-
Larry Brandolph changed their profile picture 1 year, 7 months ago
-
Larry Brandolph's profile was updated 2 years, 7 months ago
-
Larry Brandolph wrote a new post on the site MIS 5170-Topic: Forensics 2017 7 years, 9 months ago
Explain where you think ethics plays a role in how we deal with digital forensics.
-
I think ethics plays a role in digital forensics because as investigators it’s our job to tell what we can prove to be the true story as it happened with a piece of computer technology. In some cases we might be the only ones who truly understand the evidence and the artifacts which puts us in a position of incredible influence. We can not allow ourselves to let a story venture into guesses and assumptions because it could really cause significant damage. On the other side of that we might be in a situation where we are investigating an incident involving a friend or a powerful individual. It’s still our duty to do an ethical investigation, even if the facts lead us to difficult conclusions about those individuals.
-
Darin,
I agree with your perspective. As forensic investigators we would have access to classified and confidential information. The influence that we have can sway the opinion of the company that should or should not act on specific findings. Through ethics we have to present the findings that effect our clients and the best way to handle each case.
-
Darin,
I like you response this week. I definitely agree with you that if your influence in a case could sway someone one way or another so you need to show you findings in a way that shows no bias one way or another.
-
-
In digital forensics, contact with sensitive data is the norm, so proper ethical standards are important. Examiners are given privileged access to information systems and data, and may be exposed to trade secrets, threats to national security, or information that is highly valuable to private parties. Since examiners require a high skill-set and often work with those who are not tech savvy, it is important for examiners to have good-moral character so they do not take advantage of their victims and clients. Although laws and contracts are drawn to create boundaries and obligations to protect intellectual property rights, privacy rights and public welfare, it is still up to the examiner to uphold these laws, and use their best judgment when confronted with an unethical situation that is not addressed by law or policy. Since technology is constantly evolving, examiners should follow a code of ethics which represents a standard of acceptable conduct for all possible procedures within the profession.
-
Hello Bilaal- Yes, i completely agree with you that boundaries are created with contracts and agreements for a smooth or legal executions, I think digital forensics and law are in two different skims, but is up to us to do a good job and put them together.
As I mentioned before ethics begin at home and we practice them as needed, once combined with digital forensics, we could be a better asset to a client or customer to present the best evidence to the court for the good or for the bad.
-
Bilaal,
Great post and I completely agree with your explanation. I like to think it as, ethics picks up where the laws does not. Ethics provides a minimum standard of acceptable conduct. The person that lacks moral character can easily be tempted to use the information gathered for personal gain. A person with good moral character will do what’s right, even when nobody is watching.
-
Bilaal, great post. I loved your point about ethical hackers needing strong moral character. I never really considered the fact, that yes, it would be easy for someone with the technical prowess to take advantage of those who are ignorant of the inner workings of technology. I think the difference in abilities is definitely important and pen testers/ethical hackers should have a strong appreciation for privacy and honesty.
-
-
Digital Forensics is very growing field and plays critical role in investigations, but still there is no code of ethics that would protect confidentiality of data and evidence, investigation integrity, human behavior and honest investigation principles.
Given enormous number of technologies, there are certain technical trends affecting ethics of forensics, which complicates investigation given the possibility for a potential evidence to be exposed to various media, thus causing disclosure, and also causing issues with company policies that have weaknesses, for example:
– Social Media (Forums, Facebook, Twitter, etc.).
What information can/can’t be shared to prevent company’s data leak in public media? Even if there is policy, how to make employees be honest and comply with policy– Mobile Devices (BYOD). The use of personal devices policies.
– Cloud Computing. Issues with transferring data from company device to a personal cloud storage
Ethics of Forensics affect attitude of people at workplace. Division between home and work raise certain issues such as keeping Confidential documents undisclosed. Massive information from different sources complicates investigation, especially when people might have company data not only on company device but also stored on personal computer. So, having so many technologies create problems such as sourcing all secured/non-secured locations of documents/evidence.
Healthcare has strong ethical standards that are being enforced by the government, whereas there are no comparable professional norms and moral ethics in Forensics. Without standard ethics, Forensics has many weaknesses that can be exploited and used in positive or negative ways. Forensics is growing at a fast pace and professional ethics must exist to ensure integrity of investigation and compliance with law and professional moralities.
-
Professionals in forensics recover, analyze, process, and testify about digital evidence in court. Additionally, examiners are given access to information systems and data to be able to investigate. Throughout their investigations, it is possible they are exposed to trade secrets, threats to national security, personal information, etc. Due to the strong influence examiners have in court and the exposure of data and information, they need to abide by ethical standards, which plays a major role in their daily activities. The examiners need to be familiar with the law and professional norms of cyber forensics, which will allow them to point out any unethical issues/events that arise. Also, the digital forensics field requires its examiners to act with honesty and truthfulness. Good moral character is required because forensic professionals cannot allow outside elements impacting their investigations. This could be that they see an opportunity to take advantage of a situation resulting in some type benefit for them or if the investigation involves a family member, friend, or an influential/powerful individual. Overall, it is important for them to complete their job with no outside influence or assumptions and just follow what the evidence shows them. The issue with ethics in digital forensics is the lack of professional and ethical standards governing professionals in the field. Universally accepted standards do not exist. For example, some states require digital forensic examiners to be licensed as private investigators. Another example is the Texas Private Security Bureau requires annual fees, fingerprint cards, criminal background check, evidence of training and experience, and proof of liability of insurance.
-
Elizabeth,
The fact that examiners are exposed to so much confidential data is important to remember. If an immoral person were to gain this kind of access, they could take advantage of it for personal gain. Companies go to great lengths to protect this kind of data, including conducting investigations when they believe they’ve been attacked. The people that conduct the investigation must be highly trusted. In order to gain this trust they must have high personal ethics and perform ethically in all they do. -
Hello Elizabeth- yes, I agree that forensic analysts have a fiduciary obligation to their client or customer, and they are bind by a legal contract or agreements that should have the proper words that say that the evidence presented to court must not be manipulated, tempered or altered in favor of a client.
I also like the fact that some organizations as you pointed out, requires background checks, and educational courses like this to be differentiated from the rest.
-
-
I think we need to define three things when answering this question. These come courtesy of Google or Wikipedia.
1. Ethics: moral principles that govern a person’s behavior or the conducting of an activity
2. Justice: understandings of justice differ in every culture, as cultures are usually dependent upon a shared history, mythology and/or religion. Each culture’s ethics create values which influence the notion of justice. Although there can be found some justice principles that are one and the same in all or most of the cultures, these are insufficient to create a unitary justice apprehension.
3. Forensic science is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and criminal procedure.
Ethics plays a fundamental role in the way we define acceptable behavior. When society deems certain behaviors unacceptable (this is going to vary hugely from society to society at times) and demands “justice” to rectify a violation of ethics, our society looks to the judiciary. Forensics is a method of providing evidence to that judicial process. Without ethics we wouldn’t have the field of digital forensics.
There’s a lot more too this, though and people have been philosophizing around definitions for justice for millenia.
-
The Code of Ethics plays undeniably a very important role in the profession of digital forensic because of the result of the outcome, the kind of information that can be access and the influence of how pieces of evidence are investigated and presented. From what it is already said and posted here:
– the importance of good moral character, appropriate training and just judgment of examiners,
– the lack of professional and ethical standards in the field,
– the obvious need and imperative from professional for codes of acceptable conductsI think the idea of a two-days workshop on professional ethics is good, where people can share their experiences, the cases that they have to deal with, the associations that they need to contact or just the most updated information in the field that needs to know.
It should make it mandatory to participate in these workshop/ seminar to keep their current certifications. -
I think ethics play a huge role in a lot of things that we do in digital forensics. However, before we can talk about how ethics I thought it would be good to define what ethics actually are. I looked on to the internet and tried to find a good definition for ethics however after some googling I was not able to find a definition that I liked, and deiced that piecing together a definition of my own with the information that I found would make a lot more sense. I found out that ethics have a lot to do with context and when you look at it in the realm of digital forensics it is a lot like morals. I think we look at ethics every day when preforming our job duties as a digital forensic analyst. You have to decide if pulling certain information is ethical. If withholding certain information from people like coworkers, family member, or the law is ethical. When you are preforming a wiretap you need to see how the ethics of the situation come into play and if it is OK and morale to be in that person’s life tracking them. I think if you understand the ethics that surround digital forensics you will have a lot better of a time preforming your job duties because it will keep you how of the sketchy gray areas.
-
Jonathan,
I liked the way you approached this week’s question and pieced together your own definition of ethics. I agree with your connection of ethics to morals because morals definitely can play a main role in how people operate in their daily jobs. Also, good way to conclude your response. If one has a good grasp on ethics in the digital forensics field, they will have an easier time eliminating the gray area from their everyday activities.
-
The gray areas are definitely going to become a bigger issue as digital forensics improve. I think it’s helpful to set a baseline of morals to define an ethics code and then build on it as you approach these gray cases. This could be done on an individual basis or with peers.
