articulated with respect to scientific evidence in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993). The Court further held that trial judges have substantial discretion or ‘considerable leeway’ to determine how to evaluate relevance and reliability and to make a determination on whether to admit the expert evidence. While this decision will make it more difficult when judges are hostile to the type of expert testimony being offered by plaintiffs, there were some helpful aspects to the Court’s opinion that lawyers for plaintiffs should know and emphasize: • The Court rejected arguments that all, or even one, of the four Daubert factors (testing, peer review, error rates, and scientific acceptability) must be satisfied for the testimony to be admissible, noting that even in scientific evidence cases the Daubert factors ‘do not all necessarily apply’; • The Court endorsed the idea that expert testimony from reliable fields of study that conforms with the standards used in that discipline should be admissible (In doing so, the Court was......

Words: 395 - Pages: 2

Premium Essay

Forensic

...medical examiners use similar phrases. Most people enjoy watching CSI, Criminal minds, and Law and Order. If you haven’t guessed by now, I am totally interested in crime scenes and how people die. A forensic pathologist is a great profession that requires hard work, dedication, and flexibility. A Forensic Pathologist is a person who examines the bodies of people who died suddenly, unexpectedly, or violently. They are in charge of determining a person death. A medical examiner perform autopsy and trace evidence from the body for further information. This profession works hand and hand with criminal law. As a medical examiner, you are responsible for finding the exact cause of death. “I wanted to be a forensic scientist for a long time. It's like putting the pieces of a puzzle together. Solving mysteries seemed like it would be fun, scary and exciting all at the same time.” Forensic Pathologist performs a full death investigation. As a coroner, evaluates crime scene evidence. There is a large vocabulary that forensic pathologist must learn. The terminology that medical examiners use is totally different from everyday language. They use medical terms that doctors use for body parts. Education is very important no matter what career path you choose. For a forensic pathologist, you will need plenty of education you must go to high school and college; you must also make good grades. In high school, you should strive to keep a B average. Asking your......

Words: 1117 - Pages: 5

Free Essay

Computer Forensics

...Computer Forensics The world of crime has expanded right along with the explosion of the internet. The modern cyber criminal has veritable global playground in which to steal money and information from unsuspecting victims. Computer forensics is a quickly emerging science against the increasingly difficult battle to bring criminals to justice who perpetrates crimes on others. The computer forensics field is a relatively new investigative tool but enjoys continual advances in procedures, standards, and methodology which is making the identification, preservation, and analyzing of digital evidence a powerful law enforcement apparatus. The job of the cyber forensic professional is to look for clues the attacker left behind on web sites, servers, and even the e-mail message itself that will unravel their sometimes carefully woven veil of secrecy. Attackers come in all forms and from a variety of different circumstances. For instance, an attacker can begin a phishing scam with only a web server they control with very little programming experience and a way to send a lot of e-mail messages. (Jones 4) In order to combat the waves of cyber-attackers, we must utilize Open Source Community applications to combat the continual onslaught of infections, exploitations, and trickery employed everyday against our systems and networks. Today's attacker uses a variety of technologies to employ their methods and understanding those abilities is integral to preparing for an......

Words: 2742 - Pages: 11

Premium Essay

Forensic

...Forensic Pathology In the many months I’ve researched Forensic Pathology, I’ve found so many roads that I have to take in order to get there. I have been pursuing this dream since my freshmen year. I found so many interesting, shocking, and yet some upsetting things. I realized that not everything is positive when it comes to choosing your career. When actually seeing, physically what Forensic Pathology really is, you’ll be shocked about it. Since reading about it and actually doing the job, it’s so different it never crossed my mind that it would be so much work. There are many steps to becoming a Forensic Pathologist. The education for it takes many years, but yet it is possible. A forensic pathologist (which is known to most people as a medical examiner), is heavily involved in the criminal justice system and medical system. The medical examiner's main job is to conduct an autopsy on the victim of any unnatural form of death. Their primary task in potential criminal cases is to find the cause of death and confirm if it was homicidal, suicidal, or an accident. They perform autopsies, write out autopsy reports, look over victim's medical records, and interview the victim's next of kin. They also have to be trained in the legal system and to be able to testify in court cases involving death or injury (“Forensic Pathology,” 2009). Most forensic pathologist start as a resident, then after residency they awarded the title medical examiner. They can continue working to......

