Category: Cybersecurity

Introduction

Cybersecurity refers to the practice where computers, electronic systems, servers, networks, mobile devices, and data are prevented from malicious attacks by hackers and crackers. Cybersecurity can be categorized in numerous ways, such as disaster recovery, business continuity, operational security, and end-user training. Artificial intelligence (AI) means computer discipline that focuses on building smart devices that can perform tasks involving human intelligence. This paper seeks to present the theoretical framework for cybersecurity as a legal risk for AI under European Union (AU).

Theoretical Framework

Cybersecurity is not a new term, and, therefore, many scholars and IT techs have dug deeper into the issues by presenting ways in which kill chains can be utilized to boost the matter. However, there is a gap whereby implementing the actions on the regulatory aspect of the issue has been a challenge. Thus, this paper seeks to fill the gap on whether or not safety and security can be covered in cybersecurity for AI by the same rules that are used in private law. The paper also answers whether different rules can be applied for that matter. The EU has been in the frontline to boost the security of the internet and information networks. Companies that have been vibrant in assisting the EU on this note are the firms that have a significant share in transacting online. Alibaba is known for inventing items that have digital features such as lock cylinders, internal steel cable that ensures maximum security, among other measures.

The ‘European Cybersecurity Industrial, Technology and Research Competence Centre’ (ECITRCC) is the existing body that works tirelessly with networks for various countries in Europe. ECITRCC leverages cybercrime occurrences in cloud computing, which is a key wheel in AI. There has been the formation of a cybersecurity competence community that enhances the knowledge and information power in fighting malice in online transactions. It is expected that more than 22.3 billion devices in the world may have to be linked to the internet by 2025. Therefore, the knowledge-power on integrating technology in the smart and digital wave needs to be leveraged.

According to the private law regulating artificial intelligence, legality and policy development have been key in ensuring that cybersecurity issues are given priority. Therefore, on whether or not to use the same rules on consumer law on AI, the same metrics can be applied but enhanced with modern technical ways to combat any cybercrime occurring. To combat the potential attacks while using cloud-based technology, private legal terms must be addressed to ensure that any breaching party will be held liable during the investigation. The EU encourages regulation of AI by private parties whereby the policy drivers have to give attention to fundamental structures on consumer law when using digital devices.

The EU has adopted various techniques under private law on consumer protection when it comes to AI. First, according to General Data Protection Regulation (GDPR), ‘the data subject shall have the right not to be subject to a decision based solely on automated processing.’ For instance, online traders must be aware of the responsibility for non-performance or damages caused by misconduct in such a network. Therefore, the EU protects against possible data breaches from end-user due to negligence of the manufacturer and trader.

The AI is making cybersecurity critical to regulating transactions of data. The reason why GDPR and consumer protection law on cybersecurity must be adopted is that there has been a realized value in terms of AI control on cybercrime by expanded technology laws. The EU has enacted sweeping legislation that is meant to control people’s rights to privacy and their information use. Therefore, with the current laws on cybercrime, there is a need for efficiency to be addressed, perhaps by having increased power of the consumer when they gain rights of using online platforms.

Data may have a primary purpose, and in most cases, separate utilities might be interrelated, enabling unwanted access and usage of private information. For instance, when a motorist gets an accident with their car, the medical health insurance firms capture data on the vehicle, the location of the incident, the damages, the driver involved, passengers, and names of other elements. This data can be useful in claiming the property damage and personal medical benefits. However, the data can be used for other purposes when given to the analytics who use AI to do their duties. However, with the consumer protection law about incorporated AI and machine learning processes, few opportunities may lead to cybersecurity. Thus, it can be adopted from all involved parties. For autonomous vehicles, they can be protected against cybersecurity issues by creating critical hardware and software elements that have the capability to receive over-the-air updates. The vehicles operating system should incorporate an interface enhanced to repel Cybersecurity risks. Google can be protected from cybercrime issues by having encryption of websites to prevent spam messaging and phishing attacks. National security, on the other hand, can be secured from threats to information insecurity by having sensitization policies that conform to legal compliance to cybersecurity. It can involve issues such as creating firewalls that will block ransomware.

Literature Review

Various individuals have ventured into researching cybersecurity issues and the approach by the EU. Research done by Thomas Kirchberger (2017) suggests that the EU, through Cybersecurity for Artificial Intelligence (C4AI), has explored challenges related to AI, and there have been efforts made to combat the issue. C4AI has established a reliable, trustworthy deployment unit of AI that serves as private law to protect the consumer in the cybercrime ecosystem. The article reveals that the EU has ensured there is safe digital data by having systems that monitor manipulation of user’s data when using cloud-based technology.

Through the system, there have been few opportunities by malicious parties to compromise privacy that relates to AI hence transformational power to the user. The establishment of the methodology is adopted as a private law since the EU allows certified programs on cybercrime to implement the matter. The EU has fostered a secure ecosystem for AI, such as exploration on roadmaps that enable trustworthy deployment. Therefore, it has been a significant boost on cybersecurity since technically, data is protected hence low risks to end-users.

There has been a collaborative base to have policymakers, technical experts on cybersecurity, and vital corporate organs investigate and mitigate malign cybercrime as a result of AI. Similar research has been undertaken by Sornsuwit & Jaiyen (2019) on the EU’s policy measures to regulate cybersecurity when utilizing AI-centric devices. The article has important tips that the EU has done and comprehends the perspective of private law. First, the union recommends the assessment of security requirements for AI machines by applying private policies on procurements. In that way, companies are monitored to check on operational control after developing and testing the data equipment. Therefore, there is promoted regulation of GDPR concerning data sharing incidents for information security objectives.

Conclusion

To combat cybersecurity for AI, the paper has recommended the use of privacy laws on consumer protection and also GDPR. However, the paper has highlighted there is a need to boost the efforts as the EU has been in the frontline to have effected practices that leverage data privacy. Some of the issues that can be done to keep track of the privacy elements include modeling the parameters such as systems that check the information escalation from the initial purpose. EU’s stand is centered in consumer protection aspects, especially through policies that regard accuracy and security in data usage. The EU’s approach, as noted in the literature review, is mainly towards the limitation of high-risk AI systems in all its designated members.

