0 calificaciones0% encontró este documento útil (0 votos)
25 vistas22 páginas
Computer forensics has been unfolding more and he has managed to peak in the computer world. This article search, to provide an overview of the technical and legal expertise to enlighten readers on the general principles and legal bases for the development of projects focused on computer forensics.
Computer forensics has been unfolding more and he has managed to peak in the computer world. This article search, to provide an overview of the technical and legal expertise to enlighten readers on the general principles and legal bases for the development of projects focused on computer forensics.
Computer forensics has been unfolding more and he has managed to peak in the computer world. This article search, to provide an overview of the technical and legal expertise to enlighten readers on the general principles and legal bases for the development of projects focused on computer forensics.
Introduction to Computer Forensics and Related Legislation
Ana Karen Moreno Serrano Eydi Villanueva Arroyo
Instituto Tecnolgico de Tuxtepec Tutor: Ing. Meztli Valeriano Orozco May 26 Th , 2014 2 Introduction to Computer Forensics
Abstract
The value that information have achieve in recent years, it is increasingly important for the rise of companies; consequential from the necessity to protect information the forensic informatics obtains great importance and every time more significance. That is why is essential to know forensic informatics, how we can use it, how it is consisted and which is the purpose of forensic informatics, emphasizing procedures to be taken into account to do a forensic analysis and the minimal legal requirements to not infringe in any moment the rights of third persons that may be affected.
3 Introduction to Computer Forensics
Keywords
Forensic
Forensic analysis
The infringement systems
Forensic methodology
Forensic experts 4 Introduction to Computer Forensics
Introduction
In the year 1984, is created a program named magnetic media (CART), the special agent named Michael Anderson, who is considered the father of computer forensics, for his acclaimed work for the FBI and the Criminal Investigation Division. After Michael Anderson founded one of the most important companies in forensic firms, known as New Technologies. Over the years, the international organization of computer evidence (1990) was established. It was thanks to all the advances that computer forensics began to play an important role in agents law. Computer forensics has been unfolding more and he has managed to peak in the computer world, but the truth is that there is not much reliable information to enable users to understand what it means, events, techniques and promising future this science. Accordingly, this article search, to provide an overview of the technical and legal expertise to enlighten readers on the general principles and legal bases for the development of projects focused on computer forensics. 5 Introduction to Computer Forensics
Chapter 1. Computer Crimes
1.1 WHAT IS A COMPUTER CRIME? Computer crime in typical and atypical, meaning the first to "the typical behaviors, anti-juridical and guilty that have computers as an instrument or order" and the second "illicit attitudes that have computers as a tool or end. (Tellez Valdz, 2002) Computer crime is any criminal wrongdoing in which computers, techniques and functions play a role either as a method, middle or end. (Lima, 2006)
1.2 TYPES OF COMPUTER CRIMES Dr. Julio Tellez Valdez, researcher at the Institute for Legal Research of the UNAM, classifies cybercrime based on two criteria: As an instrument or medium.
Figure 1.2.1 Classification of cybercrime as the author Julio Tellez Valdez
1.2.1 INSTRUMENT OR HALF Apply criminal behavior using computers as a method, or symbol means to commit an unlawful act, such as falsifying documents digitally, the change in accounting situation and intervention data communication lines or teleprocessing.
1.2.2 PURPOSE OR OBJ ECTIVE Where criminal behavior go against computer or programs as a physical entity such as instructions that produce a partial or complete blockage of the system of Cybercrime Are classified as: Instrument or Mean End or Target 6 Introduction to Computer Forensics programs destruction by any method and physical attack on the computer, its accessories or media .
Chapter 2. Forensic Computer Science
2.1 WHAT IS COMPUTER FORENSICS? The computer forensics, is set research techniques that identify a variety of keys when analyzing certain elements of security incidents, and by which to reconstruct the procedure performed for this purpose. (Rivas Lpez, 2009) According to the group Forensic and Associates Lawyers, computer forensics, computer forensics, digital forensics and digital forensic examination are synonymous and are defined as the application of scientific techniques to specialized analytical and technological infrastructure to identify, preserve, analyze and present data that are valid in a legal process. (Juristas Forenses y Asociados, 2012)
2.2 OBJ ECTIVES AND IMPORTANCE OF FORENSIC COMPUTER The importance of computer forensics is that it is a discipline that uses computer techniques to reconstruct the right, examine residual data, authentication data, and explain the technical features of use applied to the data and information assets.
