Site Loader

Live forensics is an effective tool against crimes like fraud, money laundering, and larceny. This lesson explores the basic elements of live forensics and discusses its strengths and weakness.

How Live Forensics Spoiled a Perfect Money Laundering Scheme

Between 2011 and 2013, a black market known as Silk Road traded in all forms of contraband including things like stolen identities, credit card numbers, and other forms of fraud, along with weapons and drugs. To facilitate the movement of these significant sums of money, Silk Road customers and vendors would purchase the equivalent of an electronic poker chip called bitcoin using authentic currency. They would then conduct their illicit transactions before converting their bitcoin back into real currency.When the founder and operator of Silk Road was arrested, his computer held somewhere between $300,000 and $850,000 in bitcoin that he had not yet converted back into regular currency. Believing that the money laundering had already been done for them, two men associated with the investigation, Shaun Bridges and Carl Force, stole the bitcoin, turned it back into regular currency, and deposited it in their retirements accounts. The anti-fraud systems used by the institution that held the retirement accounts responded to the deposits’ red flags generated by their live forensics tools and alerted authorities. Bridges and Force both went to prison for approximately six years.

As bad as that is, it isn’t the worst part of the story. Force was a 15-year veteran of the Drug Enforcement Administration (DEA) and Bridges was a veteran Secret Service Agent who had previously personally guarded President Obama. Without live forensics, the fraud would likely have remained undetected.

Best services for writing your paper according to Trustpilot

Premium Partner
From $18.00 per page
4,8 / 5
Writers Experience
Recommended Service
From $13.90 per page
4,6 / 5
Writers Experience
From $20.00 per page
4,5 / 5
Writers Experience
* All Partners were chosen among 50+ writing services by our Customer Satisfaction Team
Components like this Lancelot FPGA board are used to ensure that although bitcoin is anonymous, it is virtually impossible to counterfeit, making it the ideal means to facilitate illicit monetary movement.

A High-Tech, High-Stakes Game of Cops and Robbers

One of the consequences of living in the information age is the fact that economy and trade become increasingly global year after year. Individuals have the ability to move tangible and intangible assets around the world in minutes using things like wire transfers or expedited shipping with global carriers. These improvements in communication and trade are generally helpful, but they also facilitate crimes like fraud and money laundering.

Live forensics, a tool used to investigate computer-based fraud, is important because the approach is proactive and preventative rather than reactionary and retrospective. Live forensics allows an organization to actively monitor, gather, analyze, and act on information in real-time. There are, however, some specific conditions that make the collection of data using live forensics a bit more nuanced than many other forms of data collection.

Data and records can be examined forensically in real-time as a threat is occurring.
Get Your Head In the Clouds

One of the unique challenges in collecting evidence of fraud is the task of obtaining information from the cloud. The cloud is a means of using off-site infrastructure to perform critical functions such as running enterprise applications, hosting databases, and ensuring data integrity. Cloud-based software and infrastructure is a solution for businesses that want to enjoy the processing power and storage space provided at a performance level beyond what their organization could purchase on their own.In terms of computer forensics, examining electronic assets belonging to the organization is easier because investigators have access to all of the physical resources necessary to carry out the investigation, including servers, desktops, tablets, and other network devices. When attempting to collect forensic information not physically stored on site, investigators must obtain permission to gather information from infrastructure they do not own.

This permission is not automatic, and many large providers essentially require a search warrant before granting the level of access needed to perform the deepest kinds of forensics — especially live forensics in real-time.

Your Secret Isn’t Safe With Siri

In a world that relies on mobile technology more and more every day, the data related to illicit transactions is commonly passed into mobile devices like cell phones or tablets. These devices present a unique challenge in mobile live forensics because their storage and retrieval methods are more proprietary than the technology found in laptop and desktop computers. Forensic tools available for use on mobile devices include both software and hardware packages that allow the recovery of deleted information, but true live forensics involving mobile devices may require cooperation from the cell phone carrier.Many cell phone carriers are extremely careful regarding the release of data, even when the phone and account are company property.

Do not assume that because the company owns and pays for the mobile device the carrier will immediately comply with an information request. Most carriers will preserve data when notified, but the actual release of data goes through the legal department and is often a lengthy process.

We Have the Data, What’s Next?

Data collected via live forensics activities can be leveraged in a variety of ways, including:

-Comparing File Sizes

Some forms of tampering can be discovered by comparing the file sizes (or other unique data) of mirrored databases. When two copies of the same database have features that do not match, it is possible that fraud is occurring.

-Identifying Missing Files

In most publicly available enterprise software, databases almost never truly delete information.

More commonly, the record in the database is flagged as deleted, but the transaction remains. Various analytical tools can be used to scan databases looking for files that are truly missing when they should still exist in a flagged state.

-Monitoring Unusual Processing Activity

Deleting and wiping data clean is a significant task in a large database.

In many cases, a programmer or intruder making a tampering attempt will use a process that has a high demand on resources like processors and memory.

Lesson Summary

Live forensics is a tool that can be leveraged to prevent or detect fraudulent activity by using data acquired and analyzed in real-time. This allows an organization to limit losses by stopping fraudulent activity in progress rather than waiting until it is detected and the resulting losses are permanent. Live forensic tactics, like comparing file sizes or verifying data integrity, represent ways to detect fraud that is active and ongoing.

Live forensics frequently interacts with data in the cloud. Cloud-based data is information hosted on computers in a physical location that is not controlled by the organization, and it is managed using servers and infrastructure that is remote as well. The most significant advantage of cloud-based data is that it is unlikely that a fraudster can manipulate data at a fundamental level. This disadvantage for the perpetrator is also a disadvantage for a business because accessing the raw data often requires the permission of the hosting company.Mobile live forensics involves using real-time data in a cell carrier’s infrastructure to validate findings on a mobile device.

Most major cell phone manufacturers have proprietary data storage and retrieval systems that require specialized tools to recover. Investigators should always keep in mind that cell carriers do not keep things like text messages in their servers indefinitely. They are also stringent about the conditions under which they will release data in their infrastructure.

Post Author: admin


I'm Eric!

Would you like to get a custom essay? How about receiving a customized one?

Check it out