References

Andreev E, Nikolova M, and Radeva V, ‘Educational NASA Project: Artificial Intelligence and Cybersecurity at A Mobile Lunar Base’, An International Journal vol. 3, no.8, 2020, pp-44-47

Bécue A, Praça I, and Gama J, ‘Artificial Intelligence, Cyber-Threats and Industry 4.0: Challenges and Opportunities’, Artificial Intelligence Review vol. 13, no.7, 2021, pp. 56-59

Gill I, ‘Policy Approaches to Artificial Intelligence Based Technologies in China, European Union and The United States’, SSRN Electronic Journal, vol. 5, no.2, 2020, pp.6-7

Hildebrandt M, ‘The Artificial Intelligence of European Union Law’, German Law Journal vol. 15, no.12, 2020, pp.21-27

Kirchberger T, ‘European Union Policy-Making on Robotics and Artificial Intelligence: Selected Issues’,Croatian Yearbook of European Law and Policy vol. 5, no.2, 2027, pp.6-13

Koos S, ‘Machine Acting and Contract Law – The Disruptive Factor of Artificial Intelligence for The Freedom Concept of The Private Law’, UIR Law Review vol. 8, no.12, 2021, pp.5-8

Noor A and others, ‘Impact of Artificial Intelligence in Robust &Amp; Secure Cybersecurity Systems: A Review’, SSRN Electronic Journal vol. 2, no.7, 2021, pp.9-12

Odermatt J, ‘The European Union as A Cybersecurity Actor’, SSRN Electronic Journal vol. 9, no.21, 2028, pp.66-70

Rajamäki J, and Katos V, ‘Information Sharing Models for Early Warning Systems of Cybersecurity Intelligence’, An International Journal vol. 9, no.4, 2020, pp.45-46

Sornsuwit P, and Jaiyen S, ‘A New Hybrid Machine Learning for Cybersecurity Threat Detection Based on Adaptive Boosting’, Applied Artificial Intelligence vol. 18, no.6, 2019, pp.33-36

Stahl B, Artificial Intelligence for A Better Future (Springer International Publishing 2021)

Strelnyk V, Demchenko A, and Myronenko A, ‘Combination of Intellectual Property Rights and Artificial Intelligence Technology’, Private and public law vol. 3, no.7, 2020, pp.2-4

Taddeo M, ‘Three Ethical Challenges of Applications of Artificial Intelligence in Cybersecurity’, Minds and Machines vol. 53, no.27, 2019, pp.26-29

Tschider C, ‘Regulating the IoT: Discrimination, Privacy, And Cybersecurity in The Artificial Intelligence Age’, SSRN Electronic Journal vol. 7, no.21, 2018, pp.4-5

Cybersecurity is becoming one of the most critical elements of the modern technologically interconnected world. Hacking and cyber threats are no longer minor or insignificant since they pose a risk to the largest critical infrastructures, exemplified by the recent attacks on pipelines and government systems. However, the less discussed and addressed subject is the cybersecurity of mobile phones, which are among the most used and vital devices for the majority of the population. Anti-virus software programs are essential for ensuring the safety and security of mobile phones to combat hacking and other forms of cyberattacks.

It is important to note that the action of hacking a device or system can be done in a multitude of ways, among which the use of viruses is the most common method. The hacking methods, such as fishing and ransomware, use viruses to encrypt vital data on a system, with the only option being to pay a ransom to the hacker in order to retrieve the data (Mos & Chowdhury, 2020). Since Android mobile phones are the most popular products on the market, the discussion will primarily focus on them. A study found that “Android … comes with a lot of security issues, being open source comes with a lot of threats from malicious users that have access to the software” (Mos & Chowdhury, 2020, p. 638). In other words, it is critical for Android users to take extra precautionary measures in order to secure their phones and the data stored on their devices.

In order to further showcase how viruses are involved in mobile phone hacking processes, it is critical to understand the underlying mechanisms. Another research states that the “current security structure of the Android OS makes it trivial for hackers to acquire source codes of legitimate applications and republish them after injecting malicious codes into the original source codes” (Zheng et al., 2017, p. 1). Thus, the viruses are integrated into existing and popular applications, which are activated and able to disrupt the target system when downloaded and used. For example, “mobile banking applications are lucrative targets of the hackers to access user data without authorization” (Zheng, X., Pan, L., & Yilmaz, E. (2017, p. 1). Therefore, not only can data be encrypted by the virus, but essential and sensitive financial information on the phone can be stolen for malicious use by hackers.

However, the risk of hacking does not solely affect Android users because the alternative system, such as iOS, is not foolproof either. A mobile phone is always dangerous to be hacked and attacked if a user does not take the necessary security measures. Anti-viruses specifically designed for mobile phones are the most effective solution since they are able to detect, identify, and prevent viruses from disrupting the system beforehand. Such software programs are available on the market, and they provide value in providing cybersecurity for mobile phones. Since the vast majority of the population and businesses rely on these devices to communicate, interact, function, and work, it is important to protect any personal data using mobile anti-viruses.

In conclusion, anti-virus software programs for mobile phones are essential to ensure that a phone is not hacked and compromised because hackers primarily rely on viruses to disrupt the system and encrypt data. The dependence on viral agents by cyber attackers provides a substantive basis for using the existing mobile phone anti-virus products. Although Android devices are the most vulnerable to hacking, the risk is present in regards to all types of mobile phone systems if anti-virus is not used.

References

Mos, A., & Chowdhury, M. M. (2020). Mobile security: A look into Android. 2020 IEEE International Conference on Electro Information Technology, 2020, 638-642.

Zheng, X., Pan, L., & Yilmaz, E. (2017). Security analysis of modern mission-critical android mobile applications. ACSW ’17: Proceedings of the Australasian Computer Science Week Multiconference, 2, 1-9.

The widespread rise in the use of modern technology world over has initiated introduction of legislations to curb any threat. For instance, in United States uses cyberspace to travel, power their homes, communicate, provide essential government services, and run their economy. The overreliance on the network has posed serious attacks thus causing more information vulnerability.

In cybercrimes, one does not need to break into a physical property to steal information or use force to access the materials. For example, bank frauds have been on the rise with the coming of this new technology. In addition, cases of information confidentiality is worrying, as other internet savvy people can access such information, a recent example is the wikileaks.

These cases prompted US to pass legislations that could help in eradicating this menace. Since many departments and organizations use this modern technology, fighting the vices is a shared responsibility. The private and public sectors are collaborating to create awareness on cyber security among the internet users.

The US administration released a legislative proposal that could help in ensuring cyber security. Some of the proposals’ components and the immediate effects are outlined herein. The first component is the damage to a critical infrastructure computer.

This component tries to minimize damages that a person can cause to a critical infrastructure computer or that which is associated with the same computer. If a person does this offense, he/she is liable for a term of 3 years imprisonment (Schmidt, 2011). Remarkably, the courts are under obligation not to reduce the number of terms for such crimes.

A critical infrastructure computer is a computer, which provides essential services to the public and government bodies. These services may include communication and transport services, health and clean water supply, and banking services. This proposal can help to eliminate cases of cybercrimes in organizations; for instance, organizations will update their policies concerning cyber security.

In case of such felony, the victim is imprisoned for the terms that the policy outlines. The US Air force wing they will be able to track any intruder who can be accessing the state’s and federal governments’ security details. The proposal eases the Air force’s work (The Presence of Commercial/External Links, n.d.).

The next component is the access to data without authorization. This involves accessing password protected documents without the knowledge of the owners (Schmidt, 2011). The imprisonment proposal put forward a term of not more than twenty years or subjection of a fine under the title.

Notably, these charges are levied if the victim’s access to the information was for personal financial gain, the value of the information exceeded $5, 000, and the act furthered criminal or tortious acts, such as causing physical injuries to any person. Remarkably, in case a person causes death knowingly from the above violations, he/she is subjected to imprisonment for life or any term of years or both.

This proposal also included the changes in both civil and criminal forfeiture. This legislation will also help organizations to operate with ease, as there will be fewer cybercrimes. Various organizations will have to adjust their policies to be in alignment with the US proposals.

The Administration’s proposal requires that businesses notify consumers and customers if there is compromise in their personal information. In this manner, the administration is aiming at protecting consumers and further, it outlines penalties for computer crimes, such as mandatory minimums for critical infrastructure computer intrusions.

