Cyber Crime

Cyber crime is a term broadly used to describe criminal

activity targeting mainly computerized devices,
computers or networks. Cyber crime is any illegal act
involving a computer, its systems or its applications. It is
intentional and not accidental.
Cyber crimes pose new challenges because of their
speed, anonymity and the fleeting nature of evidence.
Cyber crime deals with:

- Fraud achieved by the manipulation of the computer

records
- Deliberate circumvention of the computer security
systems
- Intellectual property theft, including software piracy
(Cyber-crime does not deal with illegal acts involving a
gun, ammunition, or its applications OR firing an
employee for misconduct).

Examples of CyberCrime:
Spamming
Fraud by manipulating computer records.
Unauthorized access and circumvention of security
mechanisms
Salami Slicing repeatedly stealing money in small
quantities.
Making and distributing child pornography.
Types of computer and cyber crimes that warrant the
involvement of the CSIRT Blue team include:

Identity theft
Hacking
Viruses, Trojans, rootkits, worms and botnets
Cyber stalking
Phishing / Spoofing
Fraud
E-mail abuse
Intellectual property theft
Denial-of-service attacks
Data interception
Cyber defamation
Software piracy
Embezzlement
Tampering of staff, faculty files and student grades.

Computer Forensics

Forensic computing is defined as the science of capturing,

processing, and investigating data security incidents and
making it acceptable to a court of law.

The goal of forensic science is to determine the evidential

value of the crime scene and related evidence. Evidence
must be identified quickly. Recover, Analyze and Preserve
Computer and Related Materials.

The need for computer forensics is highlighted by an

exponential increase in the number of
cybercrimes and litigations where large organizations
were involved. Computer forensics plays an important
role in tracking the cyber criminals.

Computer Forensic Investigator.

A computer forensic investigator is a person who handles

the complete Investigation process, that is, the
preservation, identification, extraction, and
documentation of the evidence. The investigator has
many roles and responsibilities relating to the cybercrime
analysis.

A crucial role of the forensic investigator is to create an

image backup of the original evidence without tampering
with potential evidence as Digital evidence is VERY fragile
in nature.

Examination of evidence by a technically inexperienced

person will almost always result in rendering any
evidence found, inadmissible in court.

The main role of computer forensics is to Extract,

process, and interpret the factual evidence so that it
proves the attacker's actions in the court.

Roles of Forensic Investigators;

Protect the victims computer from any damage and

viruses.
Determine the extent of the damage.
 Gather evidence in a forensically sound manner.
Analyze the evidence data found and secure it while
stored.
Prepare the analysis report.
Present acceptable evidence to upper management
and board members.

Formal acquisition of and protection of digital evidence is

of utmost importance as it may assist the investigator in
solving a cybercrime or perhaps aid in the defense of a
suspect. Digital evidence may in some cases, provide the
following:

Names and addresses of contacts

Malicious attacks on systems and devices
Records of movements
Unauthorized transmission, interception and
modification of data
Theft of company secrets
Use/abuse of the internet
Production of falise documents and accounts
Encrypted / password protected documents.
Abuse of systems
Email contact between suspects and conspirators.
Types of Computer Forensics
Disk Forensics the process of acquiring and analyzing
the data stored on physical storage media.

Network Forensics sniffing, recording, acquisition and

analysis of network traffic and event logs in order to
investigate a network security incident.

E-mail Forensics process of studying the source and

content of an email.

Internet / Web Forensics the application of scientific and

legally sound methods for the investigations of internet
crimes.

Forensic Readiness

Forensic readiness can be difined as as state of incident

response preparedness that enables an organization to
maximize its potential to use digital evidence while
minimizing the cost of an investigation. This also
minimizes the risk of internal threat and acts as a pre-
emptive measure.

Forensic Readiness allows for the collection of acceptable

evidence without interfering with the business processes
and ensures that the evidence makes a positive impact
on the outcome of any legal action. It can extend the
target of information security to the wider threat from
cybercrime such as intellectual property protection, fraud
or extortion. It also allows organizations to quickly
determine and understand incidents leading to the
removal of the threat within a timeframe allowing for less
down time.

The main goal of Forensic Readiness should be to collect

acceptable evidence without interfering with business
continuity. This also extends to gathering evidence
targeting the potential crimes and disputes that may
adversely impact on the organization.

Forensic Readiness Planning Checklist:

Define the business states that need digital evidence

Identify the potential evidence available
Decide the procedure for securely collecting the
evidence that meets the requirement in a
forensically sound manner
(It is not necessary to get permission from all
employees of the organization).
Follow policies outlining the secure acquisition and
storage of data in a forensically secure manner.
 Ensure that forensic staff are capable to complete
any task related to handling and preserving the
evidence.
Document all activities performed and their impact.
Ensure authorized review to facilitate action in
response to the incident.

Lack of forensic readiness can result in damage to the

organizations reputation, system downtime and even
data manipulation, deletion and theft.