Computer Forensics Technology

Implications of Internet fraud and how criminal justice might respond to the rapidly changing, technology-driven environment.

A brief definition of internet fraud, according to Bidgoli, is considered any type of fraud that occurs on the internet also termed as cyber fraud (2004). A number of forms of internet fraud rampant over the internet are online auction fraud including non-delivery of paid products purchased online, credit card theft and identity theft. Besides these online securities fraud, data break-ins and non-delivery of merchandise or software bought online are other common forms (Bidgoli, 2004).

Internet fraud is any type of fraud scheme utilizing the help of one or more components of the Internet in presenting fraudulent solicitations to prospective or vulnerable people by conducting fraudulent transactions, or transmitting proceeds of fraud to financial institutions (Felson, 2009).

A number of implications of such fraudulent activities include:

Implications of Businesses- Many institutions, not only loss money in internet fraud but also the consequences like activity disruption and damage of reputation

Online fraudulent activities result in banking institution losing millions of cash and the eventual loss of clientele since customers get to discover the vulnerability relating to communication and personal data kept with the banking institutions.

Socioeconomic Implications-Many young people including children are today exposed to child pornography hence the corrupt morals of our societies presently. The impact of these fraudulent activities is reflected in the kind of ways young and elderly people like behave in terms of expenditure on the internet. When a product bought online is undelivered the losing party obviously becomes the consumer, with many opting to buy the new technology of online procurement. Since the clients or victims do not know the seller and have not interacted face-to-face as the traditional trading occurs, they are vulnerable to the traps of criminals.

Definition of terms and concepts on computer forensic technology:

a) Reports

These are classified as computer generated outputs and can provide evidence to a series of original events for instance the system logs are reports that can be useful to a forensic analysis of computer crime.

b)  Real Evidence

This is the most common type of evidence since it involves any physical or tangible objects or items that can be carried into a courtroom for a jury to see. Normally real evidence relate to the physical objects of a computer crime case in question. Forms in which real evidence can be perceived include: the hard drive, computer itself, or fingerprints on the keyboard.

c)  Event Reconstruction

This is the process carried out in computer forensic technology to show a sequence of events or transactions passing through computer systems that is complex in nature. Normally, the process attempts to determine how a transaction failed to commit for instance software installation or failure of computer dependent processes.

d)  Authenticity

In computer forensics, an investigator determines to collect information or evidence to prove a given security incidence. The traces of information or data left behind or sent by the intruder at times might be misleading. Authenticity is to establish whether the data or information contained in the computer, such as e-mail, actually come from the purported sources. Authenticity determines the validity, conformance and genuineness of information.

e) Reliability

Is the confirmation of belief that substance obtained from certain material or source contain. Reliability is the aspect of believing a story or idea generally being relayed by a computer generated investigation due their consistency.

f)  Completeness

The evidence obtained from a computer investigation by forensic experts is expected to provide proof in entirety and can be confirmed through revelation of much more information and the same can be used as enough evidence having bearing in any legal tussle.

g) Freedom from interference or contamination

These are considered as levels where a result or any forensic investigation and post –event handling do not render the security incidence  and the materials obtained unreliable but can be used to offer results with completeness and integrity as evidence.

h) Computer evidence

The main purpose of computer forensic is to properly identify and collect evidence from a computer after intrusion of any sort. In order to establish the evidence, examiners must understand the specifics in order to properly collect since computers can be used in security violations through commission of crimes or generally can be the target of an intruder. This leads to the definition that computer evidence is a constituent of files and contents left behind after a security incident, hardware, software or any form of data which can be used as proof of an intruder, intrusion, time of incident, location of the intruder and the incident, reason for intrusion and how the security incident occurred or was undertaken.

i) Computer forensics

This is the application of forensic science techniques to computer –based material in the process of identifying, preserving, analyzing and also presenting documented or digital evidence in a manner that is acceptable in legal proceedings.

In computer forensics, according to Solomon, Barrett and Broon, one requires a vast amount of knowledge on both computer hardware and software in order to avoid what is known as accidental invalidation or destruction of evidence that is to be preserved for a late analysis (2004).

IT Security and Identity Theft

Computer security is a major concern for many novice as well as experts in the computer dominated processes world over. According to Millard, data theft is an ongoing concern for most enterprises of every size. In particular, theft of data is easily carried out in cases where more data is stored and cloud computing technologies are increasingly being utilized (2010). A number of strategies that can be used to prevent or safeguard data within enterprise and organizations include:

a) Data Encryption and Secure Authentication

Use of encryption and secure authentication are on the rise, according to Millard, and many companies are to continue implementing these technologies (2010).

Encrypting data involves the transformation of stored or sent data into a format that cannot be understood or read by humans unless the same is decrypted. Other forms of encryption lock the data and as such cannot be open even if stolen.

Authentication is the employing of a technique where users must input a username and strong passwords to prevent break-ins.

b)  A Layered Approach

This is an approach to “information security as bringing together several comprehensive policies and manual procedures to variety of point security solutions, filtering systems, and monitoring strategies to protect IT resources and data in general (Millard, 2010).

The layered approach utilizes data loss prevention technologies and tools that boost detection of data theft and the more layers created the greater chances of spotting theft not only to prevent it but when it happens.

c)  Recognizing Employee Responsibility

Millard says that most data loss comes from good employees making bad or careless decisions. Loss of data can range from taking large data work home to accidental installation of harmful software. This vulnerability can only be taken care of through responsible and good security information passed on to employees (2010).

In summary computer security and data theft is a major concern must be considered by all management teams by implementing data loss prevention measures and also ensuring that employees are made aware of the risks of unsecured information. Any organization needs to come up with a security policy that can be implemented and that all operations and employees follow these policies.

Definition of concepts and terms relating to computer forensics technology:

a) Trojan horse programs

Computer evidence is considered very fragile and thus warrants protection from alteration or manipulation of any kind. A Trojan horse program is a computer program that can be designed to destroy data or modify it plus the operating system. Trojan horse programs are normally introduced as traps by internet and computer users with an intension to capture sensitive data, information, passwords and can later on destroy evidence of intrusion (Vacca, 2005).

b) Computer forensics documentation

Documenting ones finding after a forensic investigation is very important. Therefore, computer forensic documentation entails the detailed data and evidence collected together in report format indicating security risk assessment, internal computer audit and any computer security incidence responses recorded for purposes of a lawsuit or preservation. It involves a thorough evidence processing methodology to facilitate good evidence processing documentation and procedures to ensure clarity to auditors and computer security specialists.

c) File slack

This is data padded or held to the end of files normally between the ends of the file and the end of the final cluster. This space is not visible to the operating systems and during memory dump; data resident in the main memory is usually dumped into this location. According to Champlain, file slack potentially would contain incriminating data in the form of e-mail histories, document fragments, web browsing details and computer usage time lines (2003).

d) Ambient data

This is a term used to refer to normally inaccessible data storage area also known as traditional data stores such as file slack, windows swap files or unallocated space.

e) Defragment

This is the process of reorganizing a computer’s filing cabinet normally designed to make one’s computer operate more efficiently by putting pieces of files as close to each other. The process may not harm your computer but would render certain (most) portion of deleted data, unrecoverable.

f) Firewall

This is a hardware device in a computing environment or software program that is supposed to provide protection to a computer system or a network from unauthorized intrusion. Basically a firewall prevents some form of communications considered unauthorized as far as security policy of an organization is concerned.

Order now

Related essays