The proposal was set to improve critical infrastructure protection by encouraging collaboration between public and private partners. The federal governments had the sole responsibility to provide voluntary assistance to organizations and increase sharing of information with all the stakeholders.

In formalizing of management roles, it helped in protecting the Federal Government networks. In addition, it improved recruitment of cyber security professionals, and ensuring that data are stored at an affordable cost. According to The Presence of Commercial/External Links (n.d.), the Air force operations will improve but their policy to prevent third party access to their information will be compromised if such proposal goes through.

The white house was also proposed to take the first initiative in fighting the felony. Interestingly, the white house was to control all networks; for example, during the World War I in 1918, the congress allowed the President to control all telegraphic systems (White House, 2009).

The sophistication in communication requires that a coordinated mechanism be put in place to avert the threats of cyber insecurities. The proposal required the President to consider appointing a group that could have a centralized point to monitor the criminal attacks.

Therefore, the group will have the Presidential support and even vast resources to implement the mission. Notably, this group is meant to work with the federal governments and other departmental agencies such as the cyber security officials. This move could help organizations to be held accountable to any threat that could go unnoticed. Therefore, organizations will also tighten their cybercrime policies in order to track infiltrators.

Additionally, there was a proposal to educate the entire mass on the changing digital world. This was to be done through The President’s cyber security policy official, as it coordinates with ICI-IPC (White House, 2009). The need for skills is changing at an immense rate in all sectors such as education, employment, infrastructure, and economy.

In the education line, careers that geared towards cyber security were to be given scholarships to enhance data protection. This initiative aims at creating an American Population that is techno savvy in the 21^st century.

Moreover, organizations will be able to absorb employees who are knowledgeable and skillful in their areas of specialization. These employees will also help to fight crimes emanating from data damage. For this reason, Employers should encourage employment and retaining of these employees.

Moreover, there was a proposal to encourage research and innovation on game changing technologies. In this, identity management was to be established by the cyber security council (White House, 2009). Notably, intruders and unauthorized membership access to companies, government or individual data is put under control.

The energy department, for instance, rolled out a strategy to monitor their power supply in the states. This strategy was monitored online, thus helping to identify any trespassers. Although this policy is effective in controlling access of information by intruders, the control by the state means the state officials can have access to organizations data. This prohibits the issue of information confidentiality.

Government officials will have to monitor information that is contained in other sites, some of which may be a threat to national security. Lastly, in the business front the use of technology requires higher levels of risk management practices than before. The use of technology in processing financial transactions implies that there is need to boost the trustworthiness, security, resilience, and reliability.

This proposal could help improve the volume of trade if implemented. In addition, it will expand partnerships both locally and internationally. The trading organizations will provide threat information and even identify means of eradicating these threats. The supply chains will be free from attacks, thus boosting trade.

Conclusively, fighting cyber security requires multiple sets of approach; it needs the cooperation of all stakeholders. For example, the legislations put forward require the support of both the government and the public to ensure successful implementation.

References

The Presence of Commercial/External Links. (n.d.). Air Force Reserve Command. Web.

Schmidt, H. A. (2011). The Administration Unveils its Cybersecurity Legislative Proposal | The White House. Web.

White House. (2009). Cyber Space PoIicy Review. Web.

Three natives of India have been indicted for hacking and severely affecting online brokerage firms by various methods. Jaisankar Marimuthu, Chockalingam Ramanathan, and Thirugnanam Ramanathan have been accused of playing a fraudulent scheme online, which has led to substantial losses to firms.

There has been a 23-count indictment, which includes “one count of conspiracy for the former two defendants each, eight counts of computer fraud, six counts of wire fraud, two counts of securities fraud, and six counts of aggravated identity theft. The third defendant has been charged with one count of conspiracy, two counts of computer fraud, and two counts of aggravated identity theft.” (Hackers from India, 2007)

This has been the first case ever to be filed against an online intrusion scheme, in the United States. The hackers have collectively impinged 60 customers and nine brokerage firms in the USA and other places. Amongst these, one of them has suffered a loss of approximately $2 million. The US officials have filed petitions against these online hackers in Nebraska, after a grand jury was seated to discuss the case issues. This incursion can affect millions of others throughout the world, as it would not be easily known as to who the brokerage companies are actually dealing with, the real clients, or the hackers. Thus serious action has to be taken against such intruders, who can victimize a large number of investors and brokerage firms all over the world.

The Assistant Attorney General Fisher has pledged to take action against such people who pose risks to others and has shown appreciation to those investigators and prosecutors who do the same, to eliminate the sources of such acts from the roots.

The operations of these crimes were being carried out from Thailand and India. The personal accounts of the defendants were used to purchase shares of stocks, following which they hacked into other people’s accounts and made good use of their passwords and usernames. New accounts were made by the hackers, by the help of which they made many purchases of the same stocks. This was done in order to make the market prices rise high, then the hackers would sell their shares for a large amount of profit, after the share prices were seen to be inflated.

Several instances of their online hacking were placed before the jury. The methods employed to carry out these activities were sophisticated and complicated, though basically it is seen to be just a fraud case. But such cases affect individual victims as well as financial institutions and create lack of confidence in the international market. Large amounts of monetary losses may be faced with, and mutual trust is diminished due to such acts.

The international law enforcement agencies are working hard to eliminate any fraudulent activities that may affect America’s economy. Marimuthu was arrested in Hong Kong on being charged for computer fraud, Thirugnanam was also caught in January 2007 on the basis of a provisional arrest warrant from the US. The FBI is looking into the case too, which could imprison these defendants for an average of 15-20 years.

The issue is that all the tricks they put into action were homed in India, and the prosecution is taking place in the United States. Thus the defendants have not been put into prison right away, but investigations are still being carried on. Prosecution can take place in the States because the investors over there were being attacked and global corruption was seen to be taking place.

Reference

Hackers from India Indicted for Online Brokerage Intrusion Scheme that Victimized Customers and Brokerage Firms (2007) “Department of Justice”. Web.

Under the PPD-21, the owners of the critical infrastructure will work with the government to hasten the process of strengthening the national critical infrastructure in terms of the much needed security. The debilitating impact of the prevailing cyber hazards will also be addressed by the operators, SLTT, and the government (Lyle, 2013).

These are different from the action plans given in the attachment. However, both policies note that the international partners will also work with the government to boost the security of the critical cyber infrastructure located within and outside the United States of America.

The federal government shall use three main strategic imperatives to strengthen cyber infrastructure. These imperatives include clarifying and refining the functional relationships that are vital to the federal government in fostering cyber security. This differs with the action plans.

Under the executive Order 13636 section 4, the president noted that the cyber security information sharing is a vital tool that the US government will be using as an action plan to fight against the cyber threats within its borders (US Department of Defense, 2013).

This is an outstanding similarity with the action plans depicted in sections 5.0-5-3 of the attached document. Although guidance and policy coordination are similar in both cases, dispute resolution as suggested by the PPD-21 does not appear under the action plans 5.0-5.3 (The White House, 2013).