Words: 363 - Pages: 2

Premium Essay

Forensics

...this research paper was to analyze three anti-forensic techniques for potential methods of mitigating their impact on a forensic investigation. Existing research in digital forensics and anti-forensics was used to determine how altered metadata, encryption, and deletion impact the three most prominent operating systems. The common file systems for these operating systems were analyzed to determine if file system analysis could be used to mitigate the impact of the associated anti-forensic technique. The countermeasures identified in this research can be used by investigators to reduce the impact of anti-forensic techniques on an investigation. Also, the results could be used as a basis for additional research. File system analysis can be used to detect and mitigate the impact of the three methods of anti-forensics researched under the right circumstances. Some areas of anti-forensics and file systems have been relatively well-researched. However continued research is necessary to keep pace with changes in file systems as well as anti-forensic techniques. Keywords: Cybersecurity, Albert Orbinati, Windows, Linux, Macintosh, file table. MITIGATING THE IMPACT OF ANTI-FORENSIC TECHNIQUES THROUGH FILE SYSTEM ANALYSIS by Gabriel A. Flynn A Capstone Project Submitted to the Faculty of Utica College August 2012 in Partial Fulfillment of the Requirements for the Degree of Master of Science Cybersecurity – Intelligence & Forensics © Copyright 2012 by Gabriel Flynn All......

Words: 11835 - Pages: 48

Free Essay

Digital Forensic

...Laboratory Notes Laboratory Number: 1 Examiner Name: Date & Time Activity 2-2-2015 1:03pm 1:19pm 1:21pm 1:22pm 1:23pm 1:24pm 1:25pm 1:26pm 1:28 All steps performed on linux mint-17 32-bit, kernel 3.13.0-37 generic Tools used: dd (coreutils) 8.21, sha1sum (GNU coreutils) 8.21, xxd version 1.10, Eye of mate Image Viewer 1.8.1, Script version 2.20.1 Received the USB device from officer Linda Mood of the USSS Cyber forensics Team in an antistatic bag with tamper resistant tape. Her initials were written over the tape. I removed the USB flash drive from the bag. It was a 2GB black and green retractable Sony flash drive with the serial number of D33021. Using the mount command I confirmed that the USB had not mounted. Command: mount Using the date command I showed when I began the forensic work on the USB device. Sun Feb 1 13:21:34 EST 2015 Command: date Using the command fdisk I looked to see what the size of the device was and how much data was on the USB. It was shown to have 1MB or 1474560 bytes of information. Command: sudo fdisk -l Using the hash command sha1sum on the device I obtained the hash for the USB. 32b9fcb741aab43a4f80393d3df67c32c726924f /dev/sdb Command: sudo sha1sum /dev/sdb Using dd I was able to image the information from the USB device to another file named Ailes.case01.dd. Command: Sudo dd if=/dev/sdb of=Ailes/case01.dd......

Words: 1068 - Pages: 5

Premium Essay

Forensics

...TABLE OF CONTENTS Introduction 1 Purpose 1 Methodology 1 Organization_______________________________________________________________ 2 Body 2 Computer Forensics 2 Internet Security 2 Conclusion_________________________________________________________________ 4 Sources 5 Introduction In this report I will be writing on two jobs: computer forensics and information Security. I am writing on these two due to the fact that these are two job considerations for my degree. I will be discussing benefits of each job, average pay, and description of each job. I will take time to go into detail into each of the jobs that I would like to have. I will be going into the origin of each job, degrees required for each job, and the different fields that these jobs cover. Purpose The purpose of this report is to educate others and myself on what these two jobs are about. To better inform others of the importance of each of these jobs in the digital world. It will hopefully allow others to have a better understanding of the two jobs that I have chosen. There are many things about each of these jobs that people would deem as boring or not interesting, but the digital world is a very interesting place. It is like another world laid on top of this one, there but just out of reach unless you have the technology to access it. There are many things one can gleam from the internet and the digital world, and I will expound upon...

Words: 1629 - Pages: 7

Premium Essay

Cyber Warfare

...Cyber warfare One of the first cyber-attacks was the Morris worm in the year 1988. It had affected the world cyber infrastructure. This worm utilized the weak areas of UNIX system Noun1. This worm has replicated adversely and slowed down the computers in all of the US and made them unusable. Cyber warfare has become a societal issue now. Though the roots of cyber warfare aimed at military areas primarily, it extended its effects to non-military areas too. The information infrastructure based companies have become victimized due to abundant availability of cheap cyber weapons over internet. This resulted in economic instability. Libicki classified information warfare into seven categories. They are intelligence based warfare, economic information warfare, hacker warfare, psychological warfare, electronic warfare, command and control warfare and cyber warfare. CSI and CERT information reflects that securities incidents are common, private firms are the major targets and much of these security incidents never receive public acknowledgement (Geeks et al., 2010). Several tools in the cyber warfare are developed based on Windows and are available free of cost. They require a minimal understanding about the technology frames. Many of the network organizations today are using well developed proxy servers, intrusion detection systems and firewalls. However these defensive systems are often configured improperly and carried known vulnerabilities. This weakness gave an opportunity......

