Introduction
In the cyber world, cyber-attacks are quite a common occurrence. The attacks target computer hardware such as scanners, computers, servers as well as software programs such as operating systems and protocols. The recovery of data is made increasingly difficult by the encryption and steganography programs (Britz, 2009, p. 217). Additionally, the sophistication of the hackers makes it almost impossible to trace these attacks. Penetration attacks utilize known vulnerabilities of a system to access the cyberspace resource. Cyber-attacks can also result into denial of services whereby they reduce the ability of a system to function efficiently.
In cybercrime investigations, digital evidence is essential in data recovery and protection of the system. However, digital evidence is often prone to power surges, human error as well as climatic factors. The current state of digital evidence recovery and tracking cyber-attacks is not adequate. The tools and technologies available to computer crime investigators do not match with those used by attackers.
Forms of Vulnerability
Computer vulnerability allows outside access to a software or hardware. Computer vulnerabilities can be software, human, environmental or hardware based. In software vulnerability, viruses or Trojan horses can compromise the security of the systems in use. This can be avoided through use of security programs and antivirus software. Human vulnerability arises when the employees are poorly trained regarding the security of passwords or confidential information. Proper training can reduce human vulnerability. Hardware vulnerability is caused by unauthorized access to protected systems while environmental vulnerability arises due to environmental changes.
Attack Scenario
In the case of cyber terrorism targeting information from a police department, the stolen data can be recovered by use of different recovery tools depending on the operating systems in use. According to Britz, “it is more advisable that several recovery tools be used to recover deleted or damaged files on the operating systems” (2009, p. 154). As a police chief for Fort Lauderdale, I would use a variety of recovery tools. For the Mackintosh systems, Disk warrior, Pro-soft data recovery would be appropriate while for UNIX and Windows operating systems, apart and test disk are the suitable recovery tools.
As the police chief, I would first identify the location, type and the number of computers targeted by the hackers. This would help in narrowing down the search, which ensures adequate investigations. Additionally, this would help in noting the network connections for each targeted computer. Obviously, hacking involves the internet and other networks such as LAN and WAN and affects all operating systems. For intranet protocol such as IP/TCP it is much easier to locate the machine used by the attacker since the IP/TCP is often controlled by one authority (Casey, 2004, p. 127). Thus, identification of the network(s) is essential in subsequent investigations.
The machine used by the hackers can be located using a variety of tools such as IPS address, MAC address and DSs. After identifying the hackers, the second step in the investigation is to collect digital evidence to be used for trial. This can be obtained from backup tapes or by conducting on spot imaging of the systems.
Attack on a hospital system
In collecting evidence in any crime scene, the first step should be securing the scene and removing everybody from the computer devices. In a hospital setting, to avoid damage of evidence or loss of data, the computers should remain on or on sleep mode (Taylor, Fritsch, Lieder Bach, & Holt, 2010, p. 56). The next step should be to remove floppy disks and other data storage devices connected to the computer. This is to ensure the integrity and security of the information or data.
To protect health information systems from cyber-attack, technical protections such as penetration testing, vulnerability evaluation, cyber threats assessment and firewall protection are essential. Hackers normally plant malicious programs such as Trojan horses and viruses that corrupt the system. By implementing appropriate technical protections, the health information systems of the hospital can remain secure. However, to recover data after an attack that results into denial of information to legitimate users, would involve scanning the backup floppy disks or Zip disks for data.
The operating system is then reloaded before firewall is installed. The backup data files can then be renewed for use.
Shut down of the Airport’s computer system
In recovering data from crashed systems, one approach used particularly with UNIX systems involves searching for anodes from where the data is recovered. However, in Oracle systems, physical and logical backups commonly used in aviation industry are useful in storing and recovering data. Physical backups are physical files primarily used to store, recover data files, and control files. Physical backup stores files or database information in an offline location in a disc or tape. Logical backups on the other hand store procedures or tables in an external export facility. To reconstruct damaged database from a backup, the copy of the data is first retrieved before reapplying for new changes to fit a desired format.
Preliminary investigations
Investigations by computer forensic experts helps restore emails or files deleted by the hacker. Additionally, using encryption programs and other search techniques, the hidden files can be identified before being restored. The IP/TCP and ISPs addresses are very useful in tracking the hacker over the internet. An appropriate plan for recovering data following cyber-attack should involve; identification of the computer systems that have been compromised, collecting data from the operating systems, recovering digital evidence from backups and analysis of the databases as part of investigation process. To secure the airline system from subsequent attacks, use of firewall protection, data content control and traffic analysis are appropriate.
Security of current technologies
To secure the system, companies use patching whereby software patches are used to repair errors in coding. In this regard, systems administrators should protect systems using updated patches from software vendors. The use of virus detection programs is another way of ensuring network and systems security. Firewall protection are most important security measures for protecting systems against cyber-attack. However, firewalls should be well configured to prevent computer attacks. Encrypted IP/TCP programs can also reduce access of passwords to cyber criminals.
Data analysis
Log analysis forms a critical element in current cyber security. However, its use is limited because of the complex nature of the analytic tool. Logs capture essential data within an organization, which can be used to enhance cyber security. The logged data provides information regarding the security breaches, potential threats or vulnerability of a system. This allows an appropriate action to be taken on time. Log data also forms part of digital evidence and therefore useful to a systems administrator.
Weaknesses of current technologies
IP addresses help identify the sender and the receiver of messages between computers through the internet. Through IP tracing cyber attackers can be tracked to a particular computer. Therefore, the IP addresses are a useful source of digital evidence in computer forensics. However, IP tracing removes the online anonymity, which affects internet use negatively as the user’s identity is not protected. While IP tracing is useful in fighting crime, it faces legal and ethical challenges. In addition, self-destruction programs used by some attackers can destroy or modify digital evidence during transmission, which affects the integrity of the data.
Emerging technologies such as encryption, stenagonography, Magnetic microscopy and data archiving provide alternative ways of investigating cyber-attacks. Encrypted information is often difficult to decrypt. However, technologies available to law enforcement can help to decrypt this information. High-speed satellite internet can help locate cyber attackers using wireless devices and steganography software programs.
Conclusion
In a recap, Cyber-attacks can be penetrative or denial of services. Nevertheless, data can be recovered through multiple operating systems or IP tracing. Finally, to secure the systems, one can use firewall installation, physical controls or scan databases.
Reference List
Britz, M. (2009). Computer Forensics and Cyber Crime. An Introduction. New York: Pearson Education Press.
Casey, E. (2004). Digital Evidence and Computer Crime. London: Academic Press.
Taylor, R., Fritsch, E., Liederbach, J., & Holt, T. (2010). Digital Crime, Digital Terrorism. New York: Prentice Hall.