Legal and Ethical Components of Network Forensic Investigation

Legal and Ethical Components of Network Forensic Investigation

Student’s Name

Professor’s Name

Course

Date

Legal and Ethical Components of Network Forensic Investigation

Introduction

Even though digital technology has been of immense importance to many businesses globally, network attacks remain a giant headache for business organizations. Cybercriminals devise new methods of network attacks day-in-day-out, making it very problematic to deal with the issue of network attacks once and for all by business entities. Because no business enterprise is immune to network attacks, minimal and medium-sized businesses, every business should keep track of their network traffic patterns and information captured in transit between their network systems. Keeping tracking of the traffic and data patterns between a company’s computer devices is fundamental because it can offer insight into the system’s extent and points of attack. 

Furthermore, that information is essential as it supplements investigations efforts whenever a cyberattack is committed. Whenever a business experiences an illegal activity, like in the scenario stemming from its computer devices attacked by unauthorized people, network forensic investigations are the best to adapt to ensure enough evidence is gathered and presented to the court. This article addresses the legal requirements necessary to ensure that evidence can be submitted in court to prove illegal activity on the business’ network. Additionally, this paper addresses the ethical issues surrounding the search and seizure of equipment and end-user data. It also creates a plan that maintains a proper chain of custody in the last section.

SECTION I

Legal Aspects of Network Forensic

Despite being aware of cyberattacks, many businesses do not know the correct procedure to ensure that they collect tangible pieces of evidence that they can submit to court as proof of the illegal activity in their network (Imam, 2017). Businesses should embrace a network forensic analysis approach to assist them in monitoring and analyzing their computer network traffic so that they may gather information, detect possible intrusion, and collect legal evidence. However, the business must consider the legal aspects of network forensic discussed below.

Privacy

One of the legal and ethical aspects of network forensic is confidentiality. Because the suspected cyber criminals are innocent until proven guilty, the network forensic investigators are obliged to conceal the identity of the suspects (Imam, 2017). The confidentiality of the suspected parties is paramount in network forensic investigation cases. The business should ensure that the step it takes during its investigation uses the equipment that complies with the widely applied investigative practice and policy. Furthermore, forensic companies need to protect the identity of their customers by fulfilling the engagement and treating such client data in the strictest confidence possible (Harbawi & Varol, 2017). Moreover, this legal aspect forbids the problem examiners from revealing personal data without the owners’ consent or court orders.

Careless handling of the forensic investigations may lead to other problems like interfering with the criminals’ shreds of evidence before enough data about the crime is collected by the investigators (Harbawi & Varol, 2017). Thus, privacy is one of the most important legal aspects of forensic investigation that businesses and forensic investigators must comply with. Legally, privacy is every person’s human right and should not be violated by any party unless there is a good reason.

Utmost Objectivity

That personal ambitions and interests are different are unquestionable. Every individual has their life dreams and can use any opportunity to make their dreams come true, and forensic investigators are no exception. Since opportunities often come from anywhere, the forensic investigators may find an opportunity while conducting an investigation, thereby forgetting the primary objective of the research to satisfy their interest (Harbawi & Varol, 2017). The utmost objective legal aspect holds that forensic scientists should distance themselves from shifting the purpose of the investigation and gather information on a concrete scenario without influencing their interests, values, or experiences (Harbawi & Varol, 2017). At no cost should an investigator change the objective of the forensic investigation. Also, the case examiners should take actions that would raise conflict of interest after that.

The business in this scenario should look for reputable forensic companies with a good track record in dealing with network attacks. The best forensic investigators can be identified based on the number of successful cases they have had, the number of referrals, the technology of the matters handled and good-mouthing from satisfied customers. Choosing ethical forensic companies is vital since no honest business can use their clients’ data other than the intended purpose.

