Case Study of Computer Forensic
Computer Forensic: Giving New Dimensions To Law And Order
With the present scenario of crimes brimming almost all around the globe, there’s a need for a perfect law and order maintaining techniques. Crime is a work given to the actions done by any person for which can be brought under conviction in any of the courts around the world. With the help of good legal and jurisdiction tools and methods or procedures available easily at their hands, the government can very easily compel the people responsible or charged to be summoned and prosecuted. The people living in any country have to follow the rules and regulations of that country and also to comply with all the laws. If they are not found doing so, then they have a charge filed against them.
Amongst all other crimes around the world, Pornographic crime has been increasing at a great pace (Shahidullah, 2008). With the modern age growing, people are becoming more prone to crimes relating to selling and receiving pornographic material. Pornography can be called as a victimless crime. This term “pornography” does not have any well-defined or understandable meaning and also can’t be given any pure legal definition. If any Supreme Court
Need essay sample on "Case Study of Computer Forensic"? We will write a custom essay sample specifically for you for only $ 13.90/page
Crimes such as Child pornography and other porn materials’ illegal transactions are making strong grounds in India and around the globe especially among the youngsters (Taylor, 2003). Our young generation if will be hatched up in all these activities then who will write the future of this world. A sexual figure made in line on a medical book is very different from the figures and pictures presented in any pornographic site. These activities are endangering the future and present progress of any country.
The Legal definitions or explanations in one line of child pornography normally include sexual imagery involving equally prepubescent & post-pubescent adolescent minor & computer-generated metaphors that showed to engross them. Most of the possessors of teenager pornography who would have been arrested when got to own imagery of any prepubescent children; then owners of pornographic imagery of post-pubescent trifling are less possible to be put on trial, even when those imagery also fall inside the law.
These activities are best carried out and that too quite easily with the fast and simple computer systems. Mostly of the pornographic materials are carried in CD drives, USB Drives and other memory disks that work interfaced with the computers (Cox, 2008).
So, one way to curb such activities would be to put a check on the porn site visiting by all the computers around the world and also to develop technologies to scan the computers of the accused person to retrieve all the evidences and sources related to this field. This can be done by the new emergent field of computer forensics. They have well oriented methods to check these activities and scan through any computer. Let’s study it in detail.
Computer forensics which is also sometimes called as computer forensic sciences is that branch of the forensic science that pertains to all the legal evidences that can be found in computers & digital storage devices (Vacca, 2005). Computer forensics can also be called as digital forensics. The aim of computer forensics mainly is to give a proper explanations to the present condition of a digital relic; such as any computer system, or a storage means (e.g. hard disks or a CD-ROM), and an electronic text (for e.g. an email communication or a JPEG image), even a progression of packets of data moving above a computer system. The reach of any forensic study can fluctuate from straightforward information rescue to renovation of a succession of proceedings. This field also contains sub twigs within it like as the firewall forensics, or network forensics, mobile devices forensics and data device forensics (Anson, 2007).
There could be many motives to use the method called computer forensics:
1. In especially legal cases, these computer forensic methods are commonly used to study computer structure belonging to defendants (mostly in the criminal cases) or the litigants (for the civil cases) (Vacca, 2005).
2. To retrieve information in the episode of any hardware or any software failure.
3. To examine a computer based system later than any type of break-in, like for example, to resolve how the invader gained admittance and what has he planned to do or he has done
3. To collect evidence in opposition to any member of staff that any association wishes to expel.
4. To gain all in formations regarding how the computer system is going to work for the intention of debug, presentation optimization, or also the reverse-engineering.
There are basically 5 basic steps in this computer forensic process:
Collection( the data)
Computer Forensics helping in curbing Child Pornography
Since Internet has proved to be a very efficient distribution channel for the information or media of all kinds. Therefore our last decades have witnessed a large increase in child pornography increase. Computer forensic science helps a lot in understanding child pornography. Following are covered some of the primary methodologies of the proceedings related to the prosecution related to child pornography (Casey, 2004).
