Chapter 3: Types of Vendor and Computer Forensics Services

 < Day Day Up > 

Chapter 3: Types of Vendor and Computer Forensics Services


Cyber crime potentially costs U.S. businesses millions, if not billions of dollars in unrealized profits and exposes organizations to significant risk. And it is on the rise. In 2001, the Computer Emergency Response Team (CERT) reported a fivefold increase on the number of computer security incidents reported in 2000.

As information technology and the Internet become more integrated into today’s workplaces, organizations must consider the misuse of technology as a real threat and plan for its eventuality. When cyber crime strikes, the real issue is not the incident itself, but how the organization responds to the attack.

With that in mind, this chapter looks at how a swift and measured forensic incident response, drawing on sound policies, vendor tools, and support, allows an organization to contain the potential damage of an attack and effectively seek compensation or prosecution. In addition to the preceding, this chapter also covers the following computer forensic services:

  • Forensic incident response

  • Evidence collection

  • Forensic analysis

  • Expert witness

  • Forensic litigation and insurance claims support

  • Training

  • Forensic process improvement

 < Day Day Up > 

 < Day Day Up > 


Cyber crime occurs when information technology is used to commit or conceal an offense. Computer crimes include:

  • Financial fraud

  • Sabotage of data and/or networks

  • Theft of proprietary information

  • System penetration from the outside and denial of service

  • Unauthorized access by insiders and employee misuse of Internet access privileges

  • Viruses, which are the leading cause of unauthorized users gaining access to systems and networks through the Internet[i]

Cyber crimes can be categorized as either internal or external events. Typically, the largest threat to organizations has been employees and insiders, which is why computer crime is often referred to as an ‘insider’ crime. For example, Ernst & Young’s global research has found that 82% of all identified frauds were committed by employees, almost a third of which were committed by management.

Internal events are committed by those with a substantial link to the intended victim, for example, a bank employee who siphons electronic funds from a customer’s account. Other examples include downloading or distributing offensive material, theft of intellectual property, internal system intrusions, fraud, or intentional or unintentional deletion or damage of data or systems.

However, as advances continue to be made in remote networks, the threat from external sources is on the rise. For example, in the 2001 CSI/FBI Computer Crime and Security Survey, 49% of respondents reported their internal systems as a frequent point of attack while 48% reported Internet connections as the most frequent point of attack.

An external event is committed anonymously. A classic example was the Philippine-based 1999 “I Love You” e-mail attack. Other types of external cyber crime include computer system intrusion, fraud, or reckless or indiscriminate deliberate system crashes.

Internal events can generally be contained within the attacked organization as it is easier to determine a motive and, therefore, simpler to identify the offender. However, when the person involved has used intimate knowledge of the information technology infrastructure, obtaining digital evidence of the offense can be difficult.

An external event is hard to predict, yet can often be traced using evidence provided by, or available to, the organization under attack. Typically, the offender has no motive and is not even connected with the organization, making it fairly straightforward to prove unlawful access to data or systems.

[i]“Computer Forensics: Response Versus Reaction,” Ernst & Young Australia, The Ernst & Young Building, 321 Kent Street, Sydney NSW 2000, Australia (Ernst & Young LLP, 787 Seventh Avenue, New York, New York, 10019), 2001, p.3.

 < Day Day Up >