Saturday, December 28, 2019
Essay on Computer Forensics
Introduction Computer forensics is a growing branch in the field of computer science and information technology. Occasionally, organizations, big or small, would require an audit of their information systems (Carrier, 2005). This is where the computer forensic experts come in. This paper is meant to give a clear understanding of some of the tasks involved in computer forensics. Description of activities and tasks involved in investigation, documentation as well as reporting has been captured in the paper. The last part of the paper is a brief analysis of expert witnessââ¬â¢s challenges as well as a sample courtroom scenario. Types of equipment that should be packed in a field tool kit and the rationale behind the choices The tool kit for the task should include a number of software and hardware devices. One of the most important equipment is the forensic laptop and power supply. Forensic laptop would definitely contain very important software for carrying out the task while the power supply would serve as an emergency source of power incase of power outage (Vacca, 2002).à Digital cameras, case folders, and blank forms are also important. The stated equipment would be used for interview recording of staff as well as other observations made in the field.à Cables for data transfer and blank hard drives for storages of data as well as hardware write blockers would be essential for the task ahead. Hard drive duplicators for forensic imaging and data acquisition are also needed for the task (Kruse, Heiser, 2002). Some other tools that would prove more valuable would include password removal software and equipment. It is important to do have these tools to counteract cases of sabotage or uncooperativ eness from staff. Additional questions for the Supervisor before the operation begins Who are the people who are in charge of safeguarding the safety of the explosives? Who authorizes the release of explosives to be used in the field? Is there a mechanism for explosive acquisition by the company? Could I get the list of the names of all individuals handling explosives in the company? Do the company use IT systems in the management of explosives and substances circulations? Who manages system user accounts in all the company systems? When is the company allowed to release explosives for use in the field? Does the company keep all the records pertaining to explosive use? Who are some of the officers that will be working with me? Is the suspect found with the cache of explosives an employee of the company? Brief address to police officers The operation will begin shortly therefore, I call upon your cooperation as we undertake this task. In order for the success of this task, and to ensure that the culprits are brought to book, I call upon you to cooperate fully and offer any information that might come your way. Take note that in order to get information from the suspect, use of force or harassment might not prove fruitful. I urge you to handle the situation with dignity. Report to me immediately any activity that is suspicious crops up. All computer systems, devices, storage media and any other records should not be touched and should be left as they are until checked by the investigating officer. In case of file deletion that can be noted in any machine, kindly report it to me immediately so that appropriate action can be taken.à à Ensure that no company staff are in access to computer systems during the investigation. Secure the data centers and ensure that no company staff gets access to the machines there.à If not sure of any activity in progress, report the same to me immediately. Pieces of potential evidence in the scene and evidence that it might contain From the office picture shown, many devices and documents can be sources of evidence in the investigation.à First is the USB flash drive on the desk. The flash drive could contain data that shows payments made or donations of explosives made by the manager to the culprit captured with the explosives. On the hand phone, records might show calls made by the suspect to various people in the last couple of hours or even days. Following of the leads might lead to resolving of the matter. The memory hard drive might also contain important data with regard to explosive records distribution or acquisition by the company. In the same category as the memory, hard drive is the DVD device and note pads on the desk. In addition to be checked are the sticker notes on the computer. The notes might contain some important information that would contribute to the entire task. Hard drive, DVD, USB flash drive are some of the electronics storage and transfer devices used. The same devices can be used in the storage of company data, such as records of explosive distribution. It is due to this fact that it is important to check them. Sticker notes are also some of the quick reminder objects that can provide valuable information. Methods employed to ââ¬Å"captureâ⬠the scene in situ The first method that could be used to capture this scene is to video tape it.à Capturing a video of the scene is advantageous in the sense that the scene can be captured from all angles therefore giving the most accurate scenario of the scene. Video recording of the scene allows sound recording too, therefore audio explanations can be included in the process (Kruse, Heiser, 2002). The real picture of the scene can therefore be captured in the process and understood clearly. Photographing the scene is another method that can be employed in the process. Photographs just like video records provide first hand information of the scene, however photographing the scene has a disadvantage in that it is hard to capture all of its angles. Some objects might be blocked by other objects and therefore bring confusion during review. Describing the scene by taking down notes, is another method through which the scene can be captured. The method is not desirable though due to the variability with which various people can describe an object or a scene. It however has a desirable advantage in that it can offer extra informative information that is hard to comprehend by looking at a photograph. Step of action on seeing the above window Considering the speed of the process, the approach taken would vary. If the clean up speed is faster, the first task would be to cancel it in order to prevent the clean up of important documents, or browser histories.