Friday, October 11, 2019

The Security Investigation

Part I. The availability of the personal computer or PC at every home and every office desktop, and the dawn of the Internet brought to focus not only the benefits derived from these technologies but abuse and to a greater extent, crimes as well. Suddenly, cybercrime is at an all time high and ways and means of detecting and making these criminal hackers pay became a forefront competence in information technology and law enforcement. One of the best deterrents to computer crime is to catch those who commit the dastardly acts (Solomon & Prosise, 2001)! Of all the types of criminal hackers, the worse is the â€Å"insider† – a current employee or a former â€Å"disgruntled employee† – since they are or were in a â€Å"trust relationship† with their employer, and they demeaned that trust by attacking the information systems of the company. When this type of crime, or cybercrime, occurs, the recourse is to call in computer forensics and incident response professionals to remedy the situation. Solomon et al. (2005) describes computer forensics as, â€Å"Computer investigation and analysis techniques that involve the identification, preservation, extraction, documentation, and interpretation of computer data to determine potential legal evidence.† Once there is a probable determination that a cybercrime was committed, the computer forensics and incident response experts follow a well-choreograph methodology to successfully document evidence and prosecute a cybercrime. Robbins (2002) lists down the basic but critical procedures to computer forensics: 1.Protect the subject computer system during the forensic examination from any possible alteration, damage, data corruption, or virus introduction; 2.Discover all files on the subject system including existing normal files, deleted yet remaining files, hidden files, password-protected files, and encrypted files; 3.Recover as much as possible all of discovered deleted files; 4.Reveal to the extent possible the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system; 5.Access, if possible and if legally appropriate, the contents of protected or encrypted files; 6.Analyze all possibly relevant data found in special and typically inaccessible areas of a disk including but not limited to the ‘unallocated' space on a disk, as well as ‘slack' space in a file; 7.Print an overall analysis of the subject computer system, including listing of all possibly relevant files and discovered file data, then provide an opinion of the system layout, the file structures discovered, any discovered data and authorship information, any attempts to hide, delete, protect, encrypt information, and anything else that has been discovered and appears to be relevant to the overall computer system examination; and 8.Provide expert consultation and/or testimony, as required. While the experts are doing the investigation, it is important to liaise and coordinate, depending upon the legal parameters of the crime, with local or federal cybercrime units. In some states in the U.S., it is a federal crime not to report computer crimes and soon, reporting of cybercrimes will be federally mandated. But the key point in cybercrime investigation is ensuring that the evidence gathered will stand up to legal scrutiny. Part II. A common story heard about cybercrimes is the use of â€Å"social engineering techniques.† Social engineering basically is playing the â€Å"con man† to elicit information from gullible or unknowing victims. A Help Desk employee for example can call a secretary and ask for her password since he needs it to diagnose her PC remotely. Since there is a â€Å"trust relationship† already, the secretary gives her PC password. The Help Desk employee then accessed the secretary's PC and downloaded confidential memos and reports. He then sells these documents to competitors and the competitors ended up gaining advantage on the Help Desk employee's company because they already have insider information. A case like this could have been prevented if the company, or even any government agency, had good security policies in place. Part of the security policies would have been user education training and if the user's had been properly trained, they would have known that nobody needs to know their passwords but themselves. In securing the information systems, the baseline or starting point is having good security policies in place and these policies should and must be based on globally accepted standards and industry best practices. The ISO 17799 or Code of Practice for Information Security Management (ISO/IEC, 2005) is always one of the best standards to adapt whether small, medium or large enterprises – even government agencies for that matter! Shaurette (2002) stated that, â€Å"Information security is not just about technological controls. Security cannot be achieved solely through the application of software or hardware. Any attempt to implement technology controls without considering the cultural and social attitudes of the corporation is a formula for disaster.† Once this has been taken into mind, mitigation of risks to the information systems will be achieved and prevention of cybercrimes, whether from malicious insiders or external criminal hackers, will be tempered.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.