-
-
The need of ethics in digital forensics become more important as investigation relates to collection of evidences to be produced in court and it can lead to the matter of life and death ,where a person can be charged free of all allegations or can be charged with prison or heavy fines
-
Explain where you think ethics plays a role in how we deal with digital forensics.
I think ethics plays important role in how we deal with digital forensics because forensics team has the privilege access to information systems and data in a company. Examiners will be exposed to trade secrets, data, confidential information. Some private parties may be willing to pay an attractive price to buy them. In addition, when examiners are investing a company, the company is willing to pay a lot to cover the evidence if they committed a crime. Examiners should be prepared to solve these dilemmas. Laws and regulations need to be placed in companies for examiners, however, they will not be enough to help examiners to make ethical decisions all the time. So, ethics trainings for the professions is necessary to perform in place. Examiners need to remind themselves at any time that they need to recognize, classify and manage ethical dilemmas and also respect boundaries and honor obligations.
-
Mengxue, you bring up a good point in that while regulations need to be put in place for how examiners should conduct themselves, those alone will not be enough. Just like we’ve learned in other classes that putting controls in place will not always protect against the risk they are meant to. If someone is truly determined to do something, no amount of regulations or controls will stop them. This is why the examiners themselves must have a strong ethical code and be committed to acting in an ethical manner in all they do.
-
I really like what you said about having a strong ethical code and the commitment to act in the most ethical manner. Being an examiner comes with a lot of responsibilities and dilemmas that revolves around doing what is right. For example, an examiner uncovered additional data, that was not requested or subpoenad. What should they do? Whether it is to prove a persons innocence or guilt, how should they proceed? Should they tell the request official? If they did, then what happens if the additional evidence is requested for the guilty, but not the innocent? You have no obligation to reveal this new data, so what would a person with good moral character do? Personally, I would provide the data as part of my finding, but then I would be seen as overstepping my boundaries and obligations.
-
-
Mengxue,
Like Amanda mentioned you brought up a good point about companies implementing laws/regulations for examiners even though this does not mean examiners will always follow protocol. The same concern can follow even when examiners are required to participate in ethics training. This type of concern can relate to many other professions. Obviously though, the consequences of unethical actions in digital forensic can have a more severe impact than in other professions.
-
-
Andres,
Interesting take on answering the question. I was able to follow your thought process and it made sense. Definitely gave me a new perspective on relating ethics to digital forensics. I agree, without ethics, we would not have digital forensics. However, after the readings and research it is clear that there is a lack of ethical standards in this field. Even though ethics defines what is and what is not “acceptable behavior,” which demands justice for the violation of ethics, there needs to be strong ethics within digital forensics in order to properly provide evidence in court that is suppose to support the justice.
-
Andres, very interesting approach to define key points for Ethics. It is obviously very important for criminal justice system to have ethical forensics to influence appropriate behavior and actions. An Examiner should keep very close attention to details when gathering evidence and finding an evidence. Any manipulations or misleadings would destroy case or even affect lives of people involved in the entire case.
So, in order to be ethical, forensics personnel not only have to be appropriately trained and educated, but they also must be naturally ethical, be of good moral and character.-
Ruslan,
I really liked your last point in your response. After reading everyone’s’ responses and taking in their perspectives, I believe that is what ethics comes down to in digital forensics. It is not only that the professionals need to be trained/educated/certified, but they need to have a naturally good character. A professional can be appropriately trained, but if their personal morals are “corrupt” then the training is almost pointless in a sense.
-
-
Joseph, training is really important to keep up with proper forensics ethics. Certification is great way of validating skills and knowledge it the field of forensics. Also, I think it is critical for an examiner to have an amazing personality to apply rule of ethics; otherwise, if person is no kind and honest of him/herself then I believe there is no point of having any rules of ethics and standards. I think part of personnel assessment and training should include a certain level of psychological and behavioral testing to ensure that person who wants to become a truly ethical examiner is indeed capable of being ethical.
-
I think that ethics and digital forensics work hand in hand. As an individual on a forensics team you are allowed privileged access to the company’s data and systems. The goal of digital forensics is to collect, analyze, preserve, and present the findings to the company. If something is done unethically trust and possible laws could have been broken. Most companies have policies and guidelines in place when it comes to digital forensics that teams can use to better understand the environment. Finally, training could be used as a preventative measure for examiners when faced with ethical dilemmas in the field.
-
Samantha,
I like you response and I think that training could help with preventing ethical dilemmas that might arise. I also agree that as a digital forensics anayst you have access to information that the majority of the company does not have access to so it is you ethical responsibility to make sure that you keep everything by the book as possible
-
For most of the fields whether we talk about cyber security there is a examination and training to identify and certify the capacity of security professional.But when we talk about digital forensics then there is no global body which provides training and certification which can be set as an standard to identify the forensic expert so ethics play an important role in this field
-
-
Joseph,
I think that the workshop is an excellent idea for digital forensics professionals. It gives guidelines as to what is expected and the most recent ethical standards in the field. It would also be a good idea if there was multiple workshop opportunities and if they were mandatory each year or every other quarter as a refresher on ethical procedures.
-
Professional workshops help in more ways than one. It is important to know that the field at large feels the same way towards ethical behavior. There are weird corner cases where the right decision isn’t obvious and knowing you can consult your peers for guidance would be helpful. The refresher course is a great idea as a field that is always innovating may have new technologies available to use and some may violate privacy or cross ethical boundaries.
-
-
Ethics are at the core of digital forensics because if those conducting digital forensic investigations do not act in an ethical manner than none of the results they find can be trusted. The results of investigations can affect people’s lives and if the investigation is not done in an ethical way, and the wrong person is found guilty, it could ruin their lives. Digital forensics is not always used in such extreme circumstances but digital forensics professionals must still act in an ethical manner in everything they do. We won’t always like what we find while conducting an investigation, but we must present the facts as they are, even if we’d like them to be different, no matter what, or there was no point in the investigation in the first place.
-
Hello Amanda- I agree on your opinion on keeping things professional, no matter if we like the results of an investigation.
I think we have a responsibility to present the client or customer the true results of our investigation, and have the court of law make the final decision based on our findings. I think we have to take this job very seriously since we can make or brake a case for the good, or the bad of a person/people at large.
-
Amanda,
I like your mentality of being objective instead of subjective. Like you said, forensics professional may not always like what we find, but the bottom line is that we have to present the facts. Another thing that I like from your post is the “trust.” If the profession gets a bad reputation for falsifying records or evidence tampering than who would trust the forensics analysis in court. Based on these two points alone, I cannot agree more with ethical behavior being the core of digital forensics.
-
-
Hello Larry/class- as we discussed in week 1, we have a fiduciary obligation to the costumer or client we are working for, and a binding contract that will keep us in line and out of trouble.
Ethics start from home habits, and most of them are reflected in many things we do daily. In my humble opinion, when a person or a company show symptoms of ethical slack, then bad things could happen. A good example to think about is that if you get in trouble and you would need a law firm to defend you, would you allow your attorney to be unethical? I know I wouldn’t.
-
Andres
I like how you broke down the definition of ethics into 3 key points and expanded on it. It is how the society perceives the action with will define if it is ethical or not. Someone from the Middle East or Asia might do something that we do not find ethical in our culture or business model however in their eyes it is total normal and fine to be able to do. I really think it is all about the environment around you and what the community perceives as ethical.
-
Digital forensic professionals, like Roberto state, has a judiciary duty to uphold the law in the way the collect, preserve, and analyze the evidence. Evidence collected may contain highly personal information, sensitive data, trade secrets, proprietary information, or things of national security, among others. All can have devastating affects if given to the wrong or even malicious actors. Along with their highly specialized skill set, digital forensics professional most also be ethical. Meaning that they should not tamper with the evidence, sell the evidence, or provide information about the evidence to an unauthorized party. Their actions must be within their boundaries and obligations, and should be carried out in good faith.
-
Great Post Andres,
As the other have stated, your approach is refreshing. I would like to extend your breakdown with the addition of moral, concerned with principles of right and wrong behavior and the goodness and badness of human character. We can probably agree that good ethics is good moral character. Believing that the actions that you’re taking is in good faith and is the right thing to do. The problem with that, like you already stated, is not everybody can agree on what is “good” and what is “bad.” It varies, from smallest element of society, the home, to a nation society. That is why every good organization will have a Code of Ethics or Ethical Business Practices, as a guideline to acceptable behavior. But isn’t it a little hypocritical to think that if a person follow the Code of Ethics, the are good morally even if they betray their own belief?
-
Ethics are required to adhere to in order to work in digital forensics. There is an inherent trust that investigators are collecting accurate evidence. A company is also entrusting you with access to multiple areas that usually require a separation of duties to be able to see more than one. If you violate ethics, your credibility in digital forensics is null. Part of your duty requires being able to submit truthful statements to law enforcement or courts. If you don’t have credibility you cannot do these aspects of the job.
