A lot of new terms have come at us over the past decade as computers have reached an unbelievable level of sophistication and speed.
It's hard to imagine what they will be like ten years from now, considering the current rate of growth in processing power and disk storage. As with anything else in life, there is much good news and bad news associated with this rapid growth.
Back to 1981
Knowing what was currently running on my trusty TRS-80 Model III was easy way back then. As I mentioned in an earlier article, I couldn't afford to buy the optional 5¼" 70K formatted disk drives for an additional $1,000, so I had to use a cassette recorder and run a program called CLOAD to enter the basic language program into the 16K of memory that mine came with. (A few months later, I increased the memory all the way up to its maximum amount of 48K. I can remember running frequent memory tests just to watch it run all the way up to 48K - wow!)
My Model III remained a pretty cool machine for about four years. Everything that could possibly happen to it was the only thing happening at any given time. There were no viruses to worry about, and no hard drives (or even floppy disk drives) to need to administer and keep up to date. The computer was truly a single user, single process machine and I always knew just what it was processing. If you had the money to purchase an acoustical modem you could connect to 'something on the other end' at a whopping 300 baud. Comparing that to today's T-1 connections at 100,000,000 baud (100 megabits per second) is inconceivable. On top of all of that, there were no computer crimes to worry about. The first laws relating to computer crimes wouldn't hit the books until the mid-80s. Life was good.
The machine that I'm using to write this article is a little different than my trusty TRS-80 Model III. I'm sure that there are now much faster machines out there because mine has just had its first birthday. It's now no small task to be sure that everything that is running on it is supposed to be running. Do I have any trojans running? Are there any viruses that my current virus signature file doesn't know about? Has someone entered a keystroke reading program onto my computer? Is my personal firewall configured for maximum protection while still letting things in and out of my computer? All of this newfound power brings lots more to worry about doesn't it?
What about those workstations sitting on every desk in just about every business today? I was working for a huge company in 1981 when I purchased my Model III for home use. At that time there were NO computers that I am aware of in any of the offices in that huge company. Things were about to change - forever!
I've not done the research to see when this term first came into general use. I suspect that it became much more meaningful immediately after the first computer crime laws showed up on the books. If a crime was committed using a computer, or the crime targeted a computer, the investigation of that crime would need to incorporate some form of computer forensics to establish the evidence. This obviously gets more complex as the computers become more complex.
This would be a simple process if my TRS-80 Model III were the computer in question. It had no hard drive, no floppy drives and only 16K of very volatile memory that would be cleared as soon as power was removed. The only non-volatile offline storage was the cassette tapes that I used to store my tiny bits of data from Visicalc and WordStar.
Storage capabilities are just a little different now. I wouldn't be surprised to see 100-gigabyte disk drives available at my local Office Depot by the end of this year. That's a lot of space (including that mysterious slack space) for possible evidence to reside. That's a lot of space for your very valuable intellectual property, trade secrets, personal files, customer account information, unauthorized insider activity or dozens of other bits of critical information for your business. I've said this many times during the past few years: "We're at a place where everything that is important to just about every company resides on some hard drive(s) somewhere." Proper computer forensic investigations are critical in attempting to discover just what does reside on those hard drives after a suspected crime or corporate policy violation.
I always get a little sad when I consider all of the issues and potential problems that have come with the rapid growth of this thing called the computer. Those of us who have been computer geeks from the early days have seen more change than we thought we would ever see, especially so quickly. We've seen many of our close friends build their businesses around the incredible computing power that can be purchased today for just about what I paid for my stripped down TRS-80 way back in 1981 ($1,500). We've also seen a few of our friends lose those businesses because of the same computer and the vulnerabilities that come from not doing frequent, backups, not having a network or personal firewall installed and properly configured, or not keeping their anti-virus software up to date.
Learning More About Forensics
Obviously, I can only scratch the surface of this complex subject in a brief opinion article. Let me tell you about two more places that you can go for a lot more information.
Guidance Software, Inc. (www.guidancesoftware.com) is the world's leader in providing forensic and enterprise-investigation solutions. They will be hosting the Guidance Software Computer and Enterprise Investigations Conference 2002 conference in Chantilly, Virginia, USA on September 16 - 17, 2002. This annual event brings together some of the top forensic investigators in the world.
Another place to go for additional information on this subject is the High Tech Crime Network (www.htcn.org). This highly respected organization has been offering an extensive list of forensic and computer crime-related certifications for the past 10 years.
Until next month,
Stay safe out there.
Jack Wiles is president and co-founder of TheTrainingCo and is a 30+ year security veteran. He is also the MC of the annual International Techno-Security Conferences. You can email him at firstname.lastname@example.org or find out more about him by visiting www.thetrainingco.com/biojackwiles.html.