Technology

Computer Forensic
1- Different communication technologies are emerging with each passing day and thus are made to make communication safer, efficient, secure and reliable. As with all the other things, these technologies have a good side and a bad side. The good side is the usual use of these technologies by general people to go about their daily affairs. The bad side is where certain elements use those technologies to indulge into illegal activities and also to channelize their illicit activities through various channels and people.

The current available technologies have unleashed a new era in the criminal communication activities. Gone are the days when criminals and drug dealers would use secret meeting spots to discuss their future course of action. Nowadays email, mobile phones and the internet has made possible long distance and anonymous communication.

The drug dealer that has been arrested could have used various forms of technologies to communicate with his co-conspirator. Firstly the most common mode of communication for this drug dealer could be the email. Email is fast, cheap and efficient. The drug dealer could have used different emails to communicate with his accomplices and this could have helped him remain aloof from the law enforcement agencies. Apart form this within emails the drug dealer could have used some sort of encryption technology.

There are many different kinds of encryption software which are widely available on the internet. Through that software one can encrypt a message so that it could only be decrypted through a special electronic key which the other person must possess (RIDER, Barry A.K., 2001).

The specific problem that email poses to the investigator is that emails are hard to track as the drug dealer could use multiple email accounts. Thus this leads to a failure in the tracking of those emails. Having said that, email combined with encryption techniques makes the life miserable for the investigators.

The solution for the investigator is to track the emails using specific keywords. For instance an investigator investigating about the emails sent by a drug dealer known as X123 could setup keyword filters for that specific name which could thus help to narrow down the required emails.

Other than this anonymous chat groups are perfect meeting spots for drug dealers, who can stay anonymous and thus effectively communicate and engage in discussions on their plans (KERBS, Robert W., 2005). These chat rooms also provide a public forum for these people to group together and plan out their next strategy.

The specific problem that these chat rooms pose to the investigators is that chat rooms are anonymous and free. Therefore anyone can join and engage in a private conversation. Thus monitoring of these chat rooms is a big issue for the authorities.

The solution for the investigators is that they could setup BOTs on the public chat rooms. These BOTs are basically computers who act as normal user and thus can keep track on the activity of the different participant within a specific channel. Through these BOTs, investigators could analyze the chat room activity and thus can narrow down their focus on suspected users.

Another technology that the drug dealer could have been using is mobile phone. The drug dealer could have used mobile phones to keep in touch with his accomplices and thus this would have helped him getting key information regarding a certain deal or consignment.

Apart form this, with the advent of prepaid mobile phone packages, it has become very easy for virtually anyone to own and use a mobile phone. Although this has increased the relative use of the mobile phones altogether, but the side effects of this is that many criminals and drug dealers use and rely on this piece of technology to go around their daily business affairs (KENDALL, Raymond, 1999).

The specific problem that mobile phones pose to the investigation is that as mobiles are wireless, a drug dealer could email or call his accomplice from any possible place and after fulfilling that objective, he could throw that device away and thus destroy the evidence with it. Moreover the multiple connections being used by a criminal could also pose problems for the investigator to track the specific number.

The best possible solution for the forensic investigator is to run a network voice scan. This would involve the use of wireless network carriers database to check and trace the specific calls through the voice patterns of the criminal. This would help in tracing down of the specific mobile number which could then lead to the specific location of that criminal.

Virtual Private Network or VPN is a private network through which two or more computers could be connected. Moreover such a system ensures that all the communication between those computers would be totally private and discreet. The main difference in VPN and conventional networks is that VPN uses the internet to make a virtual network which acts and behaves like a normal network.
Although these networks are normally used by businesses and corporations but drug dealers can also use these kinds of networks to collaborate and share vital pieces of information which could lead to a big drug deal. Other than this, VPN allows the drug dealer to effectively share his resources to the other dealers and thus interact in real time (STEVE HAWKINS, David C. Yen, David C. Chou, 2000).

Other than this, VPN allows different people from around the world to gather and share their information. Imagine a drug dealer in America collaborating with the dealers in Russia and Hong Kong and thus effectively negotiating the prices and delivery terms.

