Computer Based Security And Monitoring System For Forensic Experts
In digital forensics, the integration of sophisticated computer-based security and monitoring systems plays a vital role in augmenting investigative capabilities. These systems, leveraging advanced algorithms and real-time monitoring technologies, bolster the integrity and confidentiality of digital evidence while enhancing the efficiency of forensic experts. By employing comprehensive keyword detection algorithms, anomaly detection techniques, and encryption protocols, these systems ensure the preservation and authenticity of data throughout the forensic process. Moreover, they facilitate proactive threat mitigation by swiftly identifying and neutralizing potential security breaches, thereby safeguarding sensitive information from unauthorized access or tampering. Through the seamless integration of these innovative technologies, forensic experts can navigate the intricate landscape of digital investigations with heightened precision and confidence, ultimately advancing the pursuit of justice in the digital age.
Chapter One
Introduction
1.1 Background Of The Study
1.2 Statement Of The Problem
1.3 Objectives Of Study
1.4 Significance Of The Study
1.5 Scope Of Study
1.6 Limitations Of The Study
1.7 Definition Of Terms
Chapter Two
Literature Review
2.1 Review Of Software’s / Tools
2.2.1 Mirror Image Backup Software
2.2.3 Text Search Plus
2.2.4 Intelligent Forensic Filter
2.3 History Of Computer Forensics
2.4 Computer Crime
2.5 Topology
2.6 Types Of Computer Crime
2.7 Extant Laws To Combat Cybercrime In Nigeria
2.8 Steps Used In Computer Forensic Investigation
2.9 Types Of Evidence
Chapter Three
Systems Analysis And Methodology
3.1 Introduction
3.2.1 Browsing .
3.2.2 Study Population And Sampling Technique
3.3 Analysis Of The Existing System
3.3.1 Problems Of The Existing System
3.4 Analysis Of The Proposed System
3.4.1 Justification Of The New System
3.5 Data Flow Diagram
3.6 Methodology
Chapter Four
System Design And Implementation
4.0 Introduction
4.1 Objectives Of The New System
4.2 Scope Of Design
4.4 Designing The New System
4.4.1 1nput Design
4.4.2 Output Design
4.4.3 Database Design
4.4.3.1 Database Output File
4.5 Specification Of Program Modules
4.6 Flowchart
4.7 Choice Of Programming Language
4.7.1 Program Design
4.7.2 Date Services
4.9 System Implementation
4.9.1 Steps In Setting Up The Project
Chapter Five
Summary, Conclusions And Recommendations
5.1 Summary
5.2 Areas Of Application
5.3 Recommendations
5.4 Conclusion
References
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
The world is becoming a smaller place in which to live and work. A
technological revolution in communications and information exchange has
taken place within business, industry and homes. Most developed and
developing countries are substantially more invested in information processing
and Management than manufacturing goods, and this has affected their
professional and personal lives. We bank and transfer money electronically
and we are much more likely to receive an E-mail than a letter. It is estimated
that the worldwide internet population is 349 million (Commerce Net Research
Council 2000).
In this information technology age, some traditional crimes especially those
concerning finance and commerce, continue to be upgraded technologically.
Crimes associated with theft and manipulations of data are detected daily.
Crimes of violence also are not immune to the effects of the information age. A
serious and costly terrorist act could come from the internet instead of a truck
bomb. The diary of a serial killer may be recorded on a floppy disk or hard
disk drive rather than on paper in a notebook. Just as the workforce has
gradually converted from manufacturing goods to processing information,
criminal activity has to large extent also converted from physical dimension.
There calls a need for computer forensic experts and computer based
monitoring and security system for easy capture of evidence of intruder who
compromises a network or computer.
This project dealt with the design and implementation of a computer based
security and monitoring system for forensic experts, an ideal way for tracking
the activities of an account user and also for recovering digital evidence of
crime committed in a computer system.
1.2 STATEMENT OF THE PROBLEM
With the evolution of computer and the internet which has made the world a global
village, so has criminals also taken advantage of this technological advancement to
engage in different forms of cyber crime ranging from terrorism, internet fraud to
the release of sophisticated viruses which is difficult to trace the perpetrators due to
lack of sophisticated software that can retrieve information of such activities. This
led to the design of a computer based security and monitoring system for forensic
experts which will help in tracking the activities of internet users and for recovery
of digital evidence of crime committed in a computer system.
1.3 OBJECTIVES OF STUDY
The objectives of this system are to:
(i) Design and implement a computer based security and monitoring
system for forensic experts.
(ii) Realize a system for capturing, collecting, analyzing, preserving and
presenting evidence of computer crime in an acceptable manner.
1.4 SIGNIFICANCE OF THE STUDY
This application when implemented will be able to monitor the activities of a
computer user by taking screenshots of internet activities, process capture and
capture the content of the index.dat file which will help forensic expert with
substantial evidence to prosecute cyber criminals.
1.5 SCOPE OF STUDY
This project is designed to monitor the activities of computer users to investigate
and fish out cyber criminals. The project employed Java programming language in
ensuring the design and implementation of a Computer Based Security and
Monitoring system that will aid forensic experts in their investigations and
prosecution of criminals.
