National standards provide a platform upon which computer forensic laboratories operate in the US (Nelson, Phillips & Steuart, 2010; Easttom, 2014). They are aimed to achieve practical and realistic computer forensic laboratory goals. All computer forensic laboratories in the US have to adhere to the national standards before they could be certified (Easttom, 2014).
The standard 1.3.3.1 provides essential information that is crucial for developing technical skills for personnel. The standard 1.4.2.6 outlines emerging technical procedures that should be fulfilled by computer forensic laboratories. The standard 1.4.2.8 provides a framework within which samples are handled in a computer forensic laboratory.
The standard emphasizes documentation that is aimed to maintain a high degree of the validity of the laboratory procedures. The standard 1.4.2.11 offers approaches that should be adopted to certify laboratory equipment and instruments. The standard also aims to ensure that adequate instruments are utilized to carry out laboratory procedures. The standard 1.4.2.12 offers guidelines that should be adhered to when maintaining computer forensic laboratory equipment and/or instruments.
All instruments and/ equipment should be maintained in a way that promotes safe and valid analysis. All testing laboratories should be certified to operate upon meeting the requirements of the standard 1.4.2.13 that offers the framework for calibration of equipment and/instruments. Finally, the standard 2.11.4 aims to ensure that all technical personnel of a computer forensic laboratory pass a mandatory competency test before a laboratory could be certified (Easttom, 2014).
Laboratory components
There are 5 main categories of components that are used in computer forensic laboratories (Nelson et al., 2010; Easttom, 2014). First, computer forensic laboratories should have specific facilities that are utilized to ensure secure working environments.
The environments could be achieved by adopting controls that prevent unauthorized access to digital information stored in computer systems. Second, laboratory configuration is an essential component of computer forensic laboratories that aim to put in place the required furniture and furnishing.
The following examples of configuration components are common in many computer forensic laboratories: desktops, bookcases, evidence safe or locker, LAN and server stations, storage shelves, and forensic software. Third, the equipment used in a computer forensics laboratory may depend on the type of operating systems, storage capacities of computer hard disks, tape media, and the type of forensic investigation mainly conducted in a laboratory.
Fourth, the software components used in the laboratory could be designed locally or purchased from commercial software developers. These are crucial programs that are used in data capture and analysis, among other uses. Fifth, reference materials offer excellent resources that professionals refer to when in need. The resources provide relevant answers to questions with regard to digital evidence and procedures (Easttom, 2014).
Working conditions
Working conditions of personnel in computer forensic laboratories differ from one facility to another. Technicians are involved in collecting and analyzing digital evidence. They could either investigate crime in the field or in the laboratory (Nelson et al., 2010). In most cases, forensic science technicians spend a considerable amount of time writing reports in the laboratory.
Although computer forensic experts work during normal business hours, they could be called upon to investigate urgent crimes within their areas of jurisdiction outside normal working hours. Crime scene investigators and experts in computer forensics appear in court as expert witnesses who provide detailed and specialized evidence regarding computer-related crimes (Easttom, 2014).
Standard laboratory equipment
Standard computer forensic equipment is used to support standard procedures and conditions in the laboratories. The equipment makes it possible for many computers used within the context of digital evidence investigations to be used along similar methods on each occasion (Nelson et al., 2010).
A mobile forensic workstation is used to collect digital evidence in the field. The equipment is also utilized to analyze suspected computer data. The rapid imaging device is an essential device used to copy suspect hard drives found in computers used to commit crimes. The equipment copy and retain the integrity of the data found in the hard disks. Interceptor equipment supports wireless networks that support airborne communications.
The equipment captures crucial contents of airborne communications in static and mobile locations. This is important because computer forensic experts have adopted the use of wireless networks to gather, analyze and store computer evidence (Taylor, Haggerty, Gresty & Lamb, 2011). In addition, forensic workstations could be used in the laboratory for the analysis of data obtained from the laboratory (Nelson et al., 2010; Easttom, 2014).
Tools
Computer forensic investigations involve the use of specific tools used in the analysis of computer memory (Easttom, 2014). The analysis is important because it identifies digital evidence hidden in computer memory devices like hard disks. MemGator interrogates files in a computer in order to isolate crucial evidence.
It gives a report to an investigator who decides the value of the information obtained. Memoryze is used to obtain memory from Microsoft Windows-based computers. In addition, the tool analyzes live memory in a running computer. Computer forensic investigators use PTFinder to search a memory of a computer that uses a Windows operating system. It identifies important threads and processes that can be placed into a file for further analysis.
References
Easttom, C. (2014). System forensics, investigations, and response (2nd ed.). Burlington, MA; Jones and Bartlett Learning.
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. Stamford, CT: CengageBrain. com.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.
It is obvious that whenever cyber crimes are talked about, people immediately direct their minds to the financial sector of the economy. However, it is important to note that almost each sector uses computerized systems in its operations. Consequently, every sector of the economy is exposed to cyber criminals.
In recent times, the energy sector has been the target of cyber criminals (Egan, 2012). Unfortunately, the energy sector does not take into consideration the probability of cyber crimes when advancing its systems. Consequently, no proper mechanisms have been put in place to take care for these eventualities.
Industries in the energy sector have been computerizing their services at a very high rate. Therefore, internet has become a crucial ingredient in the operations of this sector. While the energy industries are working hard to streamline their activities with the current technology, criminals are also trying their level best to get access into these systems.
The energy sector is at risk because its industries usually have large number of sensors through which people can gain access to the system. On the same note, industries in the energy sector usually hire many third party contractors who are given access to the systems (Egan, 2012). Similarly, the energy sector heavily depends on basic information technology (IT) platforms and IP-based networks which can easily be hacked. Furthermore, security of the systems is not given much attention in the energy sector.
As it is now, the energy sector is not prepared to deal with cyber crimes. The systems are weak and it is easy for criminals to hack into them. About 30,000 work stations were affected when Saudi Aramco was attacked by a virus (Egan, 2012). The third parties that are given access to the systems cannot to be trusted.
Given the weakness of the systems, it is almost impossible for the industry to defend itself from these attacks (Clayton, 2013). In this regard, in the event that a cyber attack is launched against the energy sector, it is bound to have far reaching consequences. The effects of a cyber attack on the energy sector will be worse given the fact that the industry has a single corporate and operational system. Unfortunately, the computer system is very weak and can be brought to a halt any time.
In order to be safe, the energy industry will need to take several steps. To begin with, there is need to separate the corporate networks from the operational networks. This will not only reduce accessibility of the system, but will also minimize the effects in case an attack is launched.
On the same note, since the infrastructure required to put into place an up-to-date security systems is expensive, it will be beneficial for the firms in the industry to pull resources together (Casey, 2011). This will be cheaper than it would have been if each firm incurred the cost individually.
Moreover, the energy sector will have to come up with good and strong software to use for its security services instead of the basic platforms it uses. Furthermore, the firms in the energy sector need to focus on cyber crimes and invest enough resources in research of ways to counter it.
Additionally, industries in the sector will need to use different systems at different levels of production to ensure that an attack does not bring the entire system to a standstill (Casey, 2011). These industries should also have a department to deal with cyber security and employ specialists who will help in ensuring that their systems are safe.
References
Casey, E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. Waltham: Elsevier incorporation.
Cybersecurity refers to the application of technological processes with the aim of protecting networks and computers from attacks by unauthorized users (Kostopoulos 35). Effective eradication of cybersecurity requires application of information systems that enhance information security, disaster recovery of important data, network security, and education of end users. According to the government of the United States, cybersecurity is among the most serious economic and security challenges that the government needs to deal with.