The specific problem for the investigators is that penetrating through the VPN session is a long and time consuming task. Moreover the end results obtained might not give the full picture and so this could further delay the investigation.

The best possible solution for the investigators is to adopt a range of hacking and cracking tools to effectively ensure that the VPN system is brought down and thus the investigators could then analyze the evidence retrieved.

Mobile text messaging is a quick and easy way to send a text message to a certain individual or a group. The phenomenon has taken the world by storm and thus is growing on an increasing scale. The drug dealers could have used this technology to communicate with his co conspirator. He would have known about some vital information regarding for instance a drug shipment through this mode.
The specific problem it poses to the forensic investigator is that although mobile text messages are traceable but the drug dealer could have been using code language which might be hard to decrypt. Drug dealers use these languages to ensure that their message is only understood by their co-conspirators.

The best possible solution for the investigators is that they could hire a team of expert in criminal language. These people would be able to decode those messages and thus could help lead the investigation further.

Another key technology that the drug dealer could have used is the Instant Messaging (IM) service on the internet. The IM is a service through which one can send and receive instant messages over the internet to the other person. The drug dealer could have used this technology to communicate with his co-conspirator. Moreover, the drug dealer could have sent or received various files through which he could have planned out his next assignment or crime. Instant messaging could also have allowed the drug dealer to have conversation at the same time with a lot of people. Through this, they could share information and send or receive various plans based on which they would work.

The specific problem that IM poses to the investigators is that tracking instant message chat sessions is a difficult task. The reason being that there are a number of services offering IM and thus the investigators would have to run a check on each of those services which would be a tedious task.
The solution for the forensic investigator in resolving the problem is that they can trace out the chat logs and thus run a keyword search on it. Once the keyword search would have narrowed down the specific chat logs from the server, the investigator could manually sort out those logs to acquire the specific information.

Moreover, the drug dealer could have used radios or walkie-talkies to communicate with one another. The major advantages of such radios are that one can easily communicate with one another without additional cost and thus is a cheap mode of communication. Moreover this mode of communication does not rely on any third party device and is simple a two way communication.

This is a benefit for the drug dealers as it ensures privacy and total control over the communication. Thus the drug dealer could have used this mode of communication to communicate and collaborate with his co-conspirator and thus to engage in illegal activities. Although there is always the chance of anyone snooping in on them through wireless scanners but still the advantages are enough for the drug dealers to use them (LYMAN, Micheal D, 2006).

The specific problem for the forensic investigator is that such a technology leaves no trace or any evidence. Once the conversation has taken place it cannot be retrieved back and thus is lost forever.
The solution to this problem is that the forensic investigators could setup scanning devices which could effectively snoop over the conversation. This would ensure that they are able to retrieve the specific information and thus that could help in the further investigation.

 The drug dealers could also use social networking websites to communicate with each other. These websites allow anyone to make up a profile and thus through that profile one can interact with many friends and peers. Moreover the new generations of social networking websites allow people to send and receive files, engage in online chat and send and receive private messages to one another.

Thus these websites are a haven for the drug dealers as they provide all the possible modes of communication under one roof and thus offer complete privacy to engage in their activities (RESSLER, Steve, 2006). Apart from this, these websites offer collaborative tools that could help a drug dealer plan out his next move or strategy with his other accomplices.

The specific problem for the forensic investigators is that social networking websites are hard to track down. The reason being that with an easy way to setup an anonymous profile, anyone can do it and thus the forensic investigators have a hard time to track the profiles which had been used by the drug dealers.

The best possible solution for the investigators is to setup fake profiles on such websites and track down the activities of such suspected criminals. This way they could keep an eye on the activities of the suspects and thus could predict their next move.

Thus these were the technologies that the suspected drug dealer could have used to communicate and collaborate with his co-conspirators.

2- Information can be placed in various places within a laptops file system. A laptops file system consists of various levels of folders. Within those folders one can save numerous files. Having such a vast and complex file system, it really gives a lot of options for a criminal to hide his work from unwanted eyes. Moreover the same system can give a lot of headaches to an investigator who would have to look deep within the file system to filter out the required pieces of information.

