History of Computer Forensic, Research Paper Example

Introduction

Computer forensics relates to the effective management of a computer systems and its communication networks. The concept of forensics relates to the ability of collecting scientific information that may be used as evidence in a subsequent court trial. Essentially the analysis and recovery of what is termed latent evidence The ability to practice good forensics techniques will help in the deterrence of attacks against your computer systems and provide what is know in computer terminology as ‘defence in depth’. The technicians see forensics as a means to collect, analyze and preserve data in order to support any subsequent legal action for system intrusion by unauthorized users. This collects two types of data: (i) Persistent data which is normally stored on hard drives or other similar media and (ii) Volatile date, that data stored in memory or in transit in the system. (US-CERT, 2008)

Distributed Network Attacks

A distributed network attack (DNA) relates to a cyber-decryption attack over the entire system network. This is an illegal attack where the hacker hopes to obtain personal information for profit motivated purposes. Information Technology has become the life-blood of virtually every organization. Most large business operations contain Data Centre’s of expensive computer and communication systems (hardware) and important client information and programs (software). Together they provide the central back-bone of the organization and as such any threat to these systems can be extremely disruptive and costly to the business.

File Recovery – Tools like Nessus provide a range of network vulnerability tests and tracking features. The objective being to alert the system administrator to possible intrusions and potential threats. The dynamics of the software is such that it does not rely upon one dedicated security system server but can operate on all of the machines (nodes) throughout the entire network. Important features of this incorporate the potential of password decryption. The actual DNA server itself resides at the very core of the network allowing for supervision over the entire network framework. This facilitates both management of the network and the ability to conduct target searches over perceived problem areas. This reduces both cost and processing time.

Internet Crime and particularly illegal entry into other computer systems i.e. hacking is deemed to be a Federal Offence in the USA and falls under the investigative jurisdiction of the Federal Bureau of Investigation (FBI). Criminal computer hacking has been legally defined as any person who willingly and knowingly commits an act of cyber terrorism, credit card fraud, malicious vandalism, identity theft or other cyber-crime by hacking into a Corporate or Government system. Such criminal acts are treated very seriously in the USA and will be subject to harsh penalties (Andress, M. 2011).

Network Security Audit

A Network security audit is a verification check concerning the points of vulnerability on a computer network where there may exist points of potential weaknesses for unauthorized access or entry to the computer network. It examines the control features of the system, levels of encryption, firewalls and hardware vulnerabilities. There are three broad areas of vulnerability on a computer network 1) Interception 2) Availability and 3) Access entry points.

What has made this a nightmare for the security manager is the fact that data can be easily copied onto small storage devices, laptop and portable computers. This has intensified the need for improved security techniques over data and particularly that of data encryption. One method being the increased use of data encryption which uses algorithms and mathematical constructs to scramble the data into a non-readable format and can only be decrypted by having the relevant unlock key. (ISACA, 2011).

Network Behavior Anomaly Detection (NBAD)

The concept of NBAD is that of a process that is engaged upon the continued monitoring of a proprietary network system. It looks for unusual events or occurrences on the network and plots trends. It effectively examines the behavioral process of the network and alerts to any suspected unusual events or occurrences. It provides an added tier of protection to the firewalls and anti-virus software on the system. It is a real time system that assists in the determination of threats and vulnerabilities to the network.

In summary format the NBAD system will track and monitor the following events:

• Deviations to standard usage practices on the network
• Unusual events or occurrences
• Plots the trends of usage on the network against a baseline network usage profile
• Potential threats or vulnerabilities on the network

The Need for NBAD Security packages

An important part of network administration is that of security and protecting the overall system integrity. One such application is ‘Tenable Nessus’ that aims to deliver the following product benefits. A vulnerability scanner that is described as a world-leader in active scanners with in excess of 5 million software downloads the application comes with a range of rich features for managing and monitoring the entire network system (Tenable Nessus, 2011).