First of all, we shall try finding out the reasons why we are standing in such situations. This might include the discovery of the files related to such pornographic materials (Mohay, 2003). The government is brought to the culprit’s place or it catches the person in charge of this by the following ways mainly:
1. The IP address of the charged person instantly can be tracked and the
Accused person can be held under suspect.
2. By striving through the Chat rooms of the persons under suspect.
3. Sharing of files
4. The related computer technician
The computer used for such activities can be checked by either knocking and talking or hiring directly a search warrant for it.
The warrants shall be searched further for any shortcomings. The misleading and false statements in the warrants should be avoided.
In order to understand the procedures involved in getting electronic evidences regarding this perspective can be summarized as under:
1. A motioned and protective order should be passed. The present case must be compared to the other contraband cases.
2. The successful motions should be reviewed.
3. The forensic Image of the evidence should be kept safe definitely for
Future reference. It is the most important evidence for this crime.
4. The location of these images must be studied carefully. The bills of
Particulars and the discovery requests should be recorded.
· Understanding Forensic Imaging:
1. The Bit Stream backing technique can be use for imaging the information of one drive into another.
2. MATHEMATICAL HASHING can be used to compare the data contents of two drives under inspection.
3. The metadata information should be understood. Metadata is basically data about data. The dates and times of the files shall be analyzed. The creation, Modification times and date should be recorded. The last access time should also be recorded. Any additional embedded data or facts about the related site and author should be investigated. The software used to view or for creating such files should also be studied.
Forensic Tools Used For Investigation
· The software tools that can be used for this purpose are EnCase and Forensic Toolkit.
· The Hardware tools are the write protection. A dedicated Pc without any Internet connection and any removable enclosures of disks.
Here’s an example for computer neophytes; when anyone gets a blame of having porn on their computer, consequently getting fired, losing their friends & family and then facing prosecution. If they hire a computer forensics expert, they could have their name cleared.
The presented case here Talks about two Friends Tom & jerry. They Lived in Brighton and shared a flat. But one day tom was accused of selling some pornographic material to a police officer in his local pub. His flat was raided by the police. They got two computers there, both of them belonging to the two friends. Both the computers were using Windows XP and were using a local network. A broadband was used to connect them to the internet. In order to collect all the evidences against tom in this case and the detailed study of the equipments used for this purpose are the main proceedings. Also to mention that Jerry who was living in the same flat with the person under charge claims his innocence and says that he had no idea about what all stuff was being backed upon his computer but Tom . He never suspected the accused person for any such reasons.
So, the main job of the forensic department is to produce evidence against tom, scan his computer, and collect all the evidences and imaging and to prove him guilty (Casey, 2002). Jerry claims his innocence, so his engagement in the concerned matter should also be examined carefully and he should be treated as is suitable.
A suitable case can be cited from the past which involved a similar story where a person accused of the child pornography was released from custody after he took the help of Computer Forensics. I shall be discussing the key particulars of this case in order to underline or briefly the case of Tom and Jerry.
A similar case study for reference:
Michael Fiola who was an employee of the Commonwealths of Massachusetts took help from COMPUTER FORENSICS after he got fired for the charge of having child pornography on his system. After a rapid assessment, state investigators found some of the child porn whereas Fiola promised that he has never downloaded any such stuff and also don’t know how to all such things. He was 56 years old then and after being charged by such a shameful crime, he was completely shunned by his family and friends.
Fiola finally has to hire a forensic computer’s expert from Tuscon known as Tami Loehrs in order to get deeper into the matter. He had a Dell computer Laptop Equipped with a broadband of Dell only and Internet was accessed through Verizon (NYSE:VZ).