-
Very correctly mentioned that ethics can play a very important role in field of forensics.I can take an example to justify this when forensic expert is doing investigation and he comes across some confidential information about the organization.There are chances that if he sells the information to their competitor then he can make some cash out of it.But this stand against the ethics and break the trust of company which gives access to your personal information.The forensic investigator should maintain his credibility
-
-
Ethics in simple words defines as honesty, truthfulness but when we cover the field of business ethics according to which it is the honesty and truthfulness to comply with the law and professional norms .The ethics play a vital role in field of digital forensics as it maintains the credibility of organization and the profession both.
The forensic expert has to deal with lot of confidential information on day to day basis in investigations as a result the expert should only reveal such information as defined by the boundaries of information sharing
in the charter and legal document signed by him.The document may have a clause to identify all important information,document it and present it to the legal counsel or higher management.Then comes the role of ethics where forensic expert should not reveal any information apart from the identified persons . -
Ruslan, as always, great stuff. I liked your mention of social media. It’s something that I didn’t even think of. I would take it a step further and say that as investigators we need our own set of rules involving social media. Someone investigating a case can’t go home and post “I can’t believe what ______ did on their work computer!” and then post details.
-
Andres, I like how you broke this question down into 3 definitions first. That’s a good approach to the question and it seems sort of in line with the approach of someone responding to an incident. Breaking down all the pieces of information before coming up with a full solution. I like it!
-
I think the most significant ethical dilemma involved with digital forensics is balancing the pursuit of justice with respect for people’s privacy. Many times, an investigation might accidentally involve innocent people. If this were the case, then investigating their data–some of which could be sensitive–could negatively impact data’s owner. In other cases, such as the situation from last year with Apple, exposing one person’s data might jeopardize the privacy of millions of others. In these cases, security professionals have to balance the pursuit of justice with the individual right to privacy.
-
Anthony makes a good point as this is delicate balance which is becoming much more prevalent. The privacy lines are being blurred further and further as we get further connected and those new technologies becoming a form of forensic evidence. You look at the most current cases of the Amazon Echo and tool like that are capturing sound in the home that they are looking to make a case with. Their is a real risk that those things occurring in the privacy of our home are no longer private if your plugged in.
-
-
-
Larry Brandolph wrote a new post on the site MIS 5170-Topic: Forensics 2017 7 years, 9 months ago
This week find an article about cyber security and post it here along with comments about what happened.
I’ll start with the article below. This was a case I handed here about a Temple student changing his grades.
-
There is a ransomware attack that is encrypting victims machines after tricking them by offering free access to Netflix on the website. In order to rid yourself of the attack you need to pay $100 worth of bitcoin.
I thought this was interesting because usually, at least in my reading, you see a story of ransomware targeting a machine that has more financial incentive for a successful attack. A device being used by a banker, a server at a hospital. They then charge a huge sum to get the data back (well over $100 like in this case). This is the first time I’ve read of ransomware specifically targeting small consumers like those watching Netflix who are probably doing so from their home PC which probably has valuable data to the person, but it’s not the kind of data that can get 6 figures in ransom.
http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012?
-
Nice post, Darin! I agree with your point about interesting shift for attacking small less valuable targets versus chasing a “big fish” for more ransom. My input on this thought would be….what if attacking larger number of less secured targets would get more profits to malicious hackers rather than trying to attack more profitable highly secured targets with less chance to actually exploit them!? Maybe this is one of reasons malicious hackers are making a paradigm shift.
-
Good point made and definitely helped me think through Darin’s article. Like you said, could be quite easier for a attacker to trick online users versus a large corporation. I feel as if many people lack cyber awareness, which is why so many people fall for scams, whether it is clicking a link to get free Netflix or falling for a phishing scam (example: PayPal scam).
-
-
St. Jude Medical Patches Cardiac Machine’s Cybersecurity Flaw
St. Jude Medical recently started deploying software to help protect its remote monitoring system for implantable pacemaker and defibrillator devices. It came out that its product, Merlin@home transmitter, contained vulnerabilities. The product collects data and sends it to the physician over the Merlin.Net Patient Care Network via a landline, cellular, or Internet connection. The article explained that the healthcare industry is a target for hackers, but the risk of anyone tampering with the devices is low. However, if the device is vulnerable, the risk of an attack is high and results can be fatal. There is potential for a hacker to use these devices (like a pacemaker) as leverage against someone to get access to their financials.
This article was quite intriguing and created another perspective on cybersecurity for me. My first thought on cyber-attack targets are banks, large department stores (Target), healthcare companies (customer information), the government, so the “norm” for hackers. To look at it from a healthcare industry perspective, but their products specifically is something new to me. It makes sense that if “body-interfacing IoT devices” are vulnerable, they can easily be hacked. However, I believe this is quite extreme though because getting access into a body-interfacing device can have fatal consequences. There may have to be something severely wrong with someone to use these devices as leverage to access another’s financials.
-
Elizabeth, great article! The fact that tampering with Bio-IoT devices pose life threatening situation is really serious concern. It is one thing when hackers get advantage of financial landmark and gain money, but if hackers can potentially exploit vulnerability in IoT devices, and I am sure they will at some point, then it really bring a huge concern on how to protect human lives from such danger. I guess, Bio-IoT device must at least transmit data in encrypted format with strong authentication and non-repudiation mechanism.
-
As mentioned by you its difficult to prosecute and collect evidences in the case of international cyber crimes.
As of now there is still no strong international charter available which defines procedures,support for investigation in such cyber crimes. A russian backed treaty in UN was rejected in 2010 due to differences between developing and developed countries on law.There do exits charters of G8 and UN which define dealing with cyber crime but they are not substantial to tackle growing interstate cyber crime.As you mention in the above case the Russia will keep asking for legitimate evidence and the farthest step US can take is to take the case to international court and get some sanctions imposed of Russia which although Russia is still facing.-
I think, in addition to Vaibhav is saying, you have to question who can really apply pain/pressure/”justice” to Russia. They have a permanent seat on the UN Security Council, and the International Criminal Court (ICC) doesn’t seem to carry much weight. I looked at their primer on “how the ICC works” and it doesn’t inspire confidence that Russia would have much to be afraid of.
https://www.icc-cpi.int/iccdocs/PIDS/publications/UICCEng.pdf
-
-
Its very important for healthcare industry to revamp their security considerations.In present times any medical device on the network could be a probable target of hackers.When we hear about healthcare industry most of the security policies deal with protecting the patients PHI .But series of attack on iOT devices clearly proves that if healthcare devices are attacked they could probably risk the life of patients which is more dangerous than hacking of cameras and internet-TV.
-
Hello Elizabeth/Vaibhav- here is another interesting article that makes us scratch our heads and think carefully how medical facilities and major hospitals use technology to fix peoples issues, but not securing the whole information cycle.
I always say, secured connect your devises or use VPNs. As you mention in your article Elizabeth, over the internet, line-lines and cellular communications are not strong enough to protect medical records tied to a patient, let alone having those expensive devises stay connected to an open online connection.
This looks like those organizations need to go over a good cyber security assessment, to find, detect, analyze, and resolve vulnerabilities in their software, hardware and firmware combine.
-
-
There can be a cheaper solution .Most of the home PC users should probably keep some of their sensitive data backed in the cloud .Most of the cloud service providers provide some GB space as free of cost .In case the home PC is compromised users have their data backed up as most of the cases of ransomware you dont have 100% surety to get back the data even the hacker is being paid off .
-
Hello Darin/Ruslan/Vaibhav- this is a very good article that encapsulates three important things:
1. The level of sophistication on how users have very low or non security in their devises
2. How vulnerable users are and how users lack of knowledge to secure information in personal devises.
3. The issue just continues and hackers can do this all day, in different countries with the same principle.So my take on this article is that victims still believe in magic, and free stuff and often fall in the tramp. A phishing attack can easily get someone to click on something, so once the initial email is sent, the rest is on the user.
To mitigate these kind of incidents, I advise my friends and family not to click on suspicious emails or unexpected messages offering you something. In cases of curiosity, I advise to hover over the links and read the destination, and then do a Google search of that destination. My last advise is to mark those types of emails as spam and monitor how many spam email a user gets a week, that’ll give you a better understanding on how serious a hacker wants you to be the victim.
-
-
The University of Geneva has a system that I found good to share and can prevent a problem that Temple faced with the hacking in the article. PCs for students have a blank new OS image at each reboot!
Relate to the article, I read in the database legislation of the United States under section 1030, (Fraud and related activity in connection with computers) that describes the Crimes and Criminal Procedure against the government computers, which can be passable of imprisonment up to 20 years (subparagraphs E) or life (subparagraph F).
Ruslan, very interesting posting about Russian hackers and Vaihab about international cyber crimes.
-
I wonder how often and under what circumstances violations of the laws you quoted are prosecuted. I’ve worked around government computers for more than half a decade and was unaware of those laws!
-
5 Cybersecurity Lessons Learned from the Super Bowl
Rag Harnish, a contributor for Security Magazine.com talks about the security around 3rd party vendors and the risks imposed when they are not secured on their end, making you vulnerable and easy to be attacked.
