Incident Response and Computer Network Forensics (CSOL 590)

Introduction

Digital forensic is the science and practice of uncovering digital evidence within a structured, repeatable manner. With the rise of digital forensic, many techniques have also been developed to impede, disguise, or delete any judicial effort. Within the field of digital forensics, there also exists a counter practice called anti-forensics. According to CSOOnline.com, "Anti-forensics is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you." (Berinato, 2007) The development of anti-forensics techniques is designed to make it impossible for computer investigators to piece things together correctly. Anti-forensics can be a computer investigator's worst nightmare. Programmers design anti-forensic tools to make it hard or impossible to retrieve information during an investigation. Essentially, anti-forensics refers to any technique, gadget, or software designed to hamper a computer investigation. (Strickland, 2008)

I think it is imperative to understand and act like criminals. Anti-forensics are techniques used by people who want to cover up their trials or mislead investigators. Investigators who are well versed in forensics and anti-forensics techniques can piece together the details that can help solve crimes. Most importantly, understanding anti-forensics techniques help law enforcement convict the perpetrators versus misleading an untrained investigator to convict an innocent person.

Below is my final project of an Incident Response investigation of a compromised fictitious company.

Coursework

Reflection

As a deputy sheriff, I understand the importance of handling and preserving evidence as it can prove or disprove a crime. The ability to establish a suspect's innocence or guilt makes proof one of the most critical parts of crime scene investigation. If evidence were collected wrong, never submitted, or mishandled by investigators, its validity would become questionable, and the evidence would then become inadmissible (Lasater, 2020). Computer forensics applies investigation and analysis techniques and methods performed on one or more technological devices (such as computers and their components). It carefully preserves them for proper presentation in the courts of law. Computer forensics' primary purpose is to perform a structured investigation while maintaining a documented chain of evidence to determine what happened on a computing device and who was responsible for it.

The chain of custody is a method of authentication when handling evidence. It requires every step in the process of managing the evidence to be accounted for. It also accounts for every person involved with the evidence since its recognition and collection. Also, it explains what they have done with the evidence.

Digital evidence, from data stored on a personal computer to cloud storage, exists in many forms and can be distributed everywhere. One of the best places for law enforcement to gather digital evidence without a warrant is the public internet.

Some of the first digital evidence used in law enforcement investigations came from communication websites, particularly message boards and chat rooms. These sites continue to be a source of information for current studies. However, the proliferation of other Internet and Internet-enabled technologies means that they are now numbered among many potential sources of evidence. Both message boards and chat rooms allow users to read and respond to chains of communication either as an archive or in real-time. (Sean E. Goodison, 2015)

Evidence gather on the public internet, unbeknown to the suspect, can be used to predict crime before it occurs. The Crimes Against Children (CAC) department of law enforcement regularly leverage the public internet to locate and arrest online predictors before they can commit the act. Law enforcement agents posing as regular users or even as juveniles participate in an online chat, often with the predictor, can collect enough evidence to prove intent. Once enough digital evidence is received, law enforcement would let the action play out before arresting the predictor.

References

Berinato, S. (2007, 07 08). The Rise of Anti-Forensics. Retrieved from CSOOnline.com: https://www.csoonline.com/article/2122329/the-rise-of-anti-forensics.html

Strickland, J. (2008, 02). How Computer Forensics Works. Retrieved from howstuffworks.com: https://computer.howstuffworks.com/computer-forensic3.htm

Lasater, L. (2020). How the Mishandling of Evidence Affects Criminal Investigations. Retrieved from https://www.cumberland.edu: https://www.cumberland.edu/wp-content/uploads/2020/10/POSTER_Lasater_Lucy-Lucy-Lasater.pdf

Sean E. Goodison, R. C. (2015). Digital Evidence and the U.S. Criminal Justice System. RAND Corporation.