Cyber Crime Forensics Term Paper

Excerpt from Term Paper :

Cybercrime has become a serious problem in the world we live in. The abundance of personal computers that are readily available at relatively low prices has spawned the growth in Cybercrime all over the globe. As a result, law enforcement agencies have developed cybercrime forensics which is designed to track down those that are responsible for cyber crimes. The purpose of this discussion is to analyze this subject and discuss the consequences and effects through evidence and reason. Let us begin our discussion with a description of cybercrime and cybercrime forensics.

Cybercrime and Cybercrime forensics

Cybercrime involves a plethora of crimes including everything from the creation and spreading of worms and viruses to identity theft. According to the Department of Justice cybercrime is defined as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution (Ditzion, et al.)." More specifically cybercrimes that have taken place in the last decade include viruses, worms, Trojan horses, sniffers, logic bombs and denial of service attacks (Ditzion, et al.).

According to an article entitled Cybercrime Facts "Approximately 80% of all cyber crime is the result of insider attacks. Sometimes, the cyber attacker is a recently laid-off system administrator whose remote-account privileges still are active, or perhaps he created back doors to the network. Organized crime groups also can be behind security breaches (Panczenco)."

The increase in cybercrime over the past decade has forced law enforcement agencies to find new ways of attempting to find the people related to such crimes. The perpetrators of cybercrime are so difficult to find because they can be located all over the world and some countries do not have laws that prevent certain types of crimes carried out over the internet. The problems associated with the laws of different countries combined with the fact that the perpetrators of cybercrime can easily erase evidence related to the crimes they have committed.

In recent years businesses and individuals alike have been adversely affected by cybercrime. In the case of businesses many have hired cybercrime investigators to find out who the perpetrators are and how their computer networks were breeched. According to an article entitled "The Role of Organizations in Identity Theft Response: The Organization-Individual Victim Dynamic ," those that investigate cybercrime are often called upon by the victimized company through private firms that specialize in computer forensics examinations (Lacey et al.). In turn, these private-sector firms will then get law enforcement into the crime solving process as soon as they confirm that illegal activity has occurred (Lacey et al.). The article explains that

"Cooperation between law enforcement and private-sector investigators is still a fairly new idea, however. Several years ago, when the author's company first started conducting forensics investigations, it was often met with distrust by both their private sector clients, who feared bad publicity or losing control of company data, and law enforcement agents, who were reluctant to share information with third-party vendors. However, this reluctance is diminishing as law enforcement becomes more accustomed to working with third-party cyber forensics experts and as clients see that the process can work. Companies like Ubizen work under strict conditions and with detailed nondisclosure agreements, which protects clients and helps allay fears "Lacey et al.).

Cybercrime forensics is defined as "the preservation, identification, extraction, documentation and interpretation of computer data (Kruse and Heiser)." There are different types of cybercrime forensics. One that is used frequently is network forensics. This type of forensics involves searching for anomalies in files and reviewing log entries (Panczenko). Such forensics can be used to aid carriers in establishing how a system was attacked (Panczenko).

Another type of cybercrime forensics involves tracking down those that download child pornography. According to an article entitled "DoD targets child porn on military PCs" the Defense Cyber Crime Center, is seeking to quickly investigate child pornography cases with a new software tool developed under the military's Project KIDS (Known Image Database Systems) initiative (Messmer). The software automates analysis through a hashing technique which searches both known and potential child pornography in data files (Messmer). The author explains that 'The tool also looks for malware, such as backdoors or Trojans, that might indicate the PC was subverted to download child pornography without the PC user's knowledge.Currently, the center has approved more than 300 tools for computer forensics purposes in the military The three primary tools are EnCase from Guidance Software, the Forensic Toolkit from AccessData and iLook, a tool originally developed by Scotland Yard, which is licensed in the U.S. By the Internal Revenue Service only to government users (Messmer)."

Consequences and Effects


Cybercrime has dire consequences especially for large corporations and for individuals that are victims of identity theft. In recent years some cybercrime have affected large financial institution such as Bank of America. Such crime has result in identity theft. Identity theft has consequences for both the individual that is victimized and the credit card companies that absorb the cost associated with fraudulent charges. According to the Journal of Consumer Affairs

Identity theft threatens the very essence of an individual's sense of self and his or her capacity to participate in society. The consequences of this form of criminality are significant and wide-ranging, with current assessments of its impacts exceeding billions of dollars each year ... Available evidence indicates that identity theft is becoming increasingly attractive for perpetrators vis-a-vis other forms of crime. In the United States, for example, identity theft is described as growing at a rate of 30% per year, with its losses estimated at reaching $8 billion by 2005 (Supreme Court of the State of Florida 2002). The loss of funds and/or other forms of property, a tarnished credit history, and a criminal record are all potential outcomes for the identity theft victim, with ongoing consequences for the ability to secure employment, obtain goods and services on credit, travel freely, and participate in the wider society in a generally unencumbered fashion (Ditzion, et al.)."

The consequences of cybercrime are also dire when worms and virues are used to collapse the networks of large corporations and even governments. It costs companies billions of dollars per year to recover from such attacks. In addition, many have feared that terrorists will use vulnerable systems to attack the nation's utitlity grids.

In addition, to the consequences associatd with cybercrime there are also consequences associated with cybercrime fornensics. One of the most dire consequences that occur as a result of cybercrime forensics is the inability to properly collect and store the evidence. One of the main problems is that it can be difficult to aquire the evidence without altering the data that was orriganally seized (Kruse and Heiser). In addition, some cybercrime forensics experts may have difficualty authenticating the recovered data as the data that was origanially seized (Kruse and Heiser). It can also be difficult to analyze the data without altering the data (Kruse and Heiser).

As a consequence of some of these problems many cybercrime perpetrators may be able to evade criminal prosecution. The impact of this could be extremely detrimental in cases involving child porngraphy and pedophilia. In addition, perpretrators that have created and spread worms over the internet and through networks could also escape prosecution if the forensics are in anyway suspect. As a result experts must be properly trained and understand how to properly gather the information and store the information (Messmer).

There are also consequences associated with the inability to store the information once ithas been gathered. This problem exists as it relates to hard drives because it is extremely difficult to place all the information that is stored on a hard drive on to other hard drives (Messmer). For instance, 'a challenge facing the Defense Cyber Crime Center is finding secure ways to store seized data in all computer crime cases. The center's practice has been to store data for each case on a separate PC."We're getting cases so big we can't store the evidence on even four networked PCs, so we need a storage-area network," said Jim Christy, director of the Cyber Crime Institute, the Defense Cyber Crime Center's research arm."But we haven't seen the kind of system to prevent cross-contamination of data ... In one case, Christy recalled, the amount of data reached a whopping 75T bytes (Messmer)."


Cybercrime and cybercrime forensics have a huge effect on the society that we live in. As it pertains to cybercrime the effects can be devestating and can cost a great deal of money. In addiiton, it can cost the company or peron that is the victim their credibilty. It can also effect the quality of life that they have.

The effects of cybercrime forensics can be very positive. As experts find new ways to track cyber criminals the cost and trauma that are concured as a result of these crimes can be greatly reduced. This is because cybercrime forensics experts are able to retrieve information that has been deleted from a hard drive. An article entitled "Digital…

Cite This Term Paper:

"Cyber Crime Forensics" (2005, September 16) Retrieved August 20, 2017, from

"Cyber Crime Forensics" 16 September 2005. Web.20 August. 2017. <>

"Cyber Crime Forensics", 16 September 2005, Accessed.20 August. 2017,