Evidence-based Claims

Not every network attack claim is valid. Businesses can sometimes be petty to the extent that they wish to incriminate the innocent. Therefore, this legal aspect of forensic investigation requires that the forensic investigators conduct thorough research on the issue and accurately analyze their findings before presenting their findings in court (Harbawi & Varol, 2017). Adequate analysis of the investigations is crucial in ensuring that the claims are based on unbiased information. The business should make sure that the forensic investigators they trust with the task will discover possible evidence about the network attack for them to win the case; otherwise, their effort is in vain. Moreover, they can assist the forensic team with any further information to increase the robustness of the evidence they submit for the case.

Observing Well-established and Validated Principles

Forensic investigators cannot work in isolation; thus, this legal aspect requires them to hue to some of the validated and well-established legal and ethical practices around the globe. For instance, in the US, network forensic teams should make examinations based on the Fourth Amendment, the Stored Communications Act and the Protection Act (Harbawi & Varol, 2017). These principles are based on land laws, and the investigators who honour them can never go wrong as far as legality is concerned.

The firm should ask itself whether the team they select to conduct the process of gathering evidence for their case follows the well-established and validated principles. Proofs based on legal principles can do nothing but win a case. The business should prioritize producing legal evidence rather than making empty claims (Harbawi & Varol, 2017).

Legal Steps in Network Forensic Investigation

STEP ONE: Investigation Procedure and Policy Development

Network attack evidence can be very delicate and highly sensitive, whether related to criminal conspiracy, malicious network attack or an attempt to commit a crime. Thus, cybersecurity experts should realize this fact about cyberattacks, attach more value to digital evidence information, and treat them with respect or compromise (Norwich University Online, 2017). Therefore, the first step of network forensic investigation requires that team create and follow a strict policy and procedure for the forensic study. The so-created policy and practice can then be applied to detail how to appropriately prepare the computer systems for evidence retrieval, where to keep the retrieved evidence, and how to document these signs of progress to ascertain the authenticity of the information.

STEP TWO: Evidence Assessment

You cannot investigate a case that you know not about. Central to the realistic development of evidence for a claim is an adequate understanding of the issue at hand. The network forensic examiner should grasp details of the case they are about to seek evidence as this can help them classify the cybercrime (Norwich University Online, 2017). Before launching a network forensic investigation, the investigating team must clearly and concisely define what type of evidence they seek and develop an efficient way to preserve the pertinent data. After that, the forensic team must establish the source of data they want and its integrity before using them as evidence in a case.

STEP THREE: Acquisition of the Evidence

This step entails a rigorous and detailed plan for retrieving all the pieces of evidence deemed fit for the case. However, the forensic adepts involved in this process must ensure that the evidence they acquire is legal and deliberate.

STEP FOUR: Examination of the Evidence

In this stage, the examiners typically analyze the collected data using various approaches and methods to scrutinize the information (Norwich University Online, 2017). Usually, information tagged with dates and times are more practical to case investigators, so are the programs or suspicious files intentionally hidden or encrypted.

STEP FIVE: Documenting and Reporting Evidence

Here, all the activities related to the investigated crime are accounted for in a modern format and stored inappropriately designated archives as evidence (Norwich University Online, 2017). Any convincing piece of information is thus recorded and reported during a case hearing session in court.

SECTION II

Ethical Components of Network Forensic Analysis

Ethics is very important in helping people differentiate between right and wrong behaviour and helping them make well-informed decisions in different circumstances of an ethical dilemma (Alshurafat et al., 2020). Below are some of the ethical components surrounding network forensic.

Fairness- ethics requires that the network forensic practitioners be impartial and just without favouritism while examining a case (Alshurafat et al., 2020). These conclusions should be drawn from the evidence found and not their client’s needs or against the suspects.

Consistency- This component requires that the evidence presented from forensic investigations hold together and be logical in presentation.

Goodwill– The victim of the crime should cooperate with the crime examiners to assist in yielding helpful evidence for the case at hand.

Proficiency– This component is critical because it ensures that those trusted with the network forensic analysis have a higher degree of skills necessary to arrive at accurate and meaningful evidence.

Diligence- The diligence component is fundamental because it promotes carefulness and persistent effort at work. Diligence among crime examiners helps them be self-motivated and tirelessly to gain much-needed information (Alshurafat et al., 2020).

