Analysis Of Digital Evidence In Identity Theft Investigations

By Author: Wisemonkeys
Total Articles: 277
Comment this article

Abstract—In the contemporary internet-driven era, identity theft could be seen as a serious issue. There are numerous ways to commit this kind of computer crime, and various statistics data indicate that it is becoming more prevalent. While attempts to strengthen security and protection appear insufficient to stop it, it intimidates personal privacy and confidence. After an inquiry into an identity theft occurrence, a forensic study of the digital data should be able to produce exact results. In relation to the digital evidence, the investigation of internet - based identity theft is now conducted on an ad hoc and unstructured basis.

Keywords— Identity theft, E-Crime, Digital Evidence, Computer Forensics.

I. Introduction
The terms “identity theft” and “identity fraud” have come to be used interchangeably in popular usage, even though the two are different from a legal point of view. Some consider identity theft to be a subcategory of identity fraud.

Legal codes typically distinguish between theft and fraud by characterizing the latter as taking from the victim through deception or cunning, ...
... such as when one borrows money from the victim with no intention of returning it. Contrarily, simple theft refers to direct theft without consent from the victim. As can be seen, both of these takings are covered under federal law.

It is obvious that the crimes associated with identity theft are not at all new, but rather, ancient crimes that have been made worse by the use of, or theft of, stolen identities.

However, in our opinion, the federal statute was more likely inspired by the widespread media coverage of identity theft victims in the late 1990s than by those earlier offences. These victims were frequently victimised over a period of months or even years, and they were either unable to recover their identities or were unable to persuade the authorities in charge of credit issuing and reporting of their loss.

The Identity Theft Act of 1998 was eventually passed as a result of Congressional hearings that were sparked by the publicity.

Cybercrime and digital devices are the main topics of the forensic science subfield known as "digital forensics." Forensic investigators gather information to help convict criminals through the process of locating, conserving, evaluating, and documenting digital evidence. To extract and preserve digital evidence, a safe environment is required due to the lengthy nature of the digital forensic procedure.

Digital forensic is the collection, assessment and presentation of evidence gathered from digital media .

A) Digital evidence comes from computers, mobile phones and servers.
B) Digital forensics helps solve complicated cases that rely on evidence from electronic from electronic devices.
The digital forensic process is intensive. First, investigators find on electronic devices and save the data to a safe drive. Then, they analyse and document the information. Once it’s ready, they give the digital evidence to police to help solve a crime or present it in court to help convict a criminal.

This study contributes to the field in two important ways: first, it suggests examining various computer crimes according to their nature, and second, it distinguishes the investigation process between the victim and the fraudster depending on who owns the digital material. An individual framework that supports Identity Theft investigations is required, according to background research on the current investigative techniques. The structure of the current computer forensic frameworks served as a basis for the construction of the investigative framework that is being presented. It is a versatile, conceptual instrument that will support the job of the investigator and analyse instances involving this kind of crime. The results of the study have been presented in detail along with any pertinent information for the investigator.

The goal is to provide computer forensics investigators with a clear tool that they could use. As a result, the research findings will not only be assessed based on a laboratory experiment but also enhanced and improved based on evaluation input from law enforcement professionals. Even while personal identities are being recorded and exchanged more frequently on digital media, the risk of private information being exploited fraudulently cannot be completely removed. The nature of the issue can be better understood, though, when similar occurrences are thoroughly investigated.

II. TYPES OF IDENTIY
The three most common types of identity theft are financial, medical and online. Learn how you can prevent them and what to do if they happen to you.

Financial Identity Theft:
Most people associate identity theft with this type of crime, which involves the use of personal information to take over financial accounts.

If you notice suspicious activity on a credit card or bank statement.
Contact all financial institutions where you hold accounts and place a 90-day fraud alert on your credit reports by contacting all three credit reporting agencies individually (see resources at end of article). This prevents identity thieves from opening new accounts in your name, as most lenders need to review your credit report before approving an account.

Protect your Social Security number
This is one of the most important steps you can take to safeguard your financial holdings from bank to credit card accounts.

Many are not aware that a Social Security number can also be used to gain access to your tax records and refunds. Filing your tax return early can lessen the chances of someone else accessing your refund, as duplicative returns will raise red flags with the IRS.

Medical Identity Theft:
Did you know that your health insurance information can be used by someone else to see a doctor, get prescription drugs or file claims to your insurance provider?

