There are many famous criminal cases in American history where Computer Forensics played a significant role in the capture and conviction of notorious criminals. Computer Forensics played a vital role in the 9/11 investigation, Wall Street bombing in 1920, Anthrax investigation and even in the spectacular manhunt for the famous Bonnie and Clyde. Mankind has witness a tremendous evolution in technology throughout the years; the advent of the internet, computers and other electronic devices has altered the way businesses operate, allowing for increased efficiency and productivity. However, this advancement in technology also had a dark side, where people used it to maliciously attack individuals.
Crimes that are committedusing computers and other forms of technology cover a broad platform. This includes terrorism (for example 9/11), identity theft, fraud, hacking, phishing and a wide range of other criminal activities. Computer Forensics has made it possible for us to identify, extract and analyze digital evidence that is necessary to capture cyber criminals.
The view that computer crimes came into existence ever since the first production of computers, has always been a topic of great controversy. However, with cybercrime increasing as technology advances, it is obvious that one is fueled by the other. Digital evidence plays a major role in the capture and conviction of criminals today. If properly acquired, evidence derived from computer systems can be used in a civil court against a person suspected of committing a crime. However, unlike other evidence, digital evidence has to be accurate, authentic, complete and in adherence to specific legislative guidelines. Preview the video to get a brief idea of what computer forensic is.
Cybercrimes
Computers have infiltrated every industry today and as a result Computer Forensics has become a top priority for many organizations. Prosecutors utilize digital evidence in numerous ways for a variety of criminal investigations in which incriminating data is available. In criminal investigations involvinghomicide, child pornography, fraud and drugs, many prosecutors seek the assistance of Computer Forensic specialists to acquire digital evidence that can be used in court. Time and again large organizations will hire a Computer Forensics expert to locate evidence when issues involving theft, embezzlement and leak of confidential information arise. Members of staff can also hire a forensics expert to challenge a specific corporation in court. In the past, many employees have utilized Computer Forensics to gather evidence on racial discrimination, prejudices and sexual harassment within the work place. In situations where evidence is found, it can be presented in a civil court against the organization.
Cyber criminals can penetrate a company’s IT infrastructure on several platforms. Although most businesses will implant some form of defensive system to protect them from malicious intrusions, cybercriminals have many different methods of gaining entrance to a system. Hacking is one of the most popular forms of computer crime in which criminals use specific tools to breach a company’s IT security system. This can lead to personal identification information, credit card information and confidential information being put in the hands of the wrong person. When cases like these develop, the services of a Computer Forensics specialist is needed to gather substantial evidence for the capture and conviction of the perpetrator.
Cyber criminals can utilize a computer system in two different ways to carry out malicious activities. A vast majority of computer crimes today are conducted by just one person or a small group of people. Cybercriminal groups often share tools and strategies and may even join forces to launch an attack against an organization. There are many illegal markets today where computer criminals can trade information that has been stolen for huge sums of money. As a result many people are being influenced to join in on these malicious activities.
With the prevalence of technology today, it’s almost impossible to crack down on all cybercriminals. In addition, the internet has made it possible so that people to operate anonymously from different locations worldwide. Most cybercriminals prefer to hack computer systems that are located to minimize the chances of them being captured. Computer crimes may vary in every country; therefore it is often difficult to punish perpetrators. Nonetheless, Boca Raton Computer Forensics allows us to identify weaknesses in the IT infrastructure of businesses in the area so that we can prevent these incidents.
A Closer Look at Computer Forensics
Computer Forensics involves the detection, collection, analysis and preservation of data located in computer systems that can be presented as evidence in a civil court. Computer Forensics experts use a variety of tools to acquire and prepare digital evidence to ensure that it is admissible in court. Below you can find the basic steps in a Computer Forensics Investigation.
Detection: During the initial stage of a Computer Forensics investigation, the investigator has to follow specific techniques to detect where the evidence relevant to the investigation is located. Computers are not the only source of digital evidence; mobile devices, videogame consoles, portal USB and other electronic medium can hold digital evidence.
Collection: After the investigator has detected where the evidence is located he/she then has to follow a specific set of guidelines and use specialized tools to collect the evidence without altering its original content. One of the most popular methods used to collect digital evidence in cyber investigations today is to use imaging software to capture multiple images of different areas of the drive.
Analysis: Following the collection of the evidence the investigator will decide what method of analysis is suitable depending on the nature of the investigation and where the evidence was located. One main objective of the analysis is to establish a timeline of events that occurred prior to the incident. The analysis should be accurate, detailed and impartial and all findings have to be recorded.
Preservation: This refers to one of the most significant stages in a Computer Forensics investigation. Simple actions such as carelessly opening a file can alter the original content and disintegrate the integrity of the evidence discovered making it inadmissible in court. The investigator has to handle all evidence with the utmost care to ensure preservation. A detailed report of the findings has to be presented in which includes all information that is relevant to the investigation.
To properly carry out a Boca Raton Computer Forensics investigation, investigators have to be patient, dedicated and meticulous. To preserve evidence investigators have to be very careful to ensure that all guidelines are followed without disturbances. Sadly there are still many factors today affecting the performance of Computer Forensics experts.
Factors Affecting Computer Forensics
The factors affecting the performance of Computer Forensics investigators today can be categorized as follows:
Technical Factors
Technological Advancement: As technology evolves, new software, hardware and operating systems are being introduced. Therefore, Computer Forensics investigators are always encountering new technology that they may not be familiar with. In these situations, the investigator will have to conduct various test and examinations that can be time consuming to avoid errors in the investigation.
Enormous Volumes of Data: Storage devices available today can store enormous volumes of data which means that investigators have to invest adequate time and power in order to efficiently collect, analyze and preserve evidence relevant to the investigation.
Encryption: Many investigators experience difficulties handling encrypted files especially if they do not have an accurate password. In most cases the password is stored elsewhere in a secured section on the computer. It is almost impossible to access files that are properly encrypted without a password. After the computer system has shut down it may be impossible for the investigator to collect the evidence, therefore, in most cases a live acquisition has to be carried out. This involves running a small program on the computer to duplicate the evidence. In doing so, the investigator will make changes to the original state of the computer and will have to present a detail record of the process in court so that the the evidence canbe admissible.
Anti-Forensics Practices: This involves encryption, over-writing of information and various other practices that are geared towards thwarting Computer Forensics analysis by making data unrecoverable.
Legal Factors: In some cases lawyers will try to dispute evidence brought forth my Computer Forensics Specialists in court. One of the most common arguments is that a Trojan is responsible for the actions carried out on the computer which led to the crime. When this happens the investigator has to provide evidence to prove that there was no trace of Trojan activities on the system.