Honesty– Forensic practitioners should exhibit excellent moral character that connotes virtuous and positive attributes. This ensures that their findings are loyal, sincere and fair.

A sense of community– The professionals should recognize that everyone has a belonging, everyone matters to one another, and every one is essential for society’s progress (Alshurafat et al., 2020).

The Challenges Faced When Collecting Evidence of a Crime

Data Encryption

Over decades, the data encryption approach has been legitimately used to ensure data security by keeping them out of unauthorized user reach. Encryption is a challenge in gathering evidence of a crime because cybercriminals can also use it to hide their criminal activities (Caviglione et al., 2017).

Change in Technology

There is a constant rapid change in network technologies such as application hardware and software and computer operating systems. The rapid change in technology makes it challenging to gather evidence of a crime because reading the current evidence is more difficult in the new software versions. Furthermore, new versions of the software are not compatible with the old one since there is no backward compatibility, impacting the legality of the data submitted in court (Caviglione et al., 2017).

Skill gap

Finding the person who can gather the most accurate criminal data is a more significant challenge in many parts of the world (Caviglione et al., 2017). For the criminal forensic investigation to succeed, qualified personnel are needed, which may not be readily available and very expensive.

Big Data

Cyber attackers can effortlessly manipulate network information’s integrity, availability, and privacy. The existence of wide-range networks and the online form of a more extensive network that allows information to flow beyond the designated boundaries is very undesirable for internet users (Caviglione et al., 2017). Such easiness of data flow leads to big data that collecting evidence has to deal with in the process. Big data pose the difficulty of identifying the relevant and original data.

Privacy Issues

Some criminal cases may require the investigating group to access private information. Retrieving confidential information from organizations or individuals as evidence for an illegal activity may be very difficult because people or firms must give their consent in the first place (Caviglione et al., 2017). In most instances, individuals and firms may refuse to provide their support to access their confidential data.

Covert Channel

This communication channel assists cybercriminals in bypassing network intrusion detection mechanisms and hiding information over the computer network. The attacker can deploy a covert channel technique to hide the connection between them and the malfunctioned computer system, making it troublesome to gather evidence for a crime (Caviglione et al., 2017).

Circumstances under which Prosecution of Crime can Override Privacy of Personal Data

Every citizen has a right to privacy, and other parties can only access their private information with their due consent. However, some circumstances under which the prosecution of a crime can override confidentiality or protection of personal data.

To begin with, privacy can be overridden if they contain the proportionate measure and necessary information needed to ensure the protection of national security (Dobkin, 2018). For example, the personal data of a suspected terrorist can be accessed without their consent to alleviate the adverse impacts of terrorism before they occur. Under any circumstance, national interests will always supersede individual ambitions.

Secondly, privacy rights can be violated in a criminal case if the protected data contain information needed to promote public safety (Dobkin, 2018). The life of the entire population in the society is perceived to be more worth than a single life. Hence, the prosecution of crime can override privacy rights to promote public safety.

Another circumstance under which prosecution of a crime may override personal data protection is when it is necessary to protect critical financial and economic interests. Some crimes may cause long-lasting effects that no one would like to witness (Dobkin, 2018). For instance, the impacts of criminal activities such as economic sabotage, financial frauds may last for decades in the economy; hence they should be prevented at all costs- even if it means violating the privacy rights of the suspects.

Finally, personal data protection can be overridden if the prosecution of crime wishes to promote impartiality and independence of the judicial system (Dobkin, 2018). This way, the trial of offence can access private data to prevent, investigate and prosecute crimes and execute the most deserved criminal penalties.

Ways to Solve Data Privacy Dilemma in a Criminal Prosecution

Creating public awareness– It is vital to inform the public that there are circumstances under which their data can be used for the good of their safety, national security, and economic security, among other touchy reasons. Public awareness will help them understand why their private information may be used without their permission. Besides, informing the citizens about the necessity will motivate them to consent without being forced readily.

Imparting moral character in the investigators- It is necessary to encourage the people accessing protected personal information to use the information so collected for the purpose it was gathered to improve the confidence in whose data is accessed. Unethical crime examiners may access the private data will ill motives such as selling such information after the intended purpose is over, thereby affecting people’s readiness to give their consent regarding personal data access.

