Let us know Cyber Forensics & Cyber Crime
Let us know Cyber Forensics & Cyber Crime: From the Editor’s Desk
Computer Forensics is the application of scientifically proven methods to gather, process, interpret, and to use digital evidence to provide a conclusive description of Cyber Crime activities. Cyber Forensics also includes the act of making digital data suitable for inclusion into a criminal investigation.
Cyber Forensics can be defined as the process of extracting information and data from the computer storage media and guaranteeing its accuracy and reliability. The challenge of course is actually to finding out this data, collecting it, preserving it, and presenting it in a manner that is acceptable in a court of law. Electronic evidence is fragile and can easily be modified. Additionally, cyber thieves, criminals, dishonest and even honest employees hide, wipe, disguise, cloak, encrypt and destroy evidence from storage media using a variety of freeware, shareware and commercially available utility programs.
A global dependency on technology combined with the expanding presence of the Internet as a key and strategic resource requires that corporate assets are well protected and safeguarded. When those assets come under attack, or are misused, information security professionals must be able to gather electronic evidence of such misuse and utilize that evidence to bring to justice those who misuse the technology.
Cyber forensics, while firmly established as both an art as well as a science, is at its infancy. With technology evolving, mutating, and changing at such a rapid pace, the rules governing the application of cyber forensics to the fields of auditing, security, and law enforcement are changing as well. Almost daily, new techniques and procedures are designed to provide information security professionals a better means of finding electronic evidence, collecting, preserving, and presenting it to the client management for potential use in the prosecution of Cyber Criminals.
The anonymity provide by the Internet, and the ability for society’s criminal element, to use information technology as a tool for social and financial discourse, mandates that those professionals charged with the responsibility of protecting critical infrastructure resources, have the tools to do so.
The term ‘Cyber Crime’ is the latest and perhaps the most complicated problem in the cyber world. “Cyber Crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime. It can also be defined as any Criminal activity that uses a Computer either as an instrument, target or a means for perpetuating further crimes comes within the ambit of “Cyber Crime”. The concept of Cyber Crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.
A generalized definition of Cyber Crime may be defined as “unlawful acts wherein the computer is either a tool or target or both” The computer may be used as a tool in the following kinds of activities like Phishing, Steganography, Sale of illegal articles, Pornography, Online Gambling, intellectual property crime, E-Mail Spoofing, Forgery, Cyber Defamation, Cyber Stalking etc. The computer may however be target for unlawful acts in the following cases like; Unauthorized access to a computer or computer system or even a computer network, theft of information contained in the electronic form, e-mail bombing, data theft, salami attacks, Worms, Trojan attacks, information thefts, website defacement, theft of computer system, physically damaging the computer system etc.
Computer Crime takes several forms. For the purposes of this work, we have coined the term “Cyber Crime.” Strictly speaking things “Cyber” tend to deal with networked issues, especially including global networks such as the Internet. Here, we will use the term generically, even though we might be discussing crimes targeted at a single, stand-alone computer. Now that we’ve set the ground rules, so to speak, let’s move ahead and begin with a discussion of Cyber Crime in today’s environment.
Cyber Crime can broadly be defined as “A Criminal Activity involving an Information Technology Infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud”.
The easy definition of cyber crime is “The Crimes directed at a computer or a computer system.” The nature of Cyber Crime, however, is far more complex. As we will see later, cyber crime can take the form of simple snooping into a computer system for which we have no authorization. It can be the freeing of a computer virus into the wild. It may be malicious vandalism by a disgruntled employee. Or it may be theft of data, money, or sensitive information using a computer system. Cyber crime can come from many sources. The cyberpunk who explores a computer system without authorization is, by most current definitions, performing a criminal act. We might find ourselves faced with theft of sensitive marketing data by one of our competitors. A virus may bring down our system or one of its components. There is no single, easy profile of Cyber Crime or the Cyber Criminal.
If these are elements of Cyber Crime, what constitutes Computer Security? Let’s consider the above examples for a moment. They all have a single element in common, no matter what their individual natures might be. They are all concerned with compromise or destruction of computer data. Thus, our security objective must be information protection. What we call computer security is simply the means to that end. It is sufficient to say at this point that we are concerned with protecting information and, should our protection efforts fail us, with determining the nature, extent, and source of the compromise.
We can see from this that it is the data and not the computer system that is the target of Cyber Crime. Theft of a computer printout may be construed as Cyber Crime. The planting of a computer virus causes destruction of data, not the computer itself. It becomes clear, from this perspective, that the computer system is the means, not the end. A wag once said that computer crime has always been with us. It’s just in recent years that we’ve added the computer. However, investigating crimes against data means we must investigate the crime scene: the computer system itself. Here is where we will collect clues as to the nature, source, and extent of the crime against the data. And it is here that we will meet our biggest obstacle to success. If we are going to investigate a murder, we can expect to have a corpse as a starting point. If a burglary is our target, there will be signs of breaking and entering. However, with cyber crime we may find that there are few, if any, good clues to start with. In fact, we may only suspect that a crime has taken place at all. There may be no obvious signs. Another aspect of cyber crime is that, for some reason, nobody wants to admit that it ever occurred. Supervisors have been known to cover up for obviously guilty employees. Corporations refuse to employ the assistance of law enforcement. Companies refuse to prosecute guilty individuals.
So where, as computer security and audit professionals, does that leave us in our efforts to curb cyber crimes against our organizations? It means we have a thankless job, often lacking in support from senior executives, frequently understaffed and under-funded. That, though, doesn’t mean that we can’t fight the good fight and do it effectively. It certainly does mean that we have to work smarter and harder. It also means that we will have to deal with all sorts of political issues. Finally, there are techniques to learn Technical, Investigative, and Information Gathering Techniques. It is a combination of these learned techniques, the personal nature that seeks answers, and the honesty that goes with effective investigations that will help us become good cyber cops and investigators of crimes against information on the information superhighway, or on its back roads.