In my short experience with 3rd party vendors I have learned that new vendors push their way in to do business with you or your company, but often forget to assess their company and the security levels to avoid a disaster.
For new vendors, I suggest you and your organization have a robust process on on-boarding vendors. It starts with procurement to begin a relationship with the vendor. Some of the tools that will make things easy for both parties is a network request, a legal agreement, a cyber security assessment, and an enforcing team that will keep things in place.
For existing vendors, it’s safe to say that they do need a reassessment at least once a year, just to give you visibility in risk and how things can get better from the security perspective.
Also, if your organization is big, work with your legal, network, perimeter defense, network architecture, compliance and local IT to better understand the situation and provide a better customer experience.
http://www.securitymagazine.com/articles/87777-cybersecurity-lessons-learned-from-the-super-bowl
-
“Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite”
Cellebrite is an Israeli firm that focuses on aided law enforcement in extracting information from phones they obtain. They specialize in creating an all-in-one solution device that law enforcement can physically attach to a phone no matter what model. It is capable of exploiting flaws in older versions of android, blackberry and iOS. Recently they were the victims of a hacker who took over 900GB of data which has now begun to leak onto the internet. He was able to get into a remote server that had a lot of files and backup images of the cracking software they sell. The hacker has been vocal with news sites when asked questions. In his opinion, he sees society moving to more authoritarian regimes and that when backdoors are created they eventually will get released no matter the intention. This appears to be referencing the debate over whether Apple should crack their own software for the San Bernadino terrorist. The argument is that even when a tool is created to stop crime that it will end up in the wrong hands eventually and may cause more damage than the good it does.
Cellebrite’s initial response to the hack was claiming that only basic customer contact information was taken but which no longer seems to be what happened. Cellebrite says that their software has helped law enforcement in multiple cases with crimes such as drugs, murder, and child trafficking.
The tools released show that Cellebrite was also modifying some public phone solutions for their forensic purposes. Some code looks similar to that of the famous iPhone jailbreaker, GeoHot. Cellebrite does create their own cracks for the latest versions of iPhone software and these methods are supposed to never leave the company unlike the code the hacker was able to get into. -
Email Is Forever – and It’s Not Private
A very interesting article that I found talking about how safe your private emails really are. I thought it was interesting because we have been talking about discovery in class and emails maybe one of the things we are going to have to collect for someone for a some reason. They discuss how insecure of a way to communicate it is. They also explain that people become exposed cause they open themselves up to short cuts and could cause a major leak of information because of this.
Source: http://www.securityweek.com/email-forever-and-its-not-private
-
Really Interesting article! I think of it this way. They could make more money if they attack the random Joe Shmoe because if they attack 1000 of them vs 100 high value targets the changes are might greater in their favor. A lot of higher value targets have solution in place to counter act this where a random end user does not. So it can collect $100 over and over again fairly easily
-
I agree with Jonathan’s point that attackers can make huge profits through the volume of attacks they can make against smaller fish. Generally, the average person has less financial assets than a big corporation, but they also have significantly less security and awareness. As a result, attackers can save a lot of time by foregoing reconnaissance and utilizing simple attacks such as phishing.
-
-
I could not agree with both of you more. This article definitely made me scratch my head and take some time to think about it. The life of a patient is definitely more dangerous than hacking other systems. Like Roberto said, the health industry definitely needs to take some courses on cyber security and ensure the information is safe, but most importantly, so are the patients.
-
Thank you for the discussion,
Considering all the development dollars that they put into these devices to make it work, they should put more focus on making them secure. I think it’s all time for regulators to take action, rather than wait until people start dying because their pacemakers were hacked.
-
-
Good article pick due to how much people utilize email these days and the risks it can bring. In the article, it mentioned about the lack of cyber awareness from people, which I could not agree more with. It reminded me that at work before an employee sends an email, a message comes up and you have to click if the email should be labeled as containing international information, company proprietary information, etc. This message pop up I think can be beneficial because it might make a person double think what they are sending and if it is okay to send over email. It also informs the receiver what type of information they are receiving and email message contains a warning about disclosing any company data.
-
A hospital in Virginia had over 5000 patient records stolen in a data breach. Vascular and thoracic patients from 2012 to 2015 had their records stolen from a third party vendor. The information includes patient names, social security numbers, and procedure information. The breach was discovered in November 2016 and the hospital has now sent out written notice to affective patients. The vendor says they are enhancing their security after the breach and the hospital says they are working with law enforcement and a cyber security firm to investigate. This incident highlights the importance of vendor management and the risks organizations open themselves up to when allowing third parties access to their systems and data.
5,000+ Sentara Healthcare patient records involved in security breach
-
Amanda,
I thought this was interesting and decided to do some more research on the company. It seems that this was not their first data breach. In October 2015, they lost a hard drive containing 1040 records of patient’s names, birth dates, diagnoseses, type of procedure and clinical notes. Before that, in 2012, 56,000 patient information was stolen from a laptop inside a locked car of an employee with another third party vendor, Omnicell, LLC. It is clear that they are lacking physical and logical security to protect patient information. Isn’t there some sort of negligence clause that could hold their top level management to the fire?
https://www.law360.com/articles/881565/sentara-vendor-breach-exposes-5k-hospital-patients-data
-
Free Ransonware Decryption Tools
There has been a lot of buzz about ransonware, some studies has shown it has increased 750% from 2015 – 2016. The article posted by Darin, shows that it’s now targeting consumers through fake apps that delivers the ransonware.
Well, there might be some hope for companies and consumers that doesn’t want to ditch out the bitcoins to get their files decrypted. In July 2016, the Dutch National Police , Europol, Kaspersky Lab, and Intel Security have teamed up on the No More Ransom project. The goal of this project is to provide free decryption tools to victims of ransomware. So far, they were able to crack 24 different variants of ransomware. Ransomware criminals have taken notice, but as more organizations like Bitfender, Emsisoft, Check Point, and Trend Micro continue to join the effort, it might be a relief for some people.
http://www.darkreading.com/threat-intelligence/6-free-ransomware-decryption-tools/d/d-id/1327999
-
-
Really appreciate all the comments everyone. I am new to cyber so it helps reading your thoughts related to international cyber crime, which I am not very knowledgeable in. With the constant increase in cyber attacks and I am sure it will continue to increase since we live in a technical world, I am wondering when a strong, reliable international charter regarding cyber crimes will be addressed and put in place. There is always discussions about Russia and China cyber attacking the US and I am sure other countries are being hit as well. The problem will only continue to get worse, then again, I am not that familiar to know how difficult it might be to develop a strong charter and implement it.
-
Elizabeth, it’s definitely a huge and intricate problem to solve. I guess we can be a little heartened by looking at how international relations and diplomacy work now. Economic sanctions seem to be the preferred weapon of choice for the United States, but there hasn’t been a “cyber” Peal Harbor or something similar that has impacted us directly. I don’t think I’m being too cynical when I say that it’s only a matter of time. Our nation’s infrastructure is very vulnerable, simply put.
I wonder if in our lifetimes we’ll see the U.S. make a conventional military response to a cyber attack.
-
-
This is a really interesting article I think everyone needs to be aware of. Tim Cook said last year when the the FBI was trying to get into the iPhone 5C that he would not make this software because he was scared of what would happen if this was released into the world. Now that it is released into the world, i am curious to see what happens. If this does get into the wrong hands I could not even imagine what people would be capable of.
-
I remember us having quite a few heated discussions whether should or should not provide backdoors into their iOS. The outcome was simple, if Apple didn’t, someone else would. In this case Cellebrite’s. Nothing is 100% secured and even if a piece of technology was intended for the good of all, it can be used in a negative way.
-
I think the hacker here probably had similar discussions with peers but decided to prove his point by doing this illegal act. While he does prove that backdoors can get out, even releasing one can create a lot of harm if other hackers with worse intentions get a hold of it. I think that most of the tools released require physical access to the device so the damage may not be on a widespread scale here but it could be. A skilled hacker may be able to use the same flaw in a remote code.
-
-
-
A lot of school use software like deepfreeze, where upon reboot it will re image the computer. It makes it annoying if you saved something locally then forgot but from a security standpoint if anything goes wrong you can just reboot the machine and it should fix the problem.
-
I was a freshman when the grade hacking incident happened here at Temple. I remember several professors, including my intro to MIS professor, giving lectures about academic dishonesty and how the hack took so much more effort than just actually doing the course work. My MIS professor was particularly disappointed because with that kind of skill the student could have had a bright future as an IT or security professional and instead decided to use his knowledge for evil.