Firstly, information could be saved within the hidden folders which would hide the information from a general user. Hidden folders basically are normal folders within a file system but their existence is not shown in the general directory structure. This basically hides a folder and thus by only giving a certain command, one is able to retrieve the contents from the folder.

Thus such type of system gives excellent opportunity for a criminal to hide sensitive information which might be related to some deal or criminal plan (IRONS, Alastair, 2006). Moreover by hiding the information in the hidden folders, a normal computer user might not be able to retrieve that specific piece of information. Thus hidden folders are one of the places where evidences might be found to a forensic investigator investigating a case.

Deleted files and internet cache are other places where evidences might be found relating to some criminal activity. Whenever internet is used on any computer through a browser or an email client, it leaves a certain trail in terms of file logs, cookies, and the cache files. These files are basically the temporary downloaded files that the computer downloads temporarily while a person uses the internet.

Thus once a user finishes his work these files can be deleted. However in normal circumstances, many of these internet files are on default set to be deleted after 30 days or so. Moreover even if the user deletes the files on purpose, they are still present on the file system and thus can be later on traced by a professional.

Other than this, these internet files can reveal a lot of information about the surfing habits of a user. The technology has become so advanced that by the help of specialized software, one can even see which sites the user had been visiting and what chat rooms he has gone to. Moreover the people with whom he might have chatted can also come up through proper searching.

Thus the internet files and cache are a very important place from where the investigators can expect to crop up the relevant information. As the internet usage is increasing with each passing day, thus it is evident that a laptop has been connected to the internet thereby leaving the traces in terms of internet cache and files (ANDERSON, Ross, 1995).

Another place where the forensic investigators can find information is within the registry of the operating system. An operating systems registry can contain a lot of information that could hold potential evidence or aid in some other aspects of forensic analysis. (Assuming that the laptop was using Microsoft Windows as its operating system we would discuss the Windows Registry). The windows registry is the central repository for configuration data which is stored in a systematic manner. All the software details and user accounts are stored in this part of the operating system and thus it acts as a central database. A windows registry can hold a lot of clues and specific information that might give the forensic investigator some lead in the investigation.

The registry can hold information regarding the number of programs that were installed in the computer. This information is vital as through this the investigator will know whether the user was using some illegal or unlawful software such as hacking tools which might have been used to commit further crimes (GERMAN, Peter M., 1999). Apart from this the registry can bring up the list of users which had used the laptop. Through this the investigator could get to know the names of those users and thus could further move on with his investigation. The registry keeps track of the smallest change happening in the laptop. For instance a list of wireless Wi-Fi access points can be retrieved from the registry. This list contains all the names of the access points which have been connected to the laptop. Such information could help the investigator track down the location of those Wi-Fi routers and thus could help in the investigation.

Apart from this the registry could track down the individual users activities and thus this could also help in the investigation. The registry also saves the names of the computers that were connected in a LAN. This information is also vital as it could help the investigator to know the names of those computers and thus could help in the investigation. Furthermore, the registry also contains information regarding the list of USB devices ever connected to the computer. This list again could act as potential evidence and thus could further help in the investigation. A registry is a vast sea of data and thus it is up to a qualified investigator to properly retrieve the required information out of it.
Forensic investigators can also expect to find information within files or photos. Steganography is the science of hiding messages within the images or pictures. Although this is a very old practice but the digital age has thus given this science a new vision. Nowadays such kinds of activities are on the rise and criminals are increasingly using steganography to hide their messages or information within the pictures and thus only their co-conspirators would be able to retrieve it accordingly.

This basically posses a new challenge for the forensic investigators as retrieving the hidden messages from those pictures is a difficult task. Moreover before retrieving one has to check within which picture is the hidden message stored.

In many of the recent criminal activities around the world, steganography had been used which effectively hided maps, blueprints, photographs etc from the normal users. Moreover todays steganographic programs can effectively hide any type of binary data into nearly any type of image, audio, or video file (KER, Andrew, 2009). Moreover such software can also hide data into executable files or spam messages. This kind of flexibility is what makes steganography so problematic for the forensic investigators.