Building and extending the cyber domain of the NIEM as well as providing standards for cyber security are supposed to be achieved within 60 days and 120 days respectively according to the attached action plan. On the other hand, the PPD-21 and the Executive Order 13636 do not give specific timelines within which certain directives are to be attained.

Finally, the Executive Order 13636 notes that a consultative process will be adopted in the process of combating the threats posed by cyber security with the assistance of the secretary (National Archives and Records Administration, 2013). This tends to fit with the attached action plans 5.0-5.3. The latter emphasizes the importance of instituting voluntary consensus approaches that can hasten the cyber security intervention process.

References

Lyle, A. (2013). Pentagon Official Examines Law in Cyberspace Operations. Web.

National Archives and Records Administration (2013). Executive Order 13636— Improving Critical Infrastructure Cybersecurity.

The White House (2013). Presidential Policy Directive — Critical Infrastructure Security and Resilience. Web.

US Department of Defense (2013). Cyber Effort Under Way to Safeguard Infrastructure, Official Says. Web.

Introduction

Hacking refers to deliberate actions to interfere with computer systems. The act mainly happens over computer networks. Flaws in the network allow hackers to access the systems. Knowledge on hacking can be both advantageous and disadvantageous to a firm. Advantages associated with the practice include improvement of security in computerized systems. Today, many learning institutions are offering courses in this discipline, especially for students pursuing degrees in Information Technology. The knowledge would be of great use in future in preventing cyber crimes by identifying loopholes that would leave a system vulnerable to attacks (Timberg, Nakashima and Douglas-Gabriel 12). However, the skills can be dangerous and costly to victims. Hackers have in the past used their expertise to commit fraudulent activities, such as access to valuable information. They manipulate this information to gain control of systems. The individuals have also been used in times of warfare to conduct terrorist activities. Most of them engage in the activity for self amusement. In addition, some of them have not even studied related courses, which make it difficult for prosecutors to prove their guilt during a trial.

The paper seeks to address the issue of cyber warfare and hacking. More emphasis is placed on the banking industry. The paper addresses cyber warfare and hacking at the international level. Some of the areas addressed by the author include hacking of both small and multinational organizations, the link between cyber war and terrorism, as well as buzzwords and background information with regards to unauthorized access to computer systems.

Cyber War and Hacking in Organizations

Traditionally, most hackers target computer systems and networks. However, telecommunication companies offering services to mobile phone users have also become a target for these individuals (Perlroth 9). The introduction of smart phones is seen as a major contributing factor to this emerging trend. The fact that these phones use a computerized system makes them as vulnerable as a computer network in relation to hackers. Most of these practitioners target the network. A large number of telecommunication firms are often not aware of the risk they face from the criminals. As such, they are often ill prepared when the hackers attack. The hackers are often anonymous and carry out their activities stealthily (Timberg et al. 12). In most cases, they use malwares to allow them access to information and networks. Foreman Seeley Fountain Architecture is one of the latest victims of such activities. The mobile network company lost $166,000 worth of calls within a single weekend (Perlroth 9).

Such kind of vulnerability also exposes customers to risk of losing their money. With increased adoption of mobile banking and money transfer, stakeholders in the sector need to be extra vigilant through the constant monitoring of their systems in order to detect suspicious activities. In developing countries where the online banking system has not fully taken route as a result of resource shortages, mobile banking is common. People are able to send and receive money through the mobile network. The same telecommunication companies also provide customers with credit services. Vulnerability of their systems would tarnish their reputations, a situation that would lead to loss of customers (Perlroth 9). For this reason, most of these companies often opt to remain silent even after they have incurred huge losses owing to hacking.

International hacking has become common among teenagers. However, most of these individuals leave tracks behind. As a result, they are apprehended for their actions. In efforts to reduce hacking in the country, a number of police units have been formed. The administration cells deal exclusively with cyber wars. In some cases, these forms of crimes may be a result of terrorism. Other people engage in it just for fun and out of their love for computer programming. The major source of concern to security organs around the world is any form of illegal hacking (Tara 5).

Hacking in Mainstream Media

A look at some recent articles in the media reveals substantial factual information about the issue of cyber crime. For example, an article published in The New York Times in October 2014 addresses the issue of hacking perpetrated against JPMorgan Chase (Silver-Greenberg, Goldstein and Perlroth 4). The attack is deemed as one of the biggest cases of cyber crime to have ever been discovered. In this instance, information about 76 million household accounts and 7 million sets of financial records belonging to small businesses were compromised (Silver-Greenberg et al. 2).

In today’s world, banks have become favorite targets for hackers. The story of JPMorgan is an indication of this development. Financial information, social security numbers, and other forms of sensitive data are believed to have been tapped into by criminal elements. An attack of this magnitude compromises every activity in the organization. The hackers at JPMorgan had also obtained access to applications running in most of the computers. Jamie Dimon, the Chief Executive and chairman of the bank, said investigators had made progress in their efforts to determine the source of the crime (Silver-Greenberg et al. 2).

The frequency of cyber attacks is rising by the day. In 2011, a journal article stated that a Russian hacking group had breached the security systems at NASDAQ. However, there was no evidence of any information taken away by this gang (Glazer and Yadron 1).

According to The Wall Street Journal, JPMorgan is just one of the many entities that have suffered similar attacks (Glazer and Yadron 1). For example, in September 2014, the security system at Home Depot Inc. was compromised. Other victims include Adobe Systems and Target Corps. In the same journal, it is indicated that Microsoft’s Xbox was penetrated by criminal elements. Unlike in JPMorgan’s case, the hacker accessed information that was enough to build a counterfeit Xbox One gaming console. He used the proceeds from the console’s sale to pay for his university tuition fee.

Apple is one of the bestselling computer brands in the world. A flaw has been reported in one of its systems. Apparently, hackers were able to create a virus that is sent to a host network. Once the malware is active in the target computer, it gives the hacker remote access to the machine through a complex communication system. More than 17,000 Macs have been affected worldwide, with 12000 cases reported in Britain alone (Glazer and Yadron 1).

Hacking and Terrorism

It is a fact that most elements of human existence in the modern world are computerized. As a result, hackers find it easy to carry out their crimes. Today, some terrorists use the help of hackers to attack other countries. The relationship between the two elements has elicited debates on whether or not hacking is terrorism. There are small scale criminals who are interested in stealing some little amount of money. Another group is made up of organized hackers. They target large corporations to access their data. In some cases, they are engaged in economic espionage (Goldstein, Perlroth and Sanger 5). People hold different views about hackers. There are those who rank cyber war as less dangerous compared to a nuclear attack. Organized hackers call themselves ‘anonymous’ at times. The ones involved in terrorism are recruited and trained to work for the terror groups. In some cases, they are forced to offer their services to the terrorists.

Due to the damages that these activities can cause, governments around the world are trying to eliminate illegal hacking. In America, a law has been passed to help in this. Anyone proved guilty of the crime is liable to ten years imprisonment. In other countries like Britain, the sentence may be life imprisonment. As a result, many people are discouraged from engaging in these crimes. However, in some instances, hackers use technology that is more advanced than that used by the law enforcers (Tara 2).