The challenge of computer forensics is that through the use of technology can make data extraction devices and to maintain the integrity of the data and the processing thereof.
The aims of this discipline are numerous, but in general, the forensic computing allows a company to provide services consisting pursue preventive objectives, anticipating potential problems or objectives corrective to a favorable solution once infringement and violations and have occurred.
7 Introduction to Computer Forensics
Chapter 3. Forensic Analysis
3.1 CONCEPT OF FORENSIC ANALYSIS Forensic analysis in a computer system is a modern science that allows us to reconstruct what has happened in a system after a security incident. This analysis can determine who, from where, how, when and what actions it has carried out an intruder in the systems affected by a security incident. (Rivas Lpez, 2009)
3.2 KEY WORDS IN A FORENSIC ANALYSIS Chain of Custody: Refers to the responsibility of the person handling the evidence to ensure that the items are recorded and accounted for during the time in which they are held, and are protected, keeping track of the names of persons who handled the evidence or items with the lapse of time and date of delivery and receipt. Forensic Image: Also called "Mirror", which is a bitwise copy of an electronic storage medium. In the picture are recorded spaces on the files, including hidden areas deleted partitions. File Analysis: Examine each discovered digital file and creates a database of information related to the file as metadata; consisting inter alia in the file signature or hash, author, size, name and path, and their creation, last access and modification date.
3.3 TYPES OF FORENSIC ANALYSIS
TYPES OF FORENSIC ANALYSIS Systems Network Embedded Systems 8 Introduction to Computer Forensics
Figure 3.3. The different types of existing forensic analysis
3.3.1. FORENSIC ANALYSIS SYSTEMS In this type of analysis security incidents occurred are addressed in servers and workstations with the different operating systems, as shown in Table 1.2.1.
Table 3.3.1 Operating Systems for forensic analysis Operating System: Versions Mac OS Mac OS X Server 1.0, Cheetah, Panther, Puma, Jaguar, etc. Microsoft (Windows) Windows 9X/Me, Windows 2000 server/workstation, Windows 2003 Server, Windows XP, Windows Vista, Windows 2008 Server, etc. UNIX Systems Sun OS, SCO, Unix, etc GNU/LINUX Systems Debian, RedHat,Suse, Ubuntu, etc.
3.3.2 NETWORK FORENSICS In this analysis, the analysis of different types of networks is included, such as: wired, wireless, bluetooth, etc.
3.3.3 FORENSIC ANALYSIS OF EMBEDDED SYSTEMS This type of analysis is based on the analysis of incidents in mobile devices, PDA, 1
etc. An embedded system has a similar to that of a personal computer architecture.
1 Personal digital assistant. Small device that combines a computer, telephone/ fax, Internet and network connections. 9 Introduction to Computer Forensics
3.4 PHASES OF FORENSIC ANALYSIS According to the nature of the crimes and investigating behavior may occur in two places: Crime Scene and Forensic Laboratory.
Figure 3.4. Steps to consider for forensic analysis
3.4.1 CRIME SCENE Phases that aim to protect the state of the scene so that it does not affect the identification and collection of evidence are available. In the scene are the tests that could be taken as digital evidence, therefore care should be taken to preserve them. You also need to identify information systems that may contain relevant information, all types of electronic device, CDs and DVDs. To collect evidence should be treated as far as possible, minimize the impact on the original test, making exact copies of the evidence for these to be used in forensic analysis and original evidence is not altered.
3.4.2 FORENSIC LABORATORY The Forensic Laboratory stages are performed by experts in Digital Forensic Science, starting preserve evidence documenting performing each activity and PHASES OF FORENSIC ANALYSIS Crime Scene Forensic Laboratory 10 Introduction to Computer Forensics procedure, performing forensic analysis following the methodology specialized for results and presenting appropriately to make them valid legal process.
3.5 STEPS OF PROCESS ANALYSIS OF FORENSIC COMPUTER For proper forensics computer equipment 4 phases are raised to follow, as shown in image 3.5
Figure 3.5. Forensics Process
3.5.1 IDENTIFICATION It is important to know the history, current situation and the process to be followed to make the best decision regarding the research strategy. It should take into account the identification of computer good use within the network, the beginning of the chain of custody, the review of the legal environment that protects the good and support for decision making regarding the next step once reviewed the results.