The Nessus also has the advantage of being able to extend its range of services to wireless networks covering such items as mobile phones, iPhone, iPod Touch & Android devices etc.

Data Retention Law

The data retention law in the EU has an impact on both the US and EU in that ISP providers needs to retain all of the data that is transmitted by e-mail traffic. It is considered that this contains important information for forensic investigations and the important point of establishing guilt or innocence in a criminal investigation. There are specific directives in place that describe how such data may be accessed. This storage imposition on the ISP provider creates a huge storage issue requiring thousands of terabytes of storage. (Warner, J. 2005)

The EU data retention law provides the US the right legal authorities in order to gain access to such data and these being defined within the context of international agreements. There have been complications in gaining access to data and the EU is investigating ways to eliminate these. The law has been criticized saying that it infringes individual privacy rights (Baker, J 2011). A study that has been carried out indicated that it will cost ISP providers in excess of half a million dollars per annum in additional storage and operating costs to retain this data.

The concept of litigation seems most prevalent in the area of IT Security. Nearly all forms of electronic media have the potential for being involved in litigation cases. When these instances arise one of the most important aspects will be the gathering of data or information for evidence. Where it is believed that a criminal act has taken place the computers and network devices may be removed for evidence. This type of confiscation can impose a serious threat and disruption to the business as the court may instruct the system to be frozen which means that the back-up recovery system could not be immediately invoked. Failure to comply with court orders can result in very severe penalties. This impact is mitigated by having the geographical architecture divided into a number of nodes or junctions allowing for components to be removed or bi-passed. For example if a Bank Branch in the UK was subject to a fraud investigation and the court ordered seizure of the computer equipment at that Branch, then the back could just isolate that node of the network and literally shut it off allowing the remaining nodes on the network to continue operating. In this way the entire integrity of the Banks’s systems are not compromised.

Security Over Wireless Networks

Before addressing the types of security measures in place over wireless networks, it is necessary to have some understanding of the threats imposed. These vary from eavesdropping to that of physical intrusion and penetration of your system. Both can be potentially damaging but as a minimum a gross invasion of your privacy. Threats may be as simples as:

Rogue Wireless Area Networks: This is where someone may introduce an additional router to your network and thereby gain access to the wider network. This is essentially a hardware intrusion. Software applications like Network Magic will detect and report such intrusions to the network administrator.

Spoofing Internal Communications: This is a direct attack and intervention from outside computers wishing to gain access to your system. They simulate internal domains and essentially look harmless on the network maps.

Direct Theft of network resources: This is where your system is hacked and the intruder steals bandwidth to surf the internet. They can then indulge in a variety of illegal activities that indicates the source as your network. i.e. downloading pornography, music, video clips etc. Degradation of your network performance is an indication of this type of attack.

Whilst segmentation is a useful step you will also require wireless encryption which is essentially a means of preventing eavesdroppers on to your personal wireless network. The early method used WEP (Wireless equivalent privacy) but this was later discovered to be flawed as anyone who gained the key access could join the network. It was also easily cracked by professional hackers. We quickly moved over to WPA (wireless protect access). This used temporary key integrity protocol and provided a much tougher code system to decipher. Even this was not good enough for large enterprise networks that required a much higher degree of sophistication and security.

Analyzing Communication Intercepts

There is a considerable threat imposed upon the interception of communications particularly that associated with electronic media. One of the more common threats relates to that of e-mail. The threat here is two-fold: (i) the interception of messages and communication by hackers and others who are intent on theft of intellectual copyright or business confidential information (ii) incoming messages from the outside that may have attachments and carry harmful viruses that can penetrate the Banks firewall and impose serious damage to the computer network. The first of these represents a criminal offence and is punishable under the law. The second may be harmless or careless use of communications that have not been checked with anti-virus software. The policies here become a little more complex but certain precautions can be taken. The first is for the system not to accept any external e-mails that contain attachments. In addition those that contain any graphics or graphic files which are often used to harbour Trojans. Only allow access to the network to those that have security clearance and are deemed to be authorised users of the system. Restrict external file attachments to addresses outside of the system (prevention of data transfer or theft). The job of the Security Manager has been made much harder in recent years because of items like USB Pen Drives that have high storage capacity. They can be plugged into virtually any USB port in the system and quickly download data. Providing the person can gain access they will have the ability to download confidential information files. (White, G.B 1996)