à However if the process of clean up is slow, the first activity would be to make prove of the same. This can be done by photographing the screen of video recording it. Evidence of such an activity could be useful in reporting and provision of expert opinion to authorities.à Whichever task comes fast, the most important thing to do is to stop the process before much data is deleted. Evidences that can be collected thereafter After stopping the clean up process, the first task is to check the documents that were being deleted by the system. The evidence that can be collected include temporary internet files, cookies, web browser history which would show the sites visited by the suspect, last download locations, will give an insight on the locations from which the suspect obtained what data. Recent documents can also be used to verify what one has been working on in the last few days or weeks. If the suspect was running any activity or using any document with relation to the case at hand, then the same information can easily be obtained. Purpose and importance of a chain of custody document for the evidence A chain of custody events refers to a chronological dcocumentation of actions that depict activities involved in the seizure, custody, control, and analysis of evidence (Carrier, 2005). Chain of custody document is important in the sense that it is used to show the order in which tasks were done in the field. It is used to determine whether any tampering of evidence might have occurred during the process for the purposes of evaluation evidence accuracy. It helps to establish that the seized evidence is in fact related to the crime in question and hence remove doubt associated with fraudulent planting of evidences. The document can be used to avert or withstand any challenges that can be raised with regard to the authenticity of the evidence collected (Carrier, 2005). Potential digital evidence not in the office There is need to check the server logs at the server room. It is important to check also the database logs and user logs in the server room or data center. It is important to check this in order to determine the times at which the suspect might have accessed the company systems. Not only will the time of access be known but also the activity done by the culprit. An example is a task such as changing the records in the database. The logs will provide useful information for examination of these activities. The activity done by the suspect can be used to link to any suspicious release of explosives or unauthorized release of consignment to a particular destination. Some of this information can be very useful in determination of a case. Questions to ask the System Administrator Who is in charge of user accounts management in the organization? Is there any way one can access someones account without the ownerââ¬â¢s knowledge or the accounts managersââ¬â¢ knowledge? Has there been any security breach in your systems in the recent past, if so, what was its extent and how was it contained? Reasons for talking to the suspect It would be very important to ask the suspect some questions regarding to the digital media collected. This is important as it allows for clarification of some unclear parameters in mind. When adequate information is given, and clarification is sought a clear understanding of the situation is developed. Having a clear comprehension of the situation will help in analysis and reporting. Without proper understanding of the scenario, it is most likely to report wrong information to the authorities. Important information that can be obtained from the computer before beginning the forensic examination of the hard drive itself Web browser histories would prove useful indetermination of the sites recently visited by the suspect. The computer stores this information in the history option of the web browser. Opening those sites can be crucial in evaluation what the suspect had been up to in the recent past. Download locations is another place that is necessary to check. If any data was downloaded from a particular site or server, the same will be found. In order to immediately determine what the suspect was up to some few moments before his arrest, the list of recent documents can help. If one had been working on manipulating some records or accessing some form of documents prior to arrest, the same can easily be determined. This information provides an easy and fast opportunity to analyze information at hand and determine its relevancy to the case. ââ¬Å"MD5â⬠and its significance MD5 is a cryptographic function used in cryptography to produce a 128-bit hash value. Its main purpose is to check data integrity (Carrier, 2005). This report is a problem in the sense that it implies an error in the integrity of data in the hard drive. It furthermore signifies failure of data integrity constraints to be met in the data in the hard drive. It could mean that there could have been manipulation of data or some data might have been lost (Carvey, 2005). Purpose of each of the following folders and potential evidence it might contain ââ¬Å"C:\$Recycle.Binâ⬠directory: This folder contains all the data or documents that have been deleted. They are documents that are no longer needed for use; however, the same might be needed in the future and hence can be retrieved. Some of the information that can be found here includes documents that the suspect might have deleted from the main folders of other partitions in the hard disk. This information might include records of transactions, reports, draft reports or even letters and memos. ââ¬Å"C:\Program Filesâ⬠directory: The program files directory contains program files. These files are used in running out applications that are essential in the task performance. Such programs include office applications programs and other software. The same will be instrumental in determination of the software applications that are mostly used by the suspect. It will aid in the general reporting and determination of a standing point with regard to the investigations. ââ¬Å"C:\Users\Roberts\Desktopâ⬠directory: This folder is a folder that contains all the information stored on the computer desktop. Just like the folders, the information that can be gathered here include documents such as reports, Memos