headermask image

Data Triage Blog

Network Security Auditing

September 15, 2010 – 12:26 am

The word audit brings a lot of scenes to your mind. A lot of unpleasantness is associated with this word. Network security audit does ring a bell of tax audit though in an altogether different sense. In the regular tax audit you can see people physically accessing your files and network security audit they crawl into the virtual world of computer network.

Network security auditing is an approach to auditing networks in order to ensure their safety. In the entire information systems audit framework, the audit of networks is one piece of a big puzzle. The other pieces of the puzzle are audits of application software, data base etc.

A Network Security Auditor’s job is to gather certain information and understanding of this information about the network to review in order to complete the audit of network security.

The first step in this Network Security Audit is to determine the expanse of the network. A typical way to do this is to examine the network diagram. This diagram shows all the routes available on the network. A Network Security Auditor had to ensure the accuracy of this diagram.

Businesses change and the network diagram needs to be updated with these changes. An auditor has to observe the processes that exist in the organization to update and maintain the diagram accurately. Concentration at particular areas in the network such as data centers where ERP servers are hosted, and the points from where these are accessed is of great importance to the auditor. Complex networks may have many hosting points where critical resources are located. Network diagram acts as an input on the types of devices and protocols used in the network. This input can be used as a referral throughout the audit.

Once a Network Security Auditor gets the pressing issues of key areas in the network he next moves to information about critical assets, systems and services that need to be secured. Key areas like enterprise systems consisting of ERPs, mail servers and other internal applications, web servers that host applications accessed by customers and vendors and the network and its components. Hence, security and access mechanism surrounding applications and servers also needs to be strong.

The Network Security Auditor then assesses who all have access to the network and for what reasons they access. If any employees access the network from outside the office or if any customers and vendors access the systems? Is the network accessed via Internet or is there a remote access mechanism? The Network Security Auditor finds answers to these question which have a strong impact on network security.

After examining all accesses and modes of access, the auditor next moves to the network’s connections with external networks. The auditor can press this examination in the first step itself by analyzing the diagram. However, a sincere auditor should treat this separately. An external network has its own threats on the network security of a company. Internet is accessed in companies for various purposes depending on the nature of the job performed. The simplest may be browsing sites or reading and dispatching mails by employees. On a sophisticated scale some companies’ business is dependent on e-commerce websites through which the companies establish their business and exchange information with other companies. Hence there are sensitive points through which information parts enters and leaves a company.

Now that the Network Security Auditor has the knowledge of the systems accessed internally and those externally, he can determine where to install firewalls and intrusion detection systems. To ensure internal security, the gateways of the external networks should be secured. Threats from outside are checked first and then threats from inside and a plan to enhance security can be put in place. The Network Security Audit can now offer protection mechanisms by evaluating their effectiveness and adequacy.

www.DataTriage.com, a leading expert in Computer Forensics, Network Forensic Analysis, Network Security Auditing and Network Vulnerability Services.

imtiaz | Computer Forensics, Network Security | Comments (0)

Why Do You Need A Computer Forensics Expert Witness

August 30, 2010 – 12:00 am

Since the turn of the millennium for personal and business purposes computers have become ‘the most must have contraptions’ and the usage and dependence on the Internet continued to move upwards. 80% of all corporate data is now being stored electronically and allowed to stay in electronic format. Then came the bad news. As the use of computers escalated, so did the computer crime. According to the Crime in America statistics website, in 2009 alone, computer crime increased by 22 percent. These crimes needed a computer expert, an investigator to fathom the depth of the crime and an expert who can present the computer evidence methodically in the court of law to convict him. The computer expert, the computer forensic specialist and a Forensics Expert Witness have now new avatar as a Computer Forensics Expert Witness

A Computer Forensics Expert Witness is a Computer Forensic investigator who can investigate. A Computer Forensics Expert Witness is a specialist within Computer Forensics and E-Discovery and can testify regarding the accuracy and findings from the computer forensics. A Computer Forensics Expert Witness may work in close conjunction with a Computer Forensics investigator, or he himself would work as both. Computer Forensics investigator is the specialist who can methodically investigate, discover and analyze the available, deleted, or hidden information that can be put to use as irrefutable evidence in a legal case. A Computer Forensics Expert Witness provides testimony, documentation and witness preparation to help present discovered electronic data in legal proceedings to help you prove and win your case.

