Document the challenges faced in the search and seizure of the computers and mention

a case study where cyber forensics has led to the conviction of the criminal.
Challenges:
 Computers are often prone to hacking or denial of service attacks
 Some criminal suspects change the hard disk within their devices before the
Cyber Forensic expert can gain access to the device
 Some suspects use the write blockers to shift information between the two hard
disks (the main effect is that a forensic examination of the new hard disk, may
not display some of the relevant evidence)
 Some evidence gathered from a hard disk lack consistency and may not be
apparent
 Evidence gathered from a device that was reset, may accentuate the problem
since during the reset process, a small portion of the backup information is likely
to have been reinstalled
 Data hiding techniques such as steganography and encryption can put evidence
of criminal activity where traditional search methods cannot be able to find them
 The increase of PCs and extensive use of internet access
 Lack of physical evidence makes prosecution difficult
 A Large amount of storage space in Terabytes that makes this investigation job
difficult;
 Any technological changes require an upgrade or changes to solutions
 The flexibility and scalability of cloud computing pose a huge challenge to the
forensic investigation;
 Locating data in a way that ensures the privacy rights of the users
 Cyber laws and regulations in different jurisdictions vary and many do not take
into account, the complexity of collecting forensic evidence
 As such, Cyber Forensic investigators get involved in complicated cases that
may include examining Internet abuse, determining the digital resources that are
misused, verifying the offenders’ alibis, and examining how the network was
used to come up with forensic threats
 Spoliation (occurs when the person handling evidence fails to preserve, alters
evidence, or destroys evidence that could be useful in pending ligation)
CASE STUDY
The Melissa Virus
In early March 1999, David Lee Smith, a programmer, was using America Online
(AOL) account to publish a file named 'alt.sex' on the internet. The purpose is to give
free passwords to fee-based websites with adult content. The virus was installed on
users' computers after downloading the file and opening it using Microsoft Word. After
that, it began spreading across the Internet. With a tip from an AOL representative and
cooperation between the FBI, New Jersey law enforcement, Monmouth Internet, a
Swedish computer scientist, and others, authorities traced the electronic fingerprints of
the virus to Smith.
America Online contacted the New Jersey division of criminal justice’s computer
analysis and technology unit. A Swedish programmer used the I.D. number to identify
the author of the code as someone with the online name VicodenES.
On April 1, 1999, Smith was arrested. Fla. Members of the New Jersey State
Police and the FBI executed a search warrant on Smith’s apartment, confiscated his
computer, and, on the basis of what they found, obtained a warrant for Smith’s arrest.
Until Smith's arrest, VicodinES was suspected to be Melissa's author. That connection
was made after Melissa was found to contain the same electronic fingerprint, a Global
Unique Identifier or GUID, as two other viruses created by code writers with the handles
ALT-F11 and VicodinES.
Following that revelation, the FBI seized a Web server in Orlando. The very next
day the state police arrested Smith, who lived in Monmouth County and had a defunct
account with Monmouth Internet.
Following Smith's arrest, CyberCrime researched the IP address
‘209.191.30.193’ from which VicodinES sent his last known e-mail on Jan. 11 to
SourceOfKaos's Sibert. A search of ARIN found that the ‘209.191.30.193’ IP address
belongs to Monmouth Internet. The fact that Smith had an account with Monmouth and
VicodinES sent an e-mail from a Monmouth IP address raises several questions about
the relationship between the two.
On December 10, 1999, Smith pleaded guilty to a second-degree charge of
computer theft and a federal charge of damaging a computer program due to releasing
the virus. On May 1, 2002, he was sentenced to 20 months in federal prison and fined
US$5,000.