Computer Crime And Forensics: Need For Evolution Of Computer Forensic Assessment Answer

Answer :

Computer Crime and Forensics

Abstract

The use of technology and the internet has been evolving with years. With the evolution of technology, the number of crimes has also been increasing. Computer crimes which include hacking, loss of information personal and business, important data related to the country and governments have been corrupted. This has raised the demand of the experts handling in the computer forensics. This literature provides a thorough overview of the detrimental effects of computer-oriented cyber-crimes and its potential applications to a wide range of areas. This also includes some of the most probable effective measures and norms that people should be following to eradicate the effects of these issues which cause tremendous mental exhaustion. The paper provides an understanding of the various crimes which are related to the computer and how computer forensic assist in the extraction of the loss data and retrieval of the lost files.  This branch of science has been hugely used in the investigation purpose and utilized to support legal cases. The experts utilize various technologies and tools for the retrieval of the data not only from the hard disk but also files and drives which have been deleted or corrupted. The software and technologies also assist in allowing the retrieval of information and the address related to the offenders from the network and thereby preserves information for the support of the legal proceedings against the cyber offenders. The paper especially highlights the needs continuous evolution of the computer forensic so that they can open cold cases which were closed because adequate data could not be retrieved. 

Keywords

Phishing scams, copyright infringement, unpardonable mass-surveillance, pornography, violation of copyrights, Cyber bullying, Cyber stalking, Random Access Memory, cracking, URLs, encryption keys, kernel modules, email forensic, Smartphone forensic, Disc and Cloud forensic 

I. Introduction

The rampant increase in the use of technology in daily lives has led to the occurrence of malicious crimes resulting in the enforcement of several laws. Forensic has been rapidly used in day to day lives for the investigative processes. In terms of the enforcement of the law, it is difficult to imagine an investigative process without the use of computers technology. The evidence which is related to the crime can be related to the cell phone or laptop or via email. There are times, evidence of crimes can also be seen through social media, stored and transmitted through the cloud and can also occur through sharing of the Dropbox account.  Several investigative cases can also include the involvement of cyber connection. The increase of the use of mobile phones and different android applications have also led to complicated investigations which have resulted in the signalling of certain changes which needs to be adopted for the collection of the evidence. In recent years, there has been a shift in the enforcement of the law which was observed where most of the crimes are based on traditional cyber forensic cases and few included mobile crimes.  The enhanced use of the technology in the personal, as well as the computer forensic, has given rise to the internet of things or IoT, which have resulted in connecting everything within a small period of time.

II. Computer Crimes

Computer Crime specifically corresponds to a planned activity by a potent computer user commonly called a hacker. They unethically browse the hard-core private relevant internal information specific to either a company or other unit and put the same to some malicious use. Sometimes it so happens that such people browse the private information simply with no other intention but to completely corrupt the respective data files [2]. Some of the most common examples include fraudulent activities, leakage of private records, identity theft, phishing scams and so on. Computer-oriented offences have the potential to specifically threaten an individual or spoil the image of any given sector, financial health as well as a nation's security. Any issue pertaining to this is often quite high-profile and also includes copyright infringement, unpardonable mass-surveillance, pornography, violation of copyrights and so on. Particularly on today’s date, computer crimes are eventually increasing to a remarkable extent due to the over-utilization of technology and their misuses mainly. Such crimes specifically tend to highlight the entire criticality of an enabled networked system in people’s daily lives. More specifically the misuse of these respective computer technologies, as in the case of automobile sectors as well, has strongly enhanced community vulnerability. However, the accurate definitions and perceptions of crime along 

Prohibitions enactment gets directed towards community protection. 

In this regard, losing a specific web account can potentially be super damaging as well as quite detrimental due to the very fact that people possess huge reliance on computer networks in order to specifically conduct business operations these days [5]. Solely due to the quite early and omnipresent adoption of superior technologies and internet usage, such heinous crime, its victims and above all the cybercrime villains are increased gradually. Novel technological advancements facilitate new opportunities for suspects to continue their spiteful activities. There exist a few important categories of computer-based crimes as follows: 

• Any crime targeted or conducted at computers.
• Crime using the internet.
• Crime characterized by digital data retrieval including payment storage.

In the current system conscious society, only regulations and defined laws should not facilitate what exactly is wrong or chalk out the respective punishment for the lawbreaker. Rather they should coherently forbid conduct; the misconduct means of complexity and other related attributes are responsible for the aggravation of the existing issues. Many studies have stated the mandatory distinction between the wide variety of computer crime types, their abuses with a particular focus on a computer taken as the primary “object” of malicious crimes and offences [3]. Therefore, cyber bullying, harassments are a few long-standing offences which convert to certain societal problems. However, more than the mentioned areas, social networking sites actually have paved the specific way for a complete new coliseum particularly for predators to keep their business consistency alive and viable. It is solicited for prominent victims immediately report any such encounters to the seniors, specific network providers as well as law enforcement. Pertaining to this, the very idea of hate crimes tends to carry their personal penalties set which in turn have subsequently peaked FBI interest.

