Computer forensics
Within the last decade, computer forensics has solved so many cases that if it was not for this technology the situation would have been worse. This has been mainly enhanced by the ability of computer and digital devices to store data (Goode, 2009). Luckily, these are the same gadgets that criminals use to perpetrate their crimes and therefore it has been become easier to trace criminal activities through digital platforms. For these reasons, computer forensics has become one of the most used tools of investigation. However, it faces numerous challenges especially the aspect of privacy and the right to private information.
Challenges and opportunities
Computer forensics can benefit greatly from the current digital developments. This includes the use of GPS devices in vehicles and the use of Smartphones. With the numerous use of electronic gadgets such, computers, cameras, gaming devices and music players that contain storage media is a sign of a good opportunity for computer forensics to develop. However, the major challenge faced by the police and computer forensics department is that information on forensics countermeasures is found easily and freely online. This has greatly affected the success of computer forensics and it is the main drawback in this area.
In addition to avoiding forensics specifications, forensics counter software also can hide terrorists’ activities form the authorities’ surveillance. Nonetheless, coming up with new techniques in computer forensics has positively and negatively affected the world at large. The world is now safer due to the increasing usage of computer forensics in court cases. In essence, the use of computer forensics has enhanced the justice system by ensuring that culprits and perpetrators of criminal activities are brought to book.
Due to the increasing use of computer forensics, more criminals are being convicted from the evidences gathers from digitals gadgets. Currently, the use of conventional telephones and the use of letters as a mode of communication have become obsolete. Modern criminals are using highly sophisticated communication gadgets and this is a great opportunity for computer forensics. Most of the modern equipment used today in communication have the storage media capability. Most of the communication electronics today have a camera and a recording system and their connectivity is linked through centralized networks.
This means that forensics teams are capable of accessing such data as evidence before a court of law. However, even with the expansive surveillance resources, there is yet another major drawback for the forensics department. Most of the internet service providers have very limited data retention periods. A data retention period is the timeline that specific data has before it is permanently deleted to create more room for newer information. With the limited data reinvention periods, some vital information can be lost or inaccessible.
This is a major drawback for the forensic department because it can affective or inhibits evidence. Unfortunately, this cannot be changed since some of the data stored consumes a lot of pace. For example, CCTV in the streets and around the cities collects data all day for months. After some time, the data collected may be deleted from the servers to create more room for recent recordings.
Improving Computer forensics
Data storage capabilities
One of the most effective ways of improving forensics includes enhancing and increasing data storage capabilities (Taylor, Fritsch, & Liederbach, 2014). As noted earlier, forensics is facing a challenge due to the limited time of storage or rather the retention period. As data keeps on being removed from the database, it becomes very difficult for the investigators to follow leads and to prove the occurrence of a crime. Some of the criminal activities are purely arranged and planned using the internet. To stop such crimes, the computer forensics needs to monitor the flow of information from one terrorist to another for some time. This is considering some of these attacks have been planned for some time. With the lost data over such long periods, computer forensic evidence may not be sufficient to prove a felony.
Partnership between forensics and the state
Computer forensics cannot work sufficiently without the cooperation of the state/government. For computer forensics to succeed, there must be a substantive and sustainable program to govern and enhance a strategic alliance between the stakeholders. A good example of a working agency partnership is the Indiana state police’s partnership with the Purdue University Department of Computer and Information a technology (Goode, 2009). This is not the only interagency collaborative program that the Indiana state police have engaged in. The police also have a partnership program with the National White Collar Crime Center (Goode, 2009).
These partnerships have been developed to pursue one agenda which is to hare unique skills and attributes to enhance computer forensics. Computer forensics is mostly very useful in financial crimes. This is why the NW3C is important in this process. The NW3C is a federally funded organization that is responsible for training the police on matters involving financial crimes (Goode, 2009). The organization has been very useful in training the police on computer forensics relevant to the banking industry and financial markets.
It has also been very instrumental in training the police on various cybercrime investigations (Goode, 2009). Since this is a partnership based on mutual benefits, the police have to return the favor to the organization for the training received. Therefore, as a way of showing its appreciation, the police provide subject matter experts with the platform to experience the real-world situation in crime (Goode, 2009). This gives the organization the advantage of tasting their developed courses to see their effectiveness (Goode, 2009).
Ultimately, the organization gets a platform to practice and utilize their developed forensic skills. Students at the Purdue University IT department are also benefiting from this partnership by getting access to the practitioners in this field. In return, the school offers its best brains in research and the digital forensic field. With the highly intelligent students and researchers from Purdue, the Indiana state police have been able to develop one of the most effective forensic networks in the world.