Incidents Prompting Cyber Wars

The main aim of hacking is to gain access to computer and mobile networks. The driving force behind this is often self amusement and criminal behavior. The information gained puts the hacker in control of the system. As such, they acquire administrative power over the network. In most cases, hackers are able to complete their activities undetected (Perlroth 9). In the banking sector, hacking can result to loss of valuable financial data. The hackers can also manipulate the data at their disposal to make unauthorized transactions. Their activities hurt both the companies that they target and their customers.

Most persons who engage in hacking also have interests in computer networks. Most of them spend a considerable amount of time around computers and are fond of trying new things (Timberg et al. 12). Some of these individuals may even lack any form of formal leaning on hacking. Terrorism is also a major motivating factor behind some of the hacking activities. The activity can be used as an act of war by targeting vital information systems and obtaining information on financial systems used in a country.

Reacting to Cyber War

Some issues about hacking remain sketchy. Critics wonder why government agencies fail to recruit talented hackers to help curb this crime. In the case of JPMorgan, it is unclear how the criminals got so far and deep into the system. It is possible that someone from the inside helped them. The Wall Street Journal theorizes how the criminals may have penetrated the network. It is believed that they used a personal computer of one of the members of staff. The workers were urged to improve defense on their end. Such measures included logging off their work stations and using passwords that are hard to crack (Tara 4). Another unclear issue with regards to JPMorgan’s attack is whether any money was stolen or not. The bank is still contacting its customers to confirm if any funds were tapped into (Tara 4).

Cases of high jacking of mobile networks by hackers have been common over the past years. The perpetrators of the crime are often handed short sentences, whereas their activities have devastating effects on the financial status of their victims. The law enforcers should be well equipped to detect and deter such activities before they occur. In most cases, high profile hacking activities are carried out by internal criminals who are difficult to trace once they have accomplished their mission (Perlroth 9).

It is important to understand that banks are vulnerable to attacks due to the financial and personal information they hold. As a result, they have to invest a lot of resources on security (Silver-Greenberg et al. 4). In spite of these security lapses, it is better for the public to entrust the financial institutions with their vital information rather than hold it in their personal computers.

One may have skills on computer security, but their capabilities and resources cannot compare to those of a bank. It is also important to note that cyber crime is taken seriously by the government. Tampering with the system of another party has dire consequences on the offending party.

Buzzwords and Background Searches in Cyber Crime

Just like in any other profession, there are a number of keywords used in cyber war. A buzzword is similar to a technical jargon. One such word is malware. It is a malicious computer code used to corrupt or override the target system. The attackers of JPMorgan are believed to have used malware to penetrate into the bank’s system. Information can be termed as the background of any form of cyber attack. The situation has extended to smartphones. Phones are getting infected through applications downloaded from the internet. One single mistake of installing an application from unknown developers can compromise the security of the handset (Wood 4). Some hackers use this information to extort money from other people. Once the cell phone is hacked, the criminal can lock it and withhold the information inside. They may demand a ransom to unlock it.

Hacking and Educated Opinion

In the 21^st century, the internet has turned to be a basic need. It is used in reading and sending e-mails, connecting on social media, and such other applications. Each day, people upload personal information on the internet. Hackers can retrieve such information and use it against the individuals. The introduction of smartphones has made it possible to store data in a cell phone. However, these devices are easier to hack into compared to computers (Wood 8). As such, some people prefer to store their information in safer locations, such as banks. The financial institutions have complex security options that are not easy to break into. However, organized hacking groups are using advanced technology to gain access to these networks. It is up to these banks to ensure that they use updated innovations to secure their systems.

Not all forms of hacking are considered to be illegal. However, there are certain lines that should not be crossed. Hacking activities should not cause harmful effects to another party. Today, many governments advocate for inclusion of a course on hacking to help people gain awareness on the vulnerabilities that may exist in computer networks. Businesses offering banking service should hire the services of such individuals for them to be in a better position to combat crime (Perlroth 9).

Conclusion

Banks have become soft targets for cyber attacks and international hacking. First, people entrust their important information, such as social security numbers, with these financial entities. Another reason is that the institutions deal with money. Some hackers may fear tampering with the security system of large organizations for fear of repercussions. However, there are those who focus solely on the illegal acquisition of information regardless of the resulting consequences. When sensitive data gets into the wrong hands, it can be used to hijack the economy. As such, banks should do their best to ensure that this does not happen to their customers. The government has played its part by declaring that cyber attacks are federal crimes. The minimum sentence is ten years, while the maximum is life imprisonment. Individuals should also be careful of what they store on the web. In addition, they should keep track of their financial accounts.

Works Cited

Glazer, Emily, and Danny Yadron. “J.P. Morgan Says About 76 Million Households Affected By Cyber Breach”. WallStreetJournal. 2014. Web.

Goldstein, Matthew, Nicole Perlroth, and David Sanger. “Hackers’ Attack Cracked 10 Financial Firms in Major Assault”. NYTimes. 2014. Web.

Perlroth, Nicole. “Phone Hackers Dial and Redial to Steal Billions”. NYTimes. 2014. Web.

Silver-Greenberg, Jessica, Matthew Goldstein and Nicole Perlroth. “JPMorgan Chase Hacking Affects 76 Million Households”. NYTimes. 2014. Web.

Tara, Siegel. “Ways to Protect Yourself after the JPMorgan Hacking”. NYTimes. 2014. Web.

Timberg, Craig, Ellen Nakashima, and Danielle Douglas-Gabriel. “Cyberattacks Trigger Talk of ‘Hacking Back’”. WashingtonPost. 2014. Web.

Wood, Molly. “Mobile Malware: Small Numbers, but Growing”. NYTimes. 2014. Web.

According to the International Telecommunication Union (2012), the term computer forensics in its usage portrays the orderly gathering of information and examination of computer-based innovations and technologies to scan for digital evidence. When handling a crime scene, investigators should remember that the documentation of the scene builds a record of the investigation for prosecution purposes. Computer Forensics falls within the domain of digital forensic science, and the goal of an investigator in the realm of computer forensics is to forensically examine a computer to identify, obtain, and analyze digital information found on a computer and its components. The US Department of Justice defines digital evidence as data and information of significant worth to an examination that is domiciled on, got, or transmitted by an electronic gadget. This proof is gained when information or electronic gadgets are seized and secured for assessment (Cole, Gupta, Gurugubelli, & Rodgers, 2015). In this section, this paper will address the components of a computer to photograph during forensic photography, the most emergent action an investigating officer should take upon arriving at a cyber-crime scene, the value of computer’s hard disk in computer forensics, the concern of encryption (Secure Hash Algorithms) in a cybercrime scene investigation, and the restrictions that are there for cybercrime scene investigators on the data they seize while executing a warrant for the contents of hard drive during a crime scene investigation.

Criminological photography is an irreplaceable device in present-day measurable odontological convention, which helps in insightful systems, support of documented information, and to give proof that can enhance lawful issues in court. Investigators at a crime scene set many goals in their quest to achieve the most desirable outcomes in an investigation. One such goal the investigators set is incorporating photography into detective work. For this reason, the proper determination, selection, and execution of the appropriate photography and computer components coupled with proper training as well as correct workflow operations make fusing photography into the field of crime scene investigation an effectively reachable objective (Gouse, Karnam, Girish, & Murgod, 2018). The job of the forensic picture taker is essential as decent expertise in photography together with continued learning of the mechanics and procedures involved is requisite for legal documentation of proof. According to the US National Institute of Justice’s “Guide for First Responders” (2008), other than accounting for the area of crime commission, there is a requirement for an agent to record not just the scene itself, but also the condition of, the power statuses, and the conditions of the computers together with its attached components and accessories such as storage media, portable components such as thumbnails, PDAs, and Internet access devices.