The situation at Temple is apparently also not that uncommon of an occurrence. I can’t say I’m surprised, since students have always come up with new and inventive ways to cheat. I found a few more incidents that occurred around the same time as the Temple incident, many of which used the same key logger hack that the Temple student utilized. The key to remember here is that all of these students go caught. Some of the students changed Bs to As, so it isn’t just the fact that Fs get scrutinized more that lead to the Temple student getting caught.
http://www.usatoday.com/story/tech/2013/06/14/purdue-university-grade-hacking/2423863/
-
This is part of why the San Bernardino iPhone case was so terrifying to me and why I think it is important for tech companies to not build in back doors for law enforcement. I want people who do bad things to get caught and justice to be served, but I think that the risk of these back doors being exploited by the people who do bad things far outweighs the benefit to law enforcement. I think it is more of a when than an if that the back doors would be exploited. I think that these back doors will be found in multiple ways, including that criminals constantly looking for back doors to exploit, so it is possible they will find the built in back door for law enforcement in their normal search for vulnerabilities. Also, as we have seen multiple times over the last few years, the US government has terrible cyber security. If they have knowledge of these back doors, the hackers will find where that knowledge is stored and take it. I honestly don’t think it would even be that hard for an attacker to find the back doors once they know one exists for law enforcement and where to look.
-
The company Cellebrite is only able to use certain exploits in the code since there aren’t really any backdoors yet. A back door implies giving a lot of control over everything in the system even moreso than just copying data. Discovering a backdoor in software can tank a company’s reputation as hard as a singer caught lipsyncing. Many people want to know that there data is safe and any backdoor will compromise that integrity.
-
-
The security risks that come from engaging third parties are, in my opinion, ones that companies routinely handle badly, but managing them should be one of the companies highest priorities. Organizations tend to think when they outsource a function, they are also outsourcing the risks associated with that function, when it is actually the opposite of this. There are now more risks associated with that function and they have now become harder to manage. Some of the most high profile breaches we’ve seen over the last few years have occurred partially as a result of the organization’s failure to manage vendor risk. The Target breach is a classic example of this. The hacker didn’t go right for Target’s systems. They attacked Target’s HVAC vendor, and then used the legitimate access that the HVAC vendor had to Target’s systems to perpetrate the attack. Organizations need to have robust vendor risk management programs to understand and manage the risks that come with engaging third parties. They need to know all third parties they engage, what access each third party has to the organization’s systems or data, and what security is in place for each of these vendors.
-
Its really a great article and even I had less knowledge on 3rd party vendors security procedures.I think 2 things can play an important role as per your suggestions-
1)A charter or SLA should be signed by the 3rd party vendor before going into the business and the charter should cover all security boundaries where the vendor accepts to follow them along with periodic assessment In case of a security breach the organization has the right to sue the company to recover damages.
2)Minimize the level of exposure of your systems to vendor only share the data and systems which is required by the vendor -
I think this highlights a massive issue that we’re going to have to face as a connected world and on a smaller level we need to figure this out as a county. Much like our lack of charter among countries, we also have a maze of different laws and regulations from state to state in the United States which complicates things. It’s going to start to become an economic burden for multi national and multi state organizations who are forced to comply with such a wide range of regulations.
-
Darin, great point! I believe if USA had all states united in terms of having one set of country laws and regulations, then a lot of complications would have been gone. I think it would simplify cybersecurity laws and tactics, general laws and standards, etc..
As an example, it is similar to having a company with lots of tools and applications not talking to each other well enough, thus creating complications, inconsistencies and misinterpretations. Instead, company could have one or a few unified solutions to eliminate all above issues.
-
-
Very interesting article Darin,
The major problem, as other have mentioned, is the users. They want free stuff, like who really wants to pay $10 month, to watch TV shows and movies. And most times, they will simply do a google search to see if they can find it for free online, but it is not without risk. Downloading and using anything from illegitimate sources has risks and really shouldn’t be done. Most virus protection will warn you of key generators and the such, but people will just turn it off to try to use it anyway. The creator of this faux Netflix knows this and is exploiting it.
-
Supposed to be a separate article.
-
Makes sense. This is a good example of the “path of least resistance”. Small fish are much more likely to have much less resiliency than a larger corporation and the extortion prices are “affordable’ if something is at risk of losing all their media.
-
I can hear the cries of “Free market! free market! free market!” but I agree. There needs to be some teeth in the consequences on not taking quick action to address vulnerabilities such as the one Elizabeth highlights.
-
How Hackable Is In-Flight Wi-Fi? We’re About to Find Out
Public Wi-Fi is always a vulnerability that exposes to hackers. Free Wi-Fi at airports, restaurants, coffee shops are available for everyone. If you connect with a fake Wi-Fi that was created by hacker, your information will leak immediately.
In the news, they did an experiment. The cybersecurity experts set up an unauthorized insecure Wi-Fi at the airport, and called airport Wi-Fi. Within a minute, 15 travelers logged on without noticing it’s an unsecure Wi-Fi. Also, charging stations are also targets of hackers. It called juick jacking. When you plug in a USB port, a pop-up prompt will ask if you trust the device. Most people will simply choose trust, if the port was controlled by a hacker, you will lose your data on the phone.
Here are some advices to protect yourself:
1. Don’t charge in a USB port, use a plug
2. Be wary of pop-up prompts
3. Be skeptical of generic network names
4. Use a virtual private networkLink: http://www.nbcnews.com/tech/security/how-hackable-flight-wi-fi-we-re-about-find-out-n699251
-
I’ve heard it said by more than a few people that many c-suite and board members in certain businesses simply no longer use email for anything other than rote clerical and scheduling function. The fact is that anything sensitive or incriminating written in a email can be reconstructed/leaked or stolen. When this risk is catastrophic to an individual or business, meeting face-to-face or calling with a burner phone is harder to prove.
-
“How to make 60,000 printers print whatever you want”
This is a cool article on how to exploit a lesser-known and often unsecured port that allows you to own networked printers.
-
Nice comment on the news, Amanda,
I didn’t remember the incident, but I think every professior talks about academic dishonesty at the beginning of classes. But still students can come up with different ways to cheat. I felt cheating was useless because one day you have to work in the society, there is no chance to cheat. Also, even if you have a 4.0 GPA, you don’t know any skills, you still can not find a decent job in the future.
-
They probably were cheating in multiple ways since they were colluding. It also mentioned they were taking test answers ahead of time. I do not like how this article presents these students as particularly skillful. What appears to have happened is that sometimes they find the professor’s password out or figure out the professor’s password recovery process. One of the ways they did this was through keylogging keyboards, which they probably bought instead of created.
-
-
I read an article that summarized an interview with a hacker who was responsible for hacking Freedom Hosting II, a hosting provider that drives about 20% of sites on the dark web. The article touches on the hacker’s process for this attack, but doesn’t actually list the twenty-some steps he took. Originally the hacker intended to just look around, but after discovering a bunch of child pornography, he decided to shut the sites hosted by Freedom Hosting down. The hacker intends to hand over the process and records of the files to a professional so that justice can be served.
-
I think part of why the students get caught is because its so easy to connect the dots that if one student’s grades are changing, the perpetrator is probably that student. It’s kind of comical to think about. Another thing that these hackers should keep in mind is that the digital records of their grades are very rarely the only copy of the grades which makes identifying disparities a simple matter. Overall, I think the risk to reward ratio for changing the grades seems a little off and I have to agree that just doing the work in the first place would have been much easier.
-
Anthony, nice article! This is great example as proof of consequences when company does not have appropriate security access controls, services and protocols monitoring and alerting. However, in this case, given inappropriate site’s content, hacker did a great job revealing the truth and having court of law to apply all required prosecutions.
Besides, in case if anyone was watching, there is also a TV show called “Mr. Robot”, where Elliot hacked one caffe shop where owner was involved in child pornography abuse. Hacker called police and had man arrested for further prosecution to the full extent of law. So, this is just similar example of “good-will” hackers. -
I think that government regulation would serve as a temporary solution, but I think it fails to address the underlying issue; the need for ubiquitous cyber security awareness. Regulating the problem away keeps consumers in the dark regarding the importance of cyber security and postpones awareness. Once awareness develops, then the market will recognize the importance of secure internet of things devices and demand them which in turn will require manufactures to develop more secure devices. However, I could see the legitimacy of legislation for specific industries, such as healthcare, due to the high risk nature of the application of IoT devices.
-
I found an article that discusses the Super Bowl from a cyber security perspective. It focuses on how the NFL uses risk management to protect 73,000 ticket holders from a cyber attack using tools of mitigation. The article looks at preparing for the worst by looking at the threat horizon that make sure that the staff is skilled in security incident and event management. Secondly, implementing pre-emptive planning which involves identifying risks and ways to monitor and prioritize threats. Finally, understanding the human factor that the staff can be targets. Having policies in place that help with bring your own devices and treating people to identify phishing threats.
-
Mengxue,
I enjoyed your analysis on the article. I think it is important for the public should be aware of the increasing threat to private information from technology. It makes sense that hackers would use different wifi connections to take personal information. Knowing that there is a threat makes it easier to protect yourself against it.
-
Jonathan,
I found your article very interesting. Normally when I hit the delete button I just assume that the content is gone and I no longer have to think about the information that the email contained. I think that it makes more sense that it is an insecure way to communicate since it would be easy for hackers to learn a ton information about a person based on the content of the emails.
