19.5 Summary


19.5 Summary

Computer intrusions are among the most challenging types of cybercrime from a digital evidence perspective. Every computer and network is different, configured by the owner in a very personal way. Some systems are highly customized, fitting the specific needs of a skilled computer user while other systems are highly disorganized. In many ways, investigating a computer intrusion is like going into someone's kitchen and trying to determine what is out of place. In some cases, anomalies are obvious like seeing plates in a cutlery drawer. In other cases, investigators must interview system owners/users and examine backup tapes and logs files to determine what the computer intruder changed.

Additionally, every computer intruder is different - choosing targets/ victims for different reasons, using different methods of approach and attack, and exhibiting different needs and intents. Ex-employees break into computers, damaging them in retaliation for some perceived wrong. Technically proficient individuals break into targets of opportunity to feel more powerful. Thieves and spies break into computers to obtain valuable information. Malicious individuals break into medical databases, changing prescriptions to overdose an intended victim. These types of crime are becoming more prevalent and are creating a need for skilled investigators equipped with procedures and tools to help them collect, process, and interpret digital evidence.

Even when computer intruders are careful to hide their identities, they often have quite distinct MO and signature behaviors that distinguish them. The items an intruder takes or leaves behind are significant when understanding the MO and signature and what a criminal tries to destroy is often the most telling.




Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net