The Security Investigation

dowry I. The availability of the personal computer or PC at every home and every office desktop, and the dawn of the Internet brought to focus not only the benefits derived from these technologies but abuse and to a greater extent, crimes as well. Suddenly, cybercrime is at an all time high and ways and means of detecting and making these criminal hackers pay became a forefront competence in information technology and law enforcement. One of the surpass deterrents to computer crime is to catch those who commit the dastardly acts (Solomon & Prosise, 2001)Of all the types of criminal hackers, the worse is the insider a current employee or a former disgruntled employee since they are or were in a trust relationship with their employer, and they demeaned that trust by attacking the information systems of the company. When this type of crime, or cybercrime, occurs, the recourse is to call in computer forensics and incident response professionals to remedy the situation. Solomon et al. (2005) describes computer forensics as, Computer investigation and analysis techniques that involve the identification, preservation, extraction, documentation, and interpretation of computer info to determine potential legal evidence.Once there is a probable determination that a cybercrime was committed, the computer forensics and incident response experts follow a well-choreograph methodology to successfully document evidence and prosecute a cybercrime. Robbins (2002) lists down the basic but critical procedures to computer forensics1.Protect the subject computer system during the forensic scrutiny from any possible alteration, damage, data corruption, or virus introduction2.Discover all files on the subject system including existing normal files, deleted yet remaining files, unsung files, password-protected files, and encrypted files3.Recover as much as possible all of discover deleted files4.Reveal to the extent possible the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system5.Access, if possible and if legally appropriate, the contents of protected or encrypted files6.Analyze all possibly pertinent data found in special and typically inaccessible areas of a disk including but not limited to the unallocated space on a disk, as well as slack space in a file7.Print an overall analysis of the subject computer system, including listing of all possibly relevant files and discovered file data, then provide an opinion of the system layout, the file structures discovered, any discovered data and authorship information, any attempts to hide, delete, protect, encrypt information, and anything else that has been discovered and appears to be relevant to the overall computer system examination and8.Provide expert consultation and/or testimony, as required.While the experts are doing the investigation, it is important to liaise and coordinate, depending upon the legal parameters of the crime, w ith local or federal cybercrime units. In some states in the U.S., it is a federal crime not to report computer crimes and soon, reporting of cybercrimes will be federally mandated. merely the key point in cybercrime investigation is ensuring that the evidence gathered will stand up to legal scrutiny.Part II. A common story perceive about cybercrimes is the use of social engineering techniques. Social engineering basically is playing the con man to elicit information from gullible or uninformed victims. A sponsor Desk employee for example can call a secretary and ask for her password since he needs it to diagnose her PC remotely. Since there is a trust relationship already, the secretary gives her PC password. The Help Desk employee then accessed the secretarys PC and downloaded confidential memos and reports. He then sells these documents to competitors and the competitors ended up gaining advantage on the Help Desk employees company because they already have insider informatio n.A case like this could have been prevented if the company, or even any organization agency, had good security policies in place. Part of the security policies would have been user education training and if the users had been properly trained, they would have known that nobody needs to know their passwords but themselves. In securing the information systems, the service line or starting point is having good security policies in place and these policies should and must be based on globally accepted standards and industry best practices. The ISO 17799 or Code of Practice for Information Security Management (ISO/IEC, 2005) is always one of the best standards to adapt whether small, medium or large enterprises even government agencies for that matterShaurette (2002) stated that, Information security is not just about technological controls. Security cannot be achieved solely through the application of software or hardware. Any attempt to implement technology controls without consider ing the cultural and social attitudes of the corporation is a formula for disaster. Once this has been taken into mind, mitigation of risks to the information systems will be achieved and prevention of cybercrimes, whether from malicious insiders or external criminal hackers, will be tempered.