3.5.2 PRESERVATION Includes review and generation of forensic images of evidence to perform the analysis. Identification Presentation Preservation Analysis 11 Introduction to Computer Forensics A forensic image, is the process that is required to generate copies "bit-abit" the entire disc; is performed using the latest technology to maintain the integrity of the evidence and the chain of custody is required. To avoid contamination of the hard drive, hardware write blockers are normally occupy, which prevent contact with the disc reading, causing undesired alteration in the media.
3.5.3 ANALYSIS This phase must apply scientific and analytical techniques to duplicate through the forensic process means to find evidence of certain behaviors. Some examples of searches that can be performed are: strings, specific actions or users of the machine such as the use of USB devices (make, model), search for specific files, recovery and identification of emails recovery of the last visited websites, recovering Internet browser cache, etc.
3.5.4 PRESENTATION This phase should gather all the information obtained from the analysis for the report and presentation to lawyers, generating an expert 2 and correct interpretation without using jargon.
3.6 DEVICES THAT CAN BE DISCUSSED The infrastructure that can be analyzed may be all that you have a memory, so that you can analyze the following devices shown in Table 3.6.
Table 3.6 Supported devices for forensic analysis Hard Drive from a Computer or
2 Formal structure of presentation of expert results suitable for their understanding and interpretation by readers who are not specialists in the field. 12 Introduction to Computer Forensics
Supported devices for forensic analysis Server Documentation relating the case. Logs security. Authentication Credentials Stroke of network packets. Mobile or Cellular Phone, some cell phone. Electronic Agendas (PDA) GPS Devices. Printer USB Memory
Chapter 4. Legislation Related to Computer Forensics
4.1 INTRODUCTION TO FORENSIC LEGISLATION To perform a proper analysis of Computer forensics a multidisciplinary team that includes professional legal experts of IT 3 and technical experts in forensic methodology is required. This is because it is about ensuring compliance with both legal requirements and the technical requirements derived from the forensic methodology. Similarly to wear a proper forensic analysis are multiple and varied national and international laws related to computer crime and digital level.
4.2 NATIONAL LAW
3 Information Technologies. 13 Introduction to Computer Forensics Law on Transparency and Access to Public Information which guarantees the fundamental right of people to freely access information of public sector entities, all of which must publish information about the internal organization. Law on Electronic Commerce, Electronic Signatures and Message Data: Controls data messages, electronic signatures, certification services, electronics and telematics recruitment, electronic service delivery through information networks, including the trade address and protect users of these systems Intellectual Property Law: Guarantees and acknowledge copyright and other rights holders in their works. The theft of digital information can be treated as a violation of intellectual property, and that it would be personal and of great importance to its owner. Special Telecommunications Law aims to regulate the country in the installation, operation, use and development of any transmission, emission or reception of signs, signals, pictures, sounds and information of any nature by wire, radio, optical or other electromagnetic systems. Law of Constitutional Control: which states that any person or entity whether local or foreign, and seeking access to documents, databases and reports in the possession of public entities, private individuals or corporations, may file an appeal for habeas data 4 to require answers and enforce custodial measures prescribed in this Act, by persons holding such data or information.
4.3 INTERNATIONAL LAW Internationally there are several countries that have developed laws related to cybercrime and hence computer forensics, among the most prominent are:
4 Action constitutional law for any person to be supplied to existing information about yourself. 14 Introduction to Computer Forensics "Computer Crime Law" issued in Chile on May 28, 1993 It should be noted that it was the first country to issue such a law, which consists of four articles that unlawful conduct is punished as the destruction of an information processing system, as interference, interception or access to an information system in order to seize data stored in it, also the damage or destruction of data, as well as disclosure or dissemination of data a system contained in a malicious manner. "Act 1273" issued in Colombia, the January 5, 2009. Amended the penal code by adding new penalties related to computer crime cases, seeking to protect and preserve the information systems of information and communication technologies. Act Computer Fraud and Abuse, issued in the U.S. in 1986. Where federal computer-related offenses are punishable. (USA PATRIOT Act 2001), issued in the USA in 2001 in which punishes the person who knowingly accesses a computer without authorization and access data from financial institutions; as well as if accessing a computer does not publish without government permission. Second Economic Crimes Act, issued in Germany on May 15, 1986. Which amended the Criminal Code to contemplate the data espionage, computer fraud, falsification of evidence, alteration of data, computer sabotage, etc. Reform Act Criminal Code, issued in Austria on December 22, 1987. Sanctioned the destruction of non-personal data includes personal data, and software, and computer fraud which punishes those who cause prejudice to third parties. Law No. 88-19, issued in France on January 5, 1988. Sanctioned fraudulent intrusion to remove or modify data, obstruction or alteration of a system of automatic data processing, computer sabotage and forgery. Penal Code of Spain. It is the country's most experienced cybercrime in Europe; that through the criminal code punishes damage, alteration or 15 Introduction to Computer Forensics mutilation of data, programs or electronic documents outside, violation of secrets, espionage, disclosure, fraud using computer manipulation.
