Role of Digital and Computer Forensics in Intelligence ...

Role of Digital and Computer Forensics in Intelligence

Processing and Investigation of Terrestrial Crimes and Security

Breaches

1Association of Chartered Certified System Accountants

(ACCSA), USA.

How about we understand the

KEY terminologies in our topic?

• Digital Forensics• Computer Forensics• Intelligence Processing• Terrestrial Crimes• Security Breaches


(ACCSA), USA.

DIGITAL FORENSICS

• Digital forensics is the process of uncovering and interpreting electronic data.

• The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events.

Techopedia (2018)


(ACCSA), USA.

COMPUTER FORENSICS

• Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device.

• The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.

TechTarget (2018)


(ACCSA), USA.

• The process by which information is converted into intelligence and made available to users.

• The process consists of six inter-related intelligence operations:• Planning and Direction• Collection• Processing and Collation• Analysis and Production• Dissemination and Integration• Evaluation and Feedback

INTELLIGENCE PROCESS

Farlex (2018)


(ACCSA), USA.

• A type of crime committed physically by a person in a physical location. It usually makes no use of information technology and it is significantly restricted by time and place.

• Terrestrial spaces usually restrict the form, severity and prevalence of such crimes.

TERRESTRIAL CRIME


(ACCSA), USA.

• A security breach is any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

• A security breach occurs when an individual or an application illegitimately enters a private, confidential or unauthorized logical IT perimeter.

Techopedia (2018)

SECURITY BREACH


(ACCSA), USA.

Digital and Computer Forensics

VSCybersecurity 8

Association of Chartered Certified System Accountants (ACCSA), USA.

Digital and Computer Forensics and Cybersecurity are two essential sides of the same coin –they both focus on protecting digital assets and intelligence.

However;• Cybersecurity is about PREVENTION , while Digital and Computer Forensics is about RESPONSE• The cybersecurity team works to implement and maintain a robust information security

system, with the intention of defending an organization from cyber attacks.• In the event that the efforts of the cybersecurity team fail, and a breach is made, the digital

and computer forensics team works to identify the hack, understand the source, and recover compromised data.


(ACCSA), USA.

Role Of Digital And Computer Forensics In

Intelligence Process


(ACCSA), USA.

• Significant progress has been made in the field of digital and computer forensics.

• The progress is not only from a technology perspective, such as tools to collect and analyse digital evidence, but also with the improvement of methodology.

• In digital forensics, a process model is the methodology used to conduct an investigation; a framework with a number of phases to guide an investigation.

Digital Forensics and Intelligence Process


(ACCSA), USA.

Digital Forensics and Intelligence Process

• A standard methodology in digital forensics investigation consists of a definition of the sequence of actions necessary in the investigation.

• A framework, if it is too simplistic or has fewer phases, might not provide much guidance to the investigation process.

• A framework with more phases and each phase with sub-steps, with more limitation of its usage scenario may prove more useful.

• Even though it is almost impossible to design a perfect process model that can deal with any investigation, an ideal framework should be general, which means that it could be applied to as many cases as possible.


(ACCSA), USA.

• Merely following a general process model is often not specific enough to handle the broad range of cases typically encountered by law enforcement.

• After the general process procedure is clearly defined, researchers started working on specific issues that are more detailed. For example: 1. refining a process model by making an improvement at a

specific step of the investigation; 2. dealing only with a specific category of cases, such as, network

forensics, mobile devices forensics, etc.;3. Triage models outline specific processes for time sensitive

cases, such as child abductions, missing person cases, etc.

Digital Forensic Process Models for Intelligence Process


(ACCSA), USA.


Extended Model of Cybercrime Investigation

• In 2004, several process models had already been defined. However, each did not include a significant aspect of cybercrime investigation itself.

• This model follows a waterfall fashion and the necessary activities are conducted in sequence. This model allows iteration in some part of the investigation, for example, the iterative process of “examination -hypothesis - presentation - proof/defence”


(ACCSA), USA.

Digital Forensic Triage Process Model

• In some special cases, such as kidnaps and hostage rescue, acquiring clues from digital devices immediately is crucial, or some other cases such as robbery, crucial information is required as soon as possible to increase the likelihood of catching the criminal before they have escaped to another country.

