Wednesday, December 4, 2019
Digital Forensics Methodology
Question: Discuss about thrDigital Forensics Methodology. Answer: Introduction The term Digital Forensic is evolved from the word Computer forensics it is a forensic science branch which comprises of recovering and investigating the data stored in digital devices, which thus helps in dealing with cyber crimes (C Carr G Gunsch, 2002). It consists of variety of applications such as supporting or proving contentions before civil or criminal courts. Digital Forensics is also used in private sectors for investigating invasions or frauds also to investigate inter corporates. The outline of Digital Forensic process is to cease the relevant data, imaging the same, analyzing the digital media and concluding a report from the evidences collected. Digital forensics is not only used to identify evidences of cyber crimes but also for providing evidences for specific doubts, confirming reasons, determining the intention, identifying the sources and authentication of various documents. Forensic analysis which is based on answering series simple question is a narrow term as c ompared to investigation which is much wider in scope. Before 1980s there was no separate laws for computer crimes, Canada became the first country to pass the orders for dealing the computer crimes in a separate way without applying the existing laws, further this idea was also incorporated by U.S followed by Australia and England (Casey, Eoghan.2004). Aims Objectives Research will be conducted in the field of computer intrusion forensics to explain the merits and demerits of the same. The goal is to explore ways for preserving and recovering the data during digital forensic investigation. This research paper will explain about the powers which are assigned to company which plans to implement such tools, information will also be provided regarding the tools which are currently used by the companies in the field of digital forensics. The aim of this research is to identify the areas where the digital forensics can act as a means to solve the problematic issues such as cyber security areas, to bring out new ideas to fight against cyber crimes. To identify various advanced technologies and developments in digital forensics, to analyze the process of digital forensics and finding ways to improve the same. To conduct research and development with the help of emerging technologies and analyzing various forensic science fields. This research helps in ana lyzing how the developments in digital forensics helps in assisting governments, financial institutions, private and public sectors. This helps in gaining the understanding regarding hackers technique so that we can develop counter measures to curb such cyber attacks. To obtain knowledge of prevalent laws for dealing with cyber crimes and using digital forensic appropriately. Why I Have Chosen This Topic Through this research paper my goal is to bring this source into the digital forensic literature discussion, I want to bring into light the merits and demerits of computer intrusion forensics. A formal definition of digital forensics will be given. This paper will give details how the intrusion detection system act as a starting point of digital forensics and also various methods of data recovery and preservation while investigation of digital forensics will be discovered. Design For using digital forensic effectively in the area of cyber crimes and computer security various tools are designed example Intrusion detection system. Intrusion detection system use standard logs and audit trails to detect and analyze computers intrusion detection. Intrusion detection system which based on anomaly is used for identifying whether the form of particular activity is anomalous or not. If the pattern of specific activity is normal then that specific activity is authorized, valid, legal and safe. But if pattern of specific activity is anomalous then such activity is not authorized, legal and valid. Intrusion detection systems which are based on signature are used to compare a sequence of event which is known with pattern. If no match is found with any of the signatures which are already known then that particular activity will not be considered as valid, authorized and safe. If there is match with any of the signature which is known to us than that particular activity wil l be considered as legal, valid, authorized and safe. (Mohay et al. 2003). The aim of Intrusion detection System is to analyze (which should be preferred in real time), misuse, abuse, and unauthorized access to computer system by both outsiders and insiders. The sole purpose of digital forensic is to obtain sufficient and legal evidence to track the status of the person who committed the crime. Log files which are available can be used as base to collect appropriate and sufficient evidence by the investigator, thus as per above discussion intrusion detection system acts as an initial point for digital forensics. In next section we will discuss regarding methodologies/implementation of digital forensics. Digital Forensics Methodology/ Implementation Various steps are to be followed during digital forensics investigation. To perform the investigation there are various basic steps which can be further clarified as (Kruse II Heiser, 2002) Collecting the evidences Authenticating the evidences Evidence analysis Documenting the evidences. There are various other formal methodologies other than those stated which helps us to assist various actions taken during an investigation. Some methodologies are general which can be used during any situation which require digital evidence and provide readymade solution whereas others are specific. Farmer and Venema were the first persons to create the first methodology that concern UNIX operation system. Mandiya and Prosise created incidence response methodology which the second methodology. To apply methodologies on a bigger platform third methodology was established which was more conceptual than first two methodologies, it was established by US department of justice and was known as