Cyber crimes are widespread because of poor preparation and inefficient cybersecurity strategies. In order to protect and secure information and communications infrastructure, it is imperative to enhance cybersecurity. This requires the establishment of legislation to fight cyber crimes. Eradicating cyber crime is an important aspect of developing all the economic sectors because technology has been integrated into industries that are vital to the wellbeing of the economy (Kostopoulos 35). For instance, in order for businesses to improve their bottom line, they should fight cyber crime. The Department of Homeland Security (DHS) has done a lot towards improving cybersecurity and securing computer networks.
Provisions of a U.S. government cybersecurity law
One of the most important roles played by the U.S. government is the enhancement of cybersecurity through enactment of cybersecurity laws. Past efforts by lawmakers to pass cybersecurity bills has proved futile owing to resistance from civil rights groups and online privacy advocates (Theohary par. 2). Cybersecurity laws should have two main goals. First, to protect the national infrastructure and second, to enhance information sharing between the government and state departments, the government and various industries, and among internet users.
Such a law should include provisions that protect companies from any form of liability resulting from dissemination of protected information, and enhance sharing of information regarding potential cyber threats among businesses (Theohary par. 2). In addition, the law should contain provisions that facilitate the dissemination of any information that could enhance cybersecurity even though it is described as classified by security agencies.
A cybersecurity law should include provisions that authorize security departments to share threat reports with businesses and authorize all businesses to develop and implement cybersecurity enhancement programs (Amoroso 52). The law should also authorize security agencies to develop cyber-risk reduction frameworks that should be applied by all businesses based on the guidelines offered by the involved security agencies. In order to enhance the security of national infrastructure, the cyber security law should contain provisions that promote cooperation between federal and state governments, as well as private businesses and public departments. It is also important for such a law to include provisions to protect companies from liabilities whenever they give information to government agencies (Kostopoulos 43).
Privacy laws prevent the access and dissemination of certain information. Therefore, the cybersecurity law should include provisions to facilitate dissemination of information that is protected under privacy laws. One of the reasons that civil rights groups oppose enactment of a cybersecurity law is the financial costs and unfair regulation that the law will impose on businesses (Mazmanian par. 4). In order to eradicate such opposition, provisions to facilitate business funding by the federal government should be included (Amoroso 54).
The government should set aside a certain amount of money in its cybersecurity funding program in order to cover the expenses that could result from enactment of the cybersecurity law. Finally, a provision to enhance consumer privacy should be part of the law. Civil rights groups such as the Center for Democracy and Technology (CDT) and the Electronic Frontier Foundation (EFF) oppose enactment of a cybersecurity law because they claim that it would infringe on the privacy of consumers. In order to end such resistance, the cybersecurity law should include clauses that enhance and guarantee consumer privacy with regard to information sharing between businesses and security agencies (Mazmanian par. 6).
Another important provision to include in a cybersecurity law is a framework to facilitate information sharing between government and businesses. The federal government has numerous departments and agencies that fight cyber crime. Therefore, information about cyber threats should be shared with other industry players. Consumer security is an important factor to consider when passing a cybersecurity law. Many privacy advocates have opposed past efforts to pass cybersecurity legislation because of poor privacy provisions. A cybersecurity law should contain provisions that limit the government with regard to the use of information received from businesses (Amoroso 57). For instance, obtaining data from telecommunication companies without the consent of users has been criticized for violating consumer privacy laws. This has derailed efforts by security agencies to protect private entities from cyber attacks.
The role of U.S. government in cybersecurity
The government is responsible for fighting cyber crime. For that reason, it plays several key roles in enhancing cybersecurity. First, the government improves cybersecurity by enhancing counterintelligence capabilities and providing better security services through establishment and funding of security agencies (Andreasson 48). For instance, several government departments exist to fight cyber crime. These include the National Cybersecurity and Communications Integration Center (NCCIC), the United States Computer Emergency Readiness Team (US-CERT), the Industrial Control Systems Computer Emergency Response Team (ICS-CERT), and the Software Assurance Program.
They work together with business owners in order to enhance cybersecurity by fighting cyber crime. Other government departments that fight cyber crime include the Federal Bureau of investigation (FBI), the Federal Trade Commission, the Federal Communications Commission, and the Department of Commerce (Andreasson 58). These departments play different roles. For instance, the Department of Commerce offers guidelines regarding appropriate selection of information technology products. In addition, it organizes workshops and operates a computer security resource center. Second, the government creates awareness regarding network vulnerabilities by cooperating with state governments and private partners.
Individuals are taught how to act swiftly in order to reduce the extent and frequencies of network breaches. The Department of Homeland Security protects the country’s infrastructure against cyber attacks (Andreasson 41). The NCCIC serves as the center from which all cybersecurity matters are coordinated and integrated into the national cybersecurity system (The White house par. 6). The centre works together with state governments, security agencies, the federal government, and international agencies that fight cyber crime. In addition, it creates awareness with regard to vulnerabilities of networks, ways of implementing recovery strategies, ways of reporting incidents, and methods of preventing cyber attacks (The White house par. 6).
ICS- CERT collaborates with private entities in strengthening and coordinating cybersecurity initiatives. The Computer Emergency Readiness Team offers guidelines and strategies to end users regarding the improvement of cybersecurity (Andreasson 56). Third, the government enhances cybersecurity by funding cyber education and research undertakings that study and develop effective ways of fighting cyber crime. This involves creating strategies that aim to discourage malicious activities and operations in cyberspace. In 2010, the government set aside more than $13 billion to improve cybersecurity.
Fourth, the government enacts legislation to counter cyber crime. Fifth, it coordinates the activities of different players whose main goal is to enhance cybersecurity. In 2008, George W. Bush launched the Comprehensive National Cybersecurity Initiative (CNCI) that was aimed at improving cybersecurity (The White house par. 7). In 2009, President Obama ratified the recommendations of a commission constituted to develop strategies and offer recommendations regarding the improvement of cybersecurity. The Cyberspace Policy Review culminated in several recommendations that included the formation of an executive branch whose role was to coordinate all the activities of government agencies and private entities involved in fighting cyber crime.
Conclusion
Cyber crime is one of the challenges facing the U.S. government. In order to eradicate it, the government funds and oversees the activities of several security agencies and departments that improve cybersecurity. For example, the Department of Homeland Security plays the role of protecting the country’s infrastructure against cyber attacks. government departments that enhance cybersecurity include the National Cybersecurity and Communications Integration Center (NCCIC), the United States Computer Emergency Readiness Team (US-CERT), the Industrial Control Systems Computer Emergency Response Team (ICS-CERT), and the Software Assurance Program.
Past efforts to pass cybersecurity legislation have been futile because of opposition from civil rights activities and privacy advocates. They argue that such laws would infringe on the privacy of consumers and internet users. In order to eradicate such opposition, cybersecurity legislation should contain several provisions that protect the privacy of consumers. Other important provisions include provisions that authorize security departments to share threat reports with businesses and authorize all businesses to develop and implement cybersecurity enhancement programs. Effective eradication of cybercrimes will involve cooperation between the government and other stakeholders such as end users, businesses, and private entities. Enhancement of cybersecurity is important because cyber crimes have severe consequences on the nation’s economy.
Works Cited
Amoroso, Edward. Cyber Security. New York: Silicon Press, 2007. Print.
Andreasson, Kim. Cybersecurity: Public Sector Threats and Responses. New York: CRC Press, 2012. Print.
Kostopoulos, George. Cyberspace and Cybersecurity. New York: CRC Press, 2012. Print.
Mazmanian, Adam. Lawmakers: Leaks Slowed Cybersecurity Legislation. 2013. Web.
Theohary, Catherine. Cybersecurity: Current Legislation, Executive Branch Initiatives, and Options for Congress. New York: Diane Publishing, 2010. Print.
The White house: The Comprehensive National Cybersecurity Initiative. Web.