16 Introduction to Computer Forensics
Method To research this article, a search method, given that the primary function for which it was developed is used for information only. The search method that adheres research is the method of finding information on the Internet, which is explained below: On the internet there are so many documents that are difficult to quantify , this has led to the solution of problems related to efficient search methods is an important research topic , so it is difficult to acquire a knowledge of different tools that gives us the Internet ; such as search engines. Search engines are defined as a software or tool support to users, which allows them to seek information about a topic; this tool works so that searches databases that contain information about the web sites published and indexes the range of possible outcomes related to the topic or keywords you entered. His techniques using this method are: Techniques exact words: to locate words in a precise order, insert in the box that phrase in double quotes. - AND (+): retrieve all documents containing the keywords separated by the operator. Example: AND Quijote Cervantes finds documents where both the term and the term Quijote Cervantes are present. - AND NOT (-) search excludes documents that contain the keyword specified after the operator. Example: AND NOT Quijote Cervantes finds documents where the term Cervantes is present, but not the term Quijote. - OR: presents documents that have some of the keywords that separates the operator. Example: OR Quixote Cervantes, where the documents are located at least one of the two terms (or Cervantes, or Quijote), including those that also contain both. 17 Introduction to Computer Forensics - XOR: like OR, but the result excludes documents that contain both terms. - ADJ: terms are together, regardless of the order. Example: car racing ADJ submit documents with the terms race cars or race cars.
Advanced search by file type: Especially Google has this feature that allows delineation of exploration of different types of formats (text, spreadsheets, animations, presentations, videos) for it only requires the file type command: followed the type of format.
Thematic Indices: These systems subject search or hierarchical categories. They have a boating theme directory. Within each directory you can find pages related to that topic.
18 Introduction to Computer Forensics
Results The preparation of this article was conducted with the purpose of showing an overview of computer forensics focused legal framework; which as observed, is an area that has become very important in recent years and that a great future is expected. Given that in Mexico there is little reliable information about computer forensics, is that the development of this paper the most important points that are required for the reader to understand and has the necessary knowledge of this science are discussed, and likewise create a perspective of what could be vulnerable to information, even when it is created that is protected or removed. The carry out the development of this article about computer forensics is because it is an issue of great relevance, because nowadays society has changed the way we communicate and perform certain activities of daily living; only in Mexico, it is estimated that 80% of households have one or more cell phones, cell on average 1.9 per household. On the other hand, 37% of households own at least one computer and October 7 internet access. Therefore, due to the large use of electronic devices must be some security in them, but in this area the numbers are not the most encouraging, the research was obtained that Mexico ranks last in computer security, as a member country OECD (Organization for economic Cooperation and development), where we find that at least 45% of people jeopardizes their cyber identity due to neglect of information as personal data, passwords, accounts, etc. In analyzing these data, we find that computer crimes are increasing as more and have only the year 2011 to date increased by 41%, around 403 million threats and cybercrime. Therefore, the use of computer forensics will hand to detect evidence to help checking the guilt of these crimes; only by examining data recorded cases of computer forensics Mexico obtained the following categories: 19 Introduction to Computer Forensics
Image 1. Cases Registered in computer forensics labs according Recovery studies