digital forensic methodology. This has four phases: Acquisition, evaluation, analysis and reporting. Fourth methodology was developed by workshops of digital forensic research based on academic work. Finally the authors of the papers established digital forensics conceptual model. Each methodology described above has its merits and demerits, example that the merit of conceptual or abstract model is that it can be used for analyzing those situations where digital evidences are used, and not just for examination of computers. Demerit of using conceptual model is that the processes will not be clea rly defined; therefore we use non conceptual methodologies in situations where problems are clearly defined. Contribution Digital forensics plays a vital role in the society; it helps to mitigate the cyber crime. The real life cases will help us to understand the importance of digital forensic in our life. ENRON Case: Enron is multibillion dollar company whose main work is to market the gas (natural), energy, electricity power. It also provides financial advice to the people to the people all over the world. There is a incident of bankruptcy in the company. In 2000 Enron earned revenue of more than 100 billion dollars (Parker Waichman, 2002). In 2001- Enron stocks fall down to 50 cents a share and thus because of this employees which were working in the company lost their jobs. Then in January 2002 a detailed federal investigation was held to determine the fraud due to which the company share fell (Parker Waichman, 2002). Digital forensic plays a very important role in this case, because of panic which was created by this company, fear was created among the employees and stakeholders. Information which was deleted from the computer is not completely erased from the computer; it is just inaccessible to the user but can be detected by digital forensic expert. The case discussed above explains why digital forensic is necessary. The cause of the same has already been discovered and now there is need to define the legal procedures which are required to preserve the evidence to present in the courts. This procedure is to be followed during various government investigations as well as employer investigations and searches (Cybercrime, 2001). Issues We have already discussed the definition of digital forensics in our previous section. This section will define the legal issues and will explain the right of investigator and employees of the company during a digital forensic investigation on particular assets. There are various issues which are faced by digital forensics community, which includes insufficient funds, legal struggles, lack of well trained professionals to conduct investigations. Digital forensic is still in infant stage and requires established scientific standards to be used as evidence. Researchers require special tools to conduct digital forensics investigations and thus funds are require to create the same, these tools will help in locating and recovering evidences from wide range of data easily and accurately (Robbins, 1999). The cloud based data storage is also a major issue which is faced by digital forensic, data which is stored in cloud is easily accessible to various users though different nodes unlike the traditional way of storing the data on single machine. This can increase the time consumed, costs involved, efficiency and effectiveness of forensic investigation. Cloud services has various advantages of course but the rise in anonym sing tools data storage at different nodes makes it easier for criminals to cover their crime tracks. Thus for effective use of digital forensic the following issues needs to be addressed. Conclusion and Future Work Digital forensics definition, its uses in the field of cyber crimes, challenges faced by it are discussed in this research paper. Various methodologies which are used to reduce the problems faced by intrusion detection system are also discussed through this research paper. Various legal issues concerning the digital forensic area are discussed. This research paper highlights various areas where digital forensics played a vital role and also the tools and issues which are necessary to be addressed at the earliest for the digital forensics investigation to be conducted in a smooth manner without any hindrances. Various special tools are required for removing issues faced by investigators; Digital forensics community requires funding for establishing such tools to help eliminate issues faced by their communities and work for the benefit of people and for providing shield to the company against cyber crimes. References O'Connor, Thomas R. "Criminal Justice Megalinks." 22 Nov 2001. Web. 27 Nov 2016. McCarthy, Michael. "Privacy: Can your PC be Subpoened?" The Wall Street Journal Online. 23 May 2000. https://zdnet.com.com/2100-11-502433.html?legacy=zdnn 27 Nov 2016. Robbins, Judd. The Computer Forensics Expert Witness Network. https://www.computerforensics.net. 1999. Web. 27 Nov 2016. Parker and Waichman, ENRON Stock Fraud. https://www.enronstockfraud.com, 2002.Web, 27 Nov 2016. Department of Justice. Searching and Seizing Computers and Related Electronic Evidence Issues. Computer Crime and Intellectual Property Section.17 Dec 2001 https://www.usdoj.gov/criminal/cybercrime/searching.html, 26 Nov 2016. Fisher, Dennis. Blaster Worm on the Move eWEEK Enterprise News and Reviews Online. 12 Aug. 2003 https://www.eweek.com/print_article/0, 3048, a=46260, 00.asp, 26 Nov 2016. Hachman, Mark. Feds Send Message With Blaster Arrest eWEEK Enterprise News and Reviews Online. 29 Aug. 2003 https://www.eweek.com/print_article/0,3048, a=58615, 00.asp, 27 Nov 2016. Salkever. Alex. Hot on the E-trail of Evidence at Enron Business Week Online. Jan. 29, 2002. https://www.businessweek.com/bwdaily/dnflash/ jan2002/nf20020129_3701.htm, 27 Nov 2016. M, M. E."A Brief History of Computer Crime: A".Norwich University.26 Nov2016. Adams, Richard."'The emergence of cloud storage and the need for a new digital forensic process model". Murdoch University. 27 Nov 2016.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.