Management Chapter 8 Homework Ram Which May Include Information All Running

Unlock access to all the studying documents.

View Full Document

Management Information Systems, 13TH ED.

MANAGING THE DIGITAL FIRM

Kenneth C. Laudon ● Jane P. Laudon

continued

Learning Track 3: Computer Forensics

For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill)

remained at large in Wichita, Kansas. e BTK killer first struck in 1971 with the murder of four

members of a Wichita family in their home and committed his last in this early period murder in

What Is Computer Forensics?

Computer forensics is the scientific collection, examination, authentication, preservation, and anal–

ysis of digital data so that the information can be used as evidence in a court of law. Both local and

federal law enforcement agencies use computer forensics to gather evidence for criminal cases or to

obtain more information about a suspect. Large corporations may hire a computer forensics expert

to monitor employee computer activities to make sure employees are not leaking sensitive or criti-

cal company information or using company computer resources in harmful ways.

Computer forensics can be an indispensable tool in divorce cases where one party may be trying to

conceal or secretly transfer wealth, or there is suspicion of infidelity or other conduct that would

Chapter 8: Securing Information Systems

Chapter 8 Learning Track 3 2

continued

to erase data was downloaded and used to remove items from the hard drive shortly before the

computer was turned over to the forensic examiner. e forensic examiner additionally determined

that the financial records that had been provided by the spouse had been generated by a program

version that was not in use at the time the records were purportedly created. As a result, the court

concluded that the records had been modified and imposed a sanction against the spouse that had

provided the records.

Computer forensics requires specialized expertise and tools that go beyond the normal data

collection preservation techniques employed by end users and information systems departments.

Digital Evidence

Digital evidence consists of any information stored or transmitted in digital form that can be

used in court for either criminal or civil cases. Digital evidence can be found in e-mail, voice mail,

instant messaging, Web browsing histories, digital photographs and video, computer disk drives,

CDs, DVDs, USB storage devices, iPods and MP3 players, smart phones, cell phones, pagers, photo-

copiers, fax machines, and Global Positioning System (GPS) tracks.

E-mail is now a primary means of communication and a major source of digital evidence. is

evidence may be found in the body of the e–mail or in an attachment. E-mail data may be stored on

Chapter 8 Learning Track 3 3

continued

Obtaining Digital Evidence

Like any other piece of evidence used in a legal case, the information obtained by a computer

forensics investigation must follow the standards of admissible evidence in a court of law. ose

presenting electronic evidence must be able to demonstrate the reliability of the computer equip-

ment, the manner in which the basic data were initially entered, measures taken to ensure the

accuracy of the data as entered, the method of storing the data, precautions taken to prevent its

loss, and the accuracy and reliability of the computer programs used to process the data.

e computer forensics investigator needs to document all work done to a computer and all infor–

mation found. An investigator who uses a faulty procedure may invalidate all the digital evidence

collected. To make sure evidence is not lost, destroyed, or compromised, the following guidelines

should be followed:

2. Handle the original evidence as little as possible to avoid changing data.

4. Establish and maintain a chain of custody.

5. Never exceed personal knowledge

Unless it is completely unavoidable, digital evidence should not be analyzed using the same

machine from which it was collected. Instead, forensic image copies of the contents of computer

storage devices (primarily hard drives) are made.

If a machine is suspected of being used for illegal communications, such as terrorist trac, impor–

tant information may not be stored on the hard drive. Several Open Source tools are available to

Chapter 8 Learning Track 3 4

information may help a forensic investigation by showing, for example, whether someone tried to

uninstall a program.

It is possible that the expert trying to analyze a live computer system will make changes to the

contents of the hard drive. During each phase of the analysis, the forensic examiner needs to iden-

tify the information that will be lost when the system powers down, balancing the need to poten-

tially change data on the hard drive with the evidentiary value of the perishable data.

TABLE 1 Digital Forensic Software Tools

Software tool Description

EnCase Forensics Comprehensive tool capable of performing both file imaging and analy-

sis, and analyzing and documenting multiple e-mail formats.

DCFLdd Open source tool that is often used to create bit-stream image files of

Mailbag Assistant Tools for searching, organizing, and analyzing e-mail in many different

formats.

IsoBuster Data recovery tool for examining CDs and DVDs. Works with multiple

CD and DVD file formats and CD image files. Is capable of viewing and

accessing data on CDs and DVDs from both open and closed sessions,

thereby displaying data which may not be readily accessible by other

Chapter 8 Learning Track 3 5

continued

Paraban Device Seizure Provides deleted data recovery and full data dumps of certain cell phone

models

SMART Software utility that can acquire data from digital devices and clone it to

any number of images and devices simultaneously. Able to recover

Careers in Computer Forensics

Computer forensics is a blossoming field, given the increasing amount of public discussion and

legislation aimed controlling computer crime, identity theft, data leakage, and data protection. e

A computer forensics investigator is responsible for collecting and evaluating data stored or

encrypted on digital media or for recovering data that have been deleted from a computer device.

e investigator is also charged with securing the data and ensuring they are not accidentally

damaged during an investigation. Once the investigation is complete, the computer forensics inves-

tigator will write a detailed report describing the findings of the investigation. Computer forensics

investigators work with law enforcement agencies, large corporations, or consulting firms or they

operate on their own as freelance consultants to businesses that do not need or cannot afford a

full-time computer forensics professional.

Chapter 8 Learning Track 3 6

continued

e two most common certifications for computer forensics investigators are the Certified

Information Systems Security Professional (CISSP) and the Certified Computer Examiner (CCE).

e CISSP is offered by the International Information Systems Security Certification Consortium,

or ISC. To be certified, individuals must pass a six-hour CISSP examination. Candidates for the

Digital Forensic Degree Programs

Many computer forensics professionals acquire expertise while on the job in law enforcement and

computer security positions, but formal education is becoming more necessary as a requirement

for these positions. ere are computer forensics certificate programs for people who already have

some career knowledge. People with no law enforcement or security background can pursue an

associates’ degree, a bachelors’ degree or a masters degree programs in computer forensics. For

e associate’s degree in computer forensics is a two year study program that includes courses in

cybercrime, intrusion detection systems, and legal basics, along with courses in technical writing,

algebra, and public speaking.

e bachelor’s degree in computer forensics is a four-year program providing computer forensics

knowledge along with general education. Graduates typically take courses in criminal law, comput–

Chapter 8 Learning Track 3 7

Master’s degree programs in computer forensics are typically pursued by law enforcement and

computer security professionals who have already earned bachelor’s degrees. ese programs