Cyber Stalking: The Digital Frontier

On the digital frontier, stalkers have updated their weaponry and they are gunning for the unprepared. Cyber stalking is a criminal behavior which occurs when an individual uses the Internet to harass, humiliate, damage, or threaten someone. Most states have included electronic forms of communication as part of stalking or harassment laws. Cyber stalking crimes are classified as misdemeanor or felony offenses depending on aggravating factors which may include: possession of a deadly weapon, violation of a court order or condition of probation or parole, victim under 16 years, or repeatedly victimizing the same person. Based on specific circumstances, these offenses are subject to punishment ranging from probation to ten years in prison.

Forms of Cyber Stalking

Cyber stalking takes on many forms which may include sending victims harassing or threatening emails and text messages and/or posting personal, false or humiliating information on social media. In some cases these perpetrators may send viruses, spam attacks, and harmful programs via e-mail to compromise or destroy the victim’s computer. Even more ominous are cyber stalkers who intend to locate and confront their victim by obtaining personal information such as home and work addresses and phone numbers.

Scope of the Problem

The Department of Justice reports that 6.6 million people are victims of stalking in the United States. More than 25% of stalking victims, report that they were harassed on the internet during their lifetime. Most of these victims experienced significant anxiety or fear and believed that they or someone close to them could be harmed or killed. Most victims know the person stalking them. However, some stalkers fantasize or harbor grudges against public figures or celebrities they have never personally met.

Types of Cyber Stalkers

Cyber stalkers present mental health problems that vary from irrational anger to psychosis. They range from people who are angry ex-partners who feel unfairly rejected to more seriously disturbed individuals who are compulsive, vengeful, or delusional. The motivation for these crimes is to control, intimidate or influence the victim. The harmful effects of cyber stalking most commonly include severe emotional distress and damage to one’s reputation. In serious cases physical, sexual, and fatal assaults have been reported.

Preventive Measures

The following security guidelines are designed to help you prevent cyber stalking by closely protecting your personal information.

  1. Keep antivirus software updated.
  2. Use strong passwords.
  3. Never put personal photos, account profiles or email addresses online.
  4. Do not download unknown e-mail attachments.
  5. Don’t sign into accounts when using public Wi-Fi networks.
  6. Never reveal your home address.
  7. Privatize any online calendars or itineraries.
  8. Delete or password the details of any events you plan to attend.

Managing Cyber Stalking

In the event you become a victim of cyber stalking, here are some initial recommendations to follow.

  • Inform the person that further contact unwanted will be reported to police.
  • After this first warning, stop all responding to that individual.
  • Record the time, place, and details of all unwanted contacts or incidents.
  • Scan and clean your computer thoroughly for malicious software.
  • Change all passwords.
  • Block unwanted calls/ internet contacts.
  • Change phone numbers and e-mail addresses.
  • Inform family, close friends, and employers.
  • File complaints with the stalker’s ISP and websites.
  • File a police report with documented details of the cyber stalking.

Summary

Cyber stalking is a criminal behavior which occurs when an individual uses the Internet to harass, humiliate, damage, or threaten someone. Preventing cyber stalking emphasizes online security and safeguarding your personal information. Managing incidents of cyber stalking includes severing all contact, recording all incidents, and making formal complaints to both internet providers and law enforcement.

Basics of Digital Forensics and Evidence

The science of forensics is essentially the study of legal issues and pursuit of answers to legal questions by applying scientific knowledge using technology. There are two specific cases where legal system becomes involved are; first, is when a private party, such as a business, requires facts to support a civil action like a lawsuit. The second instance occurs when a crime is suspected or has been committed. Now, in both cases, a forensics investigator, or rather a practitioner of forensic science must check the current available resources to find facts that are supported by the available resources. And more so, the facts help answer the questions expected or asked by the legal system.

Forensics Investigations

There are differences between investigations initiated within the private business sector differ much from investigations initiated by public officials for criminal investigations. The most significant difference is the potential impact from the investigation. Private sector investigations potentially result in any or all the following events:

  • The loss/gain of money or goods
  • The loss or retention of employment
  • Potential disciplinary actions
  • Criminal charges

The most frequent cause for an investigation in the public sector is criminal activity which has the potential to incarcerate private citizens. In very few cases, a public investigation will involve the liability of public officials in issues involving public safety and these investigations can result in the loss of public taxpayer funds, or may influence new legislation. Since most public investigations involve crimes and the criminals that commit them, the term public investigation will be used synonymously with criminal investigation in the rest of the text.

The monetary costs associated with legal action are notable motivators for forensics in investigations. In public investigations, prosecution can take years and cost millions of taxpayer dollars in court costs. Suspects in the prosecution must legal defense which comes at a cost and, even if ultimately proven innocent, defendants in legal cases may suffer loss of reputation and employment. If the prosecution fails to successfully convict, the suspect entitled to restitution for losses to reputation or wages. To make matters worse, the suspect will likely have to pursue a private legal action to recoup damages which result in yet more costs.