In a crime scene, while searching for digital evidence, an officer should, therefore, photograph the mentioned devices associated with a computer, before and after marking the scene. Computers may be the portable type – the laptop and handheld devices such as tablets and smartphones – or the non-portable type – the desktop computer. The detective should capture images of the computer’s monitor, as is, whether powered on or not. The desktop computer has a monitor (screen) which is detached from the computer’s central processing unit (CPU). If not available in plain view of the officer, they should locate the separate CPU of a desktop computer and photograph it as well. The keyboard for a desktop computer is also detached hardware, although some computer operating systems provide for an on-screen keyboard.

The investigator should locate and capture an image of the keyboard, mouse (pointer), and other equipment connected to the computer’s CPU, including external speakers and recording devices, if any. With a laptop computer, most of the abovementioned components are a single integrated unit. If flapped, the officer should capture an image of the computer in the flapped condition and capture images of the laptop computer when not flapped. The investigating officer should also capture any other devices peripherally attached to the laptop. For handheld computers, the integration of components is even higher with minimal peripheral components. In the case of handheld computers, the forensic photographer should capture the devices wholly from their front and rear.

There are also other non-component parts of value on a computer; these are serial numbers, make (name of the computer e.g., HP), model (e.g., HP ProBook), and model number (e.g., 4440s). Manufacturers usually inscribe the make, model, and model numbers of desktop and laptop computers on the exterior of the devices. The photographing officer should capture the computer’s make, model, and model number as well. For handheld devices, only the make is available in plain view, the model and model number are usually part of the devices metadata and are only obtainable from the devices’s manifest once powered on. Additionally, the investigators should take images of the devices’ serialization on the computer or its peripheral devices. Serial numbers are unique to each device and the devices’ identities. Manufacturers inscribe serial numbers both exteriorly and in the metadata manifest of the device.

If the photographer cannot locate a serial number on the device, they should do so from the device’s metadata and capture it too. Other than serial numbers, computers have light signals, for instance, power-on light, wireless connection light, web connection light, among others. The investigator should locate and capture images of the light signals on the computer for purposes such as showing the power status, the Internet connection status, among others. Another critical aspect of a computer is networking. Networking computers utilize many different cables and transfer equipment such as LAN and WAN cables, power cables, USB cables, VGA cables, HDMI cables, and the like. For an investigating officer, they should photograph such connectors found on and with a computer and take a keen interest in any information printed on the exterior of these connectors. The officer should capture the connectors in situ and then label them appropriately before proceeding to capture images of the connectors with the appropriate labels.

For an officer, as a first responder, the most emergent action upon arriving at a cyber-crime scene is to secure the scene and evaluate it (National Institute of Justice, 2008). In this preliminary phase, the officer should account for their self-safety as well as the safety of all persons at the scene. The investigator should ensure that, in so doing, they remain within the confines of the Police Department’s policy as well as the federal, state, and local laws. For instance, if the first responder feels unsafe, they should call in for back and detest any manner of action that is provocative or that endangers their lives and the safety of the scene. The investigating officer should secure all electronic devices, and these include personal as well as portable devices (National Institute of Justice, 2008). Another immediate act of great importance is barring unauthorized persons from accessing the scene and rejecting any help volunteered by unauthorized persons.

It is the investigating officer’s duty obligation to secure and seal off the scene of felony commission, and partly the fulfillment of this obligation incorporates expelling all people from the scene of a crime and the area in close proximity to the area from which they plan to gather proof. The official, first on the scene, has an obligation to guarantee that the state of the PC and every single electronic gadget stay unaltered. To this end, the officer may draw up a sketch of the scene as they found it with all devices intact and-or take a photograph of the scene from different angles to ensure they capture all the relevant details. Failure to secure the scene can get the scene compromised, and so will the digital evidence be. Evidence that is compromised may be inadmissible in court or it may lead to an undesired outcome of litigation. Also, failing to secure the scene can lead to the alteration of evidence and probably lead to the officer’s harm. Eventually, first responders should ensure that they leave the computer and other electronic appliances powered off according to the National Institute of Justice guidelines if they found it off. Another huge obligation on the shoulders of a first responder immediately they get to the scene is ensuring that any physical evidence that a scene can offer does not get compromised in any way during documentation.

There is an abundance of potential digital evidence on a PC. A large number of these things are obtainable through a manual or logical/computational extraction procedure. While a portion of the proof overlaps with data found on the web, there are a couple of essential sources that are obtainable from the physical gadget instead of on the Internet (Goodison, Davis, & Jackson, 2015). The latter will typically arise from the computer’s hard disk. The hard disk drive of a computer contains the data stored in and by that computer’s use. Some people call the computer’s hard disk its memory, without which, the computer is unusable. The hard disk is indispensable in the functioning of the computer, and it is, therefore, a component of the most value in a cyber-crime scene. All systems and software used on and by a computer coordinate their actions on the hard disk, and as such, even software, networking applications, and IT networks leave vast amounts of data on the computer’s memory (Goodison et al., 2015). The National Institute of Justice (2008) affirms that a computer’s hard drive indeed contains information like email messages, image (and photograph) files, databases, Internet browsing history, financial records, Internet Chat logs, event logs, as well friend lists and itineraries that would be valuable as evidence during investigation and the prosecution of a crime. These facts affirm the top value that hard disks have in a cyber-crime scene.

For instance, when surfing on the Internet, programs and software will frequently keep up transitory Internet documents, cookies, and browsing history (Goodison et al., 2015). Every one of these things is usable in an investigation to decide the user’s online behavior. Intermittent files and records and cookies are regularly utilized by sites themselves to follow Internet users’ activity and store data. Email and different messages might be found on the physical hard disk of the PC too. Even though most email messages remain in the custody of Internet servers, some messaging programs, and software stores earlier messages onto a PC hard drive. All the information above points out that the computer’s hard disk drive archives almost everything that happens on that particular computer, even if it is in the form of caches, temporary files, or shadow copies.

Encryption is a perfect example of privacy-enhancing technology (PET). PET aims at protecting and preserving the privacy of individuals and the confidentiality of personal information (United Nations Office on Drugs and Crime, 2019). Encryption is, therefore, a way of hiding data by locking out any individual who lacks the encryption code that concealed the data. The International Telecommunication Union, in a 2012 report, defines encryption as “a technique of turning a plain text into an obscured format by using an algorithm” (p. 81). The security of many application software today relies on Hash Functions (or Hash Algorithms) to secure user data. Out of different hash functions stems different security properties depending on the individual security requirements of the application software. There are three fundamental security characteristics of hash algorithms; “pre-image resistance, second pre-image resistance, and collision resistance” (AlAhmad & Alshaikhli, 2013, p. 240).