III. Application of Computer Crimes

As mentioned accurately, any crime instantaneously perpetrated along with its vast effects has the potential to disseminate at incredible speed. Also, increasing computer usage has contributed and enhanced the matter rapidly, the adverse effects of which, has been encountered all across the globe. Digital crimes are wide-ranging and sometimes difficult to prosecute successfully. Regarding the “application of computer-oriented offences” the following list comprises of: 

Computer-oriented foreign crimes: This corresponds to international crimes as mediated by computers to potentially disrupt the nation’s security. Certain regulations and necessary laws have been constructed to carefully address such a menacing issue. Foreign crimes based on the digital domain have been much in vogue in many countries that have exhibited their rampant impact on the particular country’s financial architecture as well.

Child pornography: It involves a plethora of aspects and essential determinants which refers to child pornography to a specific visual portrayal of sexually blunt misconduct which involves a minor particularly under the legal consent age. The internet, however, enables steady distribution and spread of such materials all across the level of jurisdictions which frequently needs authentic law enforcement that would coherently function together with collaborations mediated by efficient government agencies that to tend to primarily emphasize the complete eradication of child pornography, rescuing victimized kids and above all prosecuting offenders. 

Sexual harassment: Offline sexual harassment is quite in vogue in the modern societal parameter. But pertaining to the internet-based sexual harassment, on today’s date this phenomenon has potentially created quite a stir among the people involved too much with technologies just like computers [4]. Cyberspace sexual harassment chiefly constitutes obscene materials posted intentionally by malicious people about a certain someone to slur his or her image.

Cyber-bullying: It is a purposeful act with the intent of bullying an individual either by intimidating messages or threats via electronic communication. It exclusively embarrasses other targeted individuals with a well-defined motive to create enormous mental exhaustion [1].

Information security: These are unauthorized offences committed to breaking through anyone’s private database or valuable information illegally for corruptive purposes. Generally, for any organization, information security is invariably well taken care of to maintain the company’s secrecy; any existing norm violation can be extremely disastrous corresponding to any company, group or organizations. 

Dissemination of viruses: Viruses, primary computer programs, specifically get attached to and thereafter infect an entire file. Viruses’ circulator gets spread to other properly functioned systems and corrupts the database. Crimes related to this, modify the archive by completely deleting the stored items causing huge loss relevant to a particular sector.

Spamming: In specific internet forums, spamming spreads viruses and other vindictive software. Spamming via junk e-mails is frequently used pertaining to cyber-crime including phishing. It is a remarkable criminal activity characterized with restricted messages in abundance through computers and more specifically the internet.

Cyberstalking: This is quite a common instance of computer-oriented offences that use certain electronic means (internet) to stalk people, organizations. Most likely cyberstalking comprises of false accusations as well. Other aspects include identity threat, vandalism and collecting information to defame or embarrass someone.

IV. Computer Forensics

Computer Forensic is a type of digital forensic science which acts as the evidence which is found in the digital media storage. The main purpose of the computer forensics is the examination of the digital media that allows the identification, preservation and recovering of the facts which have been obtained digitally. This branch of science is mostly utilized for the investigation of the variety of computer-related crimes as well as it has also been used in the civil proceedings [21]. The main factors which are included in this branch of science are the recovery of data and following of the additional guidelines and practices which have been designed for the creation of the audit trail in the legal field [6]. The computer forensics has been used in increased amount for most of the high profile cases as accepted currently in the United States and European court.

The advent and the increase of cybercrime were observed when there was an increase in the computer system observed in both personal and professional fronts. Other than computer frauds there was an increase in newer crimes which were not initially known. Some of those crimes are like crack.  The emergence of computer forensic occurred due to this increase in computer crimes [8]. The main purpose of this branch of science was to investigate the various digital evidence which can be utilized in the court. In between the year 2002 to 2003, there had been a comparative increase in the cybercrime of wide varieties. This included espionage, stalking individual through the internet and social platforms, murder pornography and rape. The process by which the computer forensic collects the data and information related to cybercrime is known as electronic discovery. The techniques and the knowledge which have been used in this branch of science is also known as a digital artifact which includes the storage medium in the computer system or email messages and the associated attachments which can lead to the corruption of the system and many other electronic documents which are sent through computers [25].

The computer forensic expert involves in the extraction, preservation and analysis of the data which have been extracted from the various crimes related to digital data and artifacts.  This evidence can be utilized in the court in the form of digital evidence. It is important that this evidence is authentic, reliable and admissible so that they can support in the proceeding of court and justice [7]. There are several guidelines related to the use of computer forensic in different countries. Every country has a separate set of rules and regulation for the extraction of digital evidence which can be produced in court. In most of the countries, the examiners of the computer forensic are a part of the police department who assures the authenticity and the reliability of the extracted data. Another way of performing the investigation which is being carried out by the investigators includes the use of static data which are images of the computer data instead of using the live system.

