Computer crimes can be the trickiest most of crime in the investigation process. This is because the perpetrator knows all too well how to manipulate the systems and leaves them in such a state that if the investigators do not cautiously handle the tampered systems they could not only lose the track they have on the perpetrator, but they also risk more confidential information that would be considered to have been left in a vulnerable state. As such, it is critical that the forensic involved be of certain level and criteria to help in the disarming process and the retrieval of crucial information without necessarily having to expose sensitive information on the server in question.
With this in mind, the forensics process and steps to be taken by an examiner in this case to identify the theft and computer crime should entail the policy and procedure development. Whether related to malicious cyber activity, the intent to commit a crime, or criminal conspiracy, digital evidence could be delicate and highly sensitive. Cybersecurity personnel better understand the value of this information and respect the possibility that it can be easily compromised if not cautiously handled and protected. For this possibility, it is critical to establish and follow strict guidelines and procedures for activities related to computer forensic investigations. These procedures should include detailed instructions about when computer forensics investigators are authorized to recover potential digital evidence, and how to adequately prepare systems for evidence retrieval (Rowlingson, 2004). The second process is evidence assessment. A vital component of the investigative process involves the evaluation of potential evidence in cyber-crime. Chief to the effective processing of evidence is a clear understanding of the details of the case in question. As such, the cyber-crime at hand needs to be classified. In this case, to prove that identity theft has been committed, computer forensics investigators use highly sophisticated methods to sift through hard drives, social networking sites, email accounts, and other digital archives to retrieve and assess any information that could serve as viable evidence of the crime.
Delegate your assignment to our experts and they will do the rest.
The third step is evidence acquisition. It is correct to point out that the most critical facet of a successful computer forensic investigation is a detailed, rigorous plan for acquiring evidence. Extensive documentation is needed before, during, and after the acquisition process; detailed information must be recorded and preserved, including all hardware and software specification, any systems used in the investigation processes, and the system being investigated. After evidence acquisition, there is the evidence examination process that is key to investigate the potential evidence adequately; procedures must be in place for retrieving, copying, and storing evidence within appropriate databases. Investigators, in this case, examine data from designated archives, using a variety of methods and approaches to analyze information which could include utilizing analysis software to search massive archives of data for specific keywords or file types and procedures for retrieving files that have been recently deleted. The last step in the forensic process and steps are documenting and reporting. After all the data and information in the form of evidence is obtained, it is fully documented and stored for reporting (Kohn, Eloff, & Eloff, 2013). It is essential for computer forensic investigators to keep an accurate record of all activity that is related to the investigation, including all methods used for testing system functionally and retrieving, copying, and storing the data, as well as all actions taken to acquire, examine and assess evidence.
The two types of authentication that are acceptable in the investigative process of identity theft, in this case, include usernames and passwords. This is because identity theft is the process of impersonation, claiming another person's identity. As such, authentication put in place would refer to the process of confirming something or in this case someone, as being authentic and real. In reference to this, usernames and passwords are examples of authentication for online or digital files. The username could be a person's given name, their login number into a system, or their reference number in the said systems. The password, on the other hand, is usually a string of characters. These characters could be numbers, letters and perhaps punctuations and symbols that are assigned by the institution, or in most cases chosen by the employee or personnel authorized to access the systems, files, and folders in question. In simple terms, online authentication uses a single authentication factor based on information already known. This is important and comes into play when somebody else commonly referred to as an intruder or perpetrator tries to sign into the system. Since their information is not always recorded or fed into the system, they tend to pass as the people authorized to access these systems by stealing their login credentials to act as their identity.
In simple terms, they assume the person who is allowed to access these systems and files. In establishing identity theft, the forensic investigators would have to prove that indeed it was not the authorized personnel that signed into the systems, and that a third party had stolen or manipulated their login credentials. Such acts include breaking into their server and accessing information from that point or feeding in their usernames and passwords into the systems thereby gaining the access the authorized personnel would have otherwise have located, in reducing such incidents of identity theft, the second example of authentication is biometrics. This is the use of fingerprint scanners to access online systems and folders. Highly advanced and sophisticated systems use fingerprints, rather than usernames and passwords since these cannot be easily manipulated, and it would be easy to note when an intruder tries to break into the systems (Jain & Nandakumar, 2012). Examples of a chain of custody techniques of digital evidence include hardware information, which could include photos, serial numbers, asset ID and hostname, and digital data such as filename and md5 hash.
The other aspect of forensic processes and techniques is the legal provisions of the First and Fourth Amendments as far as the identity theft investigation is concerned. According to these provisions, it is illegal to use electronic surveillance devices in identity theft according to the First Amendment since it violates the freedom of speech and press. It is also unlawful according to the Fourth Amendment where is considered an unreasonable form of searches and seizures. However, private searches and surveillance in identity theft are deemed legal by the Fourth Amendment if such an act is caused by a private individual who is not acting as a representative of the government or with the involvement or knowledge of any government official. What this means is that to some extent the act is legal, though in this case, it is not because the federal law enforcement agency is a body of the government. However, it is legal to place a tracking device according to the Fourth and First Amendments on people or groups of people suspected to be cybercriminals if there is a substantial probability that the assumptions are correct. This happens mostly in cases of luring cybercriminals into traps where they are later nabbed (Kerr, 2009). This act is considered legal since it is geared towards apprehending specific cyber culprits and as such does not infringe into the space and privacy of any other person; instead, it is directed and focused on only a particular people, or groups of people.
References
Jain, A. K., & Nandakumar, K. (2012). Biometric Authentication: System Security and User Privacy. IEEE Computer , 45 (11), 87-92.
Kerr, O. S. (2009). Applying the fourth amendment to the internet: A general approach. Stan. L. Rev. , 62 , 1005.
Kohn, M. D., Eloff, M. M., & Eloff, J. H. (2013). Integrated digital forensic process model. Computers & Security , 38 , 103-115.
Rowlingson, R. (2004). A ten step process for forensic readiness. International Journal of Digital Evidence , 2 (3), 1-28.