The concept of Bring Your Device
In recent developments, the concept of Bring Your Device has been increasingly utilized in many organizations. BOYD is a special concept that allows employees to use their electronic gadgets to access classified and privileged company information (Sridhar & Govindarasu, 2014). There are several challenges that the adoption of this concept experiences. Supporters of this concept argue that the ability for workers to perform their duties from any location is good for business.
While such flexibility may be advantageous, there are also several risks involved. One of the fundamental risks that the BOYD concept exposes companies and organizations is the fact that sensitive company information can easily fall into the wrong hands (Sridhar & Govindarasu, 2014). When employees are allowed to access the company’s database using their gadgets, such information can easily be accessed by an authorized person. Devices such as phones, tablets, laptops among others can be stolen and the information stored in them accessed.
This can put the company at greater risk. BOYD can result in a massive and dangerous data breach hence compromising data security (Sridhar & Govindarasu, 2014). Another way that the company risks a data security breach is when an employee who was using his or her gadget to access the company data leaves the organization. When they do so, they leave with their gadgets and the company’s data they had stored in their devices. This also can create a very serious data security breach.
Dealing with digital threats created by the BOYD concept
Dealing with digital threats resulting from BOYD CONCEPT the ICT departments need to be on high alert. In every organization today, ICT has been significantly incorporated in the daily organizational functions. In a situation where a fired or an ex-employee is using a password-cracker to gain access to restricted information in an organization, an appropriate measure must be taken to secure the incident. To secure the scene, one requires software like Log2timelieme (Taylor et al., 2011). This software is used to identify the timelines from system logins.
However, for this particular occurrence, an incident response software is the most appropriate to address the issues. Volatility is one of the best software available for such a function. The software is designed to address incidences and malware analysis and it allows the investigator to extract digital artifacts from RAM dumps (Chung, Park, Lee & Kang, 2012). This software allows one to extract information from the current running process and also from the cached registry hive, process IDs among another process (Chung et al., 2012).
Steps in dealing with the situation
The initial steps to follow when investigating a digital crime scene involve obtaining authorization to search and seize the facilities used by the suspected perpetrator. After gaining authorization from the organization management, the next step to secure the area of or the crime scene would be the most prudent action. This helps to avoid an instance where colluding colleagues can tamper with the evidence to influence a favorable forensic outcome. The entire items that were seized during the investigations must be documented and recorded and if any transportation of the confiscated equipment and evidence is to be made, safety should be a priority. Acquiring the evidence from the equipment should be done using forensically acceptable methods.
After the evidence is acquired, the forensic images should be used to analyze the data and come up with interpretations based on the collected facts (Garfinkel, 2010). Presenting the analysis and findings of the investigation must be simplified even though complex methods of analysis have been used. The results must be presented in simple easy to understand language and in a written report. The evidence is thereafter presented in a courtroom under an affidavit.
Extracting evidence with the volatility software
First, one needs to identify a folder or folders he or she needs to investigate. After identifying the folders, one only needs to place the Volatility-2.1 standalone.exe and open a command prompt window (Garfinkel, 2010). From this window, one needs to click on the executable file and type the name of the software, the plugging name, and the profile name. The plugging name is the name of the file the investigator wants to extract information from. The software does the rest automatically.
Admissibility
To enhance the admissibility of evidence, the original copies of the collected evidence should be copied. The collected evidence must be authenticated through an electronic process to prove that the said crime and presented evidences are genuine (Goode, 2009). The evidence must meet the relevance threshold to be admissible in a court of law. In addition to this, an affidavit is required to hold the investigator directly responsible for the evidence provided. Evidence provided must be extracted from the gathered information and not from outside sources (Goode, 2009). These are some of the highest steps that should be taken to ensure that the investigation is legitimately carried out in all fairness to both the defendant and the plaintiff.
System upgrading plan
In every organization, system evaluation is very important for the success of the company. In the banking industry, security checks a regularly required to ensure the bank has the latest system to enhance its security. The growth of ICT has further increased the necessity of systems evaluation on a regular timeframe to enhance security. This paper seeks to discuss the different evaluation strategies for a bank, appropriate monitoring of the system’s progress and evaluation of success and failure methods.
Systems evaluation strategies
Test and evaluation is vital before an upgrade is carried out in any organization. This enables the company to evaluate the present system and identify the loopholes therein. With this knowledge, appropriate measures can be taken in the upgrading procedures. The system evaluation strategies involve testing the bank’s vulnerability in terms of outside infiltration. This requires the bank’s IT department to try and hack their systems to see whether it is possible to steal data from outside (Ammenwerth, Brender, Nykänen, Prokosch, Rigby & Talmon, 2009). Using the system’s protocols, the IT personnel can try to create overrides to determine the vulnerability of the bank’s system.