or any other documents that might have been stored in the folder. ââ¬Å"C:\Users\Roberts\Documentsâ⬠directory: The folder named above is used to store documents. It contains all the documents saved by the client or just automatically saved by the system. Examination on the document in order to determine its owner In order to determine the owner of the spreadsheet, the first thing is to check the name associated with. In as a much as the name might give some lead, the same cannot be prove enough that can withstand legal challenge in a court of law. It is therefore necessary to determine when the spreadsheet was created. After determining the time it was created, a visit to the system log is done. This is to identify the person who was logged into the system at the time the document was created. By use of user name and password associated with the logged user at that particular time the owner of the document can be identified. Checking of the file metadata can help in determining the time of creation and the associated user who created it. Metadata and its importance in computer forensics Metadata is a term used to describe information about data (Carvey, 2005). It actually is data about data. It describes the containers of data and furthermore any individual instances of data. Metadata is important to computer forensics because it gives a clear indication of the environment and particulars associated with any data.à The contents and quality of data can be determined by description of the same. A good example is a description describing the language in which data stored in a database is written in, the tools that were used to create files and when the files were created.à Metadata also provides information relating to rights and administrative access to documents and data. This is most useful in determination of the people who has access to data any particular time (Carvey, 2005). Report on the spreadsheet Upon investigations on the suspectsââ¬â¢ computer having obtained consent from him, a spreadsheet document was recovered from one of the folders. The spreadsheet document was created by use of Microsoft Office Excel, version2007.à Upon opening the document, information regarding to the distribution of explosives were indicated. Some columns were marked pending while others delivered. It was noted that the location of delivery was however not indicated against each column. One striking discovery made was the fact that in one of the columns an indication had been made to the effect that the consignment of the explosives had been delivered. The particulars of explosives in question matches the same particulars seized from the terrorist suspect who had earlier been arrested during the week. Investigations were done in order to determine the owner of the document and the time the document was created. This was done by checking on the file metadata, which contains a description of da ta contained in it. System logs were also checked to verify the person who was logged in at the time the file was created. This investigation led to the revelation that at the time the file was created and any other time it was updated, Mr. Roberts was logged in to the system. The file metadata also showed that the spreadsheet document is owned by Mr. Roberts. To this point, it is my subjective assessment that Mr. Roberts created ad managed the document. Difference between expert and fact witness An expert witness is a witness who is admitted by virtue of proven skills or education in particular field and is believed to have expertise in that particular field beyond the comprehension of an average individual and can therefore offer reliable scientific or technological opinion on the matter. A fact witness on the other part is a witness that testifies only by virtue o things seen, tested, heard, touched or smelled. No expertise is needed in any field in order to testify as a fact witness. Expert witnesses are important in this case because the evidences that would largely be depended on come from the expert. It is to be noted that fact witnesses play little role here because electronic and digital information can be changed without, seeing or application of all other senses that play large role in factual witnesses. Importance of looking at the jury when answering questions Facial expressions play an important role in determination of the level knowledge displayed by an individual. Facing the jury will not only help them gauge the leave of confidence they should have on the expert but will also increase confidence ratio in whatever is said. Direct eye contact while expressing oneself can signify deep understanding of whatever is being expressed by the expert witness. Reason for challenges faced in testifying on digital evidences Many lawyers and judges are not familiar with computer technology. Previous evidence that held a lot of value in a court of law were evidence that could be seen with the naked eye. However, digital forensics cannot be seen with a naked eye in a court of law. It becomes difficult therefore to explain to the jury the meaning of terms used in the reports presented as well as how some technologies work. Answer to question about blogs posed by the defense lawyer To insinuate that my political opinions about the government and the governance of this country influenced my judgment is totally misplaced. I just reported what I found out in the system. The same facts can be attested by any other expert if another investigation is done. Systems logs will always show changes that are made in the systems at any particular time. Any attempt to change any document including the system logs themselves will always be recorded in the system logs. That is what I used in my reporting. To add to that my professional code of ethics as well as my own moral principles does not allow me to use my knowledge to disadvantage others wrongly. Reference Carrier, B. (2005). File system forensic analysis. New York, NY: Addison Wesley Carvey, H. (2005). Windows forensics and incident recovery. New York, NY: Addison-Wesley. Casey, E. (2004). Handbook of computer crime investigation: Forensics tools and technology. Academic Press. Kruse, W. Heiser, J. (2002). Computer forensics: Incident response essentials. New York, NY: Addison Wesley. Vacca, J. (2002).Computer forensics: Computer crime scene investigation. Charles River Media.