A Computer Forensic investigator can:

  • Uncover the depth of a security breach
  • Recover data that has been corrupted or intentionally deleted
  • Identify how security checks were dodged
  • Identify the individual involved in the crime, say a hacker, an individual on the Internet, an employee, or an irate spouse

Computer forensics experts help us uncover potential evidence in cases like blackmail, child pornography, copyright infringement, corruption, decryption, destruction of information, fraud, industrial espionage, money laundering, sexual abuse, software piracy, theft of intellectual property, and unauthorized access to confidential information.

A Computer Forensics Expert Witness can assist in all stages of building a case as the following:

  • A Computer Forensics Expert Witness ascertains the relevance of the information present in the computer(s)
  • A Computer Forensics Expert Witness assists in preparing and responding to interrogatories
  • A Computer Forensics Expert Witness retrieves and examines information through the use of his forensics programs and methods
  • A Computer Forensics Expert Witness develops court reports
  • A Computer Forensics Expert Witness plans and provides expert testimony

A Computer Forensics Expert Witness helps communities, corporates and individuals in the following ways:

  • A Computer Forensics Expert Witness assists in Police Investigations in computer crimes in child pornography, ID theft, breaching security protocols to access government defense information and narcotic supplies and extortion rackets
  • A Computer Forensics Expert Witness is trained in the legalities of computer crime. He can help investigators build a case and provide expert testimony in court of law. His testimony helps the judiciary in convicting computer criminals
  • A Computer Forensics Expert Witness assists in civil litigation trials in cases of divorce, child support payments and financial fraud
  • A Computer Forensics Expert Witness can help insurance companies to identify evidence of fraud in cases of worker compensation or personal injury cases
  • A Computer Forensics Expert Witness can find computer evidence in industrial espionage, theft of trade secrets and in cases of sexual harassment
imtiaz | Electronic Discovery | Comments (0)

Does Your Company Have A Computer Incident Response Team (CIRT)?

July 31, 2010 – 10:09 am

Computer Incident Response Team is an expert group that handles computer security incidents. Whenever a new technology arrives, it is invariably dogged by misuse like the first worm in the IBM VNET and Morris Worm that hit Internet and paralyzed it. This led to the formation of the first Computer Emergency Response Team at Carnegie Mellon University under U.S. Government contract. With the massive growth in the use of Information and Communications Technologies thereafter, the Computer Incident Response Team (CIRT) has come to stay as an essential part of large organizations.

No matter how well your network is protected, there are always incidents you are not prepared to deal with, by yourself. It may be because the problem is beyond your technical know-how for the necessary action to be taken. Security policy of a company is not complete until procedures are put into place for the handling and recovery from the incidents. The best solution is to include a Computer Incident Response Team (CIRT) within the company’s incident response procedures.

What is a Computer Incident Response Team (CIRT)?

A Computer Incident Response Team (CIRT) is a group of people who can promptly and correctly handle an incident. A Computer Incident Response Team (CIRT) can quickly contain, investigate and recover from an incident that poses a threat to the security of an organization. A Computer Incident Response Team (CIRT) is usually comprised of members from within the company. A Computer Incident Response Team (CIRT) must have people with the authority to make decisions and take actions.

Who constitute a Computer Incident Response Team CIRT?

Depending on the needs and resources of the company a Computer Security Incident Response Team (CIRT) is constituted.

Members in a Computer Security Incident Response Team (CIRT):

Management: A member of upper level management on the Computer Security Incident Response Team can make the big decisions, and be an effective resource involved in evaluating security, selecting a team, developing a policy and exercising the plan during an incident based on input from the members of the team.

