Computer Forensics

Computer Forensics is a fast developing subject. As the usage of the computer has increased so much excluding computer from the job of a private investigator leaves him a worthless thing. Internet has made the job of a private investigator a lot easier, but at the same time he has to update himself with the latest tools otherwise he will be left far behind in the field of investigation.

Computer crime is defined as the usage of computer and related tools for committing crimes. Computer forensics is a fast growing field. Computer crimes have been classified into five main classifications by FBI: theft of information, unauthorized transactions, physical destruction, system alteration and time theft. It is said that more than 70% crime cases related to the computer don’t come in the public. These are concealed for the fear of losing public confidence.

Maintaining the security of the computer and to ensure the credibility of electronic transactions, following things should be considered.

-          Physical security must be ensured in order to prevent physical damage to the system, intentional or accidental.

-          Ensure the security of data files and software in order to prevent any deliberate alterations.
-          Use techniques to maintain transaction data control.

-          Use customer identification methods in order to hamper the interference of a meddler.
An investigator involved in computer forensics must have a basic knowledge of criminal investigation, data processing, accounting and auditing. The sphere of crime investigation related to computers should comprise of knowledge of vulnerability of computer to a particular kind of threat, concepts of data processing via software and hardware and investigation mechanism and methodology.

The crime is detected first of all by the internal auditor. The investigator then has to collect all the evidences in a systemic manner so that they can be presented and proofed successfully in the court of the law.  He must identify the mechanism and manner of action. He must determine and estimate the probable motives of the wrongdoer.

First step in the investigative process is to establish that the loss of asset has occurred. It must be proved that there was presence of asset at one point and it was missing at another point. Second step is establishing the facts. This is done by first of all establishing a timeframe, within which the fraud has taken place, establishing the upper and lower limits of the time frame. Then collect all the facts within that time frame. It includes interviewing all those who have been on the scene within that specific period of time. Also interview those who had a close association with the assets.  Finally organize the data, apply corrections if needed.  Data must be converted from more of a technical data to a lesser technical data so that the court of the law can have proper understanding of the facts. The terminology used for computer crimes is specific. “Payroll” means creating imaginary personnel. “Inventory” means creation of imaginary accounts and records. “Disbursement” is a term that is used when a company is strangulated in a way that it has to pay for objects that it never bought.

Telecommunication crimes also fall into the category of computer forensics. They can be of two primary types.

1      When a hacking program tries to access a computer trough various routes, by repeatedly calling a system.
         When stolen cards are used for telephone service.

     Illegal use of software and hardware also comes in computer forensics. It also includes unauthorized copying of the software.

Data diddling, Torjan Horse, Salami Slicing techniques, Trap Doors, Logic bombs, trashing, piggy backing and impersonation are most common methods used for computer crimes.