What evaluation methods could be used?
To evaluate a system may also require the administration to authorize an operation that aims at bringing out the risks of that are unforeseen in a system. Appropriate strategies include a call by value, partial evolution and applicative order (Ammenwerth et al., 2009). In banking, speed is very important and so is accuracy. Upgrading requires the IT department to identify the issues raised about the current computers. Banks require high-speed computers and enough memory for data storage. If the company’s needs are not effectively met by the current desktops, then the most product auction would be to upgrade to higher performance desktops.
Monitor progress and methods of evaluation of success/failure will you use?
To monitor the progress of a network system in a bank requires time and patience. One cannot determine the extent of a failure in a system if the system is not put in use for long enough for these issues to begin arising (Ammenwerth et al., 2009). Therefore, monitoring a system has to be a gradual process aimed at identifying the underlying issues and risks that a system may expose the bank to. Monitoring the performance of the computers, the software installed and the servers to see determine whether they match or compete with the recent technologies in the market. The method of evaluation appropriate in determining the failure or success of the systems would be the call-by-value strategy (Ammenwerth et al., 2009).
Recommendations
As a group we recommend a complete overhaul of the entire analog system to be replaced with new technologies. High-speed desktop no less than a dual-core and new installation of modern servers to support the company’s network data should be reconstructed. For efficient services to clients, the bank must enhance its banking service through other platforms such as social media, mobile banking, and online banking.
Such improvement requires very sophisticated data control systems to ensure they are secure. ICT is a major component in the banking industry and the sooner banks adopt the trends the better for business. This paper has critically analyzed the process involved in upgrading a system in a bank. System evaluation processes have been outlined in the paper as well as strategies for monitoring progress in the systems.
Understanding the risk assessment methodologies and its applications is important in that it makes one able to create a more secure computing environment. However one of the challenges is that professionals in information face difficulty due to the fast rate of change in technology. Various tools are used for risk assessment. A good one is the Operationally Critical Threat Asset and Vulnerability Evaluation (Sridhar & Govindarasu, 2014). This helps organizations protected from information security risks. Although OCTAVE is workshop based and not tool-based.
Threat Modeling is in simpler terms a procedure which is used to optimize network security. It does this by checking for vulnerabilities and counters the mechanisms of the vulnerabilities or threats to the system. In this case, a threat is a malicious act that is directly harmful and can cause damage to your system. The point here is to go through the whole system and find where the most effort should be applied or the riskiest area which should be taken care of first to keep the system safe and secure. The technique it uses is it changes with the change in the development of new factors.
Risk assessment is being able to control and manage the potential risks or dangers and taking the necessary steps to make sure they are managed and well taken care of. In other words, it’s the act of controlling the risks and potential dangers. Risk assessment is important in that it protects various aspects of an organization such as its assets. The most important thing to consider in risk assessment is identifying the potential dangers. Risk assessment entails various processes such as qualitative and quantitative risk assessment (Sokolov, Mesropyan & Chulok, 2014). Octave consists of phases and each phase contains several processes. For example phase, one contains processes such as identifying senior management knowledge and creating threat profiles. Phase 2 consists of identifying key components and evaluating selected components.
References
Ammenwerth, E., Brender, J., Nykänen, P., Prokosch, H. U., Rigby, M., & Talmon, J. (2009). Visions and strategies to improve evaluation of health information systems: Reflections and lessons based on the HIS-EVAL workshop in Innsbruck. International journal of medical informatics, 73(6), 479-491.
Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital forensic investigation of cloud storage services. Digital investigation, 9(2), 81-95.
Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7(1), 64-73.
Goode, S. (2009). Admissibility of Electronic Evidence. Rev. Litig, 29(1), 134-138.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2014). Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model. Journal of Information Security, 6(01), 24.
Sokolov, A., Mesropyan, V., & Chulok, A. (2014). Supply chain cyber security: A Russian outlook. Technovation, 34(7), 389-391.
Sridhar, S., & Govindarasu, M. (2014). Model-based attack detection and mitigation for automatic generation control. Smart Grid, IEEE Transactions on, 5(2), 580-591.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 1(3), 4-10.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. New York, NY: Prentice Hall Press.
Usha, M. (2014). A Study on Forensic Challenges in Cloud Computing Environments. Journal of NanoScience and Nanotechnology, 2(1), 291-295.