Information Security: They are the trained personnel in the area of handling electronic incidents with an ability to handle a multitude of incidents. An Information Security member on the Computer Security Incident Response Team can assess the extent of the damage and execute containment, basic forensics and recovery.

IT Team: In the event of an incident, the IT team on the Computer Security Incident Response Team knows where the data can be accessed or discovered before the evidence or the corrupt database is over written and replaced from a back up.

The IT/MIS: The IT/MIS on the Computer Security Incident Response Team can assist the Information Security team with technical matters if required.

IT Auditor: The IT Auditor tracks the incident and works with IT/security conducting post-incident reviews to avoid problems in the future.

Security: The Security on the Computer Security Incident Response Team can assess any physical damage, investigate physical evidence and guard evidence during a forensics investigation to maintain a chain of evidence.

Attorney: An attorney on the Computer Security Incident Response Team is useful for supplying them with legal advice on the usability of any evidence collected during an investigation and also provide advice regarding liability issues that affect customers, vendors or the general public.

Human Resource: Many incidents involve company employees. The Human Resource on the Computer Security Incident Response Team provides advice as to how best to handle situations when an employee is discovered to be involved.

Public Relations: The Public Relations on the Computer Security Incident Response Team communicate with team leaders, the press and stockholders to ensure an accurate understanding of the issue, the company status and current situation.

Financial Auditor: Financial Auditor on the Computer Security Incident Response Team has the hardest job to do when an incident occurs putting a monetary figure that has occurred as a result of an incident for insurance companies and to press charges under the National Information Infrastructure Protection Act.

Some managers may not opt to create a team and prefer outsourcing professionals when an incident occurs. For them creating a Computer Incident Response Team may not be the best solution for every company, but it can prove to be an invaluable tool. Computer Incident Response Team improves the response time to any computer based problems an organization may face.

Data Triage’s Computer Incident Response Team helps the organizations which has become the victim a of security breach. CIRT team captures and isolates evidence while restoring services efficiently. Steps are taken to insure the evidence is preserved for possible litigation or legal compliance.

imtiaz | Articles, Computer Forensics, Litigation Support, Network Security | Comments (0)

How The Computer Criminals Control Information – Types of Computer Crime

October 6, 2009 – 7:37 am

computer_crime

As computer-related crimes become more prevalent, understanding the types of computer-related crimes provides law enforcement an insight for investigative strategies.

The first insight is knowing the types of computer crimes.

Computer as the Target

This computer crime includes theft of intellectual property. The offender accesses the operating program under the guise of the system’s manager. The intruder accesses the contents of computer files in the system through the trap door that permits access to systems should there be a human or technological problem.

Here, the offender uses the computer to obtain information or to damage operating programs while committing the following computer crimes:

  • Theft of marketing information, like customer lists, pricing data, or marketing plans
  • Blackmail based on information gained from computerized files, like the medical information, personal history, or sexual preference
  • Sabotage of intellectual property, marketing, pricing, or personnel data
  • Sabotage of operating systems and programs with the intent to impede a business or create chaos in a business operations
  • Unlawful access to criminal justice and other government records
  • Changing a criminal history, modifying want and warrant information
  • Creating a driver’s license, passport, or another document for false identification
  • Changing tax records or gaining access to intelligence files
  • Techno-vandalism through unauthorized access to damage files or programs
  • Techno-trespass violating the owner’s privacy as in criminal trespass

Computer as the Instrumentality of the Crime

Here, the processes of the computer facilitate the crime.

