Vous êtes sur la page 1sur 5

Definition: Cyber Forensics is the procedure for recovering evidences from Digital Medias.

C omputer Forensics involves the preservation, identification, extraction and reco rding of computer evidence stored in the form of magnetically encoded informatio n data. Computer forensics is the autopsy of computer storage Medias for evidenc e. cyber forensics is defined as the art and science of applying computer scienc e to aid the legal processes. foresics is the examination of computers, cyberspa ce and other electronic devices for evidence that might have forensic value. Cyber Forensic ExpertCyber Forensics investigator/Expert goes through the below process/roles: Collecting Evidences from Digital Medias, Analysis of Evidences, Opinion or Repo rt Writing. There are four basic steps that are followed in conducting a cyber f orensic analysis: Identifying sources of evidence, Securing found evidences and preserving identified evidences, analyzing the evidences, Documenting found and analyzed evidences. The evidence must be extracted and presented in a way that p reserves its "evidence value" To be a Cyber Forensic Expert, person should have a wide range of knowledg e and experience about- Cyber Forensics including Cyber Crimes, Hacking, Spammin g, Viruses, Tracking user activity, forensic imaging & Verification, Data recove ry and analysis, File types (extensions), Encryption, Password breaking etc with basic understandings about programming languages & Operating systems like- Wind ows, Linux, Mac, Java, Symbian etc, and also have knowledge about legal issues, acts, laws, responsibilities etc related to digital evidence

EnCase is a suite digital forensics products by Guidance Software. It is designe d as the computer investigation solution. The features include Bad Sectors, Dama ged Files, Formatted Partitioned or Re-partitioned,Power Failure,Recycle Bin,Unb ootable Harddrive,Virus and recover files like Compressed File ,Email,Encrypted File,Image Files,Network. supports the imaging and analysis of RAID arrays, incl uding hardware and software RAIDs. Other features are, 1. Automated Analysis 2. Multiple Sorting Fields 3. Filters and Filter Conditions 4. Queries 5. View "Deleted" Files and Other Unallocated Data in Context 6. Encrypted Volumes and Hard Drive Encryption 7. Link File Examination 8. Active Directory Information Extractor 9. Hardware Analysis 10. Recover Folders 11. Log and Event File Analysis 12. File Signature Analysis 13. Built-in Registry Viewer 14. Logical File Recognition 15. Automatic Reports 16. Instant Decoding of Nontext Data Major Common types of cyber crime are Spam Virus harassment Piracy

Hacking Fraudsters Phishing ID theft In detail cyber crime types are Data Interception: This type is exclusive to network environment with teleprocessing activi ties in which the criminal may tap the signal sent to a computer from remote sou rce. One of common example of interception of data in transmission is commonly c alled hacking. Data Modification: Alteration, destruction, or erasing of data in the computer, usually don e with desire to misallocate money or to cover up management incompetence. Theft of Software: Taking or copying data, regardless of whether it is protected by other l aws, e.g., copyright, privacy, etc. The cause of this may be for profit purpose or for private use. Network Interference: This is impeding or preventing access for others. The most common exampl e of this action is instigating a Distributed Denial of Service (DDOS) attack, f looding Web sites or Internet Service Providers. DDOS attacks are often launched from numerous computers that have been hacked to obey commands of the perpetrat or. Virus Dissemination: Introduction of software damaging to systems or data it contains. Aiding and Abetting: Enabling the commission of a cyber crime especially some cyber caf operat ors in Nigeria. Computer-Related Forgery: Alteration of data with intent to represent as authentic. Computer-Related Fraud: Alteration of data with intent to derive economic benefit from its misre presentation. Misuse of Computer Assets: This is another form of computer crime, although it may be more correctl y described as computer abuse. It involves the use of company assets, in this ca se computers, by employees for non-authorized activities. Theft of Computer Hardware: There have been occasions where the theft of computer hardware, specific ally computer memory chips, made them more valuable than anything. Examples of t his are hardware destruction, illegal borrowing of hardware etc. Preventing Cyber crime Password: The use of password will only allow the authorized users access to the s ystem. The password should be enough so that it will be difficult to guess. Compartmentalization: This restricts users to specific files and program they have a job relat

ed need access. Regular updating is required to conform access to the needs of p eople moving from responsibility to responsibility within the organization. Encryption: This can be described as the use of codes to transform original data int o a code which can only be deciphered by the software which handles the file. Th e transform data appears to be nonsense or jargon until the encryption key is ap plied to the data. Encryption key is a number which enables encrypted data to be decoded. In some cases hardware key must be attached to the computer before it ca n read encrypted files. Firewall: A firewall allows you to protect your computer from hackers, who often target the IP address ranges used broadband providers. The use of firewalls and similar safeguards prevent unauthorized access through the Internet. Firewalls, however, are only effective when they are properly sited within the company netw ork and, when they are managed properly configured or otherwise not providing th e security that users and management expect. Spy-ware: A spy-ware is a tool used by the cyber caf operators to monitor people s a ctivities while browsing on the Internet.

