In technical studies that require careful attention to secure the identity rights of e-consumers, forensic computing and identity fraud have become extraordinarily relevant fields. This article is a discussion of data fraud and the related methods and investigation of electronic forensics. First of all, an introduction that provides a better understanding of the subject has been provided. Popular ID fraud violations and safety concerns are tackled. To get a better picture about what measures have been made to guarantee privacy security for e-consumers, several regulations have been addressed. With the assistance of a case report, the forensic investigation technique is clarified. Then, both from the user’s and the investigator’s perspective, psychological, legal and moral concerns surrounding identity fraud have been addressed. In the closing portion, the article is outlined. APA referring was used appropriately.
Keywords: identity, theft, investigation, criminal, computer, forensic, internet, security
Let’s first get exposed to what forensic computing really is and what identity fraud is before moving through the niceties of legal, moral and societal problems surrounding identity theft in forensic computing.
Data forensics or cyber forensics is a very imperative subject of information technology and network security. Forensics is the court of law’s systematic process of gathering, analysing and presenting facts and evidence, and forensic computing is therefore defined as the practise that integrates law and computer science elements to gather and evaluate data from computer systems, networks, wireless communications, and storage devices in a way that is admissible in a court of law as evidence (US-CERT 2008). Text messages, databases, photographs, e-mail, websites, spyware, ransomware, and so on can be included in this electronic or magnetically encoded info. When opposed to every other field of forensic research, the information gathered is solid and indisputable since a duplicate made of the collected data is similar to the original data and there is little space left for disagreement. The entire principle centres around the premise that when it happens, how it happened, and who did it a formal inquiry is carried out to figure out precisely what happened to the machine. It is much like investigating and executing a postmortem murder scenario. The operator does not realise that the proof data is transparently produced and processed by the operating system of the device, which can only be retrieved by software methods and techniques for computer forensics. Crimes include abuse of computer equipment, intrusion on computer systems, use of a computer system to operate against another machine, computer system breakdown, and the list goes on.
Identity fraud is the act of taking private details from an individual in order to impersonate that person in a legal sense” according to Vacca (2005: 137). If the reputation of a person is robbed, he is at considerable risk of meeting the thief’s frightening amount of monetary and human deals in his name. Along with its pros, technology has implemented incredibly technological and trendy ways of collecting the simple identification knowledge of anyone. Whatever the perpetrator uses, identity stealing damages the image and credibility of the victim because the victim is entirely accountable for any financial or emotional damage he encounters. When making online purchases, you also have to disclose pieces of your personal details, such as your name, address, telephone number, bank information, credit card information, and so on. After stealing this information, the robber may misuse it by, for example, applying for loans on behalf of the victim, modifying his billing address, obtaining a driving licence, applying for work, applying for insurance or new banking accounts, obtaining permission to use the electronic signature of the victim for electronic transfers, or some other fraud.
Identity stealing is done on the internet using methods such as sending Trojan horses into the operating device, which are disruptive applications, where sensitive codes and valuable details such as the thief is passed to the social security number. Email phishing is another means of extracting identities. The victim is sent emails that convince the victim that they are from the organisation and trick him by leading him to a bogus website that asks for his personal details.
While internet identity fraud has left people uncertain about buying and selling online, reviewing their bank accounts online, accessing auction platforms or entering into business contracts or transactions, computer forensics has played a role in helping law enforcement agencies collect digital information and locate stolen identities as well as the perpetrators involved (Newman 2009).
2.1. Common Identity Theft Crimes
The misuse of details regarding the victim’s credit card, bank account numbers, social security number, or insurance records is mainly taken into consideration in financial crimes. Criminals can easily collect this information through digging for recycled garbage, telephone social engineering, or by brazen computer stealing. Criminals can easily access this data. The robber is able to initiate illegal financial practises by creating fake identities. Counterfeit bank accounts and tests can be rendered using special tools and resources. It is possible to modify images using simple applications. It is easy to uncover and record electronic proof, thanks to digital forensics techniques and resources.