Words: 1988 - Pages: 8

Free Essay

Cyber Security: Cyber Terrorism

...Introduction Cyber security refers to the practices and processes that are used in technologies such as networks, computers, information and programs from damages by unwarranted entities (Ahmad, Yunos & Sahib, 2012). There are different attacks towards technology which may distort information or be used to create tension in an organization. Information stored in computers has some level of privacy and this depends on the level of sensitivity that such information may have towards that organization. Business strategies, political discussions and government documents are some of the documents that require a higher degree of privacy. However, there are individuals who cause deliberate attacks on the information systems of organizations and governments in order to unlawfully access information or distort the meaning of such data. The intention of cyber attacks has led to the classification of these attacks into particular classes. For example, we have cyber bullying and cyber terrorism. Under cyber bullying, the attackers use technology to abuse and intimidate their targets. Cyber bullying has been common through the presence of the social media where an individual will use pseudo-accounts to publish half truths about others with a bid to embarrass them. On the other hand, cyber terrorism involves the use of technology to access vital government sites in order to cause harm and fear in the society through terrorism activities. Brunst (2010) indicates that cyber terrorist......

Words: 1810 - Pages: 8

Premium Essay

Computer Forensics and Cyber Crime

...Computer Forensics and Cyber Crime Author Institution Computer Forensics and Cyber Crime A security survey or audit can also be referred to as a vulnerability analysis. A security survey is an exhaustive physical examination whereby all operational systems and procedures are inspected thoroughly (Fischer & Green, 2004). A security survey involves a critical on-site examination and analysis of a facility, plant, institution, business or home to determine its current security status, its current practices deficiencies or excesses, determine level of protection needed, and ways of improving overall security levels are recommended. A security survey can either be done by in-house personnel or by external security consultants. However, outside security experts are preferred their approach to the job would be more objective and would not take some parts of the job for granted therefore resulting to a more complete appraisal of current conditions. A security survey/audit should be carried out regularly so as keep improving to and up to date especially with the growing rate of technology. Overall objectives of a security survey are: determination of current states of security, location various weaknesses in the security defenses, determination of level of protection required and finally give recommendations for the establishment of a total security program (Fischer & Green, 2004). Some weaknesses identified in the process of a security survey may be:......

Words: 686 - Pages: 3

Free Essay

Computer Forensics

...Computer Forensics Through the Years Prof. Pepin Galarga Computer Forensics Sep 11, 2010 Table of Content Introduction …………………………………………………………………………………Page 2 The Early Years……………………………………………………………….......................Page 3 Early Training Programs …………………………………………………………………....Page 4 Typical Aspects of Computer Forensic Investigations ……………………………………..Page 5 Legal Aspects of Computer Forensics …………………………………………..……...…..Page 6 Conclusion ………………………………………………………………………………….Page 7 References………………………………………………………………………………..…Page 8 Introduction If you manage or administer information systems and networks, you should understand computer forensics. Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. (The word forensics means “to bring to the court.”) Forensics deals primarily with the recovery and analysis of latent evidence. Latent evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive. Because computer forensics is a new discipline, there is little standardization and consistency across the courts and industry. As a result, it is not yet recognized as a formal “scientific” discipline. Image by Flickr.com, courtesy of Steve Jurvetson Computer forensics is the study of extracting, analyzing and documenting evidence from a computer system or network. It is often used by law enforcement officials to seek...

Words: 1382 - Pages: 6

Free Essay

Computer Forensics

...computer forensics Background of Computer forensics: What is most worth to remember is that computer forensic is only one more from many forensic subdivisions. It’s not new, it’s not revolution.. Computer forensics use the same scientific methods like others forensics subdivisions. So computer forensics is not revolution in forensic science! It’s simple evolution of crime techniques and ideas. Forensic origins: Forensic roots from a Latin word, “forensic” which generally means forum or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. It is important to realize that computer forensics is only one subdivision of forensic science. It is digital, it includes most advanced computer science but still it is only branch of forensic science, an its main goal is  submission of the proven claims of scientific methods and strategies to recover any significant digital traces. Computer Forensic Timeline: 1970s • First crimes cases involving computers, mainly financial fraud 1980’s • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified......

Words: 4790 - Pages: 20