Within the last decade, computer forensics has solved so many cases that if it was not for this technology the situation would have been worse. This has been mainly enhanced by the ability of computer and digital devices to store data (Goode, 2009). Luckily, these are the same gadgets that criminals use to perpetrate their crimes and therefore it has been become easier to trace criminal activities through digital platforms. For these reasons, computer forensics has become one of the most used tools of investigation. However, it faces numerous challenges especially the aspect of privacy and the right to private information.
Challenges and opportunities
Computer forensics can benefit greatly from the current digital developments. This includes the use of GPS devices in vehicles and the use of Smartphones. With the numerous use of electronic gadgets such, computers, cameras, gaming devices and music players that contain storage media is a sign of a good opportunity for computer forensics to develop. However, the major challenge faced by the police and computer forensics department is that information on forensics countermeasures is found easily and freely online. This has greatly affected the success of computer forensics and it is the main drawback in this area.
In addition to avoiding forensics specifications, forensics counter software also can hide terrorists’ activities form the authorities’ surveillance. Nonetheless, coming up with new techniques in computer forensics has positively and negatively affected the world at large. The world is now safer due to the increasing usage of computer forensics in court cases. In essence, the use of computer forensics has enhanced the justice system by ensuring that culprits and perpetrators of criminal activities are brought to book.
Due to the increasing use of computer forensics, more criminals are being convicted from the evidences gathers from digitals gadgets. Currently, the use of conventional telephones and the use of letters as a mode of communication have become obsolete. Modern criminals are using highly sophisticated communication gadgets and this is a great opportunity for computer forensics. Most of the modern equipment used today in communication have the storage media capability. Most of the communication electronics today have a camera and a recording system and their connectivity is linked through centralized networks.
This means that forensics teams are capable of accessing such data as evidence before a court of law. However, even with the expansive surveillance resources, there is yet another major drawback for the forensics department. Most of the internet service providers have very limited data retention periods. A data retention period is the timeline that specific data has before it is permanently deleted to create more room for newer information. With the limited data reinvention periods, some vital information can be lost or inaccessible.
This is a major drawback for the forensic department because it can affective or inhibits evidence. Unfortunately, this cannot be changed since some of the data stored consumes a lot of pace. For example, CCTV in the streets and around the cities collects data all day for months. After some time, the data collected may be deleted from the servers to create more room for recent recordings.
Improving Computer forensics
Data storage capabilities
One of the most effective ways of improving forensics includes enhancing and increasing data storage capabilities (Taylor, Fritsch, & Liederbach, 2014). As noted earlier, forensics is facing a challenge due to the limited time of storage or rather the retention period. As data keeps on being removed from the database, it becomes very difficult for the investigators to follow leads and to prove the occurrence of a crime. Some of the criminal activities are purely arranged and planned using the internet. To stop such crimes, the computer forensics needs to monitor the flow of information from one terrorist to another for some time. This is considering some of these attacks have been planned for some time. With the lost data over such long periods, computer forensic evidence may not be sufficient to prove a felony.
Partnership between forensics and the state
Computer forensics cannot work sufficiently without the cooperation of the state/government. For computer forensics to succeed, there must be a substantive and sustainable program to govern and enhance a strategic alliance between the stakeholders. A good example of a working agency partnership is the Indiana state police’s partnership with the Purdue University Department of Computer and Information a technology (Goode, 2009). This is not the only interagency collaborative program that the Indiana state police have engaged in. The police also have a partnership program with the National White Collar Crime Center (Goode, 2009).
These partnerships have been developed to pursue one agenda which is to hare unique skills and attributes to enhance computer forensics. Computer forensics is mostly very useful in financial crimes. This is why the NW3C is important in this process. The NW3C is a federally funded organization that is responsible for training the police on matters involving financial crimes (Goode, 2009). The organization has been very useful in training the police on computer forensics relevant to the banking industry and financial markets.
It has also been very instrumental in training the police on various cybercrime investigations (Goode, 2009). Since this is a partnership based on mutual benefits, the police have to return the favor to the organization for the training received. Therefore, as a way of showing its appreciation, the police provide subject matter experts with the platform to experience the real-world situation in crime (Goode, 2009). This gives the organization the advantage of tasting their developed courses to see their effectiveness (Goode, 2009).
Ultimately, the organization gets a platform to practice and utilize their developed forensic skills. Students at the Purdue University IT department are also benefiting from this partnership by getting access to the practitioners in this field. In return, the school offers its best brains in research and the digital forensic field. With the highly intelligent students and researchers from Purdue, the Indiana state police have been able to develop one of the most effective forensic networks in the world.
The concept of Bring Your Device
In recent developments, the concept of Bring Your Device has been increasingly utilized in many organizations. BOYD is a special concept that allows employees to use their electronic gadgets to access classified and privileged company information (Sridhar & Govindarasu, 2014). There are several challenges that the adoption of this concept experiences. Supporters of this concept argue that the ability for workers to perform their duties from any location is good for business.
While such flexibility may be advantageous, there are also several risks involved. One of the fundamental risks that the BOYD concept exposes companies and organizations is the fact that sensitive company information can easily fall into the wrong hands (Sridhar & Govindarasu, 2014). When employees are allowed to access the company’s database using their gadgets, such information can easily be accessed by an authorized person. Devices such as phones, tablets, laptops among others can be stolen and the information stored in them accessed.
This can put the company at greater risk. BOYD can result in a massive and dangerous data breach hence compromising data security (Sridhar & Govindarasu, 2014). Another way that the company risks a data security breach is when an employee who was using his or her gadget to access the company data leaves the organization. When they do so, they leave with their gadgets and the company’s data they had stored in their devices. This also can create a very serious data security breach.
Dealing with digital threats created by the BOYD concept
Dealing with digital threats resulting from BOYD CONCEPT the ICT departments need to be on high alert. In every organization today, ICT has been significantly incorporated in the daily organizational functions. In a situation where a fired or an ex-employee is using a password-cracker to gain access to restricted information in an organization, an appropriate measure must be taken to secure the incident. To secure the scene, one requires software like Log2timelieme (Taylor et al., 2011). This software is used to identify the timelines from system logins.
However, for this particular occurrence, an incident response software is the most appropriate to address the issues. Volatility is one of the best software available for such a function. The software is designed to address incidences and malware analysis and it allows the investigator to extract digital artifacts from RAM dumps (Chung, Park, Lee & Kang, 2012). This software allows one to extract information from the current running process and also from the cached registry hive, process IDs among another process (Chung et al., 2012).
Steps in dealing with the situation
The initial steps to follow when investigating a digital crime scene involve obtaining authorization to search and seize the facilities used by the suspected perpetrator. After gaining authorization from the organization management, the next step to secure the area of or the crime scene would be the most prudent action. This helps to avoid an instance where colluding colleagues can tamper with the evidence to influence a favorable forensic outcome. The entire items that were seized during the investigations must be documented and recorded and if any transportation of the confiscated equipment and evidence is to be made, safety should be a priority. Acquiring the evidence from the equipment should be done using forensically acceptable methods.
After the evidence is acquired, the forensic images should be used to analyze the data and come up with interpretations based on the collected facts (Garfinkel, 2010). Presenting the analysis and findings of the investigation must be simplified even though complex methods of analysis have been used. The results must be presented in simple easy to understand language and in a written report. The evidence is thereafter presented in a courtroom under an affidavit.
Extracting evidence with the volatility software
First, one needs to identify a folder or folders he or she needs to investigate. After identifying the folders, one only needs to place the Volatility-2.1 standalone.exe and open a command prompt window (Garfinkel, 2010). From this window, one needs to click on the executable file and type the name of the software, the plugging name, and the profile name. The plugging name is the name of the file the investigator wants to extract information from. The software does the rest automatically.