The pre-image resistance is the lack of ability to learn or know the contents of the data input from the data’s hash digest; “For any given code h, it is computationally infeasible to find x such that H(x) = h” (AlAhmad & Alshaikhli, 2013, p. 240). The second pre-image resistance generates similar hash digests by ensuring that there is an inability to learn or to know about the contents of the subsequent pre-image from the given initial pre-image; “for any given input m, it is computationally infeasible to find y ≠m with H(y) = H(m)” (AlAhmad & Alshaikhli, 2013, p.240). The interpretation of the collision resistance arises when two independent and varying input contents result in a similar hash digest; “it is computationally infeasible to find any pair (m, y) such that H(y) = H(m)” (AlAhmad & Alshaikhli, 2013, p. 240). Novak, Grier, and Gonzales (2018) assert that hash verification is a potential hindrance for sifting collectors during the collection of digital evidence. Owing to the said reason, hash verification (and encryption in general) is a significant concern in a cyber-crime scene investigation.

Hash verification involves the use of an electronic or computational signature otherwise called a verification code or a hash to ensure that a disk image is a match of the original evidence disk as postulated above. In the event of cyber-crime scene investigation, a problem arises with disks that have hash algorithms encryption. Existing techniques for hash check rely upon confirming the whole disk and in this way, are incompatible with Sifting Collectors (Novak et al., 2018). Be that as it may, this issue is not restricted to Sifting Collectors; present-day, solid-state drives (SSDs) are frequently incompatible with a hash check because specific SSD locales are precarious and unstable because of maintenance tasks. However, if there were to be a break between sifting collection and modern practice, the drawback of hash verification (and encryption) could get overcome.

Warrants for the contents of a hard drive are typically restricted to the relationship between the evidence and the crime under investigation. Before starting a search, specialists and investigators must guarantee that they submit to material laws or stand the risk of having held onto evidence proclaimed unacceptable at preliminary trials for inadmissibility. There are certain jurisdictions in which exceptional cases may legitimize search and seizure exercises devoid of a warrant, for example, in case of consent/assent, ‘crisis’ fear-based oppressor and terrorist circumstances, plain view principle, searches related with lawful arrests, among others (Brown, 2015). However, the practical search of the information put away on a gadget, as a rule, requires that an investigator produces a warrant in common law nations/jurisdictions.

In conditions where there is a considerable danger of losing proof, for example, where information sanitization and other anti-crime scene investigation measures are active or imminent, a few jurisdictions license law enforcers to play out a restricted hunt of gadgets without a warrant because of the apparent susceptibility of the information and data in these devices (Brown, 2015; Cole et al., 2015). Remote cleaning and erasure apparatuses are packaged preinstalled on numerous mobile devices and accessible for buy as business software or freeware. During warranted action, examiners may likewise find lawfully ensured sources of ESI, for instance, the principle of lawful expert benefit, open intrigue insusceptibility, among others (Brown, 2015). Such legally protected sources of ESI add a layer of unpredictability to the procedure of proof handling, search, and seizure. Numerous specialist examiners experience authoritative postponements, delays, and adjournments in acquiring constitutional power to direct police examinations because of legal uncertainty about cybercrime offenses.

In most western popular governments, authoritative national legislations exist to implement compliance with universal human rights law, such as the rights to privacy and the freedom of expression. In the United States, for instance, there is still equivocalness about the translation of the Fourth Amendment assurances to the digital world realm (Cole et al., 2015). Concerning the Fourth Amendment and digital proof ventures, the plain view exemption and the closed-container guideline has raised substantial attention (Cole et al., 2015). At the point when an agent is leading a pursuit inside the extent of a warrant and runs over contraband material in plain view, the official has the authority to hold onto it. The issue with digital proof is that the degree is at times overbroad (Brown, 2015). With a substantial warrant, the specialist can look through the entire hard drive as though it were a container, and in this way, the majority of its substance is in ‘plain view’ of the officer.

Contingent upon the judge and proof submitted, courts may constrain the extent of such searches. Legitimate position and best practices for enforcing warrants of search and seizure vary altogether across locales and criminal justice systems, including enactment and standards regulating the treatment of electronic evidence during litigation. At the point when police lead search exercises, equipment (hardware components), programs and software, external storage media, and data in binary and printed structure might be seized. It is occupant for examiners to think about the appropriateness of viewing and forensically obtaining information at the scene, i.e., ‘in situ’ and whether the conditions may legitimize physically holding onto the material for further investigation in a research facility. Cole et al. (2015) contend that, ordinarily, evidence from a warranted search is admissible if the testifying witness had firsthand information of the proof if the proof obtained resulted from an automated process or framework, and if the computerized record(s) meet the business records exemption to the Hearsay Rule.

References

AlAhmad, M., & Alshaikhli, I. (2013). Broad view of cryptographic hash functions. International Journal of Computer Science Issues, 10(4 No.1), 239-246. Web.

Brown, C. (2015). Investigating and prosecuting cybercrime: Forensic dependencies and barriers to justice. International Journal of Cyber Criminology, 9(1), 55-119. Web.

Cole, K., Gupta, S., Gurugubelli, D., & Rodgers, M. (2015). A review of recent case law related to digital forensics: The current issues. In Annual ADFSL Conference on Digital Forensics, Security and Law (pp. 95-104). Daytona Beach, FL: Embry-Riddle Aeronautical University, Scholarly Commons. Web.

Goodison, S., Davis, R., & Jackson, B. (2015). Digital evidence and the US criminal justice system: Identifying technology and other needs to more effectively acquire and utilize digital evidence. Web.

Gouse, S., Karnam, S., Girish, H., & Murgod, S. (2018). Forensic photography: Prospect through the lens. Journal Of Forensic Dental Sciences, 10(1), 2-4. Web.

International Telecommunication Union. (2012). Understanding cybercrime: Phenomena, challenges, and legal response. Web.

National Institute of Justice. (2008). Electronic crime scene investigation: A guide for first responders, Second Edition. Web.

Novak, M., Grier, J., & Gonzales, D. (2018). New approaches to digital evidence acquisition and analysis. Web.

United Nations Office on Drugs and Crime. (2019). Cybercrime module 10 key issues: Enforcement of privacy and data protection laws. Web.

The first step that translates a forensic request into a forensic report entails preparation or extraction of the required data. Before starting the process, the request should contain adequate data. If sufficient data is not available, it is crucial to liaise with the requester so as to decide on the next line of action. This can be attained by sending back the package to whoever requested it, waiting for the resolution and starting over the process again (Digital forensic analysis methodology, 2007). In the event that sufficient information is available, the required system configuration should be developed by ensuring that the forensic software and hardware are established and validated.

Thereafter, the suitability of forensic data should be duplicated and verified. If integrity has been established to be proper, the process is moved to the organization and refining stage whereby forensic tools are selected. However, lack of integrity on the request pushes the process back to the first stage. Thereafter, the requested data is extracted and labeled as “data search lead” (Rahman & Khan, 2016).

The next stage is identification. Any type of unprocessed data is identified and only the relevant piece is processed further. If data search leads are generated afresh by an item, it is marked and labeled as irrelevant to the forensic process (Whitman & Mattord, 2011). Generation of new data search leads moves the process to the next level after which the requester may be advised accordingly.