V. Application of Computer Forensic

There are two basic types’ data which are usually collected by the computer forensic specialist.  The first types of evidence are known as the presented data which is usually stored in the local hard drive or in the form of other medium and can be preserved even when the computer is switched off. The second type of data is called the volatile data that are the data which are stored in the computer system in the form of memory. It can also exist in the form of a transit which can get lost in case the computer system gets switched off due to the loss of power. These volatile data have the registers of the activity in the system, cache and RAM also known as the Random Access Memory [24]. The volatile data is known to be very essential for investigation purposes and can be captured by a computer forensic expert. It is essential for the administrators and the personal handling security of the system should have a knowledge of the use of the routine computer in addition to should also have the knowledge of the network related administrative tasks which can affect the process of computer forensic and assist in the ability of the recovering of the data which is important for the identification and analysis of an incident which have occurred due to the breach in the security.

The computer forensic has a different domain based on the application in different types of cases. For example, in the case of the Malware forensic, which is being designed intentionally, that affects the functionality of the computer system [23]. The main function of the malware forensic is the understanding of how the malware is affecting the system, the family of malware which is attacking the system. This can be done by an expert in the computer forensic by the extraction of the information related to the ransomware, the key loggers and the tools used by the remote administration. The investigation not only detects and analyzes such malware but also finds a process through which such malware can be detected before it affects the system and can be blocked. It also involves analysis of a process by which such malware if affecting the system before detection, how they can be cleaned from the system which it has infected.

The second type of investigation which is helped by computer forensic is in case of Memory Forensic. This is a process of investigation of the memory dump found within the system in order to locate the malicious attack and the data in the computer [8]. The memory dump is an image which is captured within the RAM memory, done at a specific period of time. This can be a full physical dump of memory or a crash dump or image in addition to the hibernation file. The main task for the computer forensic is the extraction of the artifacts which are related to the memory which includes factor like processes, URLs, encryption keys, kernel modules, several libraries which are being shared and passwords [22]. It also includes open sockets, registry keys as well as an active connection which have a scope being attacked. This is because the information can be accessed through obtaining an analysis of the dump or images which are captured by the target computer. 

Amongst the third groups of the investigation which is performed by the computer forensic includes email forensic, Smartphone forensic, Disc and Cloud forensic [20]. Emails have been found to be one of the ready sources of various worms and phishing in addition to transporting the spams. Investigation of the email forensic have led to revealing of the various key information which are available in the email content which includes the identity of the recipient, the path through which the information and the mail has been traversed, the application used for the composing of the email and the time stamp at which the mail has been generated. He Smartphone is been used by a most individual have storage of any personal data which includes the use of information like the contact list, messages that have been sending from the device, pictures. The attackers can impersonate the individual’s identity and other data related to bank accounts. Thus the smartphones are known to be one of the most vital sources of digital forensic [17]. The use of disk forensic allows collecting of the data available in the hard drives and memory sticks assisting in the analysis of the crime. These acquisitions are usually done either through file level or through sector level. Cloud forensic is a procedure which allows the inspection of the components which are available in the cloud that includes information related to the logs, virtual images of the disk, several memory dumps and capturing of the network.

VI. Tools and Technology used for Computer Crime

The investigations which are been done with the use of computer forensic usually involves in the analysis of the data available in the digital media which is also known as the live analysis. There are several types of tools and freeware which are been used by the investigators of the computer forensic that not only help in the analysis and investigation of the data which are collected with the preservation of the data without modifying them. The various types of technologies and tools which are been used by the investigators are:

Use of forensic-based systems like Parrot Security OS which is operated through the distribution of GNU or Linux that functions through the cloud is specifically designed for the security check and performing of penetration analysis.  Another type of operating system is known to be Ubuntu based which is known as CAINE Linux. They help in the creation of an environment which is computer-aided investigation [11]. The DEFT Zero is Ubuntu-based software which mainly focuses on the cloning of the data. There is also Gentoo-based software which includes Pentoo Penetration system which is a live CD or at times it is a Live USB system which has been designed for the testing of the penetration as well as the assessment of the security system in the computer [13]. The advantage of using Pentoo software allows the installation of a live cd of capacity 32 to 64-bit size. In addition applications and software like FTK which is Window-based software known to be multi-purpose for the digital investigation and it creates a platform for the collection of data in a faster and stable manner [19].

