Computer Crime Investigation: Forensic Techniques for Insider Attacks

Verified

Added on 2019/09/27

AI Summary

This discussion post delves into the critical area of computer crime investigation, specifically focusing on insider intrusions and the forensic techniques employed to mitigate such threats. The post highlights the increasing prevalence of cyberattacks and the significant risks posed by insider threats, citing examples of companies that have suffered substantial losses. It examines several key techniques used to analyze and predict insider attacks, including Data Loss Prevention (DLP), behavior analytics, and activity monitoring. The discussion also addresses how insider attackers can potentially circumvent these techniques. Furthermore, the post explores future challenges and trends in forensic investigation, emphasizing the volume problem and the increasing complexity of managing and analyzing large datasets. The post concludes by outlining key guidelines for cyber investigation, including developing procedures and policies and assessing digital evidence to ensure data security and authenticity.

COMPUTER CRIME INVESTIGATION: DISCUSSION
ON INSIDER INTRUSIONS
FORENSIC TECHNIQUES FOR INVESTIGATING INSIDER ATTACKS
In recent times, the report generations for the cyber attacks are high, due to the increase in the
number of devices in the working environment and dependency of people on technology.
Security leaks may occur because it may be a secondary consideration for a company. But there
are companies who have suffered huge losses like ATand T and Goldman Sach. It is occurred by
the employees who did the inside attack, but the companies were not ready to handle for such
type of attack, so they have suffered great loss, keeping that in mind there are many companies
who are trying to predict these kinds of attacks from happening. These are techniques used to
analyze and predict these attacks (Robert Hackett, 2016).
Data Loss Prevention (DLPs)
A company might have a lot of secret and classified projects in which they are working
on. This information should not be disclosed with another person, but we face data
leakage from time to time because of the people knowingly or unknowingly release this
information which might affect the company directly (Robert Hackett, 2016).
Behaviour Analytics
A human can change at any point in time so behaviour analytics should be used to monitor the
employees. For example, if an employee feels about the work he may try to complete the work
delay so the work might even steal sensitive data from the server i.e. sharing the company data to
external drives. This happens because the employee is not happy about the decision of the higher
person that might be affecting him directly. For example, let us analyze a person behaviour
analysis based on the following questions “why this happen to me? , how can you do this to
me? , why me? “. In the example, we have trigger word "me." This can be considered as one of
the behaviour changes of a person so the algorithm is designed to alert when these trigger alarms
so that the company can monitor the person closely to avoid any insider attack to the company
(Robert Hackett, 2016).
Activity Monitoring
Active monitoring is done inside the company to make sure that the company might not lose its
data. People might steal data from the company. They may try to access some of the important
servers which they are not supposed to access, and some of the employees often log in to their
workplaces at an unusual time. These are the signs that the company should worry about where
the sensitive data is stored in the company (Robert Hackett, 2016).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INSIDER ATTACKERS POTENTIALLY CAN DEFEAT THESE TECHNIQUES
If an insider wants to defeat this analysis and techniques he should know every step ahead of the
company and also he should know the loopholes in the current system of the company. This is a
very important point to consider often, people who are involved in these kinds of activities want
to escape with being able to track them and also companies will only know about the attack after
several weeks or days (Robert Hackett, 2016).
Data loss prevention
In data loss prevention, some mechanism and techniques are identified and encrypted for storing
the data in a safe place. People are there to leave clues behind some clue to get access to the
sensitive data (Robert Hackett, 2016).
Behaviour insider attack
The attacker can defeat the technique not only by attacking directly. He can trigger someone to
do it with the person even by noticing. For example login to someones account for some other
purpose and sending email through his colleague email address (Robert Hackett, 2016).
Active monitoring
People can avoid monitoring by login into the company from remote places, and some of the
employees even try to access their companies from the unknown computer by installing a
program that might trick the system (Robert Hackett, 2016).
FUTURE CHALLENGES AND TRENDS FOR FORENSIC INVESTIGATION
In the future, Volume problem is the most important challenge faced during the forensic
investigation. Consider in a large organization there will be N number of users. So if the users
are increased then the possibility of anonymous users will be increased. Due to a large number of
users, the storage capacity and devices will be high. So it is very difficult to manage and analyze
these requirements (Lillis et al.,. 2016).
For example, consider there are 1000 employees in the organization. If two users log in with the
same username and password, it will be very difficult to identify the anonymous user by the
analytics. In case if the users are less, then it is easy to find the anonymous users with the same
login. By using the same user name and password the confidential information of the particular
information is defeated by the insider attackers (Lillis et al.,. 2016).
It is agreed that the volume problem is the fastest growing problem in the field of forensic
investigations. The number of cases in the FBI is increased 6.65 times in the period of 2003 to
2011. This is mainly due to the large volume of data storage. In addition to that, the growth of
mobile users and the Internet of Things will increase the additional examination of the
investigation. Among all, the use of cloud services will make into the confusion that which data

is stored and where it is stored. So the volume problem will be the challenging investigation in
future (Lillis et al., 2016).
KEY GUIDELINES FOR CYBER INVESTIGATION
Developing procedure and policies
It can be either cyber activity, criminal plan or any issue related to crime, and digital evidence
will have a great impact. The professionals of cyber security will now the value of the
information, and they know that this information can be compromised easily if it is not protected
with secure principles. So for this reason guidelines should be framed and followed. These
procedures will give the information to the professional about the authorization time for them to
secure the information, how the data should be stored securely and how the process should be
documented to ensure the authenticity (Harjinder Singh Lallie, 2014).
Assessing evidence
This method involves the assessment of digital evidence in cybercrime. This process is clear
information detailing the case without confusion and taking the case to the next level. For
example, if a cybercrime agency tries to prove the threat using the general methods,
forensics will use different methods to prove the threat using hardware, social website, and other
communication methods. This will be the best method since the crimes will engage on online
sites for sharing the link of the fake products and making them to Share their transaction
information. Before starting the investigation, the investigator must identify and sort the
evidence and get a clear understanding of the data. After that, the investigator determines the
source and integrity of data before assessing the evidence (Harjinder Singh Lallie, 2014).

REFERENCES
Robert Hackett, (2016) ‘4 ways companies protect their data from their own employees’
Available at: http://fortune.com/2016/06/30/insider-threat-cybersecurity-tools/ (Accessed:
March 1, 2019).
Lillis, D., Becker, B., O’Sullivan, T., and Scanlon, M. (2016) ‘Current challenges and future
research areas for digital forensic investigation’, Annual ADFSL Conference on Digital
Forensics, Security and Law, 6, pp. 9–20.
Harjinder Singh Lallie, (2014) ’The Problems and Challenges of Managing Crowd Sourced
Audio-Visual Evidence’, Future Internet, 6, pp.190-202, doi:10.3390/fi6020190.