New Cyber threats – increased need for forensics – More recently the threat of terrorism has been added to the Security Managers busy agenda. This was highlighted during the IRA terrorist campaign conducted on the square mile of London resulting in the blasts at Bishopsgate (1993) and St. Mary’s Axe (1992). These caused severe disruption to many City Financial Institutions and resulted in considerable loss of life. Strategy now has to consider how the assets and people might be protected from such an attack. This has been broadened to consider the consequences of natural disasters that include such items as Fire, Flood, and Earthquakes etc.

Fortunately technology has assisted in this program by making it easier to create secure data recovery sites. An example being the Royal Bank of Scotland that mirror images its’ entire hardware, software and communications systems at a highly secured site in Dalkeith, Scotland. The site is designed for 24/7 systems disaster recovery invocation throughout the entire RBS system. Many other Banks have developed similar in depth robust security recovery plans as part of the Corporate IT Strategy. (Tr?ek, D. 2006).

Internet Crime and particularly illegal entry into other computer systems i.e. hacking is deemed to be a Federal Offence in the USA and falls under the investigative jurisdiction of the Federal Bureau of Investigation (FBI). Criminal computer hacking has been legally defined as any person who willingly and knowingly commits an act of cyber terrorism, credit card fraud, malicious vandalism, identity theft or other cyber-crime by hacking into a Corporate or Government system. Such criminal acts are treated very seriously in the USA and will be subject to harsh penalties. Such intrusions are capable of creating a tremendous amount of malicious damage. They may potentially threaten national security, may cause serious service disruptions e.g. hospitals, emergency services etc. May create economic and financial instability by intrusions to Banks or large Corporate Offices.

One such example is that of David Smith a computer hacker launched the Melissa Virus in March of 1999. The virus that he placed into the internet spread to over 1.2 million computers causing an estimated $80 million in financial damages to businesses. Smith was convicted of computer hacking and the courts sentenced him to 40 years in prison. He was release some 20 months later after agreeing to work with the FBI in their fight against cyber-crime. (Criminal Law Lawyer Source, 2011).

Garry McKinnon in the UK has been found guilty of hacking into 96 US Military and Defence systems and could face up to 70 years imprisonment. He is currently awaiting extradition from the UK. In general terms’ hacking is a form of cyber terrorism and as such is a criminal act. There is no legal justification for this and even those individuals that attempt this for an intellectual challenge are breaking the law. It is not only a gross invasion of privacy but a complete act of irresponsibility that potentially can unleash very serious and grave consequences for the public.

References

Andress, M. (2011, 11 18). Network vulnerability assessment management. Retrieved from Network World: http://www.networkworld.com/reviews/2004/110804rev.html

Baker, J. (2011, 11 21). EU data retention law blasted on privacy issues. Retrieved from Networld: http://www.networkworld.com/news/2011/041811-eu-data-retention-law-blasted.html

Criminal Law Lawyer. (2011). Computer Hacking. Retrieved 11 17, 2011, from http://www.criminal-law-lawyer-source.com/terms/computer-hacking.html

ISACA. (2011, 11 27). Approach to auditing network security. Retrieved from ISACA: http://www.isaca.org/Journal/Past-Issues/2003/Volume-5/Pages/Approach-to-Auditing-Network-Security.aspx

Tr?ek, D. (2006). Managing information systems security and privacy. New York: Springer.

US-CERT. (2008). Computer Forensics. Washington DC: US-CERT.

Warner, J. (2005). The Right to Oblivion: Data Retention from. University of Ottawa law and technology journal, 76-103.