IsoBuster is software which the investigators used because of its lightweight nature which does not occupy much space in the system and help in the inspection of the data carrier; in addition, it also supports a wide range of files which are available in the system [10]. The software also assists in the easy export of the data.  The analyst of the computer forensic with the use of this software not only retrieve data which have been deleted but also can obtain data that are encrypted and can be useful in the investigation and providing digital evidence in the court. The digital technique for the purpose of investigation helps in the recovering of the metadata which also holds immense importance in the court. An increase in the hackers and break and stealing of data from websites, DDoS attack, accession of the user identification and password of users are some of the functions which can be detected and investigated with the use of these tools by the investigator of the computer forensics.

There are several comprehensive tools like software related to computer forensic which includes  Encase Forensic Edition, Paraben, X-Ways Forensic Addition are mostly used by the investigators at the crime scene so that it can assist them in the collection, indexing and detail analysis of the data. There are software and tool which are used by the computer forensic specialist in order to investigate issues and crimes related to the network traffic [9]. These are a type of packet analyzers which are also known as a sniffing tool which helps in the interception of the network traffic that allows logging into the network for the analysis. One such tool having this type of function is Wire shark, Network Forensic Analysis Tool. This tool not only provides access but also assist in the extraction and recovering of the files which are lost. Snort is a type of tool for the tracking of the intruders who are involved in the corruption of the network.

The implementation and increase in the growth of several newer technologies have been observed in order to reduce the problem faced by the investigator for the resolutions in the extraction of the data [10]. Several proprietary systems, technologies for the encryption of the data and tools which help in the protection of the data have been developed by several companies and brands in order to avoid the loss and hacking of the data and the information [18]. In spite of the advancements and the latest developments which are made in technology, demand for higher technologies is in needs for the extraction of the data during an investigation. There are several closed operating systems which creates challenges at times for the extraction of data and interpretation of associated files and structure.

VII. Role of Forensic in Computer crimes

It has been observed that there is an increase in the digital crime exponentially that demands the expertise which will assist in the growth of law enforcement. The computer forensic had led to dependence on the criminal investigation eradicating the idea that no imprints can be obtained for the committed crimes. The very role of such forensics-based crime underwent eventual advancement pertaining to many administrative processes. However, the net demand is considerably towards the higher range particularly for expertise in this domain. The FBI specifically makes authentic use of IT professionals with the intent of gaining prospective evidence whenever it comes to their investigations. Also, such crimes can range from mere hacking to espionage or even minor bank fraud. Several IT professionals are in huge demand as they assist the FBI in obtaining evidence for the investigation [12]. This assistance can be either simple which can lead to the extraction of the data obtained by hacking or through bank fraud or espionages. At some times premedication is also required for the collection of evidence related to the hard drives, mobile and tablets through which the computer crimes are directed.  During the Computer crime, there are situations when there are a huge data deletion and loss of data which also involves loss of passwords, security breaches. In such cases, the evidence is required for lawyers and juries for the support of the legal proceedings. 

Although one can think that the main task of the computer forensic is the extraction of the fraud data but it is only a superficial task. There are additional tasks which involve analysis of the data and preserving them so that the information does not get corrupted and cannot be used by the lawyers [16].  Several law enforcement agencies are obtaining assistance from computer forensics in order to reopen cold cases. Technology provides a huge advantage for the collection of the data from old drives in the computers thereby assisting in the solution of the crime which had been kept isolated and unsolved due to the lack of technologies for cracking them. The most specific job role of relevant forensic experts in this regard is to carefully scrutinize criminals and law breakers and operate to collect necessary evidence all against them. The role of the technology and the use of computer forensics have been continuously evolving with the evolution of databases for solving of the hold cases [14]. The simple process of extraction and accumulation of the data was adequate in obtaining a solution to the older cases which had to be stopped due to the presence of adequate technologies for the criminal investigation.

With the increase in the advancement in the technology, there will be an increase in the demand of the assistance in the retrieving of the data loss and corruption through the assistance of computer forensic will be required. Hence there is an increase in the growth of the IT professional and demand of the experts who have the knowledge for the retrieval of the lost data and hacking of information for the law enforcement have grown[15]. The number of experts in the IT position is in huge demand for legal advancement of cases and enforcement of the law.

VIII. Conclusion

The Crime Compliant Centre has been receiving an increasing number of complaints related to Computer crime, loss of the data and identity. As many as 4 million reports have been received with a large number of victims of cybercrime. Since all the computer crimes have been perpetrated through online it provides a degree of anonymity and results in the potential loss of data which is personal, government, business and country by the offenders. From the technical point of view, the main aim of the computer forensic allows the identification and preserving of the data which has been lost due to various computer crimes like phishing, spam, hack and loss of identity. They help in assembling of the data so that the evidence can support the legal cases against the issues of computer crimes. The law punishes any hacking activities under the legal computer status of crimes. To accumulate evidence against this offender the tools and technologies plays a huge part in addition to the knowledge of the investigators of the computer forensics.