View Post

Important Cybercrime Laws

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 1 of 12 in the series Digital Forensics

There are a number of cybercrime laws that are extremely important in the field of digital forensics and cybersecurity as a whole. Two of the most important laws include the Computer Fraud and Abuse Act (CFAA) of 1984 and the Electronic Communications Privacy Act (ECPA) of 1986. The original intent of CFAA was to address computer related crimes and more …

View Post

Yet More Theft of Information Assets

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 2 of 12 in the series Digital Forensics

It doesn’t seem that long ago that I received an official letter in the mail from the United States Office of Personnel Management (OPM) detailing that sensitive information about me had been compromised. I had been following the news and knew about the breach, so the letter didn’t come as a huge shock. It did make me think about the …

View Post

Preparation Phase of a Digital Search

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 3 of 12 in the series Digital Forensics

The preparation phase of digital search is the most important phase of the digital investigation process. If not carried out correctly, the can lead to improper handling of evidence that may lead to damage of crucial materials to an investigation. This phase involves the preparation of tools, techniques, search warrants, and monitoring authorizations and management support. Venansius & Tushabe (2004). …

View Post

Data Hiding and Steganography

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 4 of 12 in the series Digital Forensics

The term ‘Steganography’ refers to ‘covered writing’ and encompasses methods of transmitting secret messages through innocuous cover carriers in a manner that their existence is undetectable. Johnson & Jojodia (1998). For years hackers have been finding more innovative ways of hiding data within existing systems usually for the purpose of transporting it to a target destination. The term ‘carrier’ often …

View Post

Confusion over Terminology

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 5 of 12 in the series Digital Forensics

The terms risk, vulnerability and threat are often confusing and sometime interchangeable leading to a lack of understanding when presenting evidence. Risks are usually based on a probability that a threat of some kind will exploit a vulnerability or weakness in a system or network. In recent years risks have been taken more seriously with many businesses that conduct online …

View Post

Presenting Digital Evidence

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 6 of 12 in the series Digital Forensics

Testifying and writing a report are both essential ingredients to a successful digital forensics investigation. Digital forensics personnel will potentially spend months of time working with complex data and processes. The delivery and result of this work is reflected in the forensics report and then ultimately testified in court. Cohen (2012) discussed the report as integral to the overall investigation. …

View Post

Remote Access Trojans

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 7 of 12 in the series Digital Forensics

Remote Access Trojans have become a serious security concern as hackers have developed more sophisticated code that can be installed and hidden on a target system, unknown to the user. According to UMUC (n.d.) Remote Access Trojans are a form of backdoor that can provide unauthorized access and use of digital assets on a victim’s computer system. It essentially masquerades …

View Post

Malicious Code Detection

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 8 of 12 in the series Digital Forensics

Malicious code detection is an ongoing obfuscation-deobfuscation game because of the nature of the malware or goals of the attacker. Detection of malicious executables known to an investigator is usually performed using signature-based techniques. In their forensic research article, Rozenberg, Guides, Elovici and Fledel (2010) made the point that obfuscated or encrypted files could not easily be detected this way. …

View Post

What is the Role of Computer Forensics?

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 9 of 12 in the series Digital Forensics

Computer forensics can play a vital role in an organization’s recovery from a cyber attack. By properly following forensics processes carefully in the aftermath of an attack, recovery can begin to play out. According to Čisar & Maravić Čisar (2012), in accordance with digital forensic analysis methodology three processes are essential, which include preparation, identification, and analysis. It is during …

View Post

Forensics in Business Continuity Planning

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 10 of 12 in the series Digital Forensics

Business continuity planning in any organization today must incorporate aspects of computer forensics in order to be sustainable. According to Majore, Yoo & Shon (2014) in their article on secure and reliable electronic record management, over 90% of records created today are electronic. In addition to this electronic records require a greater amount of maintenance due to their volatility and …