Digital Forensic Investigations: Issues of Intangibility, Complications and Inconsistencies in Cyber-Crimes

Authors

  • Ezer Osei Yeboah-Boateng Ghana Technology University College (GTUC)
  • Elvis Akwa-Bonsu Detectware Limited, Ghana

Keywords:

Digital Forensic Investigation, Cyber-crime, Digital evidence, Artefacts, Malwares, Payload

Abstract

The use of the Internet and computing resources as vital business tools continue to gain prominence day-by-day. Computing resources are utilized to create innovative and value-added products and services. Associated with this trend is the extent of cyber-crimes committed against or using computers. Experts anticipate that the extent and severity of cyber-attacks have increased in recent times and are likely to explode, unless some mitigation measures are instituted to curb the menace. As a response to the growth of cyber-crimes, the field of digital forensics has emerged. Digital forensic investigations have evolved with the passage of time and it’s impacted by many externalities. A number of key challenges ought to be addressed, such as the intangibility, complications and inconsistencies associated with the investigations and presentation of prosecutorial artefacts. The digital evidence is usually intangible in nature, such as an electronic pulse or magnetic charge. The question is how can the intangibility of computer crime complicate the digital forensic investigations? To what extent can inconsistencies during the investigation mar the permissibility or admissibility of the evidence? This study is an experimentally exploratory set-up with virtual systems subjected to some malware exploits. Using live response tools, we collected data and analyzed the payloads and the infected systems. Utilizing triage information, memory and disk images were collected for analysis. We also carried out reverse engineering to decompose the payload. The study unearthed the digital truth about malwares and cyber-criminal activities, whilst benchmarking with standard procedures for presenting court admissible digital evidence. The timelines of activities on infected systems were reconstructed. The study demonstrated that externalities of intangibility, complications and inconsistencies can easily mar digital forensic investigations or even bring the entire process to an abrupt end. Further studies would be carried out to demonstrate other ways perpetrators use in concealing valuable digital evidence in a cyber-crime.

 

Downloads

Download data is not yet available.

Author Biographies

Ezer Osei Yeboah-Boateng, Ghana Technology University College (GTUC)

E. O. Yeboah-Boateng is a senior lecturer and the Head (acting Dean), Faculty of Informatics, at the Ghana Technology University College (GTUC), in Accra. Ezer is an ICT Specialist and a Telecoms Engineer, an executive with over 25 years of corporate experience and about 9 years in academia. He has over 10 peer-reviewed international journal papers to his credit, and well cited in Google Scholar. His research focuses on cyber-security vulnerabilities, digital forensics investigations (DFI), cyber-crime and crimeware, cloud computing, Big data and fuzzy systems.

Elvis Akwa-Bonsu, Detectware Limited, Ghana

E. Akwa-Bonsu is a Cyber Security Expert and Researcher. Elvis is the Head of Intelligence at Detectware, a private cyber-security firm in Accra, Ghana. With 18 years of corporate experience, Elvis focuses on offensive, destructive, and defensive technology that affect and protect enterprises. He frequently speaks on the subject of security standards, penetration testing/auditing, digital investigations, attack techniques, wireless security, covert channel communications, network security monitoring, Packet Analysis, Malware Analysis, steganography, incident response, malware analysis, Honeypots, vulnerability analysis, virtualization, cloud computing security, business continuity and security awareness.

References

E. O.Yeboah-Boateng, Cyber-Security Challenges with SMEs in Developing

Economies: Issues of Confidentiality, Integrity & Availability

(CIA), 1 ed., Copenhagen: Institut for Elektroniske Systemer, Aalborg

University, 2013.

B. Cashell, W. D. Jackson, M. Jickling and B. Webel, “The Economic

Impact of Cyber Attacks,” US Congressional Reserach Service, 2004.

A. Karran, J. Haggerty, D. Lamb, M. Taylor and D. Llewellyn-Jones, “A

Social Network Discovery Model for Digital Forensics Investigations,”

in 6th International Workshop on Digital Forensics & Incident Analysis

(WDFIA 2011), 2011.

Forensic Handbook, “Forensic Handbook,” 12 August 2012. [Online].

Available: www.forensichandbook.com/locards-exchange-priniciple/.

[Accessed 7 October 2015].

K. Zatyko and J. Bay, “The Digital Forensic Cyber Exchange Principle,”

Digital Forensic Investigator (DFI), 14 December 2011.

E. O. Yeboah-Boateng and P. M. Amanor, “Phishing, SMiShing &

Vishing: An Assessment of Threats against Mobile Devices,” Journal of

Emerging Trends in Computing and Information Sciences, vol. 5, no. 4,

pp. 297–307, April 2014.

FBI IC3, “2014 Internet Crime Report,” Federal Bureau of Investigations,

Internet Crime Complaint Cneter (IC3), 2015.