• Often, traditional models are insufficient for this use case - potentially taking weeks or years to get results. Tiered models are designed to expedite situations like this.



(ACCSA), USA.

Digital Forensic Model Based on Malaysian Investigation Process

• This model is notable in that it is focused on data acquisition process, including more detailed handling on live data acquisition and static data acquisition in cybercrime investigation.



(ACCSA), USA.

The Systematic Digital Forensics Investigation Model

• This model is focused on computer fraud and cybercrimes, which is helpful in evidence dynamics and reconstruction



(ACCSA), USA.

Integrated Digital Forensic Process Model

• This model is the most recent proposed process model which including a relative generally digital forensic investigation



(ACCSA), USA.

Some new and popular technologies result in new problems hindering digital forensics investigations. Cloud computing makes evidence collection more difficult; Internet-of-Things adds a variety of new device and storage forms; more digital devices connected into the Internet result in an ever-

increasing volume of data.


(ACCSA), USA.

Recent Digital Forensic Process Models for Handling Modern Advancements

An Integrated Conceptual Digital Forensic Framework for Cloud Computing

• As the prevalence of cloud computing services increases, collecting digital evidence from a remote server, which often is stored in another jurisdiction, has become necessary.

• An integrated conceptual digital forensic framework for cloud computing was developed to ameliorate the process of acquiring cached information, stored login credentials, metadata etc.


(ACCSA), USA.


Data Reduction and Data Mining Framework

• One challenge in digital forensics is the ever-increasing volume of data, which has impeded investigations from a number of standpoints including evidence collection, data preservation and analysis. The growth of digital evidence has been ongoing for many years and is safely predicted to increase further into the future.

• The core idea of this framework is to acquire a subset of the data by utilising data reduction and conduct intelligence analysis through data mining.


(ACCSA), USA.


Internet of Things Based Digital Forensic Model

• The growing prevalence of Internet-of-Things (IoT) brings with it new problems for digital forensics. As a new challenge in this area, the volume of digital devices needing to be collected, analysed, examined and preserved, as well as the variety of storage formats make analysis more arduous.

• This sophisticated forensic model, which aims to address the specific issues relating to IoT based investigation defines a standard operating procedure for investigation of IoT devices.


(ACCSA), USA.


Field Processing Model

• This model is focused on training non-digital evidence to specialists conducting the early stage of investigation on scene.

• The front-line investigators analyse the pertinent information first and a more detailed examination and analysis will be subsequently conducted in the laboratory.

• This research on one hand solves the problem of the shortage of digital forensic specialists in law enforcement, and on the other hand helps relieve the digital forensic backlog.


(ACCSA), USA.

Role Of Digital And Computer Forensics In

Investigation Of Terrestrial Crimes And Security

Breaches


(ACCSA), USA.

Burglary

Carjacking

Armed Robbery

Kidnapping

TERRESTRIAL CRIMES

And so on…

Murder


(ACCSA), USA.

• The role of digital and computer forensics in crime has advanced to evidentiary admission in a court of law.

• This is very important in how the evidence is maintained and collected and it has become quite a precise process in law enforcement.

• Digital and computer forensics experts use devices such as mobile phones, tablets, and hard drives to collect the evidence needed to prove premeditation in some cases.

• Presently, law enforcement agencies use their computers for everything from searches to warrants.

• As technology grows so will the ways criminals hide their activities. There does not seem to be a ceiling on technology and the ways it is investigated.

Digital and Computer Forensics Tasking


(ACCSA), USA.

Digital and Computer Forensics – Solving Cold Case Files

• Law Enforcement agencies are using digital and computer forensics to reopen and solve cold case files.

• Digital and computer forensics provides new ways to collect information from old hard drives to solve crimes that have gone unsolved for years.

• Digital and computer forensics help to investigate databases used to hold case files for law enforcement.

• The simple gathering and organization of old forensics from unsolved cases have brought forward details that investigators might have missed in initial investigations.


(ACCSA), USA.

THANK YOU FOR YOUR ATTENTION


(ACCSA), USA.

Role of Digital and Computer Forensics in Intelligence ...

Documents

Transcript of Role of Digital and Computer Forensics in Intelligence ...