The taking and posting of naked pictures of individuals without even recognising them and spreading them as pornographic content over the internet is another type of identity theft. It is often known as identity fraud to put concealed and secret cameras in public and private areas, take pictures and then reveal them. It has become become simpler to secretly upload the photos and improve child abuse by websites that collect personal details from children and tools that help the criminal manipulate pictures.
Identity stealing has increased the topic of cyber stalking as well. Anderson (2008) writes that who deals for NTI (New Technologies, Inc.)
In a situation where a person assumed the identity of a former employee who had been terminated by a corporation, NTI was concerned. Over the Internet, the identity was used to terrorise a female Human Resources Manager who fired the user. After some weeks of review, we noticed out a peer worker inside the company invented the messages.
Forensic putational techniques have documented and addressed this and several other such cases that exist due to unstable internet environments.
Identity Theft and Security Issues
In order to have safer options that are easier and cheaper than traditional methods, electronic forensic protection solutions concentrate not just on recovery, but rather on avoiding security attacks. Intrusion identification system (IDS), internet protection system, biometric security system, net privacy system, setup of firewalls, network catastrophe security system, identity fraud mitigation system, identity security management system, etc (Vacca 2005: 146).
Wireless network security is one of the main concerns since wireless networks strengthened their roots in the tech world and issues of personal information theft arose.
Every wireless network has its security risks. Hackers can easily get into the network and obtain personal information much enough to break into the victim’s bank account. However, wireless networks set up at homes are quite reliable as they are established in such a way that hackers cannot break into unless there is a particular access code (Hernandez 2008). When a person connects to the internet through a wireless network, the computer suggests several signal choices, some of which are secure and some are not. Secure ones need a password to get hooked. A hacker cannot break into secured networks as wireless network security for them is turned on. Point to consider is that one should never carry out personal transactions or banking or financial activities at place that offer free wireless networking like hotels and airports as one can never be sure of wireless network security at such places. And if it is guaranteed, it is still guaranteed to better to clear out the history and cookies from the computer system that has been in use for the purpose of personal dealings.
A thief, who happens to steal a person’s social security number (SSN), has all chances to get to his detailed personal information, according to Social Security Administration (2009: 2). The thief can then have access to all identification information from the databases and other data repositories that use SSNs as primary keys. He can then use his credit card information to apply for loans, do shopping and the leave the victim to pay the bills. The situation may lead to bankruptcy which can blow the victim out of his senses.
Keller states that identity theft has become one of the most important military issues of the new millennium (2007). Military has started relying heavily upon information technology for inter-communication, controlling vehicles and maneuver of security forces, inspection and processing of military signals. Thus, it becomes important to protect all sensitive and confidential information from enemy countries. More precisely, the objective of military information security is to protect its computers and information networks from intruders so as to eliminate the risk of crucial security information getting stolen, snooped into, disclosed or corrupted. Since, unlike previous decades, information technology has largely been incorporated in the military field, the enemy might get advantage by destroying or entering into the computer network.
Laws and Legislation
There are a number of laws that have been passed to eliminate the risk of identity theft. Some of these include:
4.1. Computer Fraud and Abuse Act (CFAA)
The CFAA was founded in 1984 and deals with fines for intruders who obtain access to confidential data held on a device without allowed access. When users carry out commercial operations, participate in cross-border e-commerce and perform online market transactions and email interactions with online merchants, machines need to be secured. It is unlawful for someone without the permission of the person concerned to get access to the transactional records. In the Act, the word secure machine is used to apply to all machines used by financial institutions to perform domestic or foreign e-commerce. The Act provides penalties for identity fraud ranging from 10 years to 20 years in prison.
