Assignment 1: Computer Forensics Overview
CIS 417 Computer Forensics

Computer forensics is the process of investigating and analyzing techniques to gather and preserve information and evidence from a particular computing device in a way it can be presented in a court of law.
The main role of computer analyst is to recover data including photos, files/documents, and e-mails from computer storage devices that were deleted, damaged and otherwise manipulated. The forensics expert’s work on cases involving crimes associated with internet based concerns and the investigations of other potential possibilities on other computer systems that may have been related or involved in the crime to find enough evidence of illegal activities. Computer experts can also use their professional knowledge to protect corporate computers/servers from infiltration, determine how the computer was broken into, and recover lost files in the company.
Processes are used to obtain this information and some of the processes are as follows; * Investigation process: Computer forensics investigations will typically be done as part of a crime that allegedly occurred. The first step of the investigation should be to verify that a crime took place. Understand what occurred of the incident, assess the case, and see if the crime leads back to the individual. * System Description: Next step, once you verified the crime did occur, you then begin gathering as much information and data about the specific incident. The forensics expert then begins taking notes every step of the way. The not taking consist of describing and the analyzation of the actual system of interest such as they type of system, where it took place, who and what exactly was involved, and how it is all linked together such as network connections. * Evidence Acquisition: The evidence firstly copied at least three to four times to have backup files of any had dive, etc. The sources of the data found, the data would then be saved and placed as vital and non-vital evidence. The data acquired would then be carefully verified and ensure the chain of custody be followed. * Timeline Analysis: During the above processes, the start investigation and analysis in your forensics lab, a full timeline with time, date, what was used should be kept. * Media and Artifact Analysis: In most cases there will be an abundance of information that you will be searching through. String or Byte Search: Here it will consist of tools help in searching very low-level raw images. You realize what you are looking then you can use this method to find it. * Data Recovery: During data recovery entails recovering data from the file system labeling it, time it was accessed along with the time stamps the programs was last used will be accessed. * Reporting Results: During the reporting results which is the last step in computer forensics analysis, is reporting the information found which includes, but not limited to depending on what the investigation entails is; describing what actions were performed during the process, determining what other actions may be needed to be performed to potentially find more information, and recommending improvements to policies, guidelines, procedures, tools, and other aspects of the entire process.
There can be major issues computer forensics examiners may face which can be categorized into three wider groups; legal issues, administrative issues, and technical issues.
Some of the issues pertaining to these include; * Encryption: Encryption prevents access to data unless the analyst has password or encryption key. * Increased Storage Space: Most storage media have large amount of data stored in it, which for the examiner means they must have computers with equally more processing power in them to be able to analyze the data fast and accurately. * New Technology: The world of computers is evolving so fast, there is always an introduction to new hardware and software and constant updates and changes of Operating Systems. New hardware and software along with constant changes of operating systems and programs in general make it difficult for a computer forensics person to always be up to date with the latest. Each time there is potentially a new challenge. * Legal issues: This may distract the findings of the examiner, an example is Trojan Defense. Administrative Issues: Administrative issues may include accepted standards that are guidelines in computer forensic, and another administrative issue is fit to practice which shows that there is no body that checks the competence in this profession.
Provide an overview of how computing devices are used in crimes of today and how these crimes can affect a company's data and information.
An overview of some of the crimes used in cyber technology is: * Hacking: Hacking is breaking into a computer system, knowingly or unknowingly, to gain unauthorized access to vulnerable data. * Phishing: Phishing is a crime that involves attempting to acquire personal information to use without authorization using things such as phishing emails. This includes; usernames and passwords, credit card information, bank account information, by pretending to be a trustworthy source by directing them to a fake site or unsecure site. * Computer viruses: Computer viruses are written and place on a computer unknowingly wish can damage a computer by replicating itself while using up memory which can potentially be transmitted across a network. * Cyber stalkers: Cyber stalkers gather user information using chat rooms, online forums, and social networks. * Identity theft: Identity theft is the use of a person’s identity to purchase items on credit, obtain bank account information, and so on… Phishing is a way to obtain a victims information.
Much of the information stolen/acquired can be used for other various crimes such as selling information for stock/securities fraud, personal gain in general, or strategic moves for a competitive company.
Discuss how computer forensics investigations pertain to the law and trying of cases.
Computer forensics is used to obtain potential evidence in many types of cases. Computer forensics experts can use this information to find concerns such as but not limited to; copyright infringement, money laundering and embezzlement, corruption, piracy, stalking or harassment, theft of intellectual, personal and/or private information, fraud, unauthorized access to confidential information, and child pornography.
A forensics specialist will be brought into the matter to help with much of the case by making ascertain whether or not the computer in question contains information relevant to the case handled in the court of law. The specialist will assists in preparing and responding to interrogatories based on their findings. The specialist will retrieve and examine information that is accessible only through the use of various forensics tools and methods that are used to produce the results they are potentially looking to acquire. The forensic specialist is also developing court reports. He is liable to planning and providing expert testimony in the court of law when needed.
Explain how you could assist in investigating the potential ongoing sexual harassment complaints and determine how you would communicate this to the Board of Directors.
Data Retrieval: As a computer forensic expert, we’d have the capability of uncovering potential evidence long after its deletion, going back to before it was encrypted, and after the hard drive was reformatted. By analyzing Internet and computer activity, we’d have the capability to locate where an email or fax originated, determine who accessed and downloaded specific files and when along with where they were sent, the times there were used and last accessed and identify which websites a user visited or what files he or she downloaded.
Monitoring: A company or individual can have the capability and right to use computer forensic techniques to watch over employee computer usage. The monitoring can be done by either installing software or by hiring a computer forensics investigation firm. The information gathered during this time will then be presented to the board in terms of photos, links to several sites, emails, after the investigation is completed in full.

References:
Caloyannides, M. A. (2004). Privacy Protection and Computer Forensics. Norwood: Artech House Inc.
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to Computer Forensics and Investigations. Boston: Course Technology.
Pepe, M., Mandia, K., & Prosise, C. (2003). Incident response & computer forensics. McGraw Hill/Osborne.
Rocha, L., & Alonso-Parrizas, A. (2014, Aug 6). Computer Forensics and Investigation Methodology – 8 STEPS. Retrieved Oct 12, 2015, from countuponsecurity: http://countuponsecurity.com/tag/reporting-results/
Vacca, J. R. (May 2005). Computer forensics computer crime scene investigation. Thomson PlaceBoston: Charles River Media.