Friday, December 20, 2019
Chinua Achebe s Things Fall Apart - 916 Words
Bria Kirkland Essay 1 ââ¬Å"Things Fall Apartâ⬠by Chinua Achebe Imagine your favorite TV show, and think about the characters. Which character is your favorite? Most of us would say it is the main character, the one that is the most relatable. That character is called the protagonist, and it is often the one that we identify with the most. In contrast to the protagonist, a character we think about less often is the foil character. This character is the complete opposite of the main character. Usually, a foil goes through the same events as the main character however he will see things differently and have a different opinion. The purpose of this character is to shed light on the main character, and to show how things could work out differentlyâ⬠¦show more contentâ⬠¦He had no patience with unsuccessful men. He had no patience with his father (3, 4).â⬠This vastly different contrast between Okonkwo and his father really shows how impressive Okonkwoââ¬â¢s success is. He was able to ove rcome the stigma of his lazy father, and became one of the most successful men in the village. Even from the one single line, that Okonkwo did not have patience for anyone who was not successful, and no patience for his father, we can see that Okonkwo is nothing like his father. Unokaââ¬â¢s lazy characteristics are used to emphasize Okonkwoââ¬â¢s desire throughout the book to be a hard worker, and to be successful. Ikemfuna, a boy sent to live with Okonkwo and his family, is not a foil for Okonkwo, but for Nwoye. If it were not for Ikemefuna, we would not be able to see Nwoyeââ¬â¢s connection to his grandfather, Unoka. As Okonkwoââ¬â¢s oldest son, Nwoye is expected to be strong, and hardworking like his father. But when Ikemefuna joins the family, he becomes like the son Okonkwo never had. Ikemefuna and Okonkwo form a bond, a bond that Nwoye and Okonkwo were never able to have, and Ikemefuna even begins to call Okonkwo ââ¬Å"father.â⬠On the other hand, Okonkwo considers Nwoye to be weak and lazy because even though ââ¬Å"Nwoye knew it was right to be
Thursday, December 12, 2019
LEGALIZATION Essay Example For Students
LEGALIZATION Essay Dont you think that cannabis should be made legal? Well it is my opinion thatCannabis should be made legal. It is also my opinion that Cannabis is the one and onlyreplacement for tobacco as a cash crop. It is undeniable that Cannabis is a great andwonderful way to make life better for all of mankind. The undeniable fact remains that Cannabis is probably the single most versatile andbeneficial agricultural product known to man. Its direct applications and by-producteffects on the environment are well documented. Only an obsolete and narrow-mindedpoint of view stands between the general public and their enjoyment of its rewards. Cannabis possesses many virtues in regards to industrial usage. Contrary topopular belief, Cannabis fiber is not limited strictly to rough fabrics such as burlap. Thefiber of the Cannabis plant can produce a wide range of textiles, from the consistency of afine linen to that of a heavy sailcloth. Hemp fiber is softer than cotton, warmer thancotton, more water absorbent than cotton, possesses three times the tensile strength ofcotton, and requires virtually no pesticides. I bet you didnt know that roughly half of all the pesticides used in the U.S. areused on cotton. Also, Cannabis cultivation is not at all as detrimental to the soil as iscotton production. As an added bonus, Cannabis fiber is great for paper production- thefirst two copies of the Declaration of Independence and the Gutenberg Bible were bothprinted on Cannabis paper. Additionally, production of Cannabis for paper requires onlyone-fourth of the amount of land required of production of timber for the same use. Plusthere is not as heavy a reliance upon chemicals to prepare the fibers for paper productionas is the case with wood based paper. The seeds, which can be produced in abundance,possess a high nutritional value, and if pressed for oil, that oil is of great value in theproduction of all kinds of paints and varnishes, which could lessen our reliance uponpetroleum products in this area. There are several other useful products which can be made from this plant. Forinstance if one was very sick (i.e. cancer, HIV or other major illnesses) you could dry andsmoke Cannabis to relive pain. This is because of its psychological properties or THCSome people think that legalizing cannabis would make it easier for people tomisuse it. Or that it would make it more available to minors. But the fact remains thatcannabis is very easy to get right now. It is even easier to find than alcohol or cigarettes. People even think that legalizing cannabis would increase the crime level. I think that if itwas made legal crime would decrease because it wouldnt be illegal to purchase ordistribute cannabis, therefore people would not have to lie, cheat or steal to obtaincannabis. And on these grounds alone its stupid to continue its prohibition . Bibliography:
