Hacking Incident at Jackson's Ex-Workplace: Identity Theft & Data Breach - Research Paper

Introduction

A hacking incident occurred at Mr. Jackson's former work area. The perpetrators of the crime illegally circumvented security to access someone else's company's security system. As a result of the hacking, considerable damage and chaos were done, including stealing of extremely vital and confidential information of the victim. The hackers were also involved in identity theft where they used fake emails to trick the victims into giving their details and account information. These people used keyloggers to log into the bank accounts where they got access to private information of several people. After gaining access to the accounts, the hackers made several purchases with the victims' credit cards. With access to some people's social security numbers, the hackers parlayed the data into the credit accounts using the victim's names. Searching Mr. Jackson's office requires permission since it is against the law to invade someone's premises without the right procedure according to the law (Day, 2015). A search warrant is a document issued by a judge from a court of law that grants local authorities the right to search a person or premises for any evidence that may be useful in a criminal case. As a Data Security Analyst, I cannot get a search warrant from the court. I will have to involve a police officer as they are the authorities that can be granted the warrant as stated in the Fourth Amendment of the United States Constitution (Day, 2015). Moreover, the officer must prove to the judge or magistrate why the search is necessary. With a search warrant, I will be allowed by the law to seize any items in Mr. Jackson's office that may be needed as evidence in the case.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Collection of Digital Evidence

As seen in the photo, digital evidence available at the crime scene are a Dell laptop, thumb drive, and several hard drives. The first step before handling any material at the work area would be ensuring that the scene is safe and free from danger or harm. Secondly, sufficient close-up photographs of the monitor, laptop, and other devices on the desk should be taken. However, these digital components should not be moved since the occurrence of electromagnetic discharges could compromise crucial evidence. The Dell laptop on the desk should be seized and secured by first taking photographs of it in all angles. The scene should then be drawn and any cords that are connected to the laptop labeled. The power state of the machine should then be examined and the trackpad slightly moved to determine if it is powered off or is on sleep mode. If the screen is on, volatile data from the RAM should be captured and pictures must be taken. It will also be crucial to check if there is any encryption software installed on the laptop. Collecting the computer as evidence would be helpful since information like the history of the website, logs, emails, documents files, and websites visited are crucial. Photographs of the hard and thumb drives should also be taken. The drives may be connected to the laptop to access any files in them. In the investigation, these drives would be useful since they may contain vital information like files and images in them. If the files are encrypted, an expert in Computer Science should be contacted to assist in cracking the data. The drives should then be labeled appropriately and carefully put in evidence bags.

Collection of Non-Digital Evidence

One of the non-digital evidence identified at the scene were several sticky notes. The first procedure while seizing the evidence would be taking several photographs of the sticky notes then document the contents of each paper. The sticky notes were yellow and are at different parts of the office. For instance, there is a sticky note on the desktop, another one on the wall and on the table too. The first step that would be taken while seizing the evidence is by labeling them. The sticky note on the monitor should be labeled as the source while the one on the shelf as the target. The notes would then be placed in an evidence bag which should be marked to indicate the time, location, description, date of collection, and the signature of the analyst. The sticky notes on the desk and monitor could be containing important information like the password used or something else that could be useful in the investigation. There is a folder located on the desk. The first step before taking this non-digital evidence would be taking sufficient photographs before touching it. The photo taken should be at a closer shot to make its contents visible as even the minute details could aid in the investigation. The folder should also be placed in an evidence bag and sealed. The document would be of assistance to the case since it may contain information like printed communication between the parties involved in the cybercrime. Lastly, the other non-digital evidence visible at the scene is a note pad on the desk. Collecting this evidence would also require photographs after which it should be placed in an evidence bag too. The note pad could contain vital information like contacts which could point out some leads in the case. The people in the contacts may be useful in the investigation to be questioned if the case moves to court.

Securing and Storage of Evidence

Non-digital evidence from the crime should be handled with care since it is delicate and could be lost easily. The notepad, sticky notes, and a folder should be placed in well-labeled and separate evidence bags. The evidence bags should contain vital details, for example, description of the evidence, time and date of collection, and the signature of the person in charge. Dealing with digital evidence in any crime scene requires the application of some mandatory principles and procedures. First, any action taken while seizing digital evidence should not in any way affect the integrity of that evidence. The people collecting the evidence must also be trained. Lastly, all the activities involved in the seizure of the evidence must be accurately documented and preserved. Since digital evidence is fragile and can be damaged, altered or destroyed due to improper handling, it should be collected in a manner that preserves and protects its integrity (Quick & Choo, 2016). Once digital data is extracted and analyzed from the hard and thumb disks and the laptop, the information should be kept in a consistent format. Virus protection software should also be used to prevent any loss of the data stored in the digital devices at the scene.

Regarding environmental protections, the laptop and the drives should be stored in climate-controlled places (Quick & Choo, 2016). Moisture or extreme temperatures can quickly damage electronic devices. The laptop's batteries should be removed to prevent loss on any information like dates and time which are valuable in the investigation (Quick & Choo, 2016). The evidence room where these items are stored should be well-secured to protect them from theft. A security officer should be employed to protect the evidence. Moreover, security devices like CCTV cameras and alarms must also be installed in the evidence room.

Evidence Custody Document

The voice recorder and hard drive in the evidence custody documents are not adequately and comprehensively described and vital information was left out. However, the thumb drive is adequately described and documented. There is a label on the back of the recorder which indicates that the device was manufactured by Saul Mineroff Electronic Inc. the recorder should be recorded as an Olympus DM620 that required AAA batteries to operate. Additional information should include that the recorder has an LCD screen, a micro SD slot and a mini-USB interface at the bottom. The information on the hard drive is also insufficient. For instance, the model and serial numbers should be indicated in the document. As shown on the sticker on the back side of the hard drive, the serial number is WMAZA0202091. The hard drive's date of manufacture should also be documented. The co-worker also failed to indicate critical information of the hard drive. For instance, the drive is 64 MB cache, and the gadget is a 3.5'' desktop size. Moreover, on the torn label at the bottom of the drive, a marker covers the writing on the device.

References

Day, R. (2015). Let the Magistrates Revolt: A Review of Search Warrant Applications for Electronic Information Possessed by Online Services. U. Kan. L. Rev., 64, 491.

Quick, D., & Choo, K. K. R. (2016). Big forensic data reduction: digital forensic images and electronic evidence. Cluster Computing, 19(2), 723-740.