Admissibility
To enhance the admissibility of evidence, the original copies of the collected evidence should be copied. The collected evidence must be authenticated through an electronic process to prove that the said crime and presented evidences are genuine (Goode, 2009). The evidence must meet the relevance threshold to be admissible in a court of law. In addition to this, an affidavit is required to hold the investigator directly responsible for the evidence provided. Evidence provided must be extracted from the gathered information and not from outside sources (Goode, 2009). These are some of the highest steps that should be taken to ensure that the investigation is legitimately carried out in all fairness to both the defendant and the plaintiff.
System upgrading plan
In every organization, system evaluation is very important for the success of the company. In the banking industry, security checks a regularly required to ensure the bank has the latest system to enhance its security. The growth of ICT has further increased the necessity of systems evaluation on a regular timeframe to enhance security. This paper seeks to discuss the different evaluation strategies for a bank, appropriate monitoring of the system’s progress and evaluation of success and failure methods.
Systems evaluation strategies
Test and evaluation is vital before an upgrade is carried out in any organization. This enables the company to evaluate the present system and identify the loopholes therein. With this knowledge, appropriate measures can be taken in the upgrading procedures. The system evaluation strategies involve testing the bank’s vulnerability in terms of outside infiltration. This requires the bank’s IT department to try and hack their systems to see whether it is possible to steal data from outside (Ammenwerth, Brender, Nykänen, Prokosch, Rigby & Talmon, 2009). Using the system’s protocols, the IT personnel can try to create overrides to determine the vulnerability of the bank’s system.
What evaluation methods could be used?
To evaluate a system may also require the administration to authorize an operation that aims at bringing out the risks of that are unforeseen in a system. Appropriate strategies include a call by value, partial evolution and applicative order (Ammenwerth et al., 2009). In banking, speed is very important and so is accuracy. Upgrading requires the IT department to identify the issues raised about the current computers. Banks require high-speed computers and enough memory for data storage. If the company’s needs are not effectively met by the current desktops, then the most product auction would be to upgrade to higher performance desktops.
Monitor progress and methods of evaluation of success/failure will you use?
To monitor the progress of a network system in a bank requires time and patience. One cannot determine the extent of a failure in a system if the system is not put in use for long enough for these issues to begin arising (Ammenwerth et al., 2009). Therefore, monitoring a system has to be a gradual process aimed at identifying the underlying issues and risks that a system may expose the bank to. Monitoring the performance of the computers, the software installed and the servers to see determine whether they match or compete with the recent technologies in the market. The method of evaluation appropriate in determining the failure or success of the systems would be the call-by-value strategy (Ammenwerth et al., 2009).
Recommendations
As a group we recommend a complete overhaul of the entire analog system to be replaced with new technologies. High-speed desktop no less than a dual-core and new installation of modern servers to support the company’s network data should be reconstructed. For efficient services to clients, the bank must enhance its banking service through other platforms such as social media, mobile banking, and online banking.
Such improvement requires very sophisticated data control systems to ensure they are secure. ICT is a major component in the banking industry and the sooner banks adopt the trends the better for business. This paper has critically analyzed the process involved in upgrading a system in a bank. System evaluation processes have been outlined in the paper as well as strategies for monitoring progress in the systems.
Understanding the risk assessment methodologies and its applications is important in that it makes one able to create a more secure computing environment. However one of the challenges is that professionals in information face difficulty due to the fast rate of change in technology. Various tools are used for risk assessment. A good one is the Operationally Critical Threat Asset and Vulnerability Evaluation (Sridhar & Govindarasu, 2014). This helps organizations protected from information security risks. Although OCTAVE is workshop based and not tool-based.
Threat Modeling is in simpler terms a procedure which is used to optimize network security. It does this by checking for vulnerabilities and counters the mechanisms of the vulnerabilities or threats to the system. In this case, a threat is a malicious act that is directly harmful and can cause damage to your system. The point here is to go through the whole system and find where the most effort should be applied or the riskiest area which should be taken care of first to keep the system safe and secure. The technique it uses is it changes with the change in the development of new factors.
Risk assessment is being able to control and manage the potential risks or dangers and taking the necessary steps to make sure they are managed and well taken care of. In other words, it’s the act of controlling the risks and potential dangers. Risk assessment is important in that it protects various aspects of an organization such as its assets. The most important thing to consider in risk assessment is identifying the potential dangers. Risk assessment entails various processes such as qualitative and quantitative risk assessment (Sokolov, Mesropyan & Chulok, 2014). Octave consists of phases and each phase contains several processes. For example phase, one contains processes such as identifying senior management knowledge and creating threat profiles. Phase 2 consists of identifying key components and evaluating selected components.
References
Ammenwerth, E., Brender, J., Nykänen, P., Prokosch, H. U., Rigby, M., & Talmon, J. (2009). Visions and strategies to improve evaluation of health information systems: Reflections and lessons based on the HIS-EVAL workshop in Innsbruck. International journal of medical informatics, 73(6), 479-491.
Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital forensic investigation of cloud storage services. Digital investigation, 9(2), 81-95.
Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7(1), 64-73.
Goode, S. (2009). Admissibility of Electronic Evidence. Rev. Litig, 29(1), 134-138.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2014). Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model. Journal of Information Security, 6(01), 24.
Sokolov, A., Mesropyan, V., & Chulok, A. (2014). Supply chain cyber security: A Russian outlook. Technovation, 34(7), 389-391.
Sridhar, S., & Govindarasu, M. (2014). Model-based attack detection and mitigation for automatic generation control. Smart Grid, IEEE Transactions on, 5(2), 580-591.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 1(3), 4-10.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. New York, NY: Prentice Hall Press.
Usha, M. (2014). A Study on Forensic Challenges in Cloud Computing Environments. Journal of NanoScience and Nanotechnology, 2(1), 291-295.
Information privacy is the privacy of personal information within organizations, and their attempts to define content of information stored on computer systems that third party can also access. Data masking, encryption, and authentication are some of the ways of protecting data from the public so that only authorized personnel can access such information (Rouse, 2013).
Organizations always use this aspect of information technology (IT) to increase confidentiality within the management in order to reduce vulnerability and exposure of their systems to unauthorized segment. Information on finance, medical data, criminal records, and business information are some of the personal data that require continuous privacy.
The United States, for instance, has different legislations on data privacy that deal with specific sectors given the different needs that emanate from them. Data usage by unauthorized persons is illegal in most parts of the globe. Therefore, concerned parties must come up with relevant protective measures to address the possibilities of such pieces of information of finding their way on the wrong hands.
Patients’ records are essential in managing health facilities by ensuring that they offer quality services to the clients. For instance, a patient’s medical history is essential in determining the types of medication to administer to the patient. Such data remain confidential, and should only be used for treatment purposes only. As a way of preventing information leakage, which may result in stigma to a patient, the management must ensure that pieces of information on all patients are kept securely to maintain confidentiality.
The US has the Health Insurance Portability and Accountability Act (HIPPA) that ensures that patients’ data remain accessible only to the authorized segment of the staff. HIPAA uses electronic data interchange to give patients’ information unique identifiers that the unauthorized group cannot interpret. Users are given privileges under strict laws to access all medical records, and, at the same time, have to maintain data integrity and confidentiality on information that may lead to identification of a patient (Rouse, 2013).
Websites also have confidentiality policies that guide their service provision. Some organizations have put tracking measures in place to identify those accessing their websites for security purposes. For example, when one accesses such sites, the computer stores cookies automatically. This move prevents hacking of information by third parties as the organizations can trace all their users.
This issue of cyber security has been contentious, with opponents arguing that it is against the privacy policy to allow organizations to track their users through cookies. However, proponents hold that even though the move infringes on the privacy of the public, it has impressive impacts on guarding the security of organizations. That is, loss of data by an organization has great impacts on society as compared to tracking individuals.