4.2. Electronic Communications Privacy Act (ECPA)
4.3. Children’s Online Privacy Protection Act (COPPA)
4.4. Health Insurance Portability and Accountability Act (HIPAA)
In order to eradicate the menace of identity fraud, this bill was enacted. This knowledge may either be preserved in hard copy archives or database networks and shared through them. Initially, as problems such as computer viruses and internet piracy presented a challenge to the protection and safety of data collected on web repositories and health information, the need for safe online networks emerged. Consumers started to think about their confidential records, but they wanted to guarantee that without their permission, their details would not be affected or disclosed. Thus the Portability and Transparency Act of Health Insurance (HIPAA) was adopted by the U.S. On August 21, 1996, Legislature. HIPAA Title II deals with the protection problem of user data and introduces the Privacy Law that guarantees sanctions and penalties for fraud and violations of the rule. The law grants users the ability to file lawsuits if they notice out their information is accessed, marketed or released by someone. They will have their privacy secured and their correspondence confidential in this manner.
Identity Theft and Forensic Investigation Procedure
5.1. Digital Data
Before getting into the details of investigative procedure, let’s get to know types of digital data that is to be gathered. There are two types of this data. Persistent data is data which is stored in the computer’s memory or ROM (Read Only Memory) permanently and remains there even if the computer is powered off. Volatile data is data which is stored in RAM (Random Access Memory) and gets deleted when the system is powered off. This volatile data can be of more importance and thus it should be made sure that the computers should be kept on if they were on at the scene of crime.
5.2. Investigative Procedure
A systematic approach to cracking device and Internet-based identity theft cases is critical for computer forensic investigators to pursue (see Figure 1). Information crime involving ID fraud may be grouped as breaches of physical protection, breaches of personal safety, breaches of communications and computer security, and breaches of organisational safety (Icove et al., cited in Angelopoulou 2007). In order to gain a more detailed approach to case solving, a thorough analysis of the case demands that each security violation be separately evaluated. The automated review of ID fraud cases at the investigator’s end takes considerable skills. The proof or knowledge gathered is the important commodity and sensitivity must be discussed since it can aid in determining the criminal requirements. Digital data is so fragile that it may be changed by clicking the keys wrongly or hitting a key accidentally. In addition to on-line methods, the forensic analyst will have to use certain offline techniques. While the forensic investigator is not liable for offline procedures, he will use them to support himself in locating the evidence of course. In addition to checking for digital proof residing inside the electronic framework of the fraudster, he would have to look for some false papers, fake checks and bogus bank accounts in black and white. According to Angelopoulou (2007), what makes the process lengthy is that the investigator has to go through two investigative categories, that is, going through the victim’s system and through the criminal’s system. The digital data found in the victim’s computer will help in obtaining evidence and that found in the fraudster’s computer will prove it. The main theme of the investigation is that what information might have been stolen (for example, in a financial fraud ID theft, basic things to be investigated are stolen identity, credit record, transactions, billing, and claims for new bank accounts or loans) and what procedure might have been used to steal this information.
It is necessary to get a warrant first issued by the judge. Pladna states that anyone participating with the digital forensics procedure wants approval from the appropriate authority to track and gather details relating to a computer breach, much as the requirement for a warrant to check for someone and their belongings.” (2008: 4). In addition, in order to legalise the whole procedure, regulations of the relevant laws and regulation must be observed. Pladna has established three statutes that should be observed by forensic examination, namely the “Wiretap Act (18 U.S.C. 2510-22); Pen Registers and Trap and Trace Devices Statute (18 U.S.C. 3121-27); and the Stored Wired and Electronic Communication Act (18 U.S.C 2701-120)” The devices of both the perpetrator and the fraudster must be held in the same condition they were in until the inquiry (Wilson 2008: 20).
5.2.1. Case Study
Mr. A sent his computer’s hard disk to the computer forensic lab to be scrutinized. He was suspecting one of his employees, Mr. B, to be involved in identity theft by misusing the system. How would he expect the forensic investigation to proceed?