How you can protect yourself against medical identity theft

Be sure to read all medical and insurance statements carefully, and if something looks unfamiliar to you, call your health insurance customer service number to cross-reference your information with theirs.
If it appears someone used your information, alert your medical providers immediately. Be prepared to gather supporting documentation to send to all parties involved.
Finally, follow up with both insurance and medical providers to make sure all errors have been amended.
Online Identity Theft :
A sharp increase in social media use means greater opportunities than ever before to steal identities or perpetuate fraud online.

Tips to help you protect yourself when using social media

It may seem harmless to post on your profile that you'll be out of town or bought a new car. But in the age of oversharing, seemingly innocent information can be dangerous if it gets into the wrong hands.
When it comes to stalking or stealing an identity, use of photo- and video-sharing sites provides deeper insights into you and those you care about, your house and places you like to frequent.
Each time you make a social media status update, think about whether it could be used to compromise your privacy or security in any way.
Be selective when accepting network invites, and remember that it's not "unfriendly" to decline adding someone you don't know — it's common sense.
III.IDENTIFYING IDENTITY THEFT
The DOJ (Department of Justice) recommends customers to follow the procedures below to prevent becoming victims of identity theft and to recognise such theft as soon as it has occurred:

No matter the circumstance, be "stingy" when disclosing personally identifiable information to outsiders unless there is a good basis to believe the person making the request is trustworthy.
Routinely monitor bank accounts and monthly credit bills for unauthorised debits or purchases, and report any irregularities right once to the bank or credit card company.
Occasionally get a copy of your credit report for yourself and check it for any accounts that were started or used without your permission.
Keep meticulous records of your finances and banking transactions (e.g., keep monthly statements and checks for at least one year).
According to this steps claims that a person's identity may have been stolen if they:

Fails to receive invoices or other mail, which could indicate that the thief has changed their address.
Gets granted credit without applying for it or is denied credit for no discernible reason.
Gets phone calls or letters regarding goods or services they didn't buy from debt collectors or companies.
Despite the possibility that any of these occurrences were the result of human error, DCP advises getting in touch with the company directly to learn more.
IV. ANALYSIS OF DIGITAL EVIDENCE
Online identity theft is regarded as a relatively new type of fraud, and forensic investigators lack adequate guidelines. The investigator will need to reveal the electronic trail of evidence and make an effort to offer potential justifications for how such a crime may have happened. Examining the use of computers and the internet in criminal activity is part of this digital trail. The investigation should determine how the breach of personal data that allowed the misuse of resources like a credit card number to happen happened. The misuse should also be described in detail, including dates, items acquired, and financial outlays. The perpetrator should also be named if at all possible.

Much of this information can be found in the data that is extracted and examined forensically from computer hard drives. However, the process of turning data into evidence is time-consuming, expensive, and ultimately requires that the jury be able to understand it. Therefore, it would be beneficial to develop an analytical framework that would make it easier to investigate online identity theft cases and manage the relevant digital data. There is room for more research in the development of a formalised and structured method that would support computer forensic investigation practise in terms of evidence identification, courtroom presentation, etc.

It combines several risks against online identities and ways to obtain illegal benefits in this direction based on research of the literature up to this point. Any potential digital evidence is first identified and recorded according to category. Other elements that should be taken into account throughout an inquiry are also noted, such as the necessary abilities and perpetrator's capability profile. When examining a case involving online ID theft, forensics experts could then turn to this. The primary concept is that by using such a methodical analytical framework, the expert will be able to recognise and comprehend the nature of the crime scene in the future.

Card cloning, attacks on off-line stored data (such as backup copies and disaster recovery facilities), assaults on data media in general, use of CCTV footage, etc. are possible additional approaches that are not covered in further detail here because we are focusing on online ID theft.

V. ID THEFT TECHNIQUES AND DIGITAL EVIDENCE

The methods used to gather this information include burglary, social engineering, looking through residential trash bags, and even the identification of a deceased person.

In order to obtain the necessary information, high-tech ID theft methods typically involve a computer and the internet. The most popular strategies are described below, and they all demand at least intermediate information technology knowledge and skills.

Phishing:
Phishing is the practice of obtaining personal information by sending emails that look to be from reliable sources. A phishing campaign involves the widespread dissemination of "spoofed" emails with reply addresses, links, and branding that impersonate those from financial institutions, insurance providers, shops, or credit card issuers. By employing corporate logos and formatting that is comparable to those of the legitimate companies, the mails appear genuine. When personal information, such as personal account numbers, passwords, and other sensitive information, is required for auditing or verification purposes, the threat is perceptibly dangerous.