The last stage before reporting is analysis. It starts if no more data analysis is required. Forensic data should be obtained and imaged if new data lead is produced. Extracted data is the general data available for forensic study. It may contain both crucial and less crucial information. It is the wholesome information submitted by a requester. On the other hand, relevant data refers to the extracted and validated information that can yield the much needed results in forensic study. Relevant data is crucial to the case at hand and can give vital leads (Sahinoglu, Stockton, Barclay, & Morton, 2016).

According to the chart, the ‘Return on Investment’ primarily refers to the stage at which the most relevant data has been identified. At the identification stage, the return on investment is relatively high because the required data must have been known. The process should be stopped as soon as relevant leads have been generated. If the process is pushed for too long, the related costs will go high and consequently lead to unnecessary expenses (Sammons, 2012).

Moreover, a diminishing trend is witnessed on the value of extra forensic analysis. This implies that the more analyses are carried out, the less is the value of the entire process.

A file containing the forensic image is imported. The latter should be the case file of the issue at hand (Digital forensic analysis methodology, 2007). A network environment can also be recreated in the process. In some instances, acquisition entails recreating a database that contains search and data source required in forensic study. This procedure is followed so that it can mimic the real, ideal or natural workplace environment. For instance, deleted items including sent and received emails can be identified and extracted as part and parcel of acquiring search and data source leads.

Second, a storage electronic media can be searched in order to establish evidence of the case being pursued. Besides, data mining is a credible method of acquiring search and data source leads (Eastton & Taylor, 2011). Using the seized database, the process of configuration can be carried out. Thereafter, the seized database is loaded and all the deleted files recovered. This procedure can go hand in hand by reviewing index drive after the recovery process is over.

References

Digital forensic analysis methodology. (2007). Web.

Eastton, C., & Taylor, J. (2011). Computer Crime, Investigation, and the Law. Boston, MA: Course Technology, Cengage Learning.

Rahman, S. & Khan, M. (2016). Digital Forensics through Application Behavior Analysis. International Journal of Modern Education & Computer Science, 8(6), 50-56.

Sahinoglu, M., Stockton, S., Barclay, R. M., & Morton, S. (2016). Metrics-Based Risk Assessment and Management of Digital Forensics. Defense Acquisition Research Journal: A Publication Of The Defense Acquisition University, 23(2), 152-177.

Sammons, J. (2012). The basics of digital forensics: the primer for getting started in digital forensics. New York: Syngress.

Whitman, M. E., & Mattord, H. (2011). Reading & Cases in Information. Security: Law & Ethics. Boston, MA: Course Technology, Cengage Learning.

The National Software Reference Library (NSRL)

The National Software Reference Library (NSRL) is a project at the National Institute of Standards and Technology (NIST), the primary goals of which are to store all existing software, file profiles, and file signatures and to provide guidelines for their efficient usage by various organizations that deal with forensic investigations. The library consists of three main sections:

• a physical repository of application packages that are available for purchase;
• a comprehensive database providing descriptions of every file that the packages contain; and
• a small database of the most popular information, which is updated once every three months (Hayes, 2015).

At present, the library disposes of more than 7000 software packages with more than 35 million files—many of which are duplicates used in several programs simultaneously—and over 11 million unique files (Altheide & Carvey, 2011).

This database is very useful in the process of forensic investigation, as it saves the investigator a considerable amount of time that he or she would otherwise waste examining files. In fact, when possible, the database excludes known files that cannot provide any evidence from the automatic search. Moreover, the library can identify what programs were used in the system, which helps the investigator infer where he or she should examine for further evidence. This information can be particularly helpful when dealing with intellectual property issues, as it may show whether the user had a license for certain applications.

Computer Forensic Tool Testing

Computer Forensic Tool Testing (CFTT) is another project at NIST, which was created to check forensic tools (including both hardware and software) that are used in the process of investigation. The CFTT project was launched in 2000 and has proven to be quite successful in developing methodologies for forensic tools assessment. It offers a unique set of criteria and specifications that make it possible to estimate whether the tools are able to perform the functions that are required from them (Guttman, Lyle, & Ayers, 2014). So far, no critical errors have been found in the performance of CFTT.

CFTT results can be used not only by software producers who want to improve their tools but also by a wide range of specialists, including investigators. The project allows them to decide whether given tools meet all requirements and can be used for the specific purposes of a particular investigation. Evidence collected and verified with the help of CFTT is admissible in legal proceedings (Peterson & Shenoi, 2014).

Computer Forensic Reference Data Sets (CFReDS)

The Computer Forensic Reference Data Sets (CFReDS) represent a small but valuable body of data created by NIST, which provides simulated evidence for examination and allows investigators to perform string searches using various encodings (Peterson & Shenoi, 2014). The corpus contains disk images, mobile images, and system memory analysis images, some of which are accompanied by scenarios. CFReDS stores data retrieved from many different sources and allows users to create their own samples for performing particular tasks.

There are many ways to operate CFReDS in order to improve forensic evidence. These data sets are capable of several functions, including testing forensic tools, checking hardware and laboratory equipment, and training investigators. Practically all data sets can perform more than one function.

References

Altheide, C. & Carvey, H. (2011). Digital forensics with open source tools. Burlington, MA: Syngress.

Guttman, B., Lyle, J., & Ayers, R. (2014). Ten years of computer forensic tool testing. Digital Evidence And Electronic Signature Law Review, 8(1). Web.

Hayes, D. (2015). A practical guide to forensics investigations. Indianapolis: Pearson.

Peterson, G. & Shenoi, S. (2014). Advances in digital forensics X. Berlin, Heidelberg.

Digital forensics tools are highly popular among digital investigators, as they allow easily conducting of the necessary technical analyses. One of the most famous software programs for digital forensics is Autopsy, a toolkit that examines the images present on a device’s hard drive. Capable of interacting with personal computers and smartphones, Autopsy is highly versatile and contains several functions for properly investigating the image files present on the storage unit (Autopsy, n.d.). Specifically, Autopsy allows viewing graphical information stored on the device, searching the repository for specific items, or extracting the data (Autopsy, n.d.). Although this software is distributed freely, it remains an excellent tool for forensic analysis and is continuously updated to follow technological advances.

Some digital forensics software is incredibly specific, created to examine a particular system. As such, Arsenal Recon is an instrument constructed to explore the Windows operating system and its registry, thus accessing information about the device’s configuration specifics. Considering that a Windows registry contains a vast amount of information about the applications installed and data processed, Arsenal Recon can be extremely valuable when conducting a digital forensic investigation (Arsenal Recon, n.d.). However, this software is produced commercially, it cannot be obtained free of charge, and $65 a month or $756 a year must be paid to receive access.

Finally, unique programs are required when working with a smartphone system. Cellebrite UFED is one of the methods used to retrieve data from various types of mobile devices, primarily modern-day smartphones that have distinct operating systems (Cellebrite UFED, n.d.). In light of this evidence, Cellebrite UFED possesses a range of functions to remove the phone’s security measures, and access the information stored in the internal storage or on external cards (Cellebrite UFED, n.d.). Nevertheless, the software can only be purchased for particular purposes, with prices starting at $2499.

References

Arsenal Recon. (n.d.). Digital forensics tools by digital forensics experts. Web.

Autopsy. (n.d.). Web.

Cellebrite UFED. (n.d.). Access and collect mobile device data. Web.