Apart from this, steganography requires highly technical skills and thus many of the criminals get away by doing such a thing as many of the investigators do not routinely check for steganography.
Other than this, another area where information could have been hidden within a laptop is the anonymous files. By just removing the file extension of any file, a laptop user can make the file to look like a system or a configuration file. Such a disguise helps the user to store whatever piece of information within that file and thus get away with hiding that information.

Other than this, such a technique is very easy to follow and many times investigators overlook such files. One way of checking for those files is by their relative size. By looking for files which are big in size and thus do not posses a file extension, an investigator can effectively trace those suspicious files. Later on those files could be analyzed by specialized programs which could then retrieve vital pieces of information from it.

Apart from this, within a laptop evidence can also be found in the deleted files on the hard disk. A computer file once deleted is moved to a new place on the hard disk. Once the file is deleted the computer makes note of that space as available and this can be overwritten by a new file. Although this might seem that the file has been lost forever but with specialized software one can retrieve that deleted file as long as it has not been overwritten. Thus while analyzing deleted files, an investigator can come across many different pieces of evidence that may help in solving the case.

Moreover these deleted files may bring up various things and information regarding how the laptop has been used. It is said that the computer is just like a tape recorder. Anything that one does on the computer is recorded and stored in some part of the overall system. Although it depends upon how experienced a user is to retrieve that kind of information but the fact is that a technical expert is able to retrieve various types of information from that raw data.

 By analyzing the overall data structure on the computer, a technical expert can filter out the required data and thus relate that data to the concerned investigation issue. Apart from this deleted files can also show a specific timeline through which an investigator can see the different activities that the computer user has been up to.

Deleted files also show specific information regarding the type of websites and the kind of information that has been exchanged from that specific computer. Other than this such files are a vital step for a criminal investigator to begin his investigation and thus to relate different sets of clues and information which may lead to further possible leads.

In making all of the above mentioned investigations care must be taken that the files are copied to another source. This would ensure that the original files are not altered and thus may not ruin the future investigation on those files. Therefore the original file system should remain intact and preserved.

Moreover evidence can also be hidden in the protected files area. These are those files which have been protected and thus a normal user cannot access them. Thus specialized software can be used to unprotect those files and thus allow unrestricted access to them. Apart from this, the investigator can also search the unallocated space of the hard disk.

This is the space which is normally unused and thus is currently not in use by the hard disk. This although does not mean that it is empty and thus it might contain files or parts that are relevant to the case. Moreover the unallocated space might include some past deleted information which might be a big lead within the investigation.

Summary  Conclusion
It can be seen that technological tools have aided these criminals in their notorious activities. These people have used these tools for their own purpose and thus have now put the investigators in a fix. By using sophisticated tools and equipments these people have managed to find new ways to communicate and interact with each other (LYMAN, Micheal D, 2006). Furthermore, new methods of communication between these criminals have made the crimes more complicated and difficult to investigate. The key technologies used by these criminals include mobile phones, email, chat rooms, instant messaging (IM), social networking websites and radios (RESSLER, Steve, 2006). By using such a vast variety of tools, these criminals have made sure that their work is completed in the most discrete and silent manner (KENDALL, Raymond, 1999).

With the laptops getting more and more complicated thus these machines can now store huge amounts of data. Drug dealers and criminals make use of such machines to aid their criminal work (GERMAN, Peter M., 1999). Information can be hidden in a number of places within a laptop so that it is secure and protected. For an investigator, there are numerous places within the laptop where they could find relevant information (KER, Andrew, 2009). These places include the operating systems registry, encrypted files, hidden files, deleted files and locked files (STEVE HAWKINS, David C. Yen, David C. Chou, 2000). Thus by properly investigating the respective parts within the laptop, an investigator can expect to find significant information. With the current pace of technological advancements newer and sophisticated tools are being made which could also help the criminals in their illegal activities (KERBS, Robert W., 2005).