Computer Forensics is a fast developing subject. As the
usage of the computer has increased so much excluding computer from the job of
a private investigator leaves him a worthless thing. Internet has made the job
of a private investigator a lot easier, but at the same time he has to update
himself with the latest tools otherwise he will be left far behind in the field
of investigation.
Computer crime is defined as the usage of computer and
related tools for committing crimes. Computer forensics is a fast growing
field. Computer crimes have been classified into five main classifications by
FBI: theft of information, unauthorized transactions, physical destruction,
system alteration and time theft. It is said that more than 70% crime cases related to
the computer don’t come in the public. These are concealed for the fear of
losing public confidence.
Maintaining the security of the computer and to ensure the
credibility of electronic transactions, following things should be considered.
-
Physical security must be ensured in order to
prevent physical damage to the system, intentional or accidental.
-
Ensure the security of data files and software
in order to prevent any deliberate alterations.
-
Use techniques to maintain transaction data control.
-
Use customer identification methods in order to
hamper the interference of a meddler.
An investigator involved in computer forensics must have a basic
knowledge of criminal investigation, data processing, accounting and auditing.
The sphere of crime investigation related to computers should comprise of
knowledge of vulnerability of computer to a particular kind of threat, concepts
of data processing via software and hardware and investigation mechanism and
methodology.
The crime is detected first of all by the internal auditor.
The investigator then has to collect all the evidences in a systemic manner so
that they can be presented and proofed successfully in the court of the law. He must identify the mechanism and manner of
action. He must determine and estimate the probable motives of the wrongdoer.
First step in the investigative process is to establish that
the loss of asset has occurred. It must be proved that there was presence of
asset at one point and it was missing at another point. Second step is
establishing the facts. This is done by first of all establishing a timeframe,
within which the fraud has taken place, establishing the upper and lower limits
of the time frame. Then collect all the facts within that time frame. It
includes interviewing all those who have been on the scene within that specific
period of time. Also interview those who had a close association with the
assets. Finally organize the data, apply
corrections if needed. Data must be
converted from more of a technical data to a lesser technical data so that the
court of the law can have proper understanding of the facts. The terminology
used for computer crimes is specific. “Payroll” means creating imaginary
personnel. “Inventory” means creation of imaginary accounts and records.
“Disbursement” is a term that is used when a company is strangulated in a way
that it has to pay for objects that it never bought.
Telecommunication crimes also fall into the category of
computer forensics. They can be of two primary types.
1 When a hacking program tries to access a
computer trough various routes, by repeatedly calling a system.
2
When stolen cards are used for telephone
service.
Illegal use of software and
hardware also comes in computer forensics. It also includes unauthorized copying of the software.
Data diddling, Torjan Horse,
Salami Slicing techniques, Trap Doors, Logic bombs, trashing, piggy backing and
impersonation are most common methods used for computer crimes.