The computer criminal introduces a new code (programming instructions) to manipulate the computer’s analytical processes and for converting legitimate computer processes for the following illegitimate purposes:

  • Fraudulent use of automated teller machine (ATM) cards and accounts
  • Theft of money from accrual, conversion, or transfer accounts, credit card fraud, fraud from computer transactions like the stock transfers, sales, or billings and telecommunications fraud
  • Billing charges to other customers through cellular phones
  • Once they capture the computerized billing codes, the computer criminals program these codes into other cellular phones simply by hooking up the phone to a personal computer
  • Using software originally developed by programmers in other countries they reprogram the signal chip in the cellular phone
  • Share the same through underground computer bulletin board services (BBS)

Computer is incidental to other crimes

In this category of computer crime, the computer is not essential for the crime to occur.

In every following case, the systems merely facilitate the offenses:

  • Helping the computer crime to occur faster
  • Processing of greater amounts of information
  • Making the computer crime more difficult to identify and trace
  • Unlawful banking transactions and money laundering
  • Supporting unlawful activity via BBSs
  • Erasing or denying proper access of organized computer crime records or books, and bookmaking involving drug raids, money laundering seizures, and other arrests in encrypt the data or design
  • Allowing computer criminals to destroy the storage media, such as disks, to eliminate evidence of their illegal activities
  • Letting child pornographers exchange information through BBSs

These computer crimes require unique data recovery techniques in order to gain access to the evidence.

Computer Crimes Associated With the Prevalence of Computers

The presence of computers, and microcomputers, generates sinister mutations of the traditional crimes like the software piracy/counterfeiting, copyright violation of computer programs, counterfeit equipment, black market computer equipment and programs, and theft of technological equipment.

  • Violation of copyright restrictions of commercial software can result in the staggering loss to businesses
  • Hackers break into computers with the help of the software illegally written and sold
  • Successful computer programs, like the word processing, spreadsheets, and databases are duplicated, packaged, and sold illegally on a large scale
  • Just like the pirated audio and video tapes, counterfeit computers and peripherals (items such as modems and hard disks) are also manufactured and sold under the guise of originals

Legal Issues Of Computer Crimes

Some States have enacted laws specifically directed toward computer crimes, while other States rely fundamentally on the common law as it applies to current and emerging technology. The elements of a computer-related offense must be established for successful prosecution.

  • The physical act of a computer crime, actus reus, may be demonstrated best by an electronic impulse
  • It is difficult to define and track
  • A computer crime can occur in 3 milliseconds using a program code that tells the software to erase itself after the computer executes the action eliminating the evidentiary trail
  • Causation relates to the self-destruction of computer programs that facilitate computer crimes and an investigator can not show causation if the offender erases the executing instructions
  • The electronic data interchange (EDI) and its networks complicate the legal elements by making computer crimes more difficult for law enforcement to specify, document, and materially link the crime to an individual
  • The EDI connects parties via computer for contract negotiations, sales, collections, and other business transactions
  • The computer becomes the vault, with the EDI serving as the key to its contents
  • The ability to access data in the computer must be relatively easy in order to maximize business efficiency
  • Security controls must be introduced in order to protect the business’ “crown jewels”
  • Maximum security and easy accessibility are not compatible: As the businesses prefer user-friendly equipment, system security usually takes second priority
  • The phenomenal growth of computer BBSs, on-line services, and the Internet only serves to compound the problem

As a result, computer-related crimes become easier to perpetrate and more difficult to identify, investigate, and prove.

Special Problems with Computer Crime

Intellectual property consists of concepts, ideas, planning documents, designs, formulas, and other information-based materials intended for products or services that have some commercial value or represent original thoughts or theses. Crimes associated with intellectual property focus primarily on theft when the product has commercial value, as opposed to basic research or research for private use.

Intellectual Property:

  • Involves formulas, processes, components, structure, characteristics, and applications of new technologies and covers such areas as fiber optics, computer chip designs and conductivity, and telecommunications equipment, protocols, and technologies
  • Associated with the marketing and production of new technologies
  • Pricing information, marketing targets, product release dates, and production timetables

Computer Crimes by Malfeasance

The concept of computer crimes by malfeasance means that computer-related behavior stretches the bounds of legality and may be viewed as only technically wrong.

