Reference no: EM133190956
Quesiton 1. Why do many in the computer community oppose the use of "hacker" to describe cybercriminals? Can a meaningful distinction be drawn between hacking and cracking? What kind of hacking can be justified on either legal or ethical grounds?
Question 2. What implications does the conviction of the four cofounders of the Pirate Bay Web site in 2009 have for international attempts to prosecute intellectual property crimes globally? Should the four men also have been required to stand trial in all of the countries in which copyrighted material had been downloaded from their Web site? Will the outcome of the Pirate Bay trial likely deter entrepreneurs, worldwide, from setting up future P2P sites that allow the illicit file sharing of copyrighted material? What is your opinion of the case?
Response
Nowadays the practice of using automated software has served law enforcement and courts very well because seasoned officers and prosecutors have been able to use their well-developed policing expertise to reveal sound physical proof, and augment that proof with sound digital evidence from investigative software. But for the digital evidence to be admissible in court the investigative software should meet what many experts call "trier of fact" of requirements and expectations. This means the process used to reveal the digital evidence, and chain of custody to maintain its integrity, must be repeatable and able to yield the same results (Hayes, 2015). Ultimately, the software should be capable of, and have the veracity to, determine the facts amongst the body of digital evidence in order to accurately and reliably reveal when something existed or some event occurred. Experts like Guo, Slay, and Beckett (2009) explain that forensic tools should include a verifiable validation and verification framework that can be tested. These experts' opinions are in line with Hayes (2015), who explains that, when the evidence is tested, the results should be able to be recreated. For this reason, it is critical the reliability of the investigation software is tested with a set of reputable standards and approved by organizations with authority.
The Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) provides such reputable standards, in particular a methodology for evaluating investigative software methods by establishing general tool requirements, research protocols, test parameters, test sets and hardware testing. Their approach is based on well-known international methodologies for conformity research and quality testing. The results reveal the necessary information for toolmakers to improve investigative software, for users to choose the most appropriate investigative software, and for interested parties to understand the investigative software capabilities (NIST, 2019). The latter, understanding capabilities, is of high importance because it determines whether the investigative software can consistently recreate accurate and reliable test results; in line with the recommendations from experts like Hayes, Guo, Slay, and Becket. There are other organizations that utilize reputable standards and are accepted by authoritative entities such as the Federal Bureau of Investigations (FBI) civil society organizations, and agencies and entities of the United Nations and Inter-American systems. These include the Scientific Working Group on Digital Evidence (SWGDE), the International Organization on Digital Evidence (IOCE) (OAS, n.d.), and the American Society of Crime Laboratory Directors (ASCLD) (FBI, 2000). These organizations agree that investigative software should include key capabilities such as revealing direct evidence on the machine, associating a machine with data, providing investigative leads, revealing evidence that corroborates or refutes allegations or alibis, and revealing behavioral evidence (OAS, n.d.).
Three tools that follow these well-established standards and includes the internationally agree-upon set of capabilities are EnCase, The Forensic Toolkit, or FTK, and X Ways Forensics (XWF) (InfoSec, n.d.). EnCase is designed for forensics, digital security, security investigation, and e-discovery primarily from recouped or seized hard drives (InfoSec Institute, n.d.). But it's very expensive, going over $3,500 for a single license (ITClick, 2020). FTK is an investigation package great for hard drive scans and string searches, as well as taking images of the hard disk. But it can't multitask, doesn't display a progress bar to estimate the time remaining, and doesn't have a timeline view (making hard to conduct temporal analysis) (InfoSec, n.d.). Like EnCase, FTK is also pricey (about $4,000), but unlike EnCase, the price buys a perpetual license. XWF is considered powerful since its portable and conducts deep and granular investigations of commercial computers. However, although the price of a perpetual license about $1,000 cheaper than FTK and EnCase, updates will only be included for two years (XWays, n.d.), it's very complex, and would not work without the required dongle (InfoSec, n.d.).