Digital Forensics Securing Evidence and Imaging

Question: Discuss about the Digital Forensics for Securing Evidence and Imaging. Answer: Introduction In this case study, a situation has been provided where a flash drive has to be seized from a wrongdoer in the office and scanned for the activities done with the flash drive. The following report contains an idea on how to catch the wrongdoer by seizing the flash drive while it is logged in and scan its contents for imaging purposes. Catching the Suspect and Securing Evidence As per the case study, a wrongdoer in the office uses a flash drive for doing some unethical activities in the University Workstation. However, the employee is only under suspect and there are no strong proofs of wrongdoing. Moreover, there are some legal and technical issues. The legal issue is that the flash drive cannot be just seized without concrete proofs. In addition, the contents of the flash drive cannot be copied by accessing from another device as this violates the university library policy that electronic copies cannot be reproduced from the available copies and contents (Nance, Bishop and Phillips). Violation of this policy will be an act of piracy. Hence, only digital imaging can be produced from the contents of the flash drive. The main technical issue is that the contents of the flash drive can only be accessed after entering the user ID and password. Hence, the employee can only be caught when he is logged in with flash drive. For these reasons, catching this employe e will be a difficult job and proper planning and timing of activity events are necessary. The following steps are to be taken in order to secure the evidence and catch the suspect. Surveillance Initially, the suspect should be kept under strong surveillance to monitor his activities in the University Workstation. This can be done by using CCTV camera or even secret cameras hidden behind the employee so that his activities on the computer can be monitored. However, there are some guidelines regarding use of surveillance equipments and monitoring an employees activity (Casey, Blitz and Steuart). If surveillance machines are to be installed, then all employees are to be kept under surveillance rather than only one in particular. Again, if the employee comes to know that he is being under surveillance, he will get careful and stop doing unethical activities under surveillance and the suspect cannot be caught again. Ethical Hacking As the suspect is not expected to use any encryptions while using the flash drive, ethical hacking techniques can be used to break into his workstation while he is logged in with his flash drive (Garfinkel). While this is a really good alternative, there are some problems. The university already uses strong anti-hacking firewalls as well as hack alarms. Hence, if the hacking is attempted, it will raise the alarm on the suspects workstation and he will get careful. In this way, he cannot be caught red-handed. Phishing (Ethical) Phishing is a technique that is used by some people to capture some other users ID and password to break into a particular portal. This is can be ethically used and applied in this case. Once the suspect logs in with his flash drive using his ID and password, phishing techniques can easily capture them and afterwards, the flash drive can be seized. Mock Interrogation Direct interrogation will raise the awareness of the suspect and the capture will not be successful. Hence, a mock interrogation session can be arranged involving all the employees of the office. While interrogation, maximum possible information should be gathered from the suspect (Roussev, Quates and Martell). Suddenly increasing pressure on the suspect during the mock interrogation will catch him off guard and he may disclose the truths. Moreover, this should be timed while he is logged in with his flash drive so that the flash drive can be immediately seized after the interrogation. These are some of the ways to catch the suspect and seize his flash drive. However, some extra preparations and equipments are required to complete the seizing in the right way. The preparation chronology is as follows. A suitable plan following the points discussed should be prepared in order to catch the suspect in a planned manner. The plan should be applied carefully and with care so that the employee does not become aware of the situation. The suspect must be caught while his flash drive is still active in the Workstation so that he is red-handed while caught. The seized flash drive should analyzed using digital imaging procedures so that copyright guidelines of the university are not broken. The equipments and softwares to be used to catch the suspect with valid proof are as follows. Equipment / Software Use Hidden Camera To monitor the activities of the suspect in the workstation directly Office Ethics Software To monitor the activities of the suspect from a remote computer without using any physical devices of equipments SurveilStar Software To restrict data and devices usage and identify the exact location of the wrongdoing Windump Program To track messages and other personal information sent and received by the suspect using the University Workstation in his flash drive Digital Imaging Tools To scan the seized flash drive used by the suspect for gathering data and information stored in it After the flash drive is seized along with the user ID and password that is used to login with the flash drive, digital imaging tools should be used for recovering the contained data and information in the flash drive. If the seizing and imaging processes are successful, concrete evidences against the suspect can easily be gathered supporting his wrongdoings. Moreover, in the near future, more protections are to be used so that the employees do not further misuse the university workstations using external devices like flash drive. Conclusion This report contains a preparation plan to catch the suspect in the office red-handed and seize his flash drive for gathering data about his wrongdoing. While the report suggests some commonly used techniques in addition to usage of latest technologies, it also emphasizes on the fact that the investigation should not cross the ethical limits and the guidelines of the university. Works Cited Casey, Eoghan, Andrew Blitz and Christopher Steuart. Digital Evidence and Computer Crime. 2014. Garfinkel, Simson. "Digital forensics XML and the DFXML toolset." Digital Investigation 8.3 (2012): 161-174. Nance, Kara, Matt Bishop and Amelia Phillips. "Introduction to Digital Forensics--Education, Research, and Practice Minitrack." System Sciences (HICSS), 2013 46th Hawaii International Conference on. IEEE (2013): 4879-4879. Roussev, Vassil, Candice Quates and Robert Martell. "Real-time digital forensics and triage." Digital Investigation 10.2 (2013): 158-167. Sang, Ting. "A log based approach to make digital forensics easier on cloud computing." Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on. IEEE (2013): 91-94.