Web – Spoofing:
Web spoofing is a technique used to trick consumers into thinking they are visiting a company's legitimate website. Instead, they were actually sent to a website that was "spoofing," where any personal information supplied would be saved and exploited maliciously. The web pages will have been created by qualified web designers and are frequently an exact replica of the website of the actual organization. The crucial distinction is that a few small adjustments enable the storage of user information on the fraudster's servers.

Malicious Software:
Spyware is made to take advantage of infected computers, typically for commercial gain. As a result of tracking online browser activity, HTTP requests are forwarded to websites that are promoted by spyware. Additionally, pop-up adverts may be displayed, or users' personal information, including financial information, may be stolen. An identity theft ring recently deployed spyware to remotely retrieve and store user information. Sunbelt, an anti-spyware company, conducted research that revealed this. Some Trojan Horses are security-breeders with the capacity to capture passwords and personal information and transmit it to fraudsters via a variety of channels.

Problematic Biometric System:
The idea behind biometrics was to combat identity theft. Although the goal of this technique of identity verification is to replace weak passwords, there are already several ways for scammers to compromise a biometric system. By interfering with devices that read biometric data or changing the records they hold, it is possible to trick biometric technology. By blowing on the glass, chilling down the sensors to produce false readings, dusting the fingerprint with graphite powder, creating a "jelly finger," etc., it is possible to reuse fingerprints that have been left on scanners. Playing someone's video at the reader can sometimes fool facial recognition software and provide access to a system.

VI. PREVENTING IDENTITY THEFT
Install antivirus software
Antivirus software can prevent hackers from accessing information on your computer and mobile devices. The FTC says you might be a victim of malware, which includes viruses, spyware, and other unwanted software, if your computer:

Slows down, crashes, or displays error messages
Fails to shut down or restart
Delivers pop-ups or other unwanted ads
Sends you to web pages you didn't search for
Shows new, unexpected toolbars
Changes your default web browser
Drains its battery quickly
Because criminals can more easily hack outdated software, keep your antivirus software current or set it to update itself automatically.

Create different passwords for your accounts
A secure password is long, complex, and unique. Create different passwords for various accounts, which is easiest to do with a good password manager. Avoid using information related to your identity, such as the last four digits of your Social Security number, your birthday, your initials, or parts of your name.

Creating passwords with at least 15 characters because these are more difficult for a computer program or hacker to crack. As for security questions, the FTC advises selecting questions that only you can answer, instead of information that could be available online like your ZIP code, birth place or mother’s maiden name. Also, avoid giving generic responses, such as “chocolate,” as your favourite dessert.

Review credit card and bank statements regularly.
Credit card fraud is the most common type of identity theft. As a result, one of the most effective ways to prevent ID theft is to regularly your credit card and bank statements regularly for transactions you don't recognize. These could be small amounts that a thief makes to see if you notice. If neither you nor your financial institutions flags them, the thief will most likely try to make larger purchases. Know when you usually receive statements and inquire if they're late.

Other techniques, not discussed in further detail here as we focus on online ID theft, may

include card cloning (Gerard et al., 2004a,b), attacks on off-line kept data (e.g. back-up

copies and disaster recovery facilities) or data media in general (McKinley, 2004) and

use of CCTV footage, etc.

VII. CONCLUSION
Examiners can obtain information that can support allegations of criminal activity through conversation or message exchange, photographs, and documents if evidence collection and analysis are done correctly. The examiner will often include all the supporting documents, emphasising pertinent details, as well as a report outlining how the data was extracted. Similar to other sorts of evidence, the chain of custody and appropriate collection and extraction methods are essential to the evidence's reliability and must be meticulously documented.

VIII. REFERENCES
https://researchprofiles.herts.ac.uk/en/publications/analysis-of-digital-evidence-in-identity-theft-investigations
https://www.researchgate.net/publication/229015620_Online_ID_theft_techniques_investigation_and_response
https://www.usnews.com/360-reviews/privacy/identity-theft-protection/10-ways-to-prevent-identity-theft
https://www.texasattorneygeneral.gov/consumer-protection/identity-theft/help-prevent-identity-theft
https://oit.ncsu.edu/it-security/safe-computing/identity-theft/introduction/
https://www.experian.com/blogs/ask-experian/20-types-of-identity-theft-and-fraud/
https://nij.ojp.gov/digital-evidence-and-forensics
Wisemonkeys(https://wisemonkeys.info/), is an LMS platform with unique features like “Ask a question” and get answers from experts within no time. It’s a mass initiative to spread knowledge worldwide, truly believe in “When we know knowledge is free then why not spread it.” From various sectors to industries, write your heart out and get noticed.

Explore Wisemonkeys now.(https://me.wisemonkeys.info/login)

For the Monkeys | By the Monkeys.