Digital Forensics of Cybercrimes and the Use of Cyber Forensics Tools to Obtain Digital Evidence

Introduction

The Information Age has led to humanity an accelerated acceptance of technology in modern societies. This era empowers us to access information freely and the ability to access knowledge almost instantly. We no longer depend on personal computers to achieve this purpose; the vast proliferation of digital devices has allowed us to depend on technology. From laptops to tablets, from landlines to smart phones, from private networks to public wireless networks – all these technologies keep improving in terms of processing power, miniaturization, portability, display resolution, battery lifespan, storage and connectivity (Sabillon et al., 2014).

This technology blast has also created a negative effect, with the creation of computer related crimes or the use of digital devices to commit common crimes. To investigate the cybercriminality in more in-depth analysis, it was required the inception of computer forensics methodologies that over the years have evolved into cyberforensics or digital forensics.

Digital forensics is define as the use of scientific methodologies to preserve, collect, validate, identify, analyze, interpret, document and present evidence from digital devices for civil purposes, to prove and prosecute cybercrimes.

These days, cybercrime continues to escalate due to global connectivity, the advancements of networks, information exchange and the proliferation of mobile technologies. Moreover, digital investigators and prosecutors need to understand how cybercriminals act in order to understand their modus operandi including Techniques, Tactics and Procedures (TTP) of criminal hacking.

Cyberattacks constantly increase its sophistication to avoid detection, monitoring, remediation and eradication. The proliferation of digital devices has attracted endless possibilities to commit cybercrimes or to utilize these devices to perpetrate common crimes. Cybercriminals are frequently launching cyberattacks that are conducive to grow in sophistication, the adoption of anti-forensics techniques and the use of procedures to avoid cybercrime detection and tracing.

McAffee (2014) determined that cybercrime costs $ 400 billion to the global economy on an annual basis, but this can easily reach a maximum of $ 575 billion. Stolen personal information could cost $ 160 billion per annum, G20 nations experience most financial losses due to cybercrime activities especially the USA, China, Japan and Germany. Developing countries are only experiencing small losses yet this tendency will likely change in the future as business use Internet for commercial purposes particularly mobile platforms and network connectivity. Nevertheless, most cybercrime activities go unreported on the organizational level to avoid further impacts like harming business operations, customer relationships and company reputations. The cybercrime effect targeting end users is not distinctive when it comes to the theft of personal information.

For many years, digital forensics methodologies and practices have not been evolving at the same rate that cybercriminality exploits Information and Communication Technologies (ICT) vulnerabilities. In this chapter, we review existing methodologies and how is imperative to revisit cybercrime and digital investigations operations to cover a vast number of technological environments. Our Cyber Forensics Model combines the most relevant phases of digital investigations and targets multiple environments in digital ecosystems.

Literature Review

Arief et al. (2015) point out that cybercrime losses are normally presented using surveys, these surveys do not provide a representative sample of the losses. In addition, surveys can be distorted and it does not exist an authoritative source for calculating cybercrime losses as many incidents are never reported to not lose organizational reputation. They stress that the number of cybercrime losses is arguable but what is indisputable is the rising threat of cybercrime. In order to assess how cybercrime operates, we must comprehend the attackers, the defenders and the victim’s environments.

Cybercriminals are continually launching cyberattacks that tend to grow in sophistication, the adoption of anti-forensics techniques and the use of procedures to avoid cybercrime detection and tracing.