COMPUTER FORENSICS TECHNIQUES 1

Computer Forensics Techniques -Unit 2 IP

ITF 403-1004A-02 Forensics-Network Security-Data Protecion

Gregory J. Lubinsky

August 29, 2010

Andrew J. Mahaney

American InterContinental University Online

COMPUTER FORENSICS TECHNIQUES 2

Abstract

The abject differences between Law Enforcement Agencies compared to Corporate Investigators

and the differences in responsibility for handling evidence and enforcement of the privacy laws.

How corporate and LEA divides the work load in four areas and the law that governs LEA to

accomplish correct procedures for individuals.

COMPUTER FORENSICS TECHNIQUES 3

Introduction

What aspects of computer forensics investigations focus on to determine the difference

between what Law Enforcement does, opposed to what a corporation do? The total time and

endeavor due to initial preparation and careful research is decisive to a triumphant investigation

in computer forensics (AIU, 2010). Police take time to plan before initiating an investigation,

corporate investigators develop guidelines and plans to contain incidents (AIU, 2010). In short

this determination has a dual focus for computer forensics (See Appendix A)

Corporate Investigations

Prevention and Detection

Corporate side of computer investigation: Little can be done to prevent a attack even if

you know one is coming, simply because you don’t know what kind of attack it will be. In this

case neither LEA or Corporate Investigators are saverily limited to what they can do. Once an

attack has begun, LE cannot do much it is up to the IRT (Incident Response Team) to protect and

defend the system. However it is necessary to have LE close by to relay any pertinent data and

information such as who is attacking, and where they are attacking from! This is why

corporations focus on prevention and detection more so than anything else (AIU). Specifics of

the intrusion is also relevant due to the nature of the attack, such as if the attack is internal to the

corporation or if it leads to an outside source also dictates whether or not it is necessary for Law

Enforcement to get involved or not. Detection points to the individual or group, in a specific

location as much as it identifies the type of incident and the recourse needed to deter the attack

and counter future attacks and to implement safeguards. It might also be said that protection of

the information gathered by the attack is also important

COMPUTER FORENSICS TECHNIQUES 4

Law Enforcement Agency

Investigation and Prosecution

Computer Forensic v. Law Enforcement: It has been said many times about the

commencement of computer investigations, and from that point of view there is a lot more work

than there is for law enforcement. However without the aid of law enforcement, investigations

could not even be initiated, and the need for warrants, computer forensics might not ever get

started! At the very beginning of the investigation, you have to take in account a persons privacy

and rights under the law, this includes the fourth amendment and in some cases the 1st and 5th

amendments. Probable cause without backup and follow up is moot, the evidence collected can

get thrown out of court, this is why it is important to follow the rules of investigation,

ordinances, statutes, state and federal rules and laws.

Computers are owned by people, and people place personal information on them such as

bank, health, financial and insurance information that is specific to their livelihood, in some

cases intellectual work or in other words copyright material. This is one reason for the fourth

amendment and other privacy laws.The concept of privacy for computers is a controlled

disclosure, sensitive data and affected subject (Pfleeger, 2007). Privacy as it relates to computers

involves eight dimensions of privacy tha tinclude: Collection, Usage, Retention, Disclosure,

Security, Access Control, Monitoring and fair information policies (Pleeger, 2007). Some of

these concepts and dimensions are in multiple parts, like controlled disclosure also involves non-

disclosure or access without consent (Pfleeger, 2007). Another is Fair Information polices which

is described in two section four to eight parts, see list in Appendix C(Pfleeger, 2007). In order for
COMPUTER FORENSICS TECHNIQUES 5

privacy acts to be effective the Federal Trade Commission there would have to be support from

the government to safeguard websites with condition that would have to be met before the

implementation of privacy laws. The five stipulations are: Notice (Self Identification of

Collectors), Choice (How consumers collect information), Access (Confirmation of Accuracy of

Information), Security (Ensure Accuracy of Consumers identification), and Enforcement of the

policies to which information is protected (Pfleeger, 2007).

Conclusion

The difference between the activities Law Enforcement Agencies as opposed to

Computer Crime Investigation it that the LEA during an active attact will arrest the suspect, or

after the crime is committed secure the location and crime scene and any additional areas noted

byt eh computer inspector. Enforcement of warrants and conforming to laws of privacy for all

concerned in addition with any seized material and the unbroken chain of custody from the

investigation. The LEA is also responsible for the transportation and lock up of all pertinent

evidence or seized material that might be admitted in a court of law.

COMPUTER FORENSICS TECHNIQUES 6

Reference

AIU Online (2010). ITF 403 Unit 2 Computer forensics techniques [Multimedia]. Retrieved from

AIU Online Virtual Campus. ITF403-1004A-02 Forensic/Network Security/Data Pro

tection and… https://mycampus.aiu-online.com/pages/MainFrame.aspx?ContentFrame

=/Default.aspx website.

Pfleeger, C.P. & S.L., (2007). Security in computing (4th ed.). Upper Saddle River, N.J.,

Prentice/Hall

Steel, C. (2006). Windows forensics, a field guide for conducting corporate computer

investigations. Indianapolis, Wiley Publishing Inc.

COMPUTER FORENSICS TECHNIQUES 7

Appendix A

11B

B464C67A2

12345678967A2

*AA%45A3742C4

12324567789AB6C

DFA68E9F6F4
C424

4CA34EC945A F972A56A
94E922A645
92CA4AA5
9891645
E925AE69
98!B964"74#$AC967A2
DF7C992B78769
1242679CAA2426592
43742C46A94
A641237EA24269 %7E728CA278E967A25
AC967A2
CA2767A25 A4C6$949&'#()B755

DEA64C7A2

Image created by Visio 2007

COMPUTER FORENSICS TECHNIQUES 8

Appendix B

Focus of LE and CSI’s (Simplified)

F4AC5AE$9%2AEC42675

1!1*AC5

12345678967A2 B464C67A2 DE434267A2 DEA54C67A2

.2
45A3742C4 F972A56A

+C-7E4$A8A2969
4CE46F4+E49 D4E7557A2EA6F4
DFA6A8E9FC424 54C6 11B
4CA34E75C9E4 A4C6B969
964E79!A645 A24/9EBE7345728
A64AA592 %E764A2C4B0592
CA4AA5 B1B5

,2A%6F4
-7426 254A*AE6AAA%434E
DF57C974C4A43742C"
,2A%39E7A5 593444C6EA27C969752A%
.5645 F57C943742C4
#A6%9E4

E925AE6%76FA*AE"
25E4434E6F7287572
,2A%6F4$9% +56967CE449892
14267749698
94"24E"96492
AC967A2

Image created using Visio 2007

COMPUTER FORENSICS TECHNIQUES 9

Appendix C

Fair Information

*97E12AE967A2DA7C745
*97E12AE967A2DE9C67C45 DEA64C66AE4B969

$776967A25A
A4C67A2 4C4
3A5E4

4976A
B++ 4C4
425767376
DEA54A
12AE967A2
+2A2754
4976A B969
B++
254A 2CE66F4
12AE967A2 B969
4CE76
9489E5

.42455

127379
9E67C7967A2

+CCA269776

Image created using Visio 2007