Legal actions in the private sector are not exempt from monetary motivators. Private sector legal action can extend over several years and cost millions in private funds. Besides the potential monetary costs, private sector cases often bear a high cost in time and inconvenience for all participants.The likelihood of successful legal action whether it be private or public increases substantially as the confidence level in the facts of the investigation increase.

For example, private sector cases are often examining facts to assess if a company policy or employment contract violated. With very few exceptions, public sector investigations that involve law enforcement such as investigations that result from a crime occurring or in cases where a crime is suspected to have occurred.

Private investigations have the potential of revealing criminal activity. Though the technology and tools for gathering facts are the same or similar in private and public sector cases, the procedure to gather the two will differ much. Even though they differ, the two rules are rarely incompatible; but do need agreement with all private parties including the forensics investigators, and private sector attorneys as well as local law enforcement and public attorneys to keep up confidence levels in the facts of the investigations.

Forensics Investigators

Forensic investigators is trained to be a professionals who apply the science of forensics. They apply skills to many sciences and disciplines such as geology, physics, chemistry, toxicology and many more. Therefore, forensics can be defined as the application of diverse scientific disciplines to the answering of legal questions. The first function of a forensics investigator is to assess the legality and appropriateness of collecting evidence. The nature of investigations requires that evidence collection and analysis be performed in full compliance with the law. Both public and private investigations must respect the rights of private citizens.

Once probable cause is established, a call for is issued. With call for in hand, law enforcement is granted the right to search for only specific evidence of a crime but is allowed to collect any evidence in “plain sight” that is clear and telling that any crime has been committed.

Another function of the forensics investigator is to support an exact “chain of custody” of all evidence gathered in a case. The chain of custody is a simple record of what the evidence is who gathered it, when it was gathered, and who accessed it. An exact chain of custody is required to prevent contamination or even the appearance of contamination of the evidence. The chain of custody is equally important in both public and private investigations.

Evidence

Whether public or private, the facts of a case emerge from evidence in an investigation. Evidence is best defined as anything real or ephemeral that reveals and objectively proves the facts of an investigation. Evidence is generally used to prove the facts that a crime was committed; the suspect committed or did not commit a crime, the order of events during the commission of a crime, the motive:

The forms of the evidence can be either; blood evidence, material traced evidence, finger prints, private or personal records, public records, drug content, surveillance evidence, confession and testimony.

During an investigation, two very different roles emerge in the field of forensics. The first role is that of evidence collection. This role requires relatively limited experience, training, and qualifications. An investigator in this role will often travel to the scene of a crime or can be called to prepare evidence for the second role. The second role is that of evidence analysis. Here, evidence is reviewed, assessed, and analyzed for facts and conclusions.

The Importance of File Slack to Digital Forensics and EDiscovery

What is File Slack? And how does it relate to Computer Forensics?

If you have a basic understanding of computers then you know that files take up space on your hard drive. You may also understand that some files are larger than others and that they can range from only a few bytes to many gigabytes. What you may not know is that files actually have two file sizes: A logical size and a physical size. The reason for the two sizes lies in the way that the file system stores files on your hard drive. Without getting into too much detail on how file systems work, the answer to this mystery lies in the understanding of File Slack, which is broken into 2 parts: Drive Slack and RAM Slack. Knowledge of File Slack is not required for everyday computing but it does play a very important role when it comes to Digital Forensics and eDiscovery.

You may have heard the terms Sector and Cluster when referring to hard drives. At a very basic level, the Sector makes up the smallest area on a piece of media, or hard drive, that can be written to. These Sectors are then grouped into Clusters that make up the allocation units on the drive. On Windows systems, the Sector is a fixed size of 512 bytes whereas the Cluster size is determined by the size of the disk itself. So smaller disks will have small Clusters sizes and vice versa. When a file is created, the file system allocates the first available Clusters depending on the logical size of the data being stored. Obviously, every file stored on a drive cannot possibly be the exact size of one or multiple Clusters so there will be space left over in the last cluster. This is File Slack.

RAM Slack refers to the remaining space in the last Sector of a file. Remember, Clusters are the allocation units but the file system still writes in 512 byte chunks. Very rarely will a file be an exact multiple of 512. So, once the file system finishes writing to the last Sector of a file, there will be space at the end of that Sector. Prior to Windows 95 version B, RAM Slack was filled with random data from RAM, hence RAM Slack. This was a huge security hole because data in RAM could contain passwords and other sensitive data. Since then, Windows file systems write the hex key x00 to the remaining space in the last sector of a file.

Drive Slack refers to the remaining un-written-to sectors in the last cluster of a file. The file system does not fill this space like it does with RAM Slack. The file system actually does nothing with this space. Whatever data that was contained in those sectors prior to the file being written still remains there, even remnants of deleted files.

You can see how important File Slack is to Digital Forensics and E-Discovery. With the correct set of tools and an experienced forensic examiner, like myself, data stored in File Slack and Unallocated Space can be recovered.