In such a case, the digital investigation starts on certain basic phases, which include:
- Analysis. In this phase, the investigator will have to clearly observe the activities taken place and taking place. He will collect the digital media as input and copy the source which is the hard disk in this case. The source will help in the analysis of ID theft data that will serve as evidence. This analysis will tell whether that data belongs to the victim or to the criminal, that is, whether the Mr. A is the victim or Mr. B is the victim. The data has to be analyzed from both the claimant and the suspect’s end because the inputs from the two sides guides the investigation to two different standpoints.
- Hypothesis. In this phase, the investigator will have to decide how to proceed and which strategies to follow based on the findings of observation and the evidential data.
- This phase is to support the hypothesis, like asking questions like who took the data, how was it stored and why was it brought out of the storage. The investigator will make the criminal’s profile from two inputs- victim and criminal which will help him in clarifying who is the victim.
- This phase is important so as to evaluate the whole investigative process. During this phase, the digital data will be retrieved to have it examined. After collecting all necessary files to be inspected, the unallocated or free disk space on the hard drive is scrutinized because it may contain traces of deleted files and folders. To restore deleted files which exist as strings, bit-stream-copy method is used (Pladna 2008: 7). These retrieved files or gathered evidential data have to be protected so as to eliminate chances of inadvertent alterations.
- When the proof has been gathered and studied, the investigator will take it to a separate place where the computer forensic report is prepared for presentation to the court.
5.3. Required Softwares
The ID theft investigative procedure requires a number of special softwares and hardware tools. The investigator must be well equipped with softwares that help to make backups of the digital data, encrypt and decrypt the data and track Internet Protcol addresses. He should have complete knowledge of software for data recovery and system restore. Moreover, there is a very helpful hardware imaging tool that makes bit-by-bit copies of digital data. The forensic investigator must have good knowledge of how to use these tools so as to successfully accomplish the task.
Ethical, Moral and Social Issues
There are some socio-ethical issues regarding forensic computing and identity theft that should be considered both at the system’s user’s end and at the forensic investigator’s end.
6.1. For System’s User
Educating computer systems and internet users on “intellectual property rights issues, privacy/ surveillance issues, access to data issues and issues of human-computer interaction” is relevant (Stahl, Carroll-Mayer & Norris 2006: 298). Ethical situations should be able to apply principled logic to them. They should realise that the identification of the other party is something that is his own property and not his own; that they have no access to the personal details of someone, and without the consent of the creator, they will not use or reveal it. A virtual environment businessman should value the personal identity details of his staff and consumers and take action to secure and defend the databases and data centres from unauthorised entry. Also at a very personal level, an internet user must know that the identification data of the second party are required to be guarded and defended and at the same time, should be aware of the security breaches proposed by the World Wide Web so that his own information can be covered.
6.2. For Forensic Investigator
Since computer forensics is a newly emerging field, not much has been written and said about ethical norms for the admissibility of evidence to the court. However, the security professionals should be familiar with laws and legislation that have been passed in order to make sure that internet frauds like identity theft do not take place. They should be aware of privacy rights and ethical and moral clauses found in these laws so that they may be able to better solve the case. They must know what legal issues are involved in handling a standalone computer system. “Not only must they discover incriminating evidence they must also do it in a lawful manner” (Wegman 2006). Only then, the evidence will be admissible in the court. Before starting the investigative procedure, an investigator must have a search warrant issued before handling the suspect’s computer system. The Fourth U.S. Amendment. Constitutions, Wegman states, defines that the magistrate is liable to issue the search warrant after the investigator submits and affidavit that should state the cause of investigation and the limits of the suspect’s privacy that is going to be violated. The time that the computer is to be analyzed is also pre-decided by the magistrate or the warrant. For starters, the warrant can enable the prosecutor to analyse the computer system for fifteen days after the warrant is given. That should also be followed.