The US citizens use cyberspace to travel, power their homes, communicate, provide essential government services, and run their economy. The overreliance on the network has posed serious attacks thus causing more information vulnerability. Organizations should work towards limiting data breaches that may arise from information hacking. Using password-protected data is one way of improving the security of online data (Zhan, 2009).
Markedly, choice of passwords is key in limiting data loss. In cybercrimes, one does not need to break into a physical property to steal information or use force to access the materials. For example, bank frauds have been on the rise with the coming of this new technology.
In addition, cases of information confidentiality is worrying, as other internet savvy people can access such information, a recent example is the Wikileaks. These cases prompted US to pass legislations that could help in eradicating this menace. Since many departments and organizations use this modern technology, fighting the vices is a shared responsibility (Raab & Mason, 2002).
The private and public sectors are collaborating to create awareness on cyber security among the internet users. With the high rates of cybercrimes, financial institutions, for instance, have to use complex mechanisms to enhance the security of their data, as fraudsters can easily transfer funds through the online platform to their accounts. In this aspect, the browsing history of users is significant in enhancing information security for the benefit of both the users and website owners.
Internet security has made most users to maintain anonymity while online. A study by Pew Research Institute revealed that 86% of Americans prefer being anonymous to keep their data private (Gorodyansky, 2013). They protect their IP addresses, encrypt emails, and delete cookies frequently from their computers. Information privacy remains a controversial issue in the US given the recent phone-tapping move by the federal government.
The government has also gained access to emails of prominent personalities as a way of enhancing the overall security of the country. Instances of terrorist attacks similar to the 9/11 that led to loss of lives and destruction of properties have been common with the manufacture of nuclear weapons by some Middle East Nations. In security line, the US can breach the information security policy in order to enhance the safety of its citizens and the entire world.
Recent statistics compiled by leading news agencies, the Federal Bureau of Investigation, and the U.S. Department of Justice revealed disconcerting facts about online predators. For example, it was discovered that in a survey of young Internet users – between the ages of 10 and 17 – one in five reported they had “receive unwanted sexual solicitations online” (ABC News, 2015, p.1). Also, at least 4,000 cases were reported to authorities in which online predators utilized chat rooms to prey on minors.
However, the most disturbing insight regarding this revelation is the realization that the number of victims is much higher, because in this type of cyber crime, related incidents are not reported to the police. To win the battle against online predators it is important to craft laws that were created by people with a thorough understanding of how perpetrators utilize information systems and the Internet to commit sexually-related cyber crimes.
Information Systems
Ignorance regarding the technical nature of information systems and the Internet will only result in the creation of laws hampered by loopholes and weaknesses that are easily exploited by online predators. It is important to point out that a typical information system is comprised of “a set of interrelated components that collect, manipulate, store, and disseminate data and information and provide a feedback mechanism to meet an objective” (Stair & Reynolds, 2014). In simpler terms, gaming chatrooms, Google, Facebook, Instagram and other variations of social media sites are good examples of information systems.
The existence of an appropriate information system or IS enables people to share information and transmit messages. If a particular IS combines its attributes with the Internet, the applications are countless. More importantly, people can communicate with voice messages, share personal information in a cost-efficient manner. Also, distance is no longer a limiting factor, because digital information travels at the speed of light (Stair & Reynolds, 2014).
It is imperative to point out that social media sites and gaming chatrooms enable people to communicate without the need for a face-to-face interaction. Communication is possible even without uttering a single word, because the system enables the transmission of text messages or an SMS-type of sending greetings, ideas, or personal information.
It is possible to access social media sites and gaming chatrooms from anywhere in the world as long as an Internet connection is available. Since face-to-face interaction
is not required in a typical communication process people can pretend to be someone they are not. Thus, online predators have a convenient way to lure their targets. Before the advent of the Internet, Facebook, chatrooms, Vine, and Instagram, sex offenders frequent parks and school premises to select targets. However, in the present time, they can victimize children and teenagers without the need to share the same physical space. Safeguarding children and minors from online predators became a more difficult challenge when mobile devices and game consoles allowed users to communicate with one another via the Internet.
The Law
Most parents and guardians are unaware that game consoles and mobile devices enable children and minors to communicate with strangers. They are unaware about the fact that sex offenders are patient and determined in their desire to gain the confidence of their victims. It imperative to ratify laws that will make it more difficult for online predators to communicate with their prospective targets.
It is not an easy task to legislate a legal framework that will prevent sex offenders and unscrupulous individuals from using the Internet. Two major factors severely limit law enforcement agencies from preventing the activities and apprehending online predators. First, policymakers do not have a clear understanding of how information systems work. Second, sexual offenders and online predators’ freedom of expression and other related rights are protected under the law.
The impact of these twin factors was manifested in a state legislature, when New York Governor David Paterson signed into law the Electronic Security and Targeting of Online Predators Act or e-Stop in May of 2008 (Saleh, Grudzinskas, & Judge, 2014). In this piece of legislature, the State of New York compels sex offenders to register all of their Internet accounts and other Internet-related identifiers with New York’s Division of Criminal Justice Services (Saleh, Grudzinskas, & Judge, 2014).
As a result, the DCJS has the power to release the said information to various online services providers and social media sites to prevent them from using the site’s services. Also, the law compels the said online service providers to notify law enforcement agencies if a sex offender violated the said terms of use. Finally, level 3 sex offenders are not allowed to use the Internet (Saleh, Grudzinskas, & Judge, 2014).
There are two problematic areas in the said law. First, it seems like lawmakers have no clear understanding of how an IS or an Internet works. It is relatively easy for sex offenders to change Internet accounts, email accounts and other forms of Internet identifiers. Second, the law violated the rights of the individuals to communicate and express their opinion (New York Civil Liberties Union, 2016).
More importantly, the law severely limits the income-generating capability of certain individuals. Lawmakers must realize that the Internet and social media sites are no longer restricted to a few activities. In the present time, the Internet and social media sites are critical information highways that enable people to increase their capability to find jobs and to increase their earning potential. It is not fair to deny people this right and privilege. To defeat online predators, parents, guardians, and teachers must not only rely on the work of legislators. In this context, the best defense is the best offense, because they need to work together and educate children regarding the potential threats that emanate from the unsupervised use of the Internet and social media sites.
Conclusion
Sex offenders and online predators found a way to exploit the far-reaching capability of information systems when it comes to drawing people closer in a virtual environment. Ease of communication, cost-efficiency, and other positive attributes makes it easier for unscrupulous people to use social media sites and gaming chatrooms for nefarious reasons. The problem is not in the absence of potent laws, but it is the need to balance the need to protect children and minors and the need to honor people’s constitutional rights. Also, tougher laws are useless against people with criminal intent, because the nature of the Internet and social media sites enable them to change their identities as a chameleon changes its colors. It is best to solve the problem from another angle, and that is to increase the involvement of parents, guardians, and teachers in monitoring the online activities of children and minors under their care.
Cybersecurity is focused on computer systems that is why the representatives of the general population rarely associate it with the automotive industry. However, the connected car was not a part of sci-fi for a long, and it is offered by 15 brands already (Francisco, 2014). Many people can experience the advantages provided by in-car infotainment systems today. With the help of Wi-Fi and Bluetooth-enabled devices, drivers can use additional functions and adapt the environment around them to their needs (Griffor, 2016). Cybersecurity in the automotive industry also deals with connected parking and after-market services, etc. Thus, it must ensure privacy and security. Not so long ago, it was revealed that hacker groups attacked smartphones, which influenced the connected car (Francisco, 2014). These issues attracted the attention of professionals and made them reconsider the extent of cybersecurity threats.
Threat Assessment
The Vehicle Software
Explanation
The infotainment system represents the main set of computer systems that can be found in the vehicle. It gathers both hardware and software, which means that different security approaches are to be addressed. This system has a low barrier to entry, which makes it vulnerable to attacks. Users have an opportunity to download and install software themselves, gathering it from those websites that do not guarantee a high-quality product.
