The Need for Building Stronger Evidence against Cyber Criminals
After the March 2011 security breach that assailed the security of RSA’s SecurID, companies like Lockheed Martin, Citibank, Sony, Booz Allen, and the Oak Ridge National Laboratories were likewise attacked by cyber space criminals. The latest addition to the list is the International Monetary Fund (IMF). Although the breach in security was publicly disclosed only in June 2011, the IMF admitted that its system had been assailed several months earlier. The official who disclosed the information, however, did not provide details but described the incident as a major security breach.
Computer forensic investigators (CFI) previously encountered difficulties in pursuing their cases against cybercriminals as affected computer user-organizations are wary of exposing more of their sensitive data for use as evidence in courts. The complexity of these cases pertains to the acceptability of the hidden data left behind by hackers in the user’s operating systems when introduced as court-case evidence.
Presentation of evidence has placed CFIs in a quandary, since they are at risk of violating privacy policies by inadvertently revealing irrelevant files. As a result, the unavailability of information is being used as defense by the cybercriminals who have been identified and being investigated.
The objective of the forensic examiner is to come up with a disk image of the information contained in the hard drive, which includes data gathered not only from workstations but also those found in the Internet, in routers, web logs, and emails. The time, the date and the size of files that were transferred are valuable to the prosecutors as they will allow the court cases against fraudsters and hackers to flourish in the courts of law.