Recently, the Institute of Electrical and Electronics Engineers (IEEE), the world’s largest and renowned technical professional association notified members of possible data breach. The association identified the unauthorized access to customer database in December. Computer forensic professionals were engaged to investigate the security breach incident. In February, the forensic investigators identified that a file containing customer data was deleted from the computers of IEEE in November last year.

The investigation led to the disclosure of several system vulnerabilities. Information security professionals of the association have mitigated the vulnerabilities. The compromised information was provided by the members, while registering for an IEEE conference. The file contained names, credit card numbers, credit card expiry dates and card identification numbers of around 828 members. The association reported that they are not aware, whether the attackers extracted customer data from the deleted file. The incident is alleged to be a sophisticated network intrusion attack. The association has notified the Federal Bureau of Investigation (FBI) on the incident and the concerned regulatory authorities.

Attackers scan the networks to identify and exploit security flaws in networks, computer systems and websites. Once they identify a vulnerable network and computer systems, they use sophisticated techniques to bypass security mechanisms and gain access to privileged databases. A successful intrusion attempt may provide access to sensitive customer information. The collected information could be misused for fraudulent activities such as identity theft, misrepresentation and conducting unauthorized transactions. The offenders may also sell the extracted information to their peers in the crime world and corporate rivals of the targeted organization.

Organizations must conduct regular security evaluation of the websites. Hiring professionals qualified in computer science degree may help them in streamlining the security of the IT infrastructure.IEEE has offered to provide one-year free subscription for Identity theft protection policy. Members must notify the credit reporting agencies and request for fraud alert on their accounts. The affected individuals must monitor their credit card statements and report any unauthorized activity to their respective banks and credit institutions.

Organizations must adhere to the regulatory provisions for collection and storage of data. Payment Card Industry Data Security Standard (PCI DSS) establishes security standards to be implemented by merchants, hardware and software developers, financial institutions and professionals. Training sessions, online degree and e-learning programs may help employees in understanding and implementing security standards and practices.

Employees must be aware of the various IT security threats, measures to be initiated in case of a security breach incident, protection of evidence, procedures for reporting security incident procedures and data recovery procedures. IT employees must be encouraged to undertake online university degree courses in computer forensics and incident management. Access to computers containing privileged information must be restricted to few authorized employees.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: [email protected]
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S.federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

Many countries across the world do not have a mechanism to deal with the growing number of cybercrime incidents. The police force and counter-crime agencies are not fully equipped to investigate the sophisticated modus-operandi of the criminals.

They are generally trained to deal with traditional crime and lack skill and expertise to handle complex cybercrime incidents. As a result, many computer crime incidents are left unreported. Lack of computer forensics skills also hampers the investigation process. Countries such as US and UK are also finding it difficult to keep pace with the rising Internet crime. Threats in the cyberspace require coordinated effort of different counter-crime agencies.

Recently, Federal Bureau of Investigation (FBI) inaugurated a $7 million new computer forensics lab in Orange, California to combat the increasing number of computer related crimes. The enormity of the computer and Internet related crime can be gauged by the fact that the newly opened facility is third such lab in California. There are fourteen other labs across US.

The lab will help FBI in coordinating with different counter-crime agencies in the country. The lab will facilitate computer forensic investigation through sophisticated software. The software will help forensic experts in extracting and analyzing data from computers, laptops, mobile phones, cameras and other digital devices. Computer forensics helps investigative authorities in collecting evidence and tracing the crime trail. Legally acceptable evidence is crucial to bring perpetrators of crime to justice.

Government and investigative agencies of other countries must also conduct computer forensic training programs and workshops to enlighten the police personnel on threats such as social engineering, phishing, identity theft, unauthorized access and other cyber threats. The training programs must also guide the personnel on incident handling, counter measures and safe computing practices.

Counter-crime professionals can also benefit from the distance learning programs to update themselves on latest security threats and measures adopted by major investigative agencies across the world. Awareness of possible threats emanating from the cyberspace is crucial to encourage crime reporting. Availability of crime-related data will help investigators in analyzing the trends and initiating counter crime measures.

EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. “Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation” as stated by EC-Council’s Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.

ABOUT EC-COUNCIL

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

Press Contact

Steve Graham
6330 Riverside Plaza Ln NW
Suite 210
Albuquerque, NM 87120
[email protected]
505.341.3228

Computer Forensics is that branch of forensic science that deals with evidences and clues that are admissible in a court of law and found in computers, networks and digital storage equipment. This is a relatively new branch of forensic science that aims to aid the legal experts and law keepers in gathering important clues from the digital world.

With the advent of the digital technology, criminals have also become computer savvy and use the Internet and the computer networks for carrying out their nefarious activities. Cyber laws have been framed to counter cyber-crimes and at the same time modifications have been incorporated in the traditional legal system to ensure that computers become enablers and not impediments in investigations.

The goal of computer forensics is to probe and find out obscure and hidden details from storage mediums, computer systems, large networks, emails, images or data packets being transported over a network. The scope of this branch of forensic science may vary from retrieval of information to reconstruction of a sequence of events. This new branch of forensic science includes some other sub branches within its ambit such as the network forensics, database forensics, mobile device forensics and firewall forensics.

There are many reasons behind employing computer forensics; some of them are mentioned below:

• Computer forensic techniques are often used in legal cases to analyse computer systems of the alleged offenders.
• To recover data in case data is erased by the criminal
• To analyse the faults of a computer system after there was a break-in for ascertaining the probable faults that enabled such a mishap
• To gather information against an employee that the organization wants to terminate
• To understand how a computer system works from the point of view of debugging, reverse engineering and optimization of performances

The Forensic Process Involves Five Basic Steps:

1. Preparation of investigation
2. Collection of data
3. Examination of evidence
4. Analysis
5. Reporting

It is worth remembering that forensic science is in itself a very intricate and exact science and computer forensic is yet another direction in super specialization. Computer forensics requires highly skilled and trained personnel to perform the most delicate of analysis and the toughest of examinations.

Digital evidences may be collected from many sources, including hard drives, cellular phones, USB devices, memory cards, CD ROMs and digital cameras. Some other sources of evidences include black boxes found in automobiles, digital thermometers, web pages and RFID tags.

Special care must be taken while handling computer evidences since digital evidence is very easy to change and once changed it is tough to revert it back to the original form. Therefore a common practice among computer forensic experts is to calculate a cryptographic hash of the evidence so that it is easy to ascertain that there has been no change in the evidence since the cryptographic hash was calculated. Other practices that are used for handling digital evidences include maintaining proper documentation, maintain chain of custody properly, use of tools that are reliable and that have been validated and imaging media on computer by employing a write-blocking tool to ensure that no data is tampered with.

To know more about Computer forensics, visit the given link.

Contact:

CASPER KAN CHANG
Decision Group Inc.
4/F No. 31, Alley 4, Lane 36, Sec.5, Ming-Shan East Road Taipei, Taiwan
Phone: +886227665753
Website: http://www.edecision4u.com