Risk
Cars tend to have a lot of sensors that make them more vulnerable. The attack surface increases, which makes it easier for hackers to find a gap in security. In addition to that, the software installed by the owner may contain an electronic threat, alter sensitive data, affect the productivity of the system negatively or even remove some significant for proper operation software.
Recommendation
With the help of a trusted secure boot, professionals can ensure that their clients’ software that is already installed is good enough and does not require any changes. It is better to partition operating systems so that if hackers affect one of them, others remain secure. If some updates are needed with time, it is significant to make sure that owners can use virtualization and software containers. In this way, they can alter individual functions and do not implement changes in the whole system. It may also be beneficial to make it impossible for the owners to add/delete the software. However, the possibility to develop some kind of assessment tool for new software seems to be more advantageous because it will not deprive the owners of their privileges but will still ensure security. Authentication is used to make sure that a car is used by its owner but not by some other person. It gathers one’s individual information and provides access on its basis. A physical key that is still often used in the automotive industry cannot provide such benefits, which proves the value of this alternative.
Network Security
Explanation
The majority of hackers who have experience of exploiting desktop systems have no difficulties with targeting the automotive industry focusing on its software. That is why it is often given the greatest priority. A vehicle can be affected through Wi-Fi and Bluetooth connectivity, which means that the attack can be maintained from a distance. It is significant to ensure the security of this system because it focuses not only on the audio and video entertainment but also allows to control navigation system and manipulate the behavior of the car. Hackers do not even need to get close to a vehicle if they want to move wheels, for instance.
Risk
The Internet attacks are currently treated as something ordinary so that the representatives of the general public do not consider them to be very critical. The usage of unsecured legacy protocols can affect the integrity and authenticity of data. Among the main vulnerabilities in the implementation of Bluetooth technology. With its help, a car can be aligned with a smartphone, which is a great advantage for the owner because it simplifies the usage of network systems. However, the device used for the connection can belong to a hacker as well. To minimalize this issue, the majority of companies that operate in the automotive industry use the CANbus network, which is focused on the behavior of a car. However, it fails to provide total security, making it possible for hackers to manipulate a vehicle and threaten people’s lives (Francisco, 2014).
Recommendation
Organizations should maintain monitoring of the behavior of a car. It will be advantageous to implement anomaly detection. In this way, it will be possible to see if a car was approached by a hacker. In addition to that, updated models of network encryption should be used because they are likely to protect the data that is critical for the safety of clients. Device authentication should be maintained because it ensures that a vehicle is approached by its owner. It can be beneficial to restrict network communications. Defining preferred behavior, a client will be able to see if something unusual happened.
The Vehicle Hardware
Explanation
Companies must ensure that the vehicle hardware is well-protected. The way the software operates depends greatly on the condition of hardware and its security. Hackers can obtain access to a vehicle and damage seatbelts or airbags. In addition to that, they can affect the engine firewall.
Risk
Some hardware components have no built-in security features, which means that it can be easily accessed by hackers (Auto Alliance, 2017). If the auto control system is not isolated, it can be approached through other systems. What is more, hackers can affect communications-based functions like navigation and satellite radio.
Recommendations
Focus on boot and software attestation can prevent unauthorized changes and invalid files from influencing client security. It requires the digital signature and product keys that cannot be easily hacked. The usage of the trusted prosecutor module can be advantageous in this perspective because it identifies a proper code and arrests other attempts to get into the system. Tamper protection also focuses on intellectual property. It allows professionals to avoid reverse engineering. It is possible to use Intel Enhanced Privacy ID technology that ensures client anonymity (Intel Security, 2016).
Cloud Security
Explanation
The majority of hackers are ready to deal with basic security when they start working. However, they are not ready to deal with additional security services, which can help to identify and correct those threats that are waiting for a vehicle.
Risk
Lack of collaboration between the stakeholders and poor maintenance of additional support services can lead to the disclosure of critical information and the possibility of obtaining hacked software updates (AUTO-ISAC, 2016). When vulnerabilities are discovered with time, the recall may be needed which can be extremely expensive for the organization.
Recommendation
It is significant to ensure the possibility of remote monitoring and updates, etc. The cloud should be approached with the help of an authenticated channel. The stakeholders should develop proper collaboration so that they can quickly share the information, respond to attacks, and prevent their repetition. The possibility of over-the-air updates should be ensured because it allows reducing expenditures needed to fix the product (CybeRisk, 2016).
Conclusion
Thus, it can be claimed that the current automotive industry is tightly connected with computer systems so that its cybersecurity is to be ensured. Vulnerabilities of connected cars can be found when focusing on their hardware and software systems as well as on network and cloud security. This issue occurs because the infotainment system that is implemented in a vehicle has much in common with desktop systems that are already thoroughly explored by hackers. The majority of risks come from the network system because it deals with the connection of cars to other devices. However, the significance of other weaknesses cannot be neglected. Professionals who operate in the automotive industry should think of the best practices that can help them to prevent hacker attacks or at least respond to them properly. In this way, both clients and companies will be protected.
References
Auto Alliance. (2017). Cybersecurity. Web.
AUTO-ISAC. (2016). Automotive cybersecurity best practices. Web.
CybeRisk. (2016). Automotive cybersecurity – vulnerabilities, challenges, industry response. Web.
Griffor, E. (2016). Handbook of system safety and security. Amsterdam, Netherlands: Elsevier.
Hacking is a well-organized system used by criminals to obtain information from various individuals and corporation. This information may concern the financial status and transactions of the targeted groups. Hacker uses well designed software which enables them to break passwords and upload the information into there database.
The information is fed to the main web site that’s runs the hacking software, where the information is sorted according to various numbers. The videos showing the process of hacking on YouTube exacerbates the activities of this form of crime. This is because the groups can be able to learn the process of hacking through YouTube and what they only need is to buy the hacking software.
Hacking videos explaining the process of unlocking and breaking passwords of various login accounts of individuals can be used as indicators that online services are not the best form of communicating and storage of vital information and performing some transactions especially those involving sending and receiving money.
The videos explains step- by- step on how one can login into someone’s account and get access to his or/her information. Most people do live their personal information in the internet which attracts the criminals as they are very much interested with this information so that they can be able to know all the transactions of their victims.
It is important for every individual using internet to be very careful with any information he or she gives out. He/she should ensure that the site visited is secure and cannot expose any information to un-authorized person.
A person using internet transactions such as the use of credit cards and visa card should ensure that the service providers have a tight security which cannot be easily accessed by hackers. This means that any transactions involving the use of electronic money transfer should be carried out in a secure site with strong security codes.
The corporate companies are the most affected by the hacking affairs. They should be aware of this type of videos. The videos should raise an alarm to the corporations and trigger them to device safer ways of storing their information and internet security should be enhanced to reduce any link or loopholes which can be used by hackers to get access to the company’s database and extract the vital information.
Internet Explorer browser is widely used by most of the internet users, but hackers prefer to use Chrome and Firefox browsers as these are more advanced and faster compared to the internet Explorer. When using Firefox, the hacker can be able to interlink various sites at the same time and operate with swift speed.
These give the hacker an advantage over the person using Explorer. The hackers need to gather a lot of information in order to have a good history of his victim, thus he must be more advanced than his victim at any time.
The number of individual and corporate affected by hacking is alarming and is increasing day by day. Over millions incidents are reported daily concerning hacking, about 120 users of Sony Europe web site have lost their information as a result of hacking within the last 24 hours.
This number is too high indicating that most people are still falling in the trap of the hackers every day. Corporate entities are the most affected as they lose a lot of data relating to their customers and employee. Millions of money is lost every day as a result of hacking.
