The Security Investigation

Part I. The availability of the personal computing device or PC at both home and every office desktop, and the penetrate of the Internet brought to focus not whole the benefits derived from these technologies provided ab employment and to a greater extent, crimes as comfortably. Suddenly, cybercrime is at an all time high and ways and means of notice and making these criminal hackers pay became a forefront competence in education technology and law enforcement. One of the outperform deterrents to electronic computing machine crime is to catch those who break the dastardly acts (Solomon & Prosise, 2001)Of all the types of criminal hackers, the worsened is the insider a current employee or a former disgruntled employee since they are or were in a trust relationship with their employer, and they demeaned that trust by attacking the teaching organisations of the comp each. When this type of crime, or cybercrime, occurs, the recourse is to gripe in computer forensics and misfortune chemical reaction professionals to remedy the situation. Solomon et al. (2005) describes computer forensics as, Computer investigation and analysis techniques that involve the identification, preservation, extraction, documentation, and interpretation of computer data to determine potential legitimate cause. once there is a equiprobable determination that a cybercrime was committed, the computer forensics and incident response experts follow a well-choreograph methodology to successfully document evidence and act a cybercrime. Robbins (2002) lists down the basic but critical procedures to computer forensics1.Protect the capacity computer constitution during the forensic examination from any possible alteration, damage, data corruption, or computer virus introduction2.Discover all institutionalises on the dependent system including existing normal files, deleted up to now remaining files, unnoticeable files, password- protect files, and encrypted files3.Recov er as very much as possible all of observed deleted files4.Reveal to the extent possible the contents of hidden files as well as fugitive or swap files used by both the natural covering programs and the operating system5.Access, if possible and if legally appropriate, the contents of protected or encrypted files6.Analyze all perhaps relevant data found in particular(a) and typically inaccessible areas of a book including but not limited to the unallocated property on a disk, as well as slack space in a file7.Print an overall analysis of the subject computer system, including listing of all possibly relevant files and discovered file data, past provide an opinion of the system layout, the file structures discovered, any discovered data and authorship instruction, any drives to hide, delete, protect, encrypt information, and anything else that has been discovered and appears to be relevant to the overall computer system examination and8.Provide expert consultation and/or t estimony, as required.While the experts are doing the investigation, it is cardinal to liaise and coordinate, depending upon the legal parameters of the crime, with local or federal cybercrime units. In some states in the U.S., it is a federal crime not to report computer crimes and soon, reporting of cybercrimes allow be federally universedated. But the cite establish in cybercrime investigation is ensuring that the evidence gathered volition stand up to legal scrutiny.Part II. A reciprocal story heard about cybercrimes is the use of brotherly applied science techniques. Social engineering basically is playing the con man to elicit information from gullible or unknowing victims. A Help Desk employee for typeface can call a secretary and ask for her password since he ask it to diagnose her PC remotely. Since there is a trust relationship already, the secretary gives her PC password. The Help Desk employee then accessed the secretarys PC and downloaded hole-and-corner(a) memos and reports. He then sells these documents to competitors and the competitors ended up gaining advantage on the Help Desk employees company because they already perk up insider information.A reference like this could have been pr take downted if the company, or even any government agency, had good auspices policies in put down. Part of the security policies would have been user education training and if the users had been right on trained, they would have known that nobody necessarily to know their passwords but themselves. In securing the information systems, the baseline or starting point is having good security policies in place and these policies should and must be based on globally accepted standards and industry better(p) practices. The ISO 17799 or Code of Practice for instruction security system Management (ISO/IEC, 2005) is always angiotensin-converting enzyme of the best standards to adapt whether small, medium or large enterprises even government agenci es for that numerateShaurette (2002) stated that, Information security is not just about technological controls. Security cannot be achieved solely through the application of software or hardware. Any attempt to implement technology controls without considering the cultural and social attitudes of the corporation is a formula for disaster. Once this has been taken into mind, mitigation of risks to the information systems will be achieved and prevention of cybercrimes, whether from malicious insiders or external criminal hackers, will be tempered.