Date of Award
Master of Science
Electrical and Computer Engineering
Crimes committed over computer networks has increased dramatically over the past few years. From the illegal distribution of copyrighted material to the Internet fraud, computer crime is becoming a prevalent entity in today's wired world. This type of crime has led to the advent of the computer crime investigation. This style of investigation shares many similarities with other types of investigations - a person has committed a crime, an investigator is assigned to figure out who (or whom) committed the crime, the investigator collects evidence and conducts interviews to determine who the suspect is, and, if enough evidence exists, the suspect is charged with the crime. However, crime involving a computer has differences from a standard investigation as well - digital evidence can be easily faked or, by using commercially available products, removed completely. Interviews can be hard to conduct, as in many cases the involved parties exist outside a country's borders. Finally, proving presence can be nearly impossible, as computers are often made available to the public. Solutions must be found to ensure as much digital evidence as possible is discovered and collected before it has a chance to disappear. Such solutions should be proactive in nature, allowing authorities to discover the evidence on their own, rather than reactive, forcing authorities to respond to a crime involving a computer well after it is committed. It should also ensure the data is kept forensically sound, allowing such data to be used as evidence, should the data be used in a trial. The goal of this thesis is to identify current methods being used to investigate computer crime, to offer criteria for the evaluation of current autonomous approaches to investigating computer crime, and provide a solution for those that can benefit from a proactive, autonomous-based evidence collection system. It introduces a modular-based solution called Trident, whose purpose is to identify and collect digital evidence autonomously. Finally, this thesis shows how standard investigation techniques combined with the information Trident produces could be used effectively by computer crime investigators.
Noah Albert Korba
Korba, Noah Albert, "An autonomous approach to proactive computer crime investigation" (2005). Retrospective Theses and Dissertations. 19139.