Some of the scenarios of malfeasance computer crimes:

  • A parent offers to copy a computer program for a school that cannot afford to buy the software
  • An employee secretly maintains a small database in an office computer as part of a sideline business
  • An individual uses someone else’s computer account number and password to view the contents of a database
  • A customer gives her unlisted telephone number as part of a sales transaction at a store. The store enters the number into a computerized database and later sells the data to a telemarketing firm without the customer’s permission
  • A university computer programmer develops a program to schedule classes as part of a job assignment. The programmer then accepts a job with another university and leaves with a copy of the program for use at the new place of employment

These computer crimes illustrate the gray areas of computer abuse, areas that fall increasingly on the shoulders of law enforcement to address and resolve.

International Issues:

Technological knowledge and expertise contribute to the growth of computer crime on an international level.

Businesses can make great use of the

  • Unifying measures
  • Open communications like the single, European-wide communication protocol
  • Strong profit-oriented EU market spanning 12 countries
  • Open borders
  • Unification of technology standard
  • Easier banking
  • Monetary transfers between countries

Computer criminals are taking undue advantage of all these issues as:

  • Emerging international crime-related issues
  • Industrial espionage/competitive intelligence
  • Economic/political espionage
  • Expansion of international organized crime beyond traditional areas
  • Theft of technological hardware

Computer criminals have adapted the advancements of computer technology to further their own illegal activities. Unfortunately, their actions have far out-paced the ability of police to respond effectively. Protocols must be developed for law enforcement to stall the various categories of computer crime. Investigators must know the materials to search and seize the electronic evidence to recover, and the chain of custody to maintain.

Data Triage Technologies Provides Comprehensive Computer Forensics, Electronic Discovery, Electronic Data Discovery, Data Recovery, Data Management, Intrusion Prevention, Network Security Audit, and Expert Witness Services to the legal communities in California and throughout the United States.

Author: Meshaal McLean

imtiaz | Articles, Computer Forensics, Intrusion Prevention, Network Security | Comments (0)

Computer Forensics Services Against Computer Vandalism

April 6, 2009 – 6:06 am

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, or target of a crime. Although computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, they are also used to include crimes like fraud, theft, blackmail, forgery, and embezzlement, in which computers, information technology or networks is used.

A computer is an excellent device for record keeping, particularly given the power to encode the data and can be used as a source of evidence. This evidence can be obtained and decoded, which can be used by the criminal investigators with the technical help provided by Computer Forensics Services.

Computer Forensics Services makes use of analytical and investigative techniques to identify, collect, examine and preserve evidence or information that is magnetically stored or encoded against such crimes. A forensic investigation by Computer Forensics Services can be initiated as part of criminal investigation, or civil litigation, through the sophisticated digital forensic techniques.

Computer Forensics Services like Data Triage Technologies provides digital evidence when data has been lost in the instances like:

  • Employee internet abuse
  • Unauthorized disclosure of corporate information and data
  • Industrial espionage
  • Damage of the system in an accident
  • Criminal fraud and deception cases
  • Criminal cases where criminals have used computers to store information

    • Investigation by Computer Forensics Services offers to:

    • Secure the system from tampering
    • Generate a copy of hard drive
    • Identify and recover files deleted
    • Access or copy the hidden files
    • Retrieve the protected and temporary files
    • Generate data from the residue of deleted files
    • Analyze data/settings concerned
    • Identify installed applications/programs
    • Assess the system
    • Discover electronic evidence of the user activity

    At Data Triage Technologies, the computer forensics experts identify, preserve and analyze potentially discoverable electronic evidence, while maintaining a cost effective approach throughout the process to support ongoing investigation. Their digital interrogation techniques ensure that computers “talk” for discovery purposes. Computers don’t lie, but it takes an expert to uncover the truth.

    Author: Meshaal McLean

    meshaalmaclean | Computer Forensics | Comments (2)