S. Charney and K. Alexander, “Computer Crime,” Computer Crime

Research Center (CCRC), 2002.

PITAC, “Cyber-Security: A Crisis of Prioritization,” National Coordination

Office for Information Technology Research & Development,

MyCERT, “MyCERT Quarterly Incident Statistics Summary Report,”

L. Zeltser, “Malware Sample Sources for Researchers,” 2013. [Online].

Available: www.zeltser.com/malware-sample-sources/. [Accessed 24

September 2015].

J. Moulin, “Digital Forensic: The Impact of Inconsistent Standards,

Certifications and Accreditation,” 29015.

SWGDE, Scientifc Working Group on Digital Forensics (SWGDE),

E. O. Yeboah-Boateng and E. B. Boadi, “An Assessment of Corporate

Security PolicyViolations Using Live Forensics Analysis,” International

Journal of Cyber-Security & Digital Forensics (IJCSDF), vol. 4, no. 11,

pp. 1–10, 2013.

Essays-Lab, “Buy Custom Computer Forensic Essay,” May 2015.

[Online]. Available: www.essays-lab.com/free-samples/Research/

computer-forensic.html. [Accessed 5 October 2015].

A. Okunoye, “Increase in Computing Capacity and its Influence on

Service Provision,” in 37th Hawaii International Conference on System

Sciences – 2004, 2004.

D. J. Price, “The Analog and Digtal World,” in Handbook of Digital &

Multimedia Forensic Evidence, J. Barbara, Ed., Humana Press, 2008,

pp. 1–10.

S. Bui, M. Enyeart and J. Luong, “Issues in Computer Forensics,” 2003.

INTERPOL, “INTERPOL and Trend Micro to Collaborate Against

Cybercrime,” International Police, 24 June 2013. [Online]. Available:

www.interpol.int/News-and-media/News/2013/PR076. [Accessed

October 2015].

D. Shoemaker andW. A. Conklin, Cybersecurity: The Essential Body of

Knowledge, Cengage Learning, Thomson Course Technology, 2011.

L. Milkovic, “DefeatingWindows Memory Forensics (29c3),” INFIGO,

J. Stuttgen and M. Cohen, “Anti-Forensic Resilient Memory Acquisition,”

Digital Investigation, vol. 10, pp. 105–115, 2013.

B. Nelson, A. Phillips, F. Enfinger and C. Steuart, Guide to Computer

Forensics and Investigations, Cengage Learning, Thomson Course

Technology, 2004.

A. Marrington, G. Mohay, A. Clark and H. Morarji, “Dealing with

Temporal Inconsitency in Automated Computer Forensic Profiling,”

Information Security Institute, Queensland University of Technology,

E. D. Lucia, “Stabuniq in Depth,” 24 December 2012. [Online]. Available:

www.contagiodump.blogspot.com/2012/12/dec/dec-2012-trojanst

abuniq-samples.html. [Accessed 2 October 2015].

C. Robertson, “Indicators of Compromise in Memory Forensics,” SANS

Institute InfoSec Reading Room, 2013.

M. Russinovich, “Process Monitor v3.2.,” TechNet, 26 May 2015.

[Online]. Available: www.technet.microsoft.com/en-us/library/

bb896645.aspx. [Accessed 11 October 2015].

M. Sirorski and A. Honig, Practical Malware Analysis: The Hands-on

Guide to Dissecting Malicious Software, No Starch Press, 2012.

Microsoft, “Malware Removal Guides: How to Remove Malware

from Your Windows PC,” Microsoft Corporation, 2014. [Online].

Available: www.malwareremovalguides.info/iexplorer-exe-is-runningin-

background/. [Accessed 2 October 2015].

Y.-M. Wang, R. Roussev, C. Verbowski, A. Johnson and D. Ladd,

“AskStrider: What has Changed in My Machine Lately?,” Microsoft

Research, Microsoft Corporation, 2004.

E. Casey, Handbook of Computer Crime Investigations: Forensic Tools

and Technology, Academic Press, 2003.

S. Chandra and R. K. Yadav, “Network Monitoring and Forensics,”

International Journal of Computer Science and Mobile Computing,

vol. 2, no. 8, pp. 181–185, 2013.

L.Volonino and I. Redpath, e-Discovery for Dummies,Wiley Publishing,

Inc., 2010.

Downloads

Published

2015-08-24

How to Cite

1.
Yeboah-Boateng EO, Akwa-Bonsu E. Digital Forensic Investigations: Issues of Intangibility, Complications and Inconsistencies in Cyber-Crimes. JCSANDM [Internet]. 2015 Aug. 24 [cited 2024 Nov. 3];4(2-3):87-104. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/5157

Issue

Section

Articles