-
It is good when industries recognize that they need to increase their security overall. The super bowl attracks many people and with that would be attackers as well. Respecting the human element of possible breaches is one of the most important rules.
-
Very good article which explains what is in my opinion the main method that malicious hackers attack the public. I also thought it was interesting that Gogo is inviting hackers to test their network and report vulnerabilities for reward. I believe this will be an effective way to improve the security of public wifi – this method would be similar to the hardening of open source software through community involvement. I feel that this new attitude towards network security which allows feedback from hackers to improve security will prove beneficial in the long run.
-
I actually looked at an article last year which talked about No More Ransom and it’s attempt to provide tools to the public to defend themselves against ransomware attacks. It’s good to see that the project has progressed and there are now several tools available. It is important for every cyber security professional to be aware of these tools and how they work as ransomware attacks become more prevalent in the industry.
-
Joseph great comment. I wonder if this is something that Temple is starting to do on select PCs. I’ve noticed that Windows 10 machines in Alter common areas always give me the “setting up this PC” prompt as soon as I log in.
If they’re giving a fresh image on every reboot what sort of challenges would a forensics expert face if they need to recover information from a machine used in a malicious act?
-
What’s also interesting about this article is the statement on how the Fed usually handles these types of dark web sites. In the article it states that the hackers good intentions may make it harder for the Fed to track down individual users since they normally infiltrate the site and inject malware on user’s systems while the site is still active. This being said I still applaud the actions of this hacker and the fact that he chose to make the methods he used to infiltrate the site available to the public.
-
Roberto,
I really like the advice you give to hover over links and read the destination and do a Google search of the destination. Following this step will mitigate against a large portion of malicious links and downloads. The most important step is being aware that one click is all it takes for a system to become infected.
-
Roberto I thought this was a great article and a fun take on cyber security. I thought the most important one to remember is that it’s a people game. At the root of every cyber attack or vulnerability is a human element. A computer doesn’t decide to do evil things, a person tells it to act that way. A system is vulnerable because a person can find a way to exploit it. I think the human element is so huge.
-
Great post Jonathan. Generally the rule of thumb I’ve operated under is that if I don’t want to see it on the front page of Philly.com I shouldn’t hit send in the first place. I wonder if we will ever go back to physical paper communication for incredibly sensitive communication without an urgency of delivery time. We as professionals entering the cyber world don’t want that to happen, but I wonder if we will ever reverse direction in some cases.
-
This is great, Andres. One more example of how important it is to block ports that aren’t being used or aren’t necessary. It looks like the port in question is only used for administrative purposes and could probably be closed without any major impact on end user functionality.
-
Great post Samantha. I think one of the most telling things about this was that 30% of businesses survey either aren’t in compliance or are unsure of the compliance with PCI standards. That’s incredibly scary.
-
-
Larry Brandolph wrote a new post on the site MIS 5170-Topic: Forensics 2017 7 years, 9 months ago
If you were tasked to write the Wikipedia page for Organizational Forensics what would it say?
Post your answer and through out the week comment on others.
-
Organizational forensics is the application of forensics (most typically digital forensics) to the intersection of an organization’s information systems, ethical policies and legal compliance.
I spent a fair amount of time coming to grips with the fact that a lot of “stuff” can fall under the label of “organizational forensics”. I broke it down in the following ways.
1. Definition of organization’s ethics via policies and standards
Ideally, an organization “stands for something” and has a defined set of ethics. For example, check out this Starbuck’s page: https://www.starbucks.com/about-us/company-information/business-ethics-and-compliance
2. Identification of applicable laws (compliance) governing business practices
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a good example of law that applies industry-wide. In this case, any organization that has business in the field of Health must comply with HIPAA requirements.
3. Establishment of metrics and artifacts that support the above two requirements
Once an organization has defined its ethical worldview and identified legal/regulatory requirements, it must be able to measure and prove their adherence and compliance. I work for the federal government, so I am required to receive training about sexual harassment. This is dictated by the Department of Defense (and no doubt higher, such as Title VII of the Civil Rights Act)
4. Definition of procedures to handle violations of ethics and compliance requirements
Say that I violate Espionage Act of 1917 by leaking classified information to another country. What is supposed to happen to me? What punitive measures am I facing? How long is it going to take?
5. Identification of the people responsible in carrying out the previously defined procedures
Who is responsible for taking action against me if I violate a policy and/or law?
-
I’m going to agree with Andres and his high level definition of organizational forensics. I think where organizational and digital forensics differ is that the organizational side is more the policies and procedures that need to be followed and the regulations that the business is placed under. Digital forensics is the evidence gathering to support a claim made about compliance with one of those policies or regulations. I think that they go hand in hand.
Through the entire process the forensics investigators need to apply a strict adherence to the chain of custody and all guidance involving how to collect, analyze, and store evidence in a way that it can still be submitted in court. Without compliance, an investigator could end up with a great case against a criminal, but be unable to prove it in a court of law. -
Forensics is the process of using scientific knowledge for collecting,analyzing, and presenting evidence to the courts.Forensics deal with more of the post crime scene.When we add word digital to it then digital forensic analysts follow crime footprints to investigate incidents and track activities in the electronic and cyber domain.Digital forensics also deal with creating an infrastructure and environment where it preserves the integrity of the evidence collected so it can be used effectively in a legal case.
An example for such case is that forensics not only deal with collection of audit logs after the crime but also deals with analyzing whether the logs are not being altered by hacker to destroy the evidence so that the integrity of evidence is maintained in the court
The legal aspects of digital forensics are very important and every country has its own laws and regulation and when we work for clients from different countries we need to have legal counsel who can give an insight on the legal rules and regulation we have to face. The United States Constitution has The Fourth Amendment which allows for protection against unreasonable search and seizure, and the Fifth Amendment
allows for protection against self-incrimination.Violation of any of them during the practice of computer forensics could be a crime.We also need to have a written permission or agreement from the owners who are demanding for use of forensic practices which has implicit clauses of the boundaries around which investigation can be carried .https://www.us-cert.gov/sites/default/files/publications/forensics.pdf
-
If I was slated with the task to write a Wikipedia page for Organizational Forensics, like most Wikipedia pages I would start with a brief overview of the topic that way users can know what it is about. I would take the definition about forensics and then the definition of organization and mold them together into a definition that would explain what I mean when I say organizational forensics. I think it would say something along the lines of:
Organization forensics is using tests and techniques to gather information from within an organization to piece together and solve a crime that may have transpired. When people think forensics, they think of dusting for finger prints and looking at ballistic data from a gun however within an organization there are many other things that could be captured and/or documented and used as evidence within the company. Organizational Forensics will look at computers, networks, cameras, mobile devices, email and cloud repositories to name a few things that could be captured, analyzed and used against someone in litigation. A lot of the log files that are created on a day to day basis that most people don’t even know about are a treasure trove of information for an investigator. The Organizational forensic encompasses multiple different resources, departments, talents and abilities in order to complete a single task, to solve a puzzle of if a person is innocent or guilty and then finding the information/data or confirm or deny that claim. -
Andres,
I like how you broke down everything into 5 different groups. And I do agree with you that a lot of “stuff” can fall under Organizational Forensic. It is a very broad term that encompasses multiple different things
-
Darin,
I agree that organizational forensics is more political because encompasses the whole organization. You need to know proper procedure and how to deal with the different departments properly to gather the information you need in a timely manner. I also agree that chain of custody is important. If the chain of custody of evidence is lost then a case could be thrown out over something silly.
-
I like the use of the word political.
-
-
Darin, I definitely agree about critical importance of chain-of-custody. I remember dealing with a Subpoena issued by Department of Justice for one of companies I worked for in the past, and that is where I was fully responsible for identifying and preserving requested evidence and making sure a chain-of-custody is kept consistent. For this purpose I was using FTK tools to collect data into an encrypted hard drive with Write-Blocker mode to ensure entire data and all time-stamps are kept intact as that is the only way to be sure that collected evidence is accepted at a court of law.
-
This is kind of tangentially related to this topic, but it is the first thing I thought of when I read the question, I tried to find a case where someone used digital forensics on wikipedia. I could not find such a case, but I will explain where this thought came from. Anyone can edit wikipedia, and there are many pages on there for people, and sometimes those pages get edited in a way that is not true and unfavorable. (See: The invertebrate page was edited yesterday to include a picture of Paul Ryan, implying he has no spine for not standing up to Trump http://nymag.com/selectall/2017/01/wikipedia-invertebrate-page-edited-to-include-paul-ryan.html) My thought here is if something like this, but probably a bit more extreme than the Paul Ryan example, would be covered under libel laws. Say someone edited a page to say a famous actor was something terrible, and the actor could prove that that page edit led to them suffering damages, would the actor be able to sue the person who edited the page? My thought is yes, because things journalists write can be used to sue them, so I don’t see why editing a wikipedia page would be different. But, since wikipedia can be edited by anyone, it may not be the easiest to figure out who made the edit. They would have to get wikipedia to investigate it. If the person didn’t use their real name when setting up the account, they may need to look into the IP address that made the post. All of this would need to be done using sound digital forensic techniques so it could be admissible in court.