As shown in figure 1, 47% of cases are about fraudulent crimes like forgery and computer fraud; 43% of cases are concerning offenses against the confidentiality, integrity and availability of computer data and systems, such as criminal behavior related to interference in the operation of a system; and finally 10% of cases are Crimes of content such as pornographic content acquisition through computer systems. Also, when considering the above data it is determined that computer forensics is in great demand in the country, although it is true that there are few experts in this area, as the statistics make it in the country only 10% professionals computing area specialize in this science; so for future professionals, this area could be very promising. Similarly it was found that from 2011, Mexico joined the penal code laws that allow punish computer crimes that are committed and the use of computer forensics to detect evidence against those who perform it; but even the laws passed are not enough to condemn all crimes committed, much less allow the science of computer forensics data extraction in at least 50 % of cases prosecuted. 47% 43% 10% Cases in Computer Forensics in Mexico Fraud Offenses Offenses against the confidentiality, integrity and availability of data and computer systems Offenses related content 20 Introduction to Computer Forensics
Discussion Currently, the value of the information acquired is increasing, so we should be more concerned to take steps to protect it. Therefore, the computer forensics is born in result of this concern, looking both prevention and correction reaction to problems that may affect information systems. Based on the results obtained and analyzed in our research, we can conclude that: Computer crimes are on the rise; today most people do not have a good knowledge on how to protect your information, so it is vulnerable to intruder and victims of various crimes become. Also, most people do not possess the knowledge that there is a science of computer forensics to detect evidence required for a judgment on any device that has a storage memory, even if the information was deleted. In Mexico, the science of computer forensics is still in development, compared to countries such as Spain or the United States; it is still much room for improvement in the legal and human resources; themselves that are essential to meet the high demand for offenses where devices are involved in the crime scene. In our country, when it comes to the workplace, few professionals in the area of computing that are specialized in computer forensics, as being important in the world in recent times and with a promising future area; so that future students could be a choice for a study area and workplace. Regarding the legal framework in the country, there is still insufficient, namely, there are few laws in the Mexican penal code that support computer forensics when developing and presenting evidence to prove or disprove one guilt. The legal field is of vital importance for computer forensics, because it is known that for everything done in this science to be successful, it is necessary that legal regulations that penalize attackers and can be sentenced for the crimes they have. Also, each country needs to recognize the value of information and protect its 21 Introduction to Computer Forensics citizens through laws that would achieve that all computer crimes do not go unpunished. 22 Introduction to Computer Forensics
References Acurio del Pino, S. (s.f.). Delitos informticos: Generalidades. Spain: Puce. Obtained de OAS. Borghello, C. (2009). Segu.info Seguridad de la Informacin. Obtained de Segu.info Seguridad de la Informacin: http://sugu-info.com.ar/legislacion/ Caldern Valdiviezo., R. G., Guzmn Reyes., G. S., & Salinas Gonzlez., J. M. (2011). Diseo y plan de implementacin de un laboratorio de ciencias forenses digitales. Guayaquil-Ecuador: Escuela superior del politcnica de litoral. Carrier, B. (2005). File System Forensic Analysis. United States: Pearson Education. Contralora Universitaria. (Julio de 2007). Udec. Obtained of Udec: http://www2.udec.cl/contraloria/docs/materias/delitosinformaticos.pdf Juristas Forenses y Asociados. (15 de Marzo de 2012). Forenses Informticos. Obtained of Forenses Informticos: http://delitinfom.blogspot.mx/2012/03/concepto-objetivos-y-herramientas-de- la.html Lima, M. d. (2006). Criminalia N 1-6 Ao L. Delitos Electrnicos. Mxico: Ediciones Porrua. Prez, J. C. (18 de Junio de 2011). Cmputo forense y delitos informticos en la legislacin mexicana. Obtained of Cmputo forense y delitos informticos en la legislacin mexicana: www.juniocarl.com.mx/wordpress/?p=13 Recovery Labs. (2012). Division Computer Forensic. Obtained of Division Computer Forensic: www.delitosinformaticos.info/peritaje_informatico/estadisticas.html Rivas Lpez, J. (2009). Anlisis Forense de Sistemas Informticos. Barcelona: Eureca Media. Santes Galvn., L. (2009). Propuesta de una metodologa forense para depositos de telefona celular. Mxico, DF: Instituto Politcnico Nacional. Tellez Valdz, J. (2002). Derecho Informtico. En J. Tellez Valdz, Derecho Informtico (pgs. 103-104). Mxico: Mc Graw Hill.