Later his computer was pointed red flagged after showing High rates of Data Activity. It was much greater then than any other normal investigator’s report. Then, Fiola’s laptop computer was been taken and analyzed by the investigators. They found many Website files & images relating to child pornography in some provisional Internet files & folder. Consequently, Fiola was fired and faced prosecution by the state.
But later in her analysis, Loehrs found an important thing that on some of the dates porn appeared only in some temporary files without any web address and any browser’s name in the address box. They seemed to be of No specific Origin.
Loehrs also found that in addition to all this the windows firewall system was turned off. The “Microsoft (NSDQ:MSFT), whose Systems Management had earlier been installed on the day 2006,September 20 and it was found that that the new name of computer i.e. BOLIN17 has not been altered in this SMS software. The facts showed this that when Fiola had used his laptop initially for the 1st time, he did create many shortcuts to some of the work associated files like mileage sheets, and contacted several of the work-related sites, also including the Massachusetts’ Municipal Associations and he added these sites to the favorite list. Then on next day immediately, 1st verification of pornographic activities came into view on his computer.
Therefore, Loehrs wrote in the report she was preparing over this matter, that these files were unidentified by the forensic software and can’t be viewed. The HTML code included may of Such Activity is definitely suspected to be cause by any of a virus or a Trojan.
Later on, Trojans and Viruses were found on his laptop. So finally concluding her Report, Loehrs absolved Fiola. This was one case. Any one who’s found guilty on any such crime can be prosecuted and his case can be studied by the help of forensic engineers.
For the Case of Tom and Jerry, First Step should be the evidences’ collections for the potential prosecution of Tom.
Tom was caught Red handed supplying pornographic materials to the police officer, so he is definitely a culprit. In order to collect evidence against him, first of all his computer should be immediately be raided and scanned thoroughly by the help of the computer forensic tools as discussed above. Covering it up again over here in the context of this very case, these steps should definitely be carried out:
1. Tom’s Computer should immediately be strictly examined of any more pornographic materials. A report should be Prepared about the downloading activity that was being done from his computer. Downloading of pornographic Material shows heavy amount of memory utilization and downloading and immense surfing. This can easily be tracked and the responsible person’s IP address can be tracked.
2. His chat rooms should be tracked up for any evidences or links related to his pornographic activity. Also if any other person was involved with in all this matter or he is also a customer of Tom for buying or viewing these types of pornographic materials can also be held under suspect. Also if jerry was involved in all this with tom then he would definitely have any links shared with tom. If any files would have been shared between them via chat then certainly, they could an important evidence to prove him guilty or innocent.
3. All the files shared by Tom to any person around the globe should be analyzed. This would give the extent and Seriousness of the charge filed against Tom and he should then be duly punished. All such Electronic evidences should be collected and well presented while filing a case against him. They should not include any false statements.
4. Referring to Previous cases and the Law and Order of Brighton, Charges should be filed against tom.
5. The evidences from tom’s computer can be recorded into the memory device of the police officers by the help of the forensic soft wares. The Bit stream technique as mentioned earlier can be used for the imaging process. Mathematical Hashing can easily used to compare data between drives. Thus, the drives of Tom and Jerry can be compared and checked for similarities by using this software.
6. The Date and time of the downloading and storage of these files should also be recorded. Also the access date and modification date should be checked. Further, any additional links embedded in these files should be strived through. They give a link to the range of this crime and also the extent to which it has been carried out.
Second step would be to find out the all possible sources of this porn and all the internet sites that are providing such materials and should be held under inspection.
Online distribution of pornographic material includes mostly the uploading of scanned photos and pictures from adult magazines. This sort of distribution is normally free. The invention of WWW facilitated the distribution of both the commercial and professional pornographic materials. There are basically two types of internet sites providing pornographic material, one are the free sites and other are the commercial sites.
TGP: The most commonly used adult content is a specialized list of small pictures that are linked to the galleries. These are called Thumbnail gallery Post or (TGP) the sites leading to video files are called MGP or Movie Gallery Post (Rennie, 2000).
