Digital Forensic Investigations: Issues of Intangibility, Complications and Inconsistencies in Cyber-Crimes
Keywords:
Digital Forensic Investigation, Cyber-crime, Digital evidence, Artefacts, Malwares, PayloadAbstract
The use of the Internet and computing resources as vital business tools continue to gain prominence day-by-day. Computing resources are utilized to create innovative and value-added products and services. Associated with this trend is the extent of cyber-crimes committed against or using computers. Experts anticipate that the extent and severity of cyber-attacks have increased in recent times and are likely to explode, unless some mitigation measures are instituted to curb the menace. As a response to the growth of cyber-crimes, the field of digital forensics has emerged. Digital forensic investigations have evolved with the passage of time and it’s impacted by many externalities. A number of key challenges ought to be addressed, such as the intangibility, complications and inconsistencies associated with the investigations and presentation of prosecutorial artefacts. The digital evidence is usually intangible in nature, such as an electronic pulse or magnetic charge. The question is how can the intangibility of computer crime complicate the digital forensic investigations? To what extent can inconsistencies during the investigation mar the permissibility or admissibility of the evidence? This study is an experimentally exploratory set-up with virtual systems subjected to some malware exploits. Using live response tools, we collected data and analyzed the payloads and the infected systems. Utilizing triage information, memory and disk images were collected for analysis. We also carried out reverse engineering to decompose the payload. The study unearthed the digital truth about malwares and cyber-criminal activities, whilst benchmarking with standard procedures for presenting court admissible digital evidence. The timelines of activities on infected systems were reconstructed. The study demonstrated that externalities of intangibility, complications and inconsistencies can easily mar digital forensic investigations or even bring the entire process to an abrupt end. Further studies would be carried out to demonstrate other ways perpetrators use in concealing valuable digital evidence in a cyber-crime.
Downloads
References
E. O.Yeboah-Boateng, Cyber-Security Challenges with SMEs in Developing
Economies: Issues of Confidentiality, Integrity & Availability
(CIA), 1 ed., Copenhagen: Institut for Elektroniske Systemer, Aalborg
University, 2013.
B. Cashell, W. D. Jackson, M. Jickling and B. Webel, “The Economic
Impact of Cyber Attacks,” US Congressional Reserach Service, 2004.
A. Karran, J. Haggerty, D. Lamb, M. Taylor and D. Llewellyn-Jones, “A
Social Network Discovery Model for Digital Forensics Investigations,”
in 6th International Workshop on Digital Forensics & Incident Analysis
(WDFIA 2011), 2011.
Forensic Handbook, “Forensic Handbook,” 12 August 2012. [Online].
Available: www.forensichandbook.com/locards-exchange-priniciple/.
[Accessed 7 October 2015].
K. Zatyko and J. Bay, “The Digital Forensic Cyber Exchange Principle,”
Digital Forensic Investigator (DFI), 14 December 2011.
E. O. Yeboah-Boateng and P. M. Amanor, “Phishing, SMiShing &
Vishing: An Assessment of Threats against Mobile Devices,” Journal of
Emerging Trends in Computing and Information Sciences, vol. 5, no. 4,
pp. 297–307, April 2014.
FBI IC3, “2014 Internet Crime Report,” Federal Bureau of Investigations,
Internet Crime Complaint Cneter (IC3), 2015.
S. Charney and K. Alexander, “Computer Crime,” Computer Crime
Research Center (CCRC), 2002.
PITAC, “Cyber-Security: A Crisis of Prioritization,” National Coordination
Office for Information Technology Research & Development,
MyCERT, “MyCERT Quarterly Incident Statistics Summary Report,”
L. Zeltser, “Malware Sample Sources for Researchers,” 2013. [Online].
Available: www.zeltser.com/malware-sample-sources/. [Accessed 24
September 2015].
J. Moulin, “Digital Forensic: The Impact of Inconsistent Standards,
Certifications and Accreditation,” 29015.
SWGDE, Scientifc Working Group on Digital Forensics (SWGDE),
E. O. Yeboah-Boateng and E. B. Boadi, “An Assessment of Corporate
Security PolicyViolations Using Live Forensics Analysis,” International
Journal of Cyber-Security & Digital Forensics (IJCSDF), vol. 4, no. 11,
pp. 1–10, 2013.
Essays-Lab, “Buy Custom Computer Forensic Essay,” May 2015.
[Online]. Available: www.essays-lab.com/free-samples/Research/
computer-forensic.html. [Accessed 5 October 2015].
A. Okunoye, “Increase in Computing Capacity and its Influence on
Service Provision,” in 37th Hawaii International Conference on System
Sciences – 2004, 2004.
D. J. Price, “The Analog and Digtal World,” in Handbook of Digital &
Multimedia Forensic Evidence, J. Barbara, Ed., Humana Press, 2008,
pp. 1–10.
S. Bui, M. Enyeart and J. Luong, “Issues in Computer Forensics,” 2003.
INTERPOL, “INTERPOL and Trend Micro to Collaborate Against
Cybercrime,” International Police, 24 June 2013. [Online]. Available:
www.interpol.int/News-and-media/News/2013/PR076. [Accessed
October 2015].
D. Shoemaker andW. A. Conklin, Cybersecurity: The Essential Body of
Knowledge, Cengage Learning, Thomson Course Technology, 2011.
L. Milkovic, “DefeatingWindows Memory Forensics (29c3),” INFIGO,
J. Stuttgen and M. Cohen, “Anti-Forensic Resilient Memory Acquisition,”
Digital Investigation, vol. 10, pp. 105–115, 2013.
B. Nelson, A. Phillips, F. Enfinger and C. Steuart, Guide to Computer
Forensics and Investigations, Cengage Learning, Thomson Course
Technology, 2004.
A. Marrington, G. Mohay, A. Clark and H. Morarji, “Dealing with
Temporal Inconsitency in Automated Computer Forensic Profiling,”
Information Security Institute, Queensland University of Technology,
E. D. Lucia, “Stabuniq in Depth,” 24 December 2012. [Online]. Available:
www.contagiodump.blogspot.com/2012/12/dec/dec-2012-trojanst
abuniq-samples.html. [Accessed 2 October 2015].
C. Robertson, “Indicators of Compromise in Memory Forensics,” SANS
Institute InfoSec Reading Room, 2013.
M. Russinovich, “Process Monitor v3.2.,” TechNet, 26 May 2015.
[Online]. Available: www.technet.microsoft.com/en-us/library/
bb896645.aspx. [Accessed 11 October 2015].
M. Sirorski and A. Honig, Practical Malware Analysis: The Hands-on
Guide to Dissecting Malicious Software, No Starch Press, 2012.
Microsoft, “Malware Removal Guides: How to Remove Malware
from Your Windows PC,” Microsoft Corporation, 2014. [Online].
Available: www.malwareremovalguides.info/iexplorer-exe-is-runningin-
background/. [Accessed 2 October 2015].
Y.-M. Wang, R. Roussev, C. Verbowski, A. Johnson and D. Ladd,
“AskStrider: What has Changed in My Machine Lately?,” Microsoft
Research, Microsoft Corporation, 2004.
E. Casey, Handbook of Computer Crime Investigations: Forensic Tools
and Technology, Academic Press, 2003.
S. Chandra and R. K. Yadav, “Network Monitoring and Forensics,”
International Journal of Computer Science and Mobile Computing,
vol. 2, no. 8, pp. 181–185, 2013.
L.Volonino and I. Redpath, e-Discovery for Dummies,Wiley Publishing,
Inc., 2010.