Notes - 2/2/15


Digital forensics involves process of uncovering and intrepreting data to be used in court. It collects evidence against cyber crime and present the evidence in court. We have to prepare ourselves to collect and analyze such data. However, what crimes are we facing? What many different types of cyber crimes in this world?

From some biblography, normally cyber crimes are put into two categories: 1. Computer assisted crime. A computer assisted crime is to use computers and perform a crime. The goal of the crime is not to damage computers, networks and the data on computers and networks. Online stalking and threats is computer assisted since the purpose is to use computers and scare the people, not damage the computers 2. Computer focused crime. A computer focused crime is to attack computers, networks and data on computers and networks. Let's see DoS. What is DoS (Denial of Service)? A DoS uses different methods to prevent access or disrupt a process. Therefore, DoS is computer focused crime since the purpose is to shutdown the computers. How about computer hacks? Any example hack technique to get into somebody's computer? Here is a simple example of hack: how to get somebody's account. Most of use sometimes neeed to remotely log into your campus computer if you have to work from home like today, a blizzard day. Let's say I'm a bad guy. A simple way to hack your account is I just try to login with different passwords until I succeed logining William's account. That is a brute force hack. What is brute force? Brute force means hackers just try, try, try and try ... guess, guess, guess, guess ... until they get it.

Let's look at the Hollywood photo leak case. There was technology that prevents multiple wrong passwords. However, that is for authentication through the app you are using If you use iCloud app, the checking mechnism is over there to protect you. What hackers did is they programmed their own app and try to login iCloud. Unluckily, the code Apple provides for programming does not lock you out after a few tries. By programming your own app, you can just try, try, try ...

You will find the two categories do not explain some attacks. That is what puzzles me for some time. A hacker got your credit card number, pin, exp date, three-digit code. Why do they need those? How can they get cash? if you continue to read the FBI news, they make fake cards. However, using fake cards to get cash is not a cyber attack. It is a real world attack. So basically, a real attack is often a hybrid of cyber attack and real-world attack. There are various combinations of different attacks. An attack may use a computer assisted attack first, then computer focused attack and then a real-world attack. So finally we know how exactly an attack happens.

Digital forensics is to collect and analyze evidence left from that sequence of attacks!!!