COMPUTER CRIME INVESTIGATION: DISCUSSIONON INSIDER INTRUSIONSFORENSIC TECHNIQUES FOR INVESTIGATING INSIDER ATTACKSIn recent times, the report generations for the cyber attacks are high, due to the increase in thenumber of devices in the working environment and dependency of people on technology.Security leaks may occur because it may be a secondary consideration for a company. But thereare companies who have suffered huge losses like ATand T and Goldman Sach. It is occurred bythe employees who did the inside attack, but the companies were not ready to handle for suchtype of attack, so they have suffered great loss, keeping that in mind there are many companieswho are trying to predict these kinds of attacks from happening. These are techniques used toanalyze and predict these attacks (Robert Hackett, 2016).Data Loss Prevention (DLPs)A company might have a lot of secret and classified projects in which they are workingon. This information should not be disclosed with another person, but we face dataleakage from time to time because of the people knowingly or unknowingly release thisinformation which might affect the company directly (Robert Hackett, 2016).Behaviour AnalyticsA human can change at any point in time so behaviour analytics should be used to monitor theemployees. For example, if an employee feels about the work he may try to complete the workdelay so the work might even steal sensitive data from the server i.e. sharing the company data toexternal drives. This happens because the employee is not happy about the decision of the higherperson that might be affecting him directly. For example, let us analyze a person behaviouranalysis based on the following questions “why this happen to me? , how can you do this tome? , why me? “. In the example, we have trigger word "me." This can be considered as one ofthe behaviour changes of a person so the algorithm is designed to alert when these trigger alarmsso that the company can monitor the person closely to avoid any insider attack to the company(Robert Hackett, 2016). Activity MonitoringActive monitoring is done inside the company to make sure that the company might not lose itsdata. People might steal data from the company. They may try to access some of the importantservers which they are not supposed to access, and some of the employees often log in to theirworkplaces at an unusual time. These are the signs that the company should worry about wherethe sensitive data is stored in the company (Robert Hackett, 2016).
INSIDER ATTACKERS POTENTIALLY CAN DEFEAT THESE TECHNIQUESIf an insider wants to defeat this analysis and techniques he should know every step ahead of thecompany and also he should know the loopholes in the current system of the company. This is avery important point to consider often, people who are involved in these kinds of activities wantto escape with being able to track them and also companies will only know about the attack afterseveral weeks or days (Robert Hackett, 2016).Data loss prevention In data loss prevention, some mechanism and techniques are identified and encrypted for storingthe data in a safe place. People are there to leave clues behind some clue to get access to thesensitive data (Robert Hackett, 2016).Behaviour insider attackThe attacker can defeat the technique not only by attacking directly. He can trigger someone todo it with the person even by noticing. For example login to someones account for some otherpurpose and sending email through his colleague email address (Robert Hackett, 2016). Active monitoring People can avoid monitoring by login into the company from remote places, and some of theemployees even try to access their companies from the unknown computer by installing aprogram that might trick the system (Robert Hackett, 2016).FUTURE CHALLENGES AND TRENDS FOR FORENSIC INVESTIGATION In the future, Volume problem is the most important challenge faced during the forensicinvestigation. Consider in a large organization there will be N number of users. So if the usersare increased then the possibility of anonymous users will be increased. Due to a large number ofusers, the storage capacity and devices will be high. So it is very difficult to manage and analyzethese requirements (Lillis et al.,. 2016). For example, consider there are 1000 employees in the organization. If two users log in with thesame username and password, it will be very difficult to identify the anonymous user by theanalytics. In case if the users are less, then it is easy to find the anonymous users with the samelogin. By using the same user name and password the confidential information of the particularinformation is defeated by the insider attackers (Lillis et al.,. 2016). It is agreed that the volume problem is the fastest growing problem in the field of forensicinvestigations. The number of cases in the FBI is increased 6.65 times in the period of 2003 to2011. This is mainly due to the large volume of data storage. In addition to that, the growth ofmobile users and the Internet of Things will increase the additional examination of theinvestigation. Among all, the use of cloud services will make into the confusion that which data
Found this document preview useful?
Effectiveness of Social Engineeringlg...
Unit Cybersecurity Managementlg...
Introduction to IT Threatslg...
Social Media Security Threats and Practices for Secure Social Enterprise Networking Systemlg...