Digital Forensics Used to Help Law Enforcement, Employers Defend Against Cybercrime

CyberForensics

Hacker for hire. Online hacking services. Verified hackers. Believe it or not, there are thousands of opportunities to hire a hacker on the internet. Combine that with the considerable growth of digital devices and few are immune to cybersecurity crimes. In fact, the U.S. Department of Justice lists cybercrimes as one of the greatest threats to our country. 

Criminal activity with computers can be traced back to the 1970s when the U.S. military began noticing computer-related criminal activity. In 1984, the first computer forensics program, Magnetic Media, was created by the FBI to find child pornography offenders. Since then, cybersecurity has grown to include 31 different specialty areas, as categorized by the National Cyber Workforce Framework. Digital forensics encompasses the collection and analysis of computer-related evidence in vulnerability, criminal, fraud, counterintelligence, or law enforcement investigations. Basically, law enforcement uses it to find criminals while companies use it to discover and monitor what their employees are doing.

Dr. Jon Haass, Associate Professor and Chair of Cyber Intelligence and Security at Embry-Riddle Aeronautical University’s Prescott, AZ campus, explains that in a criminal scenario, law enforcement uses digital forensics to determine the origin of the offense, the type of activity and the identity of those responsible. One challenge today is that attackers or criminals can use a proxy internet address, making them virtually untraceable. Law enforcement relies on the criminal making a mistake in order to find them.

Cases involving employees are also all too common, explains Dr. Glenn Dardick, Associate Professor and Program Coordinator of Cybersecurity programs at the Embry-Riddle Daytona Beach, FL, and Worldwide online campuses. Cases can involve violations of the company’s policy, financial theft, intellectual property theft, the law or even compromise national security. As founder and director of the Association of Digital Forensics, Security and Law, Dardick publishes its quarterly academic journal, now in its 11th year, through Embry-Riddle’s Scholarly Commons. Dardick is also frequently asked to consult in forensic cases and has been involved in several high-profile court cases.

“In 2007, I was involved in Connecticut vs. Amero after Julie Amero was found guilty. Fortunately, it was prior to sentencing where Amero was facing a potential 40-year sentence drawing international outrage. The forensics report by law enforcement indicated the accused was guilty of her charges, however upon further investigation, our team found the digital forensics methodology used to prove guilt was unequivocally flawed. We submitted our findings to the Court and the verdict was subsequently thrown out.”

Today, there is a whole industry that creates tools for digital forensics. Haass sees great movement toward artificial intelligence and teaching the computer to recognize anomalies, specifically the programming signatures of the criminals.

“Much like a voice pattern that is individual, so will a coding pattern be individual,” said Haass. “For example, in a drug case, a program would be written using a lexicon of drug names and various coding patterns. The program combs through the computer’s internal storage hunting for those names and patterns, alerting authorities when a match is found.”

The rising cybercrime threat has created greater demand for cybersecurity professionals. Postings for jobs in this field are up 74 percent over the past five years, according to a Peninsula Press analysis of Bureau of Labor Statistics numbers. Nationally, average salaries are strong, coming in at $91,000. However, as recently as January 2015 over 200,000 postings for cybersecurity jobs were unfilled.

“There are more cybersecurity jobs than graduates today. In Phoenix and Maricopa County alone, over 1,000 cyber professionals are needed,” said Haass, also a member of the Arizona Cyber Security Task Force which is focused on attracting cybersecurity professionals to Arizona. “The good news is that Embry-Riddle is working very hard to produce professionals who can help businesses and the government manage their cybersecurity needs.”

Embry-Riddle’s Prescott, Ariz. campus founded the nation’s first College of Security and Intelligence studies in 2013 and is training undergraduates in cybersecurity and digital forensic investigative skills. Students graduate with a strong foundation in computer science and software, forensic investigative methods and practice in real-world applications. Software Engineering students can also choose a Cybersecurity specialization.

“Our students are working on the solutions while gaining experience through collaborating and consulting,” said Haass. “In one project they gather intelligence and perform analysis on cyber-crimes around the world which are then communicated out to agencies who are focused on cyber counter-terrorism.”

As a National Center of Academic Excellence in Information Assurance and Cyber Defense, the Daytona Beach campus offers an undergraduate minor in Cybersecurity and two graduate degrees. The Cybersecurity Engineering degree focuses on the technical details of a system, producing engineers who can perform digital forensics, malware analysis and more. The Cybersecurity and Assured Systems Engineering (CyBASE) Center brings together faculty and students across the campus to perform research in cybersecurity associated with critical infrastructures and assures systems such as aviation and aerospace systems. A graduate degree in Cybersecurity Management and Policy is also available.

“One of our more interesting research projects centers around forensic recovery and analysis of data left on media found ‘in the wild’ as on eBay,” said Dr. Glenn Dardick, Associate Professor, Security Studies and International Affairs and Program Coordinator for the Cybersecurity minor. “Previously, we have found data containing sealed court records, financial information and data needing to be forwarded to law enforcement."

The Worldwide online program is a Master of Science degree in Cybersecurity Management and Policy for IT professionals. It is designed to give graduates an understanding of cyber security and its ramifications across an organization. These graduates become leaders in their organization by being prepared and staying one step ahead of threats.

For more information on Embry-Riddle’s programs visit each campus online at Prescott’s Cyber Intelligence and Security or Software Engineering degree pages; Daytona Beach’s Cybersecurity Engineering or Cybersecurity Management degree pages; or Worldwide’s Cybersecurity Management and Policy degree page.