The rapid expansion and dramatic advances in information technology in recent years have without question generated tremendous benefits to business and organizations. At the same time, this expansion has created significant, unprecedented risks to organization operations. Computer security has, in turn, become much more important as organizations utilize information systems and security measures to avoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitive information. Such use of computer security is essential in minimizing the risk of malicious attacks from individuals and groups. To be effective in ensuring accountability, management and information technology security personnel must be able to evaluate information systems security and offer recommendations for reducing security risks to an acceptable level. To do so, they must possess the appropriate resources, skills, and knowledge.
Police and prosecutors are fashioning a new weapon in their arsenal against criminals: digital evidence. The sigh of hard drives, Internet files and emails as court room evidence is increasingly common.Top
Current literature of computer forensics (Nelson, Phillips, Enfinger, & Steurt, 2004; Noblett, Pollitt & Presely, 2000; Weise & Powell, 2005; Whitman & Mattord, 2003) state that the roots of computer forensics start with the first time a system administrator had to figure out how and what a hacker had done to gain unauthorized access to explore the system. This was mainly a matter of discovering the incursion, stopping the incursion if it was still in progress, hunting down the hacker to chastise the attacker, and fixing the problem allowing the unauthorized access to begin with. In the beginning, the classic hackers breaking into computer systems were more interested in how things work than actually being malicious. So, collecting evidence for a hearing was not a process a system administrator needed to worry about. Just plug the hole, and often get back to personal hacking projects.
As computers evolved out of academia to businesses and government, there was more data and resources at risk. Hacker incursions became an issue handled through legal channels (Ferbrache & Sturt, 1997). Also, as computer technology advanced, it became more affordable. This allowed computers to be put not only on each employee’s desk of even small business, but in people’s homes. More people looking for uses for the computers lead to the increase in supply of programs. More programs made more types of information collected as possible evidence. Evidence derived from computers has been used in court for almost 30 years. This is consistent with the research conducted by Ranum (1997). Initially, judges accepted the evidence as no different from forms of evidence they were already seeing. As computer technology advanced, the accepted similarities to traditional evidential material became ambiguous. In 1976, the U.S. Federal Rules of Evidence was passed to address some of the ambiguities.
Key Terms in this Chapter
Computer Forensics: Involves scientifically examining and analyzing data from computer storage media so that the data can be used as evidence in court. Investigating computers typically includes securely collecting the computerized or digital data, examining the suspect data to determine details such as origin and content, presenting the computer or digital information to the courts, and then applying laws to computer and information practice.
Vulnerability Assessment: The process of identifying technical vulnerabilities in computers and networks as well as weaknesses in policies and practices relating to the operation of these systems.
Computer Investigations: The forensics analysis of systems suspected of containing compromised data or evidence relating to an incident or crime.
Data Recovery: Recovering data or information from a computer that he user has deleted. Incident Response: The practice of detecting a problem, determining its cause, minimizing the damage it causes, resolving the problem, and documenting each step of the response for future reference.
Network Forensics: The capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.
Intrusion Detection: Software that monitors systems and network resources that notifies network security personnel when it sees a possible instruction.