The January 17, 2009, meeting was held as usual at the Hunterdon Medical Center. About 25 members came out in the very cold weather to socialize and to hear the presentation on computer forensics. If you came early, you may have seen the reporter from the Hunterdon County Democrat there. Keep your eye out for an article in the Democrat and/or Hunterdon Life about our club.
Lon Hosford, President of the club, opened the meeting by stating that the club is open to anyone with an interest in computers. There is no charge to visit and membership is $25 a year or $30 a year for a family. He also reminded us to visit the club’s web site frequently for information and postings.
Before Lon opened the meeting to questions, he described his experience with Windows Vista. He found that his mouse and keyboard had reversed the execution of their commands. If this happens to you, he suggests you shut down the computer so the mouse and keyboard can reset themselves.
Microsoft has different applications that can be started by holding down the control key for five seconds. If this happens and you are unfamiliar with what you see on the screen, hold down the control key again for five seconds to revert back to the original application.
Q. How can I change the font on an incoming email to a larger size when using Outlook Express? How can I permanently enlarge the font on incoming emails?
A. Highlight the incoming email content and paste it into Notepad and enlarge the font. Or, right click the mouse to see if there are other options that can affect printing.
Q. Who do I go to change my email address for club information?
A. Contact John Gbur or Jim Aller.
Peter Czerwinski commented that on Google, Google Talk, Google Phototech you can view 30 hours of instruction on photography. Some problems discussed there are problems with focusing and panoramas, among other topics. He also recommends the channel on authors. You can hear the author talk and give information about his books.
FoxMarks is a plug-in for FireFox. With this, you can see your bookmarks wherever you are.
Lon suggested we add new segments to our meeting. The first new segment will be called the Weird Computer Science Section. Under this new segment, Bruce Arnold said there has been a lot of talk on the blogs about Windows 7, which was beta released a few days ago. Windows 7 is Microsoft’s new operating system, actually it is a downgrade of Vista. Many users and companies still prefer using XP and this may be Microsoft’s answer to them. This is a very nice product, barebones Vista, very smooth, nice graphics, nice features, with few bells and whistles. The beta can be downloaded free. This can be tried on an old computer .if you wish. The minimum requirement is a gig of RAM and a good video card and it is compatible with DirectX9. You can purchase an inexpensive video card on the internet if needed.
Presentation:Â Computer Forensic Investigation by Musa Husseini
Lon welcomed our speaker, Musa Husseini. Mr. Husseini is currently a Product Support Manager at Advanced Internet Technologies and works with the NJ.com web site. He has broad knowledge and experience with operating systems, a wide variety of hardware, and many different software programs. He has 15 years of professional IT experience and is a part time instructor. He teaches classes at night on hardware, software and computer forensics at Anthem Institute in Jersey City. Anthem Institute was formerly called Chubb Institute.Â
Computer forensics is a very important field and has grown dramatically over the last 18 years because of wide spread computer fraud, theft of company records, criminal investigations, identity theft, income tax evasion, and many other crimes.  Forensics is not new and has been used in law enforcement since 1932. In 1991 the International Association for Investigation Specialists introduced training for law enforcement. Growth in computer and internet knowledge, especially internet file sharing, has made it easier to commit crimes. Computer crimes are rising due to proliferation of pcs, growth in the internet, hacking tools, anonymity, email spoofing, fake profiles, identity theft, ease of use, and people are making money doing it!
The FBI has reported that 71% of organizations experienced at least one attack in 2004. Most attacks occur from inside the organization.
Computer forensics primarily involves exploration and application of scientifically proven methods to gather, process, interpret, and utilize digital evidence in a manner that is acceptable in a court of law.
In order for evidence to be presented in court, validated software must be used. The data must be preserved exactly as it was found and be secured against damage and contamination, and it must be able to be retrieved.
When computer data is deleted, it is still there and can be retrieved by certain software from the recycle bin and moved to unallocated disk space. When new files are saved, it can lessen chances of retrieving the deleted data. When a drive is formatted, it does not wipe out data, it just prepares the drive to save new data over the old files.
Computer forensics is used by law enforcement at local, state, government agencies, the FBI, CIA, NSA, and DOD for investigating terrorism, cybercrime and espionage. In the corporate world, it is used to investigate healthcare; financial, pharmaceutical fraud; money laundering; insider trading; and embezzlement. It is also used in other investigations, such as violent crimes, child pornography, identity theft, and drug trafficking.
Some other uses for computer forensics are in tracking emails, web browsing, and electronic data recovery, such as salvaging data from secondary storage media, i.e., hard drives. In disaster recovery it is critical to the resumption of business, including regaining access to data.
The goals of computer forensics are to recover data in the event of hardware or software failure, to analyze a computer system after break in, to gather information against an employee that an organization wishes to terminate, and to gain information about how a computer system works for the purpose of debugging performance optimization or reverse engineering. Emphasis is placed on data preservation and a hard drive’s data is preserved in an image file of the hard drive. Hard drive blocking devices are used to prevent accidental changes in the image file so the files can be used as evidence in court. Hash values are used as fingerprints or digital “DNAâ€.
When a criminal offense is being investigated and a court case is required, an image file of the hard drive must be made and care must be taken not to contaminate the computer data. A custody chain of the data must be documented. Just copying the data is not acceptable. The image file must include everything. Regular backup software will only copy the data it recognizes and that is not sufficient.
The job of the investigators is to recover data from deleted files, file fragments and complete files and all other areas where data can be hidden. Data can be hidden in unallocated space, file slack, RAM slack, hidden partitions, and partition gaps. All work is done on copies of the image of the hard drive being investigated and must be done on specially configured machines that duplicate the computer hard drive which was originally used.
There are portable forensic tool kits which are used at crime scenes which use special software to prevent evidence contamination. Notebooks are considered harder to handle than desk top computers. There is also software that allows imaging of computer hard drives that are located out of the country.
A warrant is required for searching computers in a criminal investigation. Warrants are also required for tracing electronic communications.
A question was asked if investigators have a legal right to get data stored on outside servers. Mr. Husseini said that it must be mentioned on the warrant that they have the right to access data stored on outside servers. The ISP must release data if requested by investigators if it is listed in the warrant. If you obtain evidence illegally, it still can be used. The Patriot Act allows data recovered that is related to national security to be used. Data not of national security interest can be challenged. The Silver Plate rule says physical evidence found at the scene gives authorities the right to widen the search and include computer evidence.
As many of us have watched shows on television, such as CSI, and wonder if this is the way they track down criminals, rest assured that this field has become indispensable in solving cases and in finding evidence and prosecuting criminals. Be aware that there are many career opportunities in the relatively new, growing field of computer forensics. There are 6 to 12 month training courses required in law enforcement and corporate fraud. Certification is required. Check it out.
Our thanks to Musa Husseini for a compelling presentation. His information made us realize how knowledgeable criminals are in using the internet and computers to defraud us and commit crimes, but law enforcement is using new tools and software to get inside the crime and bring the criminals to court. In terrorism, fraud, and criminal activity, these investigators are solving crimes which might not have been possible before.