USERNET: Another source providing the pornographic material very easily is the Usernet newsgroups. They were primarily the 1st home for providing such Materials.
PEER-to-PEER: This file sharing networking system provides a fast access to the pornographic material. They have been primarily associated with all the illegal sharing of the files and folders that are copyrighted.
Soft Wares To Curb Pornography
· PhotoDNA is no any magical bullet for checking child pornography. It basically does not declare any image or video to be under pornographic category but rather it inspects any image and also spots its digital fingerprint, that can be also be compared for any sort of matches with other hundreds already known porno photographs and porn videos in any computer library for exploited children (Forbes, 2008). The major use as said by the experts will be mostly in cutting down the reposting of child porn. Often, the same imagery socializes for years.
· The software tools that can be used for this purpose are EnCase and Forensic Toolkit. These are the special tools used by the computer forensic engineering team.
Third issue is to prove innocence of Jerry
· For this basically as mentioned above, the chat rooms of both the accused people should be thoroughly searched. This is because any of the files sharing between or any link sharing between them can be a strong evidence of the pornographic activity. If any such sharing is found as evidence then Jerry will be prosecuted and case can be filed against him too.
· Scanning his computer for any of the temporary internet files showing the porn content or links to such illegal matter should also be immediately reported to the crime branch.
· All the CD drives and the memory devices should be immediately scanned and searched for any such material. If not found any materials, then he could be held innocent.
· As the case we have studied above where a person accused of porn was found to be innocent, Jerry’s computer should also be checked for any Viruses or Trojans that might have led to such a situation
· Also the web addresses and links of these sites should checks for a genuine origin if any. The date, time of their access and modification recorded and their comparison with the time for which Jerry was using his computer or was online can also help in deciding whether he was involved in all these activities. This would also prove that whether anyone else (Tom here) was using his computer for such porn visits.
Anson Steve, Bunting Steve, Mastering Windows Network Forensics and Investigation, illustrated, 2007, John Wiley and Sons, ISBN: 0470097620, 9780470097625
Casey Eoghan, Digital evidence and computer crime: forensic science, computers and the Internet, 2nd, illustrated, 2004, Academic Press, ISBN: 0121631044, 9780121631048
Cox Frank D, Human Intimacy: Marriage, the Family, and Its Meaning, Research Update, 10th revised, illustrated 2008, Cengage Learning, ISBN 0495504335, 9780495504337
Casey Eoghan, Handbook of computer crime investigation: forensic tools and technology, 6th, illustrated, 2002, Academic Press, ISBN: 0121631036, 9780121631031
Forbes William, The Investigation of Crime, illustrated, 2008, Kaplan Publishing, ISBN: 1427797250, 9781427797254
Mohay George M., Anderson Alison, Collie Byron, Vel Olivier de, Computer and intrusion forensics, illustrated, 2003, Artech House, ISBN: 1580533698, 9781580533690
Rennie M-.T.Michele, “Computer and Telecommunications Law Review”, Volume 5, 2000, Sweet & Maxwell, ISBN: 0421696605, 9780421696600
Shahidullah Shahid M, Crime policy in America: laws, institutions, and programs, illustrated 2008, University Press of America, ISBN 0761840982, 9780761840985
Taylor Maxwell, Quayle Ethel, Child pornography: an Internet crime, illustrated 2003, Psychology Press, ISBN 1583912436, 9781583912430
Vacca John R, Computer forensics: computer crime scene investigation, 2nd, illustrated 2005, Cengage Learning, ISBN 1584503890, 9781584503897
Volonino Linda, Anzaldua Reynaldo, Computer Forensics For Dummies, illustrated, 2008, For Dummies, ISBN: 0470371919, 9780470371916.
Vacca John R., Computer forensics: computer crime scene investigation, 2nd, illustrated, 2005, Cengage Learning, ISBN: 1584503890, 9781584503897