The organizations and individuals should take much precaution to the information given out through internet. The corporate should educate its costumer on how to use the internet without living any loopholes which can be used by the hacker to find the information concerning the individual or the company.
The cooperation should ensure that the people who get access to the corporate data system are not outsider, but are persons authorized by the company providing the internet services. This will reduce the risk of linking the corporate information to unauthorized person who can later expose it to the hackers.
Corporate should be aware that the videos shown by YouTube and other online services can easily enable any person to become a hacker and thus they should be very careful with people who get access to their database and administration computers that are used to supply other computers with internet. Only authorized person should have access to the main computer.
First, clouds are considered vulnerable due to unscrupulous acquisition of intellectual property and loss of crucial data. A cloud is used by several organizations to store sensitive data. An estimated 21 percent of all cloud-based file sharing systems are deemed to contain sensitive information. In some instances, the crucial data in the clouds comprise of materials that have been marked as intellectual property (Gupta, 2013). Hence, the sensitive data can be easily accessed by cyber criminals in the event that the cloud service is breached by users. In addition, a number of services may pose serious risks when intellectual property rules and regulations are not honored.
Second, poor regulatory actions and compliance violations may potentially make clouds vulnerable in organizations. It is obvious that regulatory control of company data is a common practice by most organizations today. In other words, organizations should understand where their sensitive data are stored (Subashini & Kavitha, 2011). Other aspects that must be clearly known include how a company’s information is being safeguarded and individuals who can access the same data. However, these tenets are often violated. As a result, several companies find themselves in non-compliance states. Such violations can culminate into gross security repercussions.
Moreover, organizations are highly likely to lose control of cloud-based users who eventually consume the stored data. In most cases, organizations do not have any track record of those utilizing their data and hence, the unregulated end user actions may also pose unknown threats. Other vulnerabilities of clouds include malware infections and contractual breaches.
Providers of cloud-based services offer a number of unique services that have never been experienced in conventional computing (Whitman & Mattord, 2011). For instance, on-demand self-service is a distinct concept offered by cloud providers. No human interaction is required for a consumer to interact with the system. Network storage and server time can be accessed by a consumer without necessarily requiring the services of a second or third party since the system is fully automated. Unlike traditional computing platform, cloud-based system offers a broad access to network.
Client platforms that are either thick or thin can also be used alongside standard mechanisms to enhance strong network capabilities (Eastton & Taylor, 2011). Furthermore, cloud providers can manage resource pooling whereby a multi-tenant model may be used to serve multiple consumers. Better still, cloud-based systems are known to offer rapid elasticity.
Nonetheless, cyber security is challenged when offering these services largely due to poor control of end users of information stored in the clouds. For example, cloud providers can hardly be in a position to control who access and share stored files. Hence, the swift and efficient cloud services also accelerate the pace at which cyber criminals execute their activities.
Copyright owners are negatively affected by some of the activities that take place in the clouds. Software copies are randomly uploaded, shared and downloaded by cloud users. While the latter are the expected activities that take place in the clouds, owners’ copyright rights are usually violated since most users do not seek permission. In an ideal case, the permission to upload, share and download software products should be granted by the copyrighted owners.
However, it rarely happens. Violating access limitations jeopardize the authenticity of cloud providers who are at the same time required to safeguard or protect copyrighted materials (Determann, 2014). Due to such challenges, novel technologies are being deployed by cloud providers. Apart from just avoiding copyright infringement, these technologies are geared towards developing different models of copyrighted materials. Hence, cloud providers have been compelled to step up their skills and technologies in order to remain relevant in the market.
References
Determann, L. (2014). What happens in the cloud: Software as a service and copyrights. Berkeley Technology Law Journal, 29(2), 1095-1130.
Eastton, C., & Taylor, J. (2011). Computer Crime, Investigation, and the Law. Boston, MA: Course Technology.
Gupta, P. (2013). The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 5(33), 861–874. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34 (1), 1-11.
Whitman, M. E., & Mattord, H. (2011). Reading & Cases in Information Security: Law & Ethics. Boston, MA: Cengage Learning.
Computer forensics also known as digital forensics is one of the most exciting fields of science. This field has tremendously grown from a comparatively murky tradecraft into an important platform for carrying out investigations. Various departments use computer forensic tools to carry out investigations and research.
For example, experts use computer forensic tools to carry investigations on crime. Additionally, computer forensic tools are also common in military applications. Researchers and experts are busy developing new computer forensic tools in order to retrieve actionable information, which is vital in investigations and problem solving.
However, the development of new technologies has brought new ways of capture and analysis in computer forensics. This paper discusses the single most technology that affects digital forensics known as the Virtual Machine Hypervisor Technology (Peterson & Shenoi, 2009).
Introduction
There is no doubt that digital forensics is one of the most exciting fields of science that many people like working in but not for the obvious reasons. Indeed, over the last two decades, people have been relying on digital forensics so much. Digital forensics has made crime investigation easier.
By relying on live evidence, experts have managed to unravel secrets behind certain activities. However, due to the evolving technology, scientists have encountered new challenges that require advanced tools to investigate. For instance, new file systems that require a different approach and operation is an example of how emerging technologies are affecting digital forensics.
These game changer technologies are not only instrumental in investigations, but also advantageous to the digital forensics industry. Since the development of solid-state hard drives, new technologies have emerged in the field of digital forensics that have made the field more interesting (Mocas, 2004).
Virtual Machine Hypervisor Technology
Over the past five years, experts managed to develop one of the most exciting technologies, which is instrumental in digital forensics. Indeed, the development of the virtual machine hypervisor technology has brought many changes in digital forensic analysis and operations.
Many IT and security experts may be quick to point out security concerns and condemn this technology. However, this technology is important in digital forensic analysis. Thus, this paper calls upon all stakeholders in digital forensics to pay attention to this new technology because it is vital in carrying out capture and analysis techniques.
A virtual machine is a computer-generated operating system developed to perform certain functions in digital forensics science. We understand that Virtualization helps an operating system to run on server hardware or sometimes on the computer desktop. However, for this to happen we must have software.
The “hypervisor” software directs and manages all activities within the system. In particular, this software performs three major functions. To start with, the software generates different independent partitions comprising of operating systems, software operations and appliances. Secondly, the hypervisor software creates boundaries that separate the partitions. Lastly, the software is able to entrap and direct commands among the three partitions (Casey & Stellatos, 2008).
In some articles, some writers use “virtual machine monitor” (VMM) instead of hypervisor. The two are similar. Although developed over three decades ago for mainframe computers, VMMs have been instrumental in digital forensic investigations. For example, their role in addressing security is undoubtedly great.
Additionally, VMMs are useful in addressing administrative and reliability issues that are dominant in distributed computing systems. The main task of the hypervisor is to perform decoupling. This is important in generating live-state images for forensic analysis.
In other words, the hypervisor provides channels of communication between the computer hardware and the installed software. In this way, the VMM has control over all operating systems running on the machine. The software also ensures that the system utilizes the available hardware resources effectively (Sutherland, Tryfonas & Blyth, 2008).
Source: (Sutherland, Tryfonas & Blyth, 2008)
Live-state analysis vs. Capture and Analysis Technique
Many forensic experts believe that the virtual machine hypervisor technology is a march towards obsolescence. In digital forensics science, these experts agree that it is important to adopt the live-state analysis and do away with static digital forensics.
In fact, since the development of the virtual machine monitors, the live-state analysis in digital forensics has become common and easy to understand. Although many research institutions across the globe still emphasize on capture and analysis techniques for search and seizure processes, they perform investigations on stored information under offline mode.
This is because they want to protect the original sample. Nevertheless, due to the ever-growing memory capacities, anti-forensics and drive encryption, there is big chances of losing the original sample of evidence because of pulling or plugging. This will undoubtedly affect the case under investigation.