1.6 LIMITATIONS OF THE STUDY
Most people see security and monitoring systems as an intrusion of people‟s
privacy.
A major setback of computer forensics is presentation of evidence in a way
that is admissible to the law court that is the Computer Forensic Analyst
presenting it in a way to show that it was not tampered with.
Another limiting factor is that the programming language (JAVA) used to
implement the system is case sensitive sometimes in JAVA, An executing
program may want to divide by zero, and this will display an error message.
Run time errors can come up as program runs during the process of
programming with JAVA. Fatal runtime error can occur causing the program to
terminate without successfully completing its job. Java programs tend to
execute slowly because the JAVA virtual machine would execute and interpret
one byte code at a time.
1.7 DEFINITION OF TERMS
E-mail – Electronic mail: Electronic mail, most commonly referred to as
email or e-mail since approximately 1993, is a method of exchanging digital
messages from an author to one or more recipients. Modern email operates
across the Internet or other computer networks.
CF – Computer Forensic: Computer forensics is the application of
investigation and analysis techniques to gather and preserve evidence from a
particular computing device in a way that is suitable for presentation in a
court of law. The goal of computer forensics is to perform a structured
investigation while maintaining a documented chain of evidence to find out
exactly what happened on a computing device and who was responsible for
it.
PC – Personal Computer: A personal computer (PC) is a general-purpose
computer, whose size, capabilities, and original sale price makes it useful for
individuals, and which is intended to be operated directly by an end-user
with no intervening computer operator.
GUI – Graphic User Interface: Graphical user interface (GUI, sometimes
pronounced ‘gooey’) is a type of user interface that allows users to interact
with electronic devices using images rather than text commands.
DOS – Disk Operating System: Disk Operating System (specifically) and
disk operating system (generically), most often reveal themselves in
abbreviated as DOS, refer to an operating system software used in most
computers that provides the abstraction and management of secondary
storage devices and the information on them (e.g., file systems for
organizing files of all sorts).
OS – Operating System: An operating system (OS) is a collection of
software that manages computer hardware resources and provides common
services for computer programs. The operating system is a vital component
of the system software in a computer system. Application programs usually
require an operating system to function.
Computer Based Security And Monitoring System For Forensic Experts:
A Computer-Based Security and Monitoring System for forensic experts is a critical tool that helps ensure the integrity and security of digital evidence and sensitive information during forensic investigations. Such a system combines hardware and software components to safeguard data, maintain chain of custody, monitor access, and provide forensic experts with the tools they need to conduct their investigations effectively. Here are some key components and features of such a system:
- Secure Data Storage:
- Encrypted storage solutions to protect digital evidence.
- Access controls and permissions to restrict unauthorized access.
- Secure backup and redundancy to prevent data loss.
- Chain of Custody Management:
- Digital logging and tracking of evidence and files.
- Timestamps and digital signatures to maintain the chain of custody.
- Alerts for any unauthorized access or tampering attempts.
- Access Control:
- Role-based access control (RBAC) to ensure that only authorized personnel can access specific data and tools.
- Two-factor authentication (2FA) for enhanced security.
- Network Monitoring:
- Intrusion detection and prevention systems (IDPS) to detect and block any suspicious activities on the network.
- Continuous monitoring of network traffic and logs.
- Forensic Tools:
- Integrated forensic software for data analysis, recovery, and examination.
- Support for various file formats and digital devices.
- Tools for data carving, password cracking, and data visualization.
- Encryption and Decryption:
- Capability to securely encrypt and decrypt files as needed during investigations.
- Strong encryption algorithms and key management.
- Audit Trails:
- Detailed audit logs to record all actions taken within the system.
- Tamper-evident logs to ensure the integrity of audit data.
- Secure Communication:
- End-to-end encryption for communication between forensic experts and other team members.
- Secure channels for sharing information with external parties, such as law enforcement or the court.
- Incident Response:
- Protocols for responding to security incidents or breaches.
- Quick isolation and containment of compromised systems.
- Compliance and Reporting:
- Compliance with relevant standards and regulations (e.g., ISO 27001, NIST).
- Generation of comprehensive reports for investigations and legal purposes.
- Training and Awareness:
- Training programs for forensic experts and staff on security best practices and system usage.
- Regular awareness campaigns to promote a security-conscious culture.
- Physical Security:
- Access controls and surveillance in physical areas where digital evidence is stored.
- Protection against physical tampering or theft.
- Data Retention and Disposal:
- Policies and procedures for the secure retention and disposal of digital evidence.
- Secure deletion methods to ensure data cannot be recovered.
- Forensic Lab Design:
- Secure physical layout and infrastructure for forensic laboratories.
- Protection against electromagnetic interference and environmental factors.
- Legal and Ethical Considerations:
- Compliance with legal and ethical guidelines for handling evidence.
- Documentation of all actions and decisions taken during investigations.
Implementing a computer-based security and monitoring system for forensic experts requires careful planning, ongoing maintenance, and collaboration with experts in both cybersecurity and digital forensics. It’s essential to stay up-to-date with the latest technologies and security threats to adapt the system to evolving challenges in the field.