31-07-2014, 03:01 PM
Computer Forensics
Computer Forensics.doc (Size: 300.5 KB / Downloads: 12)
INTRODUCTION
THREATS TO THE SYSTEM
System threats can be broadly classified into human and environment threats. Environment threats include power outages, fire and floods. Human threats can be malicious or non-malicious. A threat is considered malicious if the attack or crime
is committed with full knowledge and intension. A non-malicious threat is one where the individual does not understand its intent or is ignorant of the action that is about to be committed. For e.g. :-
A disgruntled employee may try to break into the organization’s critical business information to damage the information and the business. This is an example of malicious human threat.
An ignorant employee may give out information to a hacker without realizing the consequences. This is an example of non-malicious human threat.
IDENTIFYING
This is the process of identifying things such as what evidence is present, where and how it is stored, and which operating system is being used. From this information the investigator can identify the appropriate recovery methodologies, and the tools to be used.
PRESERVING
This is the process of preserving the integrity of digital evidence, ensuring the chain of custody is not broken. The data needs to preserved (copied) on stable media such as CD-ROM, using reproducible methodologies. All steps taken to capture the data must be documented. Any changes to the evidence should be documented, including what the change was and the reason for the change. You may need to prove the integrity of the data in the court of law
ANALYSING
This is the process of reviewing and examining the data. The advantage of copying this data onto CD-ROMs is the fact it can be viewed without the risk of accidental changes, therefore maintaining the integrity whilst examining the changes.
1. Shut Down the Computer
Depending upon the computer operating system involved, this usually involves pulling the plug or shutting down a net work computer using relevant operating system commands. At the option of the computer specialists, pictures of the screen image can be taken using a camera. However, consideration should be given to possible destructive processes that may be operating in the background. These can be resident in memory or available through a modem or network connection. Depending upon the operating system involved, a time delayed password protected screen saver may potentially kick in at any moment. This can complicate the shutdown of the computer. Generally, time is of the essence and the computer system should be shut down or powered down as quickly as possible
CONCLUSION
Reporting of economic and cyber crime is problematic and grossly underestimated, as is estimated from the many risk associated with corporations in reporting or sharing fraud losses and activity. A uniform computer forensics crime reporting system should be developed that includes economic crimes.
The computer forensic needs and challenges can be accomplished only with the cooperation of the private, public, and international sectors. All stakeholders must be more willing to exchange information on the effect economic and cyber crime has on them and the methods they are using to detect and prevent it.