Wednesday, December 4, 2019
Formal Models of Operating System Kernels
Questions: 1. An operating system that does not support multithreading cannot simultaneously utilize multiple processors (CPUs).Do you agree? Please provide reason(s) to support your answer.2. A process that is waiting for access to a critical section does not consume CPU time.Do you agree? Please provide reason(s) to support your answer.3. Windows 8 Thread can be in one of has 6 states (Figure 4.11 on Textbook page 76); whereas UNIX/Solaris Thread can be in one of 8 states? Answers: 1. Yes, I agree with the statement that an operating system that does not support multithreading cannot simultaneously utilize multiple processors (CPUs). In case of an operating system that supports multi-threading, threads from same of different processes can run simultaneously on the kernel. The programs are designed in such a way that the execution of no two threads interfere one another. A multi-processor system will have more than one processor. It is up to the OS, that all CPUs are utilized simultaneously or not. OS interacts with the hardware through kernel. Thus the kernel need to support simultaneous execution or more than one thread. If the OS does not support multi-threading, then at a time the kernel will be accessed by one thread or process only. Even there is multiple CPUs, at a time, only one will be used. So, it is true that the operating system needs to support multithreading to utilize multiple CPUs simultaneously. 2. No, I dont agree with the statement A process that is waiting for access to a critical section does not consume CPU time. A critical section is the section in the code of a program that contains shared information. Thus two or more process can try to access critical section at a time. But to avoid discrepancies, no two process will have simultaneous access to critical section. One have to wait for another two complete its execution. Now, there are different time to optimize this waiting time. In general, when a process is waiting to enter into some critical section, then the process is checking continuously that whether the critical section is available or not. This process is called busy waiting. It consumes CPU time. Ant this CPU time is just wastage. There are other mechanisms that optimizes these busy waiting. For example, blocking the waiting processes for some time, refrains those from continuous checking of the availability of the critical section and saves CPU time. Thus, it is not true that a waiting process does not consume CPU time while waiting for the critical section. 3. A ZOMBIE process is common in UNIX and LINUX OS based systems. It is a process that has been terminated by calling EXIT function call but the OS has kept information about the process in the process table. This is true for the child processes. The parent process wants to have some information about the exit status of its child. Thus the OS keeps information about the terminated child processes. Such processes are in Terminated state. When the parent process of the ZOMBIE process reads the exit status of the ZOMBIE child process, then the OS reaps out the information about the ZOMBIE process from its process table. So, a terminated child process will be in ZOMBIE state as long as its parent does not read the exit status as requested. So, in UNIX and LINUX process has 8 states including ZOMBIE state. If there is a ZOMBIE process in a system for quiet longer period then there may be system errors and resource leakages. ZOMBIE processes are different than other processes. Thus the KILL command cannot delete it from the system process table. In case of Windows 8, a buggy driver will be there from a ZOMBIE process. To deal with the errors and issues related to ZOMBIE process, the OS cleans the ZOMBIE processes from the system automatically. Thus there is no need to add some explicit state for ZOMBIE process. References Craig, I. D. (2007). Formal Models of Operating System Kernels. Springer. Deitel. (2004). Operating System. Pearson. Fox, R. (2015). Linux with Operating System Concepts. CRC Press. Godbole. (2011). Operating System. McGraw-Hill. Haldar, S., Aravind, A. A. (2010). Operating Systems. Pearson. Naghibzadeh, M. (2005). Operating System. iUniverse. Silberschatz, A., Galvin, B. B., Gagne, G. (2013). Operating System Concepts. Addison-Wesley. Sosinsky, B. (2012). Windows 8. Peachpit Press. Stallings, W. (2012). Operating Systems: Internals and Design Principles. Prentice Hall.
Subscribe to:
Comments (Atom)