FRAUDBUSTERS® Technology Edition
Volume 9 - No. 1 Download PDF
In this edition of
Computer Forensics: Sherlock Holmes in the Information Age
The past decade has certainly been memorable… technology has exploded, advancing so rapidly that most people simply can't keep up. The PC that was considered state-of-the-art at the turn of the century is now barely powerful enough to run a standard operating system. Wireless technology has expanded so fast, that customers can hardly get used to their phones or PDAs before they are eclipsed by the next best thing. Home computer users are surfing the Internet at speeds they would have thought impossible only a matter of years ago. Tons of information is only a mouse click away, and people are communicating with others from all over the globe without ever getting off their chairs. Technology has truly changed the face of business and society at large by leaps and bounds, and not since the Industrial Revolution has something managed to alter the lifestyles of so many people worldwide. Impressive? Yes. Amazing? Perhaps. Dangerous? Without a doubt.
for all the convenience, entertainment and "wow" value
technology has bestowed upon us in recent years, it has also revealed
a dark side. High-tech
crime has become as widespread and common as street crimes, and even
worse, the victims usually have no idea they're under attack until
it's too late. From simple
software piracy to high-level corporate espionage, techno-crooks work
under the cover of silence and anonymity.
And because their methods revolve around new technology, there
may not be laws or police techniques in place to stop them.
Gone are the simpler days, when a good, old-fashioned mugging
was the preferred method of theft… now robbers sit in front of a
computer screen, swiping credit card information or passwords from
unsuspecting Internet denizens, and taking home a lot more than a few
crumpled dollar bills.
course, law enforcement has done its best to keep up with the bad
guys, passing new laws and developing new techniques to stop them in
their tracks. Today,
criminals are convicted due to solitary pieces of digital evidence,
files that are physically nothing more than a series of magnetic
particles. Tracks that
cybercrooks thought they covered by deleting incriminating files are
restored and presented in court. Unscrupulous
workers who cost their employers money or tarnish reputations are
revealed and dealt with accordingly.
How is this all possible? The
answer is simple. The
answer is computer forensics.
forensics, in a nutshell, is the application of technical knowledge
and investigative techniques to find, identify, preserve and present
evidence contained within and created with computer systems.
The goal of computer forensics is essentially the same as with
any other investigation, and the same rules of evidence and legal
processes still apply. Finding
out the who, what, where, when and why is still the prime directive of
any examiner, only the methods used to answer those questions are now
Bits and Bytes of Computer Forensics
such evidence is clearly a delicate process, and forensics experts
take great care in the physical and virtual handling of all sources.
If hardware needs to be sent off-site to a lab, drives and
other devices are carefully packed in foam and protected from harmful
acquisition is done as quickly and discreetly as possible, without
disrupting operations or arousing suspicion.
the time comes to extract evidence, an investigator will make an exact
copy of the media, not just a copy of the folder contents.
The information is written onto a form of media that cannot be
altered (such as a CD-ROM or other read-only disk), thereby preserving
the integrity of the data obtained from the original disk.
This copied data can now be scrutinized by investigators for
finding this information is no easy process.
Computer forensics has been described as looking for a needle
in a mountain of needles, with literally thousands of files for
examiners to pore over. The
procedure requires a great deal of skill, experience and patience.
Specialized software is used to help sort through the labyrinth
of both active files (the files we see) and unallocated (currently
unused) disk space that may contain temporary or previously deleted
data. Investigators may
also decode protected or encrypted files, if it is possible and
legally appropriate. In
some cases, sophisticated equipment is used to extract data from
damaged or destroyed media, such as a floppy disk that had been cut in
half. Still, despite the
wealth of high-tech gadgetry at many examiners' disposal, finding
evidence often requires someone who simply knows what to look for and
how to find it, a skill that only comes with experience.
all this data is gathered and analyzed, the investigator then compiles
a detailed report for their client, after which they are often called
on to testify at some sort of legal proceeding.
In such cases, it is not only important for the forensic expert
to possess exceptional technical knowledge, but the skills necessary
to present the evidence in a courtroom setting.
The ability to present information in a logical, persuasive
manner that a jury can understand, while being able to withstand the
opposing counsel's scrutiny, is very valuable and often makes or
breaks a case.
forensics is regularly used by law enforcement agencies as a method of
investigating and prosecuting various crimes.
These days, criminals are using computers to commit crimes that
would not be possible without them (such as hacking into corporate
databases, stealing passwords and account information, unleashing
viruses, etc.), as well as crimes that traditionally did not involve
any sort of advanced technology. Child
pornography and kidnapping, for instance, are among the most feared
and widely publicized crimes that often enlist the aid of the
computers. It's a parent's
worst nightmare to think that their children could be lured away by a
smooth-typing pervert, but it happens, and computer forensics experts
are often called upon to track them down and collect evidence.
child pornography and fraud are the most prevalent types of computer
crimes, even homicides and grand larcenies are solved via computer
forensics, when villains discuss their plans with partners online or
compile lists of victims on their home PC.
Virtually any type of crime can have links to computers, but
what many lawbreakers don't realize is that the electronic
fingerprints they leave behind (e-mails, documents, instant messages,
etc.) can quite easily come back to haunt them.
private companies also employ the aid of computer forensics, whether
it is done in-house or an investigator is contracted by the company.
It is no secret that system security is a major issue for most
businesses, especially in the wake of the many viruses, worms and
system break-ins that have occurred all over the world in the past few
years, crippling operations and costing companies billions of dollars.
Computer forensics is also used to help companies locate
evidence regarding a wide range of matters, from sexual harassment to
intellectual property theft.
also call upon computer forensics specialists for a variety of
reasons, such as support in medical malpractice or wrongful death
suits, wrongful termination, sexual harassment, discrimination,
recovering lost data, or even to find out what children and spouses
are up to on their computers. Indeed,
computer forensics can be applied to almost any investigation-worthy
subject, and more and more people are taking advantage of this
technology to help combat crime and tackle civil wrongdoings.
Future of Computer Forensics
course, the future holds some important questions.
Will there be standards? As
of now, there is no governing body or certification standards for
computer forensics "experts."
Many current certifications are simply based on certain types
of software or methodology, some are open to only certain
practitioners, and some are nothing more than marketing gimmicks to
sell more of a particular tool or training.
Most examiners agree that there needs to be some sort of
standardization so that when an "expert" conducts an
investigation or takes the stand in a legal proceeding, their client
is actually getting credible, competent support.
innovations also need to be considered.
Technology has advanced tremendously quickly in recent years,
and the bad guys aren't the ones playing catch-up.
As computer forensics techniques become more advanced, so will
the methods criminals use to stay a step ahead of the law.
Encryption, for instance, is already considered a major issue,
and it is poised to become an even greater hindrance as criminals
learn more about the process. Wireless
and portable technology is another big concern… it is the wave of
the future, and it's a foregone conclusion that scams will proliferate
on our ubiquitous multi-function handheld devices in the coming years.
Whatever the future holds for us, one thing is for certain… computer forensics is here to stay. The long-shot years are dead and buried, and the horizon looks to be packed with exciting innovations and significant developments in the field. We at Kessler International are leading the charge, and we are ready and willing to take on any challenge that comes our way. If you require the services of a computer forensics expert, give us a call. Our specialists have the experience, the knowledge and the professionalism that will guarantee a job well done and another case cracked.
Copyright © Michael G. Kessler & Associates, Ltd. 2004. All rights reserved.