Sunday, March 28, 2010

Digital Crime scene forensics and Computer espionage

Computer digital forensics is an emerging field of science to help track and capture cyber criminals. Now that social media sites and the web are a part of our daily life, protecting and securing cyberspace has taken on greater importance.

Computer forensics uses scientific methods to solve questions related to law and computer hacking and possible espionage. Since computer and technology evolves so quickly, it is very difficult for security experts and law enforcement to standarize digital forensic tools and procedures.

All of the computer data and various technologies flow over computer networks which requires network forensics. To improve network security and prevent cyber crime, data and evidence that passes over the network must be analyzed using network forensic tools and procedures.

In the years to come solving computer related crimes will require computer and network forensics and this data will be common component of trail cases. Developing techniques and standards to handle this data is vital to security and fairness of the judicial system.

Network security and cyber crime prevention is tied to collecting and analyzing  network data. This is a difficult task as the data typically resides on internet service providers  servers. In many case you need a sapena  to get access to data.  Many companies are implementing out bound content monitors so they can analyze data that is leaving their network.

In the legal system, the dilemmas revolves around who owns the data, which is  considered evidence.  Creating standards for network forensics and evidence gathering could solve wide ranging legal issues. Currently, security experts and developers are designing software and hardware solutions that will improve overall computer forensic sciences.

Even though a de-facto forensic standard has not been developed, there are some reasonably good  data forensic best practices:
     Best Practice                        Standardization issues

  1. Preservation                       How is the data preserved (media) and by who
  2. Identification                      What tools should be used to identify data (suspicion)
  3. Extraction                          How accurate is the data being extracted (purpose)
  4. Documentation                   How are finding documented and archived (quantity)
  5. Interpretation                    How is the data interpreted and by who (technology)
While researchers and developer create new software solutions, there are no concrete standard to test against. Typically the National Institute of Standards and Technology (NIST) creates standards to test tools used for network forensics, but there has been no clear definition of what forensic tools should do.

As new network forensic tools emerge (commercial and fee) manufacturers and developers should partner with standards organization such as (NIST), to create functional standards for network forensics. Standardized tools and methods will allow researches, security experts, legal professionals to use forensic tools prevent and monitor various security breaches and computer crimes.

1 comment:

Jonathan Brock's Editorials said...


ow.. this is a good blog.. and I have information for you..

user left unknown links which is a security

These type of comments will be deleted due to security risk.