-
Ruslan,
I agree with all points you have made, but I think it is important to add that not all forensics investigations have to involve law enforcement. Knowing when to involve law enforcement is important, and that companies should have a policy for this. However, some investigations involve things that are against company policy, but not necessarily illegal. The investigation should be similar, in that preserving integrity of the evidence is important is still important even if the act found wasn’t illegal. An employee could attempt to sue the organization for wrongful termination, which could then land the evidence found in a court of law after the investigation is over, without the organization involving law enforcement. Thus, if the integrity of the evidence is not compromised, the organization could present it as proof, and show that it was against policy and directly resulted in the termination, and therefore the termination was not wrongful. -
Hello Jonathan- you actually broke down an easy way for other to understand what organizational forensics is and does. As a Wiki page developer I think you have the correct idea on what should be posted, in order to provide other users the proper information on what they are looking for.
Many Wiki pages, wither internal or external to an organization have all the tools and application available to users, so the page is a one-stop shop deal.
-
Forensics is the practice of applying science to investigations. Organizational forensics is applying this scientific investigation style within an organization such as a company or government agency. In modern times, digital forensics is heavily involved in organizational forensics. This is because much of what organizations do is now heavily tied to technology. Digital forensics is using scientific investigation to examine technology, such as computers.
Organizational forensics starts with development of policies and rules for how investigations will be carried out. Investigations should require authorization from someone at an appropriately high level prior to beginning their investigation. There should also be policies for how to preserve evidence so that, if required, it would be admissible in court. There should also be a determination of when the authorities need to be called to join the investigation. Finally, there should be policies on how to report findings, and who to report findings to. -
The internet’s definition of organizational forensics is “the investigation of a business structures or components that are not functioning as intended, causing negative impact to business results”, however to define forensics, we need to understating that is a collection , preservation, analysis, and presentation of digital evidence which is admissible in a court of law. Forensics is also usable for internal disciplinary hearings, and data is to support internal incident reports as to assist or furthering other investigations.
My Wiki page will have this definition, along with links where to find information about the organization, whether an internal or external use, I would point users to the right direction for a more efficient result.
Last, I would provide a list of hierarchical individuals in an organization, or a chain of command chart for a better understanding of different areas, departments and senior leadership involve in a legal and technical situation for forensic purposes.
-
If you were tasked to write the Wikipedia page for Organizational Forensics what would it say?
Forensic Science is defined as the scientific method of gathering and examining for the purpose of presenting in court. Organizational Forensics is the use of forensics, mainly digital forensics, within companies to help preserve the company’s information and protect its data (information systems) while adhering to the organization’s policies and standards of compliance.
Digital Forensics is the collection, examination, analysis, and reporting of digital evidence (computer crime date) that is admissible in a court of law. There are different areas of digital forensics an organization can apply: network forensics, computer forensics, forensic animation, forensic watermark, software, forensics, etc. Sources of digital evidence could be hard disks, email, server content, audit log files, etc.
If an organization is in the situation to present digital evidence in the court of law, it is important that the company adheres to its policies, procedures, and guidelines that address the use of the forensic process. Depending on the situation of the company, there are country/region specific laws, international standards, guidelines for ensuring corporate forensic readiness, compliance with local laws and regulations, or industry specific requirements the company must comply with. It is very critical for the organization to adhere to all policies, standards, and guidelines for collecting, preserving, analyzing, and presenting the digital evidence. Otherwise, the evidence will be dismissed in court.
-
Andres,
I really like your approach to answering this question. You took the route on explaining more about the polices, procedures, and laws, which was quite different than some of our other classmates. The examples to each piece was very helpful in understanding in your definition. The ethical policies and legal compliance definitely plays a major role in organizational forensics.
-
Amanda,
I like how you indirectly pointed out how forensics has changed over time. Today, digital forensics is heavily used because we live in a “digital” world and technology is involved in our everyday lives, including organizations that strongly rely on technology to be successful.
-
Jonathan,
I completely agree with Roberto’s reply. I believe you broke down the use of forensics by an organization very well and understandable for someone who may not be familiar with the term. The only thing I would briefly mention are the policies, procedures, requirements, etc. that an organization has to strictly adhere to, especially if they are to present the evidence in court.
-
Joseph,
Interesting approach in answering the wiki question by stating all the organizations that are strongly associated with digital forensics. I have to agree with Ruslan about how it is quite fascinating how forensics is applied by many organizations throughout the country, but also internationally. It also makes sense because we are surrounded by technology everyday and companies or organizations are experiencing some type of cyber attack by the second.
-
Andres, great explanation of organizational forensics from ethics and policies stand point. It looks like the logic of this example is somewhat similar to a concept of Audit process. So, I believe Forensics in this context would be going beyond the audit in a sense that it involves searching for evidence that might be used in a court of law. Do you think Forensics and Audit could be compared to a certain extent?
-
Andres, I liked your way of breaking things down. When doing my initial post I ran into a similar feeling that a lot of things can fall under organizational forensics. It sometimes feels like a catch-all umbrella term.
-
-
Great point, Amanda! Thanks for bringing this up. I agree that some investigations don’t need to involve law enforcement into the process. I believe it would make sense to bring law enforcement in case of criminal investigations and computer crimes; however, certain policy violations could be resolved internally by the organizations assuming procedures and policies are followed.
-
Ruslan thanks for mentioning several tools that are helpful with forensics. I’m hoping we can learn a few of these in class.
-
Roberto I like your idea about the leadership chart/chain of command. I think sometimes it’s easy for us to get lost in the policies and the investigative tools and forget the fact that there are humans behind all of this who need to be communicated with and considered.
-
Roberto, your statement about negative impact to business results is great example of necessity for organization to have sounds computer forensics practices to ensure information systems integrity and defense-in-depth security strategy. Of course, this level of integrity can be achieved by thorough understanding not only technical, but legal aspects as well. This way, should there be a prosecution, an organization will be able to provide adequate evidence and solve the case.
-
Ruslan,
You are absolutely right about security professionals must not only understand the technical but the legal aspects as well. They need to consider their policy decisions and technical actions with existing laws. For instance, security professionals in the healthcare industry must understand or be able to navigate through HIPPA requirements when designing their systems, or consider the legal ramifications when using monitoring tools.
-
-
Roberto,
I like your idea of the org chart for an organization. Since every organization will of course be different it can be a generalized chart to show the flow of power through a company. This could help a user if they need a specific piece of data, by knowing how to ask
-
Darin,
I don’t know if I remember correctly, but the Professor mentioned that not all “evidence” will require the same amount of control when we talk about chain of custody. Not all evidence is the “murder weapon.” For example, for a murder case recovering the murder weapon and having strict chain of custody is of more importance then recovering an email that shows intent. The email did not murder the person, but the knife did. Showing intent is great, but having DNA with it being altered or compromised is of greater concern.
-
Bilaal,
My definition of organization forensics is very different than yours, but I tend to agree with you more. In today’s business environment, every organization needs to anticipate and be prepared to respond to breach, or provide digital evidence if requested. Whether it’s to prosecute or defend, having a forensics policy, process, and structure in place will make them more effective in delivering the required evidence, saving time, money and resources. -
According to US-Cert.gov, “Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts.” It is the act of recovering and analyzing latent evidence; fingerprints at a crime scene, files on a hard drive, or evidence in digital formats. Organizational Forensics is collecting and analyzing business structures or components that are not functioning as intended (Transitions for Business, 2017). Organizational forensics is not limited to presenting the findings in a court of law, although preserving its integrity is a must, it is used to draw upon deeper seeded problems within the organization. It examines the organization culture, values, strategy, goals, processes, systems, and resources to find each area contributes to the problem.
In my opinion, when data is compromised by a breach, it’s not just the security controls or lack of that is the problem. It looks of the culture of the organization; how do they perceive cyber threats, how does their strategy and goals align with the security efforts and vice versa. Computer forensic, to identify, collect, preserve, and analyze data is a way that preserves integrity to present in a court of law, is just a subcategory or organizational forensics.
Transitions For Business. (2017, January 29). Discover powerful business solutions from within using Organizational Forensics. Retrieved from Transitions for Business: http://www.transitionsforbusiness.com/organizational-forensics-is-the-investigation-of-business-structures-or-components-that-are-not-functioning-as-intended-causing-negative-impact-to-business-results.html
-
Amanda,
I like the structure that you laid out on how organizational forensics should be conducted. Without structure, policies, and rules it would prove difficult to recover the required evidence. Things such as log monitoring or backups could be inadvertently mishandled; people deleting log files, backups are not performed periodically. Having policies in place provides for a means of consequences.
-
Loi,
I agree that the culture of an organization plays a significant role in how cyber threats are handled. Organizations who include cyber security in their business culture will be more likely to create policies and procedures that will allow for effective reaponse should a threat or attack arise. These organizations will more more likely to have IDS/IPS in place, adequate logs available, amd policies that will allow the use of digital forensic investigation without being hindered by privacy laws.
