Computer Hacking Forensics Investigators
Computer-hacking forensics investigation has become a very popular practice within the corporate world. Although most knowledge workers probably equate computer-hacking forensics investigation with law enforcement, the military or the security community, very few understand the deep, positive impact computer-hacking forensics investigators can bring to the organizations they represent.
Computer forensics is “the gathering, authentication, examination and analysis of electronic information stored on any type of storage medium.” Often, computer forensics is used in criminal cases when a device is involved with a crime. For example, in cases where the computer is the source, tool or target of a crime, such as e-mail fraud, child pornography or a virus attack, law enforcement officers will conduct detailed forensics investigations to bring the culprits to justice.
Challenges for Businesses
The need for forensics experts has been on the rise in the corporate world, particularly in civil cases involving electronic data discovery. “We have seen a trend of increasing awareness within corporate environments of the effectiveness of pre-emptive computer forensic activity,” said Erik Laykin, CHFI, director of Navigant Consulting Inc.’s Information Technology Investigations group. “Often, boards of directors, audit committees or even directors of security will require the assistance of computer forensics professionals to gain awareness of the corporations’ conduct prior to a regulatory action or significant lawsuits.”
In the 2005 case of Coleman Holdings Inc. v. Morgan Stanley & Co. Inc., Coleman was awarded a $604 million damage verdict because documents Morgan Stanley withheld demonstrated fraud. Morgan Stanley lost its bid to win the second trial on punitive damage when the jury awarded another $850 million to Coleman.
These damages were awarded simply because Morgan Stanley failed to conduct its electronic data discovery in a fashion and time acceptable to the court.
“Failing to fully appreciate the significance of proper electronic discovery procedures and protocols can now cost you your entire case,” Laykin said. “The American judiciary’s awareness level has certainly been heightened as a result of high-profile cases and important rulings.”
However, electronic data discovery can be expensive. For example, Lexmar Media sued Toshiba America Electronic Components Inc. and its parent company, Toshiba Inc., for misappropriation of trade secrets, breach of fiduciary duty and unfair competition. TAEC had more than 800 backup tapes for the pertinent time period. Processing those tapes would cost between $1.5 and $1.9 million.
The Need for Forensics Investigators
To reduce their financial burden, corporations need computer-hacking forensics investigators who can understand both computer forensics and electronic data discovery.
According to “How Much Information? 2003,” a study conducted by researchers at the University of California at Berkeley’s School of Information Studies and Management, roughly 5 extabytes of new information was stored on print, film, magnetic and optical storage media in 2002. That’s the equivalent of 5 million terabytes, or 5 quintillion bytes. Researchers said 92 percent of that new information was stored on magnetic media, mostly in hard disks.
However, many attorneys fail to do any electronic discovery because of concerns that it is costly, time-consuming and complicated.
The fact of the matter is that what used to cost tens of thousands of dollars can now be done for a fraction of the cost by training internal staff as computer-hacking forensics investigators.
“(In) my experience as a practicing litigator and as president of Summation Legal Technologies, I’ve seen firsthand how electronic discovery can make or break a case,” said Jon Sigerman, president of Summation Legal Technologies, a company that develops litigation software.
Three of the biggest mistakes organizations make are having no electronic discovery plan, pursuing discovery of electronic evidence in a haphazard manner and having untrained people conduct well-intentioned computer-based discovery, which can go horribly wrong and expose corporations to huge legal liabilities.
Risk managers often turn to computer-hacking forensics investigators to assess the security risks an organization might pose to its shareholders. In addition, these investigators can be an organization’s “guardian angels” against security breaches.
Reducing Internal Attacks
According to a survey conducted by Vericept Corp., a provider of compliance and content control solutions, 54 percent of organizations estimate that insiders are responsible for more than half of all internal security breaches. Many internal hackers probably realize that their organizations won’t hire professional external investigators or independent consultants to deal with minor security breaches because consultants can cost more than $30,000. This only compounds problems.
Security experts need to find a quick solution to tackle this serious problem because even the most expensive and complex firewall will not be able to protect a network attacked internally. Organizations that employ computer-hacking forensics investigators or those that train their administrators in the field can reduce the incidents of internal abuse because employees will know they can be caught quickly.
Recent trends suggest that many organizations understand that training their administrators in areas such as ethical hacking and computer-hacking forensics investigation can be an efficient way to combat cyber-attacks and security breaches. Yet there are still many administrators—hired to manage and protect systems—who are not trained to fight and investigate hacking incidents.
Laykin said many people who collect electronic evidence are not competent in the field. “Frequently, parties to litigation will opt for their system’s administrator or network engineer to conduct the data acquisition work,” Laykin said. “This unfortunate choice frequently leads to disaster, not because of the technical abilities of the engineer, but because he or she has not been trained in the very specific methodologies that computer forensics professionals must employ to guarantee the authenticity and stability of the digital evidence.”
Computer Hacking Forensics Investigators
EC-Council’s Computer-Hacking Forensics Investigators training program (www.eccouncil.org/chfi.htm), which is available in more than 60 countries, provides vendor-neutral certification and has an internationally acclaimed system of training administrators in the field.
The five-day course is designed for professionals from diverse fields, including law enforcement personnel, defense and military workers, e-business security professionals, systems administrators, legal professionals, IT managers and more. To earn the certification, candidates attend CHFI training and then must prepare for and pass Exam #312-49, the Computer Hacking Forensic Investigator Exam, which is delivered on the final day of training.
The CHFI course is divided into 25 modules, covering a historical and modern look at forensics, the investigation process, and technical elements dealing with Windows, Linux and Mac, routers, e-mail, mobile go postal and more.
The CHFI course helps participants learn to identify traces of intruders and then gather the evidence needed to prosecute those intruders. Tools examined in the course include software, hardware and specialized techniques. Candidates for the CHFI are strongly recommended to attend EC-Council’s Certified Ethical Hacker (CEH) course prior to enrolling in the CHFI program.