Since, the number of internet-savvy persons or e-consumers is increasing day by day, internet crime is also increasing at the same rate, and identity theft is one such crime. It intimidates our computers and personal safety. Whether one is just surfing the internet or is carrying out multinational Second Life business, the identification security breach is always there thanks to highly technical tools helping the criminals to carry out the crime easily. Computer forensics has, however, helped a great deal in dealing with and recovering from ID theft cases. The procedure might be lengthy but time can be saved by following a well-structured approach as described in this report. There are laws regarding e-consumers’ data protection that need to be followed. The forensic investigators have to be very specific in following rules and regulations in order to make their evidence admissible to the court. They have to follow the socio-ethical norms and respect the citizens’ liberty. The users must be aware of the risk they face while disclosing their information over the internet so that they play their role in combating the crime of identity theft.
Figure 1: Structured approach to investigative procedure
- Anderson, M 2008, ‘Identity theft in financial crime cases’, Identity Theft: Computer Forensics to the Rescue, viewed 7 March 2010, <http://www.forensics-intl.com/art18.html>
- Angelopoulou, O 2007, ‘The “solitary” of ID theft towards computer crime incidents’, ID Theft: A Computer Forensics’ Investigation Framework, viewed 8 March 2010, <http://igneous.scis.ecu.edu.au/proceedings/2007/forensics/07_Angelopoulou%20-%20ID%20Theft%20A%20Computer%20Forensics%20Investigation%20Framework.pdf>
- eNotes 2009, ‘Consumer rights and protection’, Encyclopedia of Everyday Law, viewed 8 March 2010 <http://www.enotes.com/everyday-law-encyclopedia/consumer-rights-and-protection.html>
- Hernandez, A 2008, Internet Identity Theft – Wireless Network Security Issues, viewed 7 March 2010 <http://ezinearticles.com/?Internet- Identity- Theft- – – Wireless- Network- Security- Issues&id=1503146>
- Keller, J 2007, ‘The importance of military information security’, Military and Aerospace Electronics, viewed 8 March 2010, <http://mae.pennnet.com/articles/article_display.cfm?article_id=309174>
- Newman, R 2009, Computer Security: Protecting Digital Resources, Jones & Bartlett Publishers, United States.
- Pladna, B 2008, ‘Procedures for gathering evidence’, Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them, viewed 9 March 2010, <http://www.infosecwriters.com/text_resources/pdf/BPladna_Computer_Forensic_Procedures.pdf>
- Social Security Administration 2009, ‘Identity theft and your social security number’, Social Security (Publication No. 05-10064), viewed 7 March 2010, <http://www.ssa.gov/pubs/10064.pdf>
- Stahl, B, Carroll-Mayer, M & Norris, P 2006, ‘Legal, professional, and ethical content’, Forensic Computing: The Problem of Developing a Multidisciplinary University Course, viewed 10 March 2010, <http://www.cse.dmu.ac.uk/~bstahl/publications/2006_forensic_computing_course_development.pdf>
- Structured approach to investigative procedure 2009, digital photograph, Losey Ralph, viewed 6 March 2010, <http://floridalawfirm.com/forensics.html>
- US-CERT 2008, ‘What is computer forensics?’, Computer Forensics, viewed 6 March 2010, <http://www.us-cert.gov/reading_room/forensics.pdf>
- Vacca, J 2005, ‘Identity theft’, Computer Forensics: Computer Crime Scene Investigation, 2nd edn., Cengage Learning, United States.
- Wegman, J 2006, Computer Forensics: Admissibility of Evidence in Criminal Cases, viewed 10 March 2010, <http://www.cbe.uidaho.edu/wegman/Computer%20Forensics%20AA%202004.htm>
- Wilson, D 2008, ‘Scene of the crime vs. the crime scene’, Forensic Procedures for Boundary and Title Investigation, illustrated, John Wiley and Sons, United States.