-
Great post, Amanda!
I totally agree that digital forensics is heavily used in organization forensics because of technologies. It should be easier to find criminals than science forensics since computer footprints are easier to track than physical footprints. Also, there are policies and regulations in a company and the country. -
I really like your answer! Jonathan.
It is very easy to understand and short to read. I would recommend to emphasis the use of laws. But other than the legal use, I think you did a very good job on describing organization forensics. -
Anyone can sue anyone for anything if they have enough money and lawyers. If you are editing something that is used as a source for people, you cannot use personal opinion as a defense. You also probably cannot use the truth as the defense as you have nothing sourcing your claim. I think this is why wikipedians revert even small changes because the edits need to have sources to last. I think it is still very hard to get someone in court over just their IP address as there have been some cases where the judge has said that it is not unique information to identify a defendant with.
-
I think this was an interesting way to answer the question. It shows that there is a lot of support even internationally for digital forensics. It is also important to note that the groups are able to talk with each other and share their techniques and information to keep improving in the field. Sometimes they will consult with another on big issues or hold a conference to enable free flowing ideas.
-
Roberto,
I like the outline for your wikipedia article. I agree with Jonathan that the org chart for an organization makes sense when employees would need to figure out who to talk to about specific forensic matters. In addition, I think it would help those investigating an instance so they would know who to contact to get information.
-
Andres,
Your article was very easy to follow and to understand on the way you broke down organizational forensics into different subsets. I agree with you that the lines are blurred when it come down to understanding who is in charge of mandating organizational policy. In my opinion all organizations should have a standardized method that employees should follow when it comes down to digital forensics.
-
I like the analog metaphor used for digital forensics in your explanation. I am just not certain on whether or not forensics determine innocence. It seems more that it determines exactly what happened and it is up for a court to determine the other half of the information. Intent is a hard thing to find in digital forensics as people sometimes press a key by accident or on purpose. There are times where it can be clear when a user is in a system that they certainly know they shouldn’t.
-
Organizational forensics makes use of the scientific method of gathering and understanding information as well as data about a company which helps to identify what is working properly for the company and what is not. Much like traditional forensics, organizational forensics uses information from the past to understand an incident that needs to be investigated.
Digital forensics works hand in hand with organizational forensic science to aid the evidence collection process. This science works to preserve, collect, validate, and document digital evidence that so that it can in turn be used in the court of law to prove or anticipate criminal or unsanctioned activity. Digital Forensics can be classified into different subsets: traditional digital forensics, network forensics, and mobile, handheld, and embedded forensics. Since the digital landscape is always changing it is difficult to have best practices when there could be a standard but the technology evolves. When a company is looking for a plan of action when it comes to digital forensics it is important to have a standardized means of testing the data, having it reviewed, looking for errors, and looking at privacy as well as compliance matters.
For a company to be successful it will need to have a standardized way across the organization of handling forensics matters. By putting proper protocols and policies in place that are in line with industry standards information and data collected will be analyzed and tested the same way to be used for forensic measures.
References:
https://www.radford.edu/content/dam/colleges/csat/forensics/nij-chapters/brunty1.pdf -
Great examples, Bilaal.
Thank you for providing examples of digital forensic tools and forensics considerations. I am still confused by the differences between organization forensics and digital forensics. Can I understand it as digital forensics readiness is the process of collecting digital evidences and organization forensics is the result of digital forensics and applying to laws and regulations? -
good answer, Vaibhav!
I saw the word “digital forensics” many times in your post. I agree that organization forensics is digital forensics, but I am still wondering if organization forensics=digital forensics. If so, we just need to give definition to digital forensics then. Is organization forensics different from digital forensics?
-
Amanda,
I like how you were able to define the different instances of forensics and how they are used. What also was helpful is how you mentioned to introduce the policies for how investigations should be handled. I also agree with Loi on how evidence could be mishandled so policies are necessary,
-
I like that you brought up the issue of thinking globally. Even if you only build your website in the US it is still out there for the world to look at and use. Each country may have its own data protection laws or issue reporting laws which if disobeyed can result in penalties.
-
I feel like point 5 is very important since without clearly defined roles, organizational forensics may fall apart. If no one is assigned a specific task, it would require an employee to seek out a task that isn’t required of them. This will still let plenty of issues slip through the cracks. Not to mention how passing the blame for a missed issue will cause chaos.
-
Joseph,
I thought it was extremely helpful how you broke down your piece pertaining to different organizations that are the foundations for forensics. I found it interesting that some of these organizations have been operating since 1996 and have evolved to handle other types of cybercrime.
-
I separated the word forensics with digital forensics as the forensics is something related to the evidence admissible in the court.So it can be also a fingerprint collected after a crime for investigating criminals so when we jump to digital forensics its collection of evidence in the digital world
-
Yeah you have used an excellent example to define this but I feel tracking IP address may not be enough to sue a person in court.There are cases when people hack into somebody network and use his network to hack and bring damage to other systems.The method do deals with tracking the user with IP address and then depositing his personal computer with any of the internet history or log files.
-
I really like the point of mentioning the proper protocols and policies are in place.The work of forensic expert will be easier if he can find the log files.Most of the auditor do recommend using log files but the organizations ignore them.Many organization have a retention policy but the data may not be available for the particular date when being asked by an forensic investigator due non compliance to policy
-
Elizabeth,
Your explanation of digital forensics was thorough and I liked that you identified the various disciplines of organizational forensics and the assortment of regulations and policies that need to be considered during the organizational forensics process. I noticed that your definition, while not explicitly limiting digital forensics to legal applications, didn’t mention its admissibility towards settling internal incidents. While the arguably more important aspect of digital forensics is its applications for handling criminal offenses, it can also be handy for settling simpler issues such as violation of the company’s computer policy, etc.
-
Thanks Menqxue,
What I gathered from the research is that forensic readiness is how prepared an organization is to handle forensic investigation.. So this would include an organizations ability to process and collect digital evidence should an incident arise. And yes, organizational forensics is the application of digital forensics within an organization which should support company policy, laws and regulations.
-
-
Larry Brandolph wrote a new post on the site MIS 5170-Topic: Forensics 2017 7 years, 9 months ago
This will be where we I post weekly questions and you provide comments and feedback.
-
Larry Brandolph's profile was updated 7 years, 9 months ago
-
Larry Brandolph changed their profile picture 7 years, 9 months ago
-
Larry Brandolph wrote a new post on the site MIS 5170-Topic: Forensics 2018 7 years, 9 months ago
Welcome to MIS 5170 – Spring 2018! I hope you are as excited to get started as I am. We will begin on Tuesday January 16th, when we will go through the structure of the course and what I am expecting from yo […]
-
Larry Brandolph wrote a new post on the site MIS 5170-Topic: Forensics 2017 7 years, 9 months ago
Welcome to MIS 5170! I hope you are as excited to get started as I am. We will begin on Monday, January 23rd when we will go through the structure of the course, what I am expecting from you. Some of you are […]
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years ago
I’ve posted the grading rubric for the Individual Project due next week.
Look under Individual Assignment.
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 1 month ago
The Groups have been finalized. I have them posted under the projects.
We will have 4 teams. 3 teams of 5 people and 1 team of 6 people.
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 1 month ago
I published all the presentations back to the 1st class (under Course Material).
I also published the Individual and Group Project (under Project)
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 1 month ago
Case:
Amazon Web Services
Readings:
What Web 2.0 is (and isn’t)
Great Wall of Facebook: The Social Network’s Plan to Dominate the Internet
Better Information Isn’t Always Beneficial
How Cloud […] -
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 2 months ago
For Thursday I need to know who will be in your group. Group should be no more that 5 people. 3 person groups I will assign a forth member.
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 2 months ago
Case: Cisco ERP
Articles:
Barnett, T. (January 22, 2007). What IT Can Learn from the Railroad Business. ComputerWorld.
Gruman, G. (May 7, 2007). Put the Emphasis on “P” for Process in Business Process […]
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 2 months ago
Case: Stars Air Ambulance
Articles:
– Aaronson, D. (1998). Overview of Systems Thinking.
– de Rosnay, J. (January 6, 1997). Feedback. Principia Cybernetica Web. http://pespmc1.vub.ac.be/FEEDBACK.html
– […]
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 2 months ago
Do I need to purchase all the cases on the Harvard Business Review Site?
Answer: Yes you will need all the cases. I recommend buying them all at once.
I do not see the Stars Case?
Answer: Stars Air […]
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 2 months ago
Case: Google
Articles:
Porter 5 Forces Analysis. Wikipedia.
Value Chain. Wikipedia.
Elgan, M. (June 6, 2009). How Cell Phones Will Replace Learning. Computerworld. […]
-
Larry Brandolph wrote a new post on the site Information Technology Management 9 years, 2 months ago
Now that we all survived Week 1. As a reminder I will use this area to keep your assignments posted and any additional information for the class.
- Load More