Limitations are Privacy concerns cost data corruption A computer forensics expert is to maintain the high standards and the keep in mi nd the sensitivity of the case and maintain the privacy and secrecy of the data or the information of the client s interests. But in some circumstances it becomes almost impossible for the computer forensics professional to maintain the secre cy of the data or the information. This may happen if the information is necessa ry to prove the crime and should be produced as the evidence in the court of law in order to prove the crime. There are other limitations as well regarding the computer forensics. It is also possible that some sensitive data or information that is important to the clien t may be lost in order to find the evidence. The forensics professional must mai ntain the concern that the data information or the possible evidence is not dest royed, damaged, or even otherwise be compromised by the procedures that are util ized for the purpose of investigating a computer system. There are also the chances of introduction of some malicious programs in the com puter system that may corrupt the data at a later stage of time. During the anal ysis process care should be taken that no possible computer virus is released or introduced in the computer system. IT is also possible that the hardware of the computer system is damaged physically. The evidence that is physically extracted and the relevant evidence should be pr operly handled as well as protected from later damage that may either mechanical or electromagnetic in nature. The integrity of the data and the information tha t is acquired should be preserved. The custody of the data that is acquired as t he evidence is the responsibility of the computer forensics team. It may be required that the data or the information is stored in the court. In s ome cases it is also possible that the data is in dispute and neither of the dis puting parties can use the data. Due to this reason the business operations may

also be affected. The duty of the computer forensics expert is to ensure that ju stice is delivered as fast as possible so that the inconvenience and the subsequ ent loss to the organization can be avoided. It is also important the information that is acquired during the forensic explor ation is ethically and legally respected. More over despite some of the limitati ons of the Computer Forensics the subject is still perceived. Also the advantage s and the benefits of the subject have wide applications in various situations. Measures should be taken and the care of the professional employed for the compu ter forensics is a must to avoid any subsequent damage to the computer system. I t is also possible in cases that the operations cost may exceed. Steps should be taken to minimize the cost. Another one is that when retrieving data, analyst may inadvertently disclose pri vilege documents. Legal practitioners involved in the case must also have knowle dge of computer forensics. If not they will not be able to cross examine an expe rt witness. This also applies to the judge, solicitors and barristers. Computer forensics is still fairly new and some may not understand it. The analyst must b e able to communicate his findings in a way that everyone will understand. Altho ugh computer forensics has its disadvantage, this can be solved by the party inv olved. Evidence on the other hand can only be captured once. The use of computer s and the rise of cyber crimes also call for an equally high the method of stopp ing it.

Credit Card Fraud Definition Scammers can get your credit card details by Tricking you into telling them your credit card number and/or your security code (the three-digit code on the back of your card) by pretending to be your bank or another company, Installing spywa re on your computers so they can see the files you use, websites you visit and i nformation you store - spyware can be installed remotely, Stealing credit card you may lose your wallet or have your bag stolen, Using card skimming devices o n ATMs, Accessing information on unsecured websites, Accessing details from your online shopping activities. Once the scammers have your credit card number and security code, they can make purchases over the internet or by phone. If they kn ow your PIN, they can get cash advances from an ATM using a 'cloned' credit card . Credit card fraud is identity theft in its most simple and common form. It can b e accomplished either through a scenario like the one we just mentioned, or it c an happen when your pre-approved credit card offers fall into the wrong hands. A ll a person has to do is get these out of your mailbox (or trash can) and mail t hem in with a change of address request and start spending. Someone can even app ly for a credit card in your name if they have the right information. You won't know a thing about it until the credit card company tracks you down and demands payment for the purchases have a racked up. Case Study A complaint was received by the police department from a credit card scheme that a number of their cardholders had fraudulent transactions conducted on their ac counts. Closer analysis of the transactions showed that the only commonality bet ween them was that legitimate purchases were made by the cardholders at the same Perth restaurant. nearly 100 cards were skimmed at the restaurant within a specific year. When the cardholders presented their cards to pay at the restaurant, the data on the cre dit cards was captured, without the knowledge of the cardholder, on a card skimm

er or card reader. Once the data had been illegally extracted from the credit cards, it was encoded onto other cards and used to purchase expensive electrical equipment, personal items and household goods - involving more transactions. Eventually, two suspects were identified by police, one of whom had previously c ommitted offences associated with skimmed credit cards. First Suspect received c redit cards stolen from house burglaries and supplied them to second suspect. se cond suspect kept the majority of the cards and returned several cards, that wer e loaded with skimmed data, to first suspect as payment. As a result of surveillance, search warrants were executed and a large amount of property including motorbikes, computer equipment, clothing and house hold elec trical goods was seized at addresses associated with second suspect. Skimmed car ds and false proof of identity documents, card readers, and card encoders were a lso found. The equipment enabled second suspect to load skimmed card data onto s tolen credit cards. The proprietor of the restaurant is now banned from being issued again with a me rchant facility from any financial institution.