Why we need Computer and Forensics in Digital Era
Why we need Computer and Forensics in Digital Era
Renita Amalia
2001593450
As technology has advanced, computers have become incredibly powerful. Unfortunately, as computers get more sophisticated, so do the crimes committed with them. Distributed Denial of Service Attacks, ILOVEYOU and other viruses, Domain Name Hijacking, Trojan Horses, and Websites shut down are just a few of the hundreds of documented attack types generated by computers against other computers usually using an electronic network.
The need for security measures to prevent malicious attacks is well recognized and is a fertile research area as well as a promising practioner’s marketplace. Though there is an immense effort ongoing to secure computer systems and prevent attacks, it is clear that computer and network attacks will continue to be successful. When attacks are successful, forensics techniques are needed to catch and punish the perpetrators, as well as to allow recovery of property and/or revenue lost in the attack.
The increasing criminal activities using digital information as the means or targets warrant for a structured manner in dealing with them. As more information is stored in digital form, it is very likely that the evidence needed to prosecute the criminals is also in digital form.
Computer crime is a lucrative criminal activity that continues to grow in its prevalence and frequency (Casey, 2000; CERT/CC, 2003; Kruse and Heiser, 2002; Richardson, 2003). This increase in criminal activity places a strain on law enforce- ment and government. The shift from document based evidence to digital/electronic-based evidence has necessitated a rapid reformulation of standards and procedures (Casey, 2002). Today, traditional criminal investigations need to be sup- ported with digital evidence collection tools and techniques. This need has led to the development of digital forensic science and specifically com- puter forensics (Shinder, 2002; Whitcomb, 2002). The area of computer forensics is at a crossroads in its journey to become a recognized scientific dis- cipline (Rogers, 2003a; Whitcomb, 2002).
The spread of crime using computers was inevitable, the question is how much damage computer crime has caused and still may. The domain of computers, for the purposes of this paper, is confined to media that is intended for a computer to read or be used as a peripheral. For example, a digital telephone answering machine is not within the scope, but the use of a compact disc containing data or written by a computer would qualify. For this paper, computer forensics is defined1 as “the use of an expert to preserve, analyze, and produce data” from volatile and non-volatile media storage.
Computer forensics is in the early stages of development and as a result, problems are emerging that bring into question the validity of computer forensics usage in the United States (U.S.) federal and state court systems. For practical purposes, the legal issues relevant to computer forensics are:
- admissibility of evidence,
- standards and certifications,
- analysis and
- POLICIES TO ENHANCE COMPUTER AND NETWORK FORENSICS
- Retaining Information
- Copy and Retain Application and Local User Files
The first step that an enterprise interested in being able to catch and prosecute cyber criminals on their networks should take is to institute a policy that systematically stores and retains the contents of application and user files as potential evidence.
- Copy and Retain Computer and Network Activity Logs
While application files have a clear connection to computer users, system and network information may be equally as telling of user activities. Logged network activity can reveal the actions of a criminal in the clearest detail of any source. Thus, system logs are a vital source of potential evidence.
Computer related crime is growing as fast as the Internet itself. Today, enterprises focus on implementing preventative security solutions that reduce vulnerabilities, with little concern for systematic recovery or investigation. We propose six categories of policies that will enable or facilitate after-the- fact action that can reduce the impact of computer crime and can deter computer crime from occurring.
Some of the policies that we propose are simple actions that responsible network managers already engage as a matter of system reliability or as part of a disaster recovery procedures. The focus on computer and network forensics distinguishes these policies from backup and recovery needs. The procedures for CNF require systematic application and detailed documentation, else the information may not be admissible in court. Further, backup and recovery procedures routinely ignore temporary information and other important sources of potential evidence.
Just protecting the data is not enough. To use the potential evidence in court, we must be able to show that the evidence has not been corrupted. To accomplish this, periodic integrity checks should be conducted on the data collected.
As people get more and more comfortable with computers, and technology advances, society becomes more computer dependent. In an era where everything from the stock market to air traffic control is managed by computers, security becomes a survival issue. In today’s society, computer crime is a serious problem. Preventive measures are not enough anymore, we must find a way to catch and prosecute computer criminals, and computer and network forensics is the gateway to archive it.
We should not leave everything to computer forensics experts. If we are going to find a solution to the computer crime problem, it will be through a collaborative effort. Everyone from individual users, to company owners have to get involved. This paper proposes policies to enhance the forensics of computer security by helping experts in the field do their job faster and more efficiently. It is up to the companies and users to adopt these policies according to their needs.
Reference:
https://www.imf-conference.org/imf2007/2%20Freiling%20common_model.pdf
https://pdfs.semanticscholar.org/98b7/236ca8448c408071fa2b40e69a572527aa2c.pdf
http://airccse.org/journal/jcsit/0611csit02.pdf
https://isis.poly.edu/kulesh/forensics/docs/ieee2001-westpoint.pdf