Moreover, retrieving data from the volatile memory requires enormous expertise. Otherwise, it is easy to lose original information. Most importantly, the volatile memory has miscellany of anti-forensic techniques, which are useful in investigations. Moreover, the volatile memory has malware that is important in investigations but can easily disappear in case of a power outage (Rosenblum & Garfinkel, 2005).
These are some of the concerns that the live-state analysis technique addresses using the virtual machine hypervisor technology. Furthermore, the need to observe privacy of information is pushing many digital forensic institutions to encrypt their mobile computing devices in order to protect vital information from damage.
In fact, many of them are doing this by encrypting the entire disk of their systems using tools such as Pretty Good Privacy and TrueCrypt. Indeed, the best way to access information is to retrieve the forensic picture of a live-state system while leaving the data in untouched or unencrypted condition.
Before the development of virtual machine monitors, forensic investigator relied heavily on traditional techniques to carry out investigations on the sample of evidence. For instance, from the sample source, they created a bit-by-bit replica while at the same time making sure that they do not tamper with the original data.
However, in the current virtual environment, it is not possible to carry out forensic analysis on the original data without tampering with it. This is simply because there are numerous virtual machines that scurry concurrently on a huddled storage area network. Thus, many organizations have adopted virtualization technology on their enterprise server backgrounds in order to improve efficiency of investigations and protect the original data.
Source: (Rosenblum & Garfinkel, 2005)
Elimination of legal huddles to pave the way for live-state analysis
Although this emerging technology is the most effective in digital forensics, many players (including courts and echelon society) are yet to accept VMM images as the primary source files for carrying out forensic analysis. However, as the world continues to experience digital revolution and virtual machines become increasingly popular in forensic analysis; those opposed to this technique will finally accept it.
It is also possible to adopt new and efficient dimension techniques, which are analogous to those deployed in forensic DNA analysis. In forensic DNA analysis, the technique blotches biological evidence. Consequently, this can protect original data from damage. Nonetheless, according to research experts, forensic DNA tests always destroy the original sample.
However, these experts believe that the evidence is still important for future analyses. In most cases, enhanced flash memory faculties, drive encryption and providential anti-forensics make virtual machine hypervisor technology important in the current digital age. Undoubtedly, these three characteristics have moved digital forensics science into another level of efficient live-state analysis (Bill, Amelia & Steuart 2010).
Virtual Machines and Captured Image Analysis
In 2006, researchers came up with one of the most popular tools in digital forensics science known as LiveView. This is a Java-based tool that is able to generate VMware virtual machine from the normal disk. It does this freely on the VMware desktop by generating swiftly and effortlessly numerous images for forensic analysis.
In fact, many organizations have adopted this program and encapsulated it into their systems that run on virtual machines. Therefore, forensic experts will not require LiveView tools for their analyses in the future. Instead, virtual machine technology will provide the most efficient and faster way of obtaining images for forensic investigation and analysis.
This will also enable forensic experts to generate more copies for forensic analysis within a short period compared to traditional methods. Additionally, this technology enables the incarceration of malware and root kits within the exchange file of the perched operating system of a virtual machine picture.
Many traditional computers that have their operating systems running on hardware make it exceptionally intricate and unfeasible to evaluate the fortifications or vulnerabilities, which are common in very many virtual machine environments. This is the reason why it is vital to separate processes and leave them to work separately. In fact, similar processes running on a single platform means that these processes enjoy some similarities.
This is dangerous because shared processes not only share similar vulnerabilities, but also make the system weak and vulnerable. On the other hand, virtual machines isolate processes into different partitions. This means that there is enhanced consistency and security of all applications. Moreover, ports and process identities are always active when they work in isolation. This makes forensic analysis easier as experts can locate with easiness the information they need for analysis (Anson, et al., 2007).
Source: (Sutherland, Tryfonas & Blyth, 2008)
Virtual Machines enhance Intrusion Detection and Network Isolation
Virtual machine monitors enhance intrusion detection by creating channels of indirection and interaction between the hardware and the virtual machine software. This isolates networks and makes them effective. In other words, virtual machine monitors have the ability to run adjacent to the operating system in order to ensure that the processes remain separated (Carrier, 2006).
Virtual Introspection
Since the development of the virtual machine hypervisor technology or the virtual machine monitors (VMM), many experts believe that virtual introspection will control future digital forensic investigations. Across the globe, forensic experts and researchers continue to explore the efficiency of virtual introspection in digital forensics science. To start with, virtual introspection is principal in digital forensics because it enables live system analysis.
Forensic analysis methodologies together with the virtual machine systems are important in ensuring that evidences remain unchanged even after performing forensic analysis. Remarkably, this cannot occur in traditional forensic tests were tampering of original data is so common.
Nonetheless, by using the virtual machine hypervisor technology, experts can stop the virtual machine for a while and retrieve the information they want and then continue it. Definitely, the state of the virtual machine remains unchanged during data acquirement even if one suspends the process for a while (Bem & Huebner, 2007).
Challenge facing the virtual machine environment
Just like any other emerging technology, virtualization also has high-tech challenges that may be quite demanding. We have seen that while some digital forensics investigations are easy to perform, others are complex and need intricate methods of analysis. For instance, virtual introspection enhances forensic analysis through live-state analysis.
However, many scientists concur that it is not easy to carry out forensic investigations using this technique. In fact, due to its complexity, it requires advanced knowledge and expertise. The hypervisor software is an example of a central processing unit micro cipher. It therefore, means that it does not appear on the operating system.
Thus, it is complex to operate. On the other hand, although it exercises jurisdiction on the hardware, this can pose security challenges. In case, an attacker encounters a flaw in the virtual machine environment, entry into the system becomes easier, and someone can perform malicious damages compared to other technologies. Nevertheless, virtual machine environment tools such as software as a service (SaaS) can help in protecting the systems from hacking (Carpenter, Liston & Skoudis, 2007).
Conclusion
New technologies such as the virtual machine monitors have taken the world of digital forensics by surprise. There is no doubt that virtual machine monitors are more effective in forensic analysis than traditional methods. Unlike the traditional forensic images, virtual machine images are portable and easy to analyze. Moreover, the development of virtual introspection products has forced many organizations to adopt new technologies for forensic capture and analyses.
Reference List
Anson, S., Bunting, S., Ryan, J. & Scott, P. (2007). Mastering Windows Network Forensic and Investigation. New York, NY: John Wiley and Sons.
Bem, D. & Huebner, E. (2007). Computer Forensic Analysis in a Virtual Environment. International Journal of Digital Evidence, 6(2), 1-8.
Bill, N., Amelia, P. & Steuart, C. (2010). Guide to Computer Forensics and Investigations (4th ed.). New York, NY: Cengage Learning.
Carpenter, M., Liston, T. & Skoudis, E. (2007). Hiding Virtualization from Attackers and Malware. IEEE Security and Privacy, 5(3), 62-65.
Carrier, B. D. (2006). Risks of live digital forensic analysis. Communications of the ACM, 49(2), 56–61.
Casey, E. & Stellatos, G. (2008). The impact of full disk encryption on digital forensics. SIGOPS Operating System Review, 42 (3), 93-98.
Mocas, S. (2004). Building theoretical underpinnings for digital forensics research. Digit Invest, 1(1), 61-68.
Peterson, G. & Shenoi, S. (2009). Digital Forensic Research: The Good, the Bad and the Unaddressed. Advances in Digital Forensics, 306, 17–36.
Rosenblum, M. & Garfinkel, T. (2005). Virtual Machine Monitors: Current Technology and Future Trends. Computer, 38(5), 40-46.
Sutherland, I., Tryfonas, T. & Blyth, A. (2008). Acquiring Volatile Operating System Data Tools and Techniques. SIGOPS Operating System Review, 42(3), 65-73.