A brief history

Law enforcement first started to pay attention to the role that computers play in criminal activity in the mid-1980s. Prior to this, existing laws and law enforcement techniques were not adept at identifying and prosecuting computer criminals. As the use of computers by criminals began to gain more prominence, agencies such as the United States Federal Bureau of Investigation (FBI) decided to incorporate a dedicated digital and forensic investigation capability. This led to the creation of the FBI Computer Analysis and Response Team (CART). Other agencies, such as the Metropolitan Police Service, started to build a capability for investigating cybercrime.

 

An excellent historical document that addresses the FBI's CART is a short article in the United States Department of Justice Crime Laboratory Digest, dated January 1992: https://www.ncjrs.gov/pdffiles1/Digitization/137561NCJRS.pdf.

Two other seminal events brought the need for cyber investigations and forensics into the minds of many. The first was hacker Markus Hess breaking into the Lawrence Berkeley National Laboratory. This break-in might have gone undetected had it not been for the efforts of Clifford Stoll, who hatched a plan to trap the attacker long enough to trace the connection. These efforts paid off, and Stoll, along with other authorities, was able to trace the hacker and eventually prosecute him for espionage. This entire episode is recorded in Stoll's book, The Cuckoo's Egg.

The second high-profile event was the Morris worm that was unleashed on the fledgling internet in 1988. The worm, created and released by Robert Tappan Morris, caused denial of service on a number of systems, subsequently causing damage in excess of $100,000. A post-incident investigation by a number of individuals, including Clifford Stoll, found at least 6,000 systems were infected. The rapid spread of the worm and the damage associated with it led to the creation of the Carnegie Mellon CERT Coordination Center (CERT/CC).

Throughout the 1990s, as more law enforcement agencies began to incorporate digital forensics into their investigative capabilities, the need for standardization of forensic processes became more apparent. In 1993, an international conference was held to specifically address the role of computer evidence. Shortly thereafter, in 1995, the International Organization on Computer Evidence (IOCE) was formed. This body was created to develop guidelines and standards around the various phases of the digital forensics examination process. In 1998, in conjunction with the IOCE, the federal crime laboratory directors created the Scientific Working Group on Digital Evidence (SWGDE). This group represented the United States component of the IOCE's attempt to standardize digital forensics practices.

As organizations continued to standardize practices, law enforcement agencies continued to implement digital forensics in their overall forensic capabilities. In 2000, the FBI established the first Regional Computer Forensic Laboratory (RCFL). These laboratories were established to serve law enforcement at various levels, in a number of cybercriminal investigations. The RCFL capability has grown over the last two decades, with 17 separate RCFLs spread across the United States. In addition, other federal, state, and local police agencies have formed task forces and standalone digital forensics capabilities. With ever-increasing instances of computer-related crime, these agencies will continue to perform their critical work.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.170.183