Developing a policy– A policy that clearly states circumstances under which personal data can be accessed without the owner’s consent should be formulated and implemented. This will normalize the overriding privacy of personal information when generating evidence for criminal activity.

SECTION III

Chain of Custody

Chain of custody can be defined as the process that criminal evidence follows from its collection, safeguarding procedures, and the analysis lifecycle by outlining every person who handled the data, the date and time it was retrieved or transferred, and the purpose for the movement (Superior Bag, 2021).

The Importance of Chain of Custody

As much as the evidence may be substantial in any case, it is imperative to maintain the chain of custody properly. It is critical to keep the chain of control because it preserves the integrity and dependability of the evidence and safeguard it from contamination- all of which can alter the condition of the evidence (Superior Bag, 2021).

The chain of custody is essential to the criminal investigator to show where the possible pieces of evidence might be found, where they originated, who prepared it, and what type of device was used to retrieve or store it. Also, the chain of custody can help the investigator confirm the properties of the evidence gathered. On the other hand, a chain of custody is helpful to the court because it can deduce whether the evidence presented before it is wholesome and meaningful. Anything short of that will assist the court in dismissing the evidence explained because of the missing links.

The Processes of Chain of Custody

Documentation Process

In this stage, the people assigned to investigate the case decide what methods they will employ to obtain case clues and analyze and characterize the case. They also choose the procedures of finding breakthroughs, the appropriate correlation analysis for the patient and the best statistical methods of the data collection process. Generally, the documentation process outlines the plan for the crime examination task ahead.

Data Collection Process

This process involves extracting electronic evidence from the computer networks attacked by cybercriminals. This process aids in generating valuable information from the information and computer systems of the affected party.

Data Storage Process

After gathering and analyzing the evidence, the examiners should record them in the safest gadgets that cannot compromise their integrity and reliability. Furthermore, the evidence found should be stored in systems that will allow easier retrieval and reference if needed.

The Consequences of Broken Chain of Custody

As we saw earlier in this paper, the chain of custody is always used along with the evidence presented in court. Thus, an enormous consequence of not following a proper chain of control can lead to inadmissible evidence in court (Superior Bag, 2021).

If some part of a chain of custody is eliminated, indisputable evidence can be deemed legally worthless by a court of law. Such incidents may be observed if a chain of custody form is mislabeled, if the evidence transfer bag occurred within the unrealistic period, or if unauthorized parties access the evidence. A sloppy chain of custody can lose a case in court and fail to get justice (Superior Bag, 2021). Therefore, the business in this scenario should assign the network forensic investigation to competent forensic experts who have exceptional know-how about the chain of custody to win the case.

References

Alshurafat, H., Beattie, C., Jones, G., & Sands, J. (2020). Perceptions of the usefulness of various teaching methods in forensic accounting education. Accounting Education, 29(2), 177-204.

Caviglione, L., Wendzel, S., & Mazurczyk, W. (2017). The future of digital forensics: Challenges and the road ahead. IEEE Security & Privacy, 15(6), 12-17.

Dobkin, A. (2018). Information fiduciaries in practice: data privacy and user expectations. Berkeley Tech. LJ, 33, 1.

Harbawi, M., & Varol, A. (2017, April). An improved digital evidence acquisition model for the Internet of Things forensic I: A theoretical framework. In 2017 5th International Symposium on Digital Forensic and Security (ISDFS) (pp. 1-6). IEEE.

Imam, F. (2017). Computer Forensics: Legal and Ethical Principles. https://resources.infosecinstitute.com/topic/computer-forensics-legal-ethical-principles/

Norwich University Online, (2017). Five Steps for Conducting Computer Forensics Investigations. https://online.norwich.edu/academic-programs/resources/5-steps-for-conducting-computer-forensics-investigations

Superior Bag, (2021). The Importance of Chain of Custody for Legal Proceedings. https://superiorbag.com/evidence-bags/importance-chain-custody-legal-proceedings/