Digital forensic investigations: Issues of intangibility, complications and inconsistencies in cyber-crimes

Abstract

The use of the Internet and computing resources as vital business tools continue to gain prominence day-by-day. Computing resources are utilized to create innovative and value-added products and services. Associated with this trend is the extent of cyber-crimes committed against or using computers. Experts anticipate that the extent and severity of cyber-attacks have increased in recent times and are likely to explode, unless some mitigation measures are instituted to curb the menace. As a response to the growth of cyber-crimes, the field of digital forensics has emerged. Digital forensic investigations have evolved with the passage of time and it's impacted by many externalities. A number of key challenges ought to be addressed, such as the intangibility, complications and inconsistencies associated with the investigations and presentation of prosecutorial artefacts. The digital evidence is usually intangible in nature, such as an electronic pulse or magnetic charge. The question is how can the intangibility of computer crime complicate the digital forensic investigations? To what extent can inconsistencies during the investigation mar the permissibility or admissibility of the evidence? This study is an experimentally exploratory set-up with virtual systems subjected to some malware exploits. Using live response tools, we collected data and analyzed the payloads and the infected systems. Utilizing triage information, memory and disk images were collected for analysis. We also carried out reverse engineering to decompose the payload. The study unearthed the digital truth about malwares and cyber-criminal activities, whilst benchmarking with standard procedures for presenting court admissible digital evidence. The timelines of activities on infected systems were reconstructed. The study demonstrated that externalities of intangibility, complications and inconsistencies can easily mar digital forensic investigations or even bring the entire process to an abrupt end. Further studies would be carried out to demonstrate other ways perpetrators use in concealing valuable digital evidence in a cyber-crime. � 2016 River Publishers.