Computer forensics – Why you’re not so hard to track down
I've lost count of how many TV shows centre on the forensics of crime but there seems to be an awful lot. Even during my youth, movies and TV programmes would feature fingerprinting and other techniques. Today DNA, bio samples, hair and clothing fibres often figure in the path to the truth.
It seems that people like a detective story, especially if it entails clever scientists weeding out the dark facts of a case. But, dare I say it, this analogue world has become somewhat tedious because of the limited number of scenarios.
However, there is a parallel in the digital world that involves a much wider and faster growing choice.
Today most computer crime goes unchallenged, or even unnoticed, as the web continues to expand. But the forces of good are waking up, taking notice, and increasingly having to take action. As a result digital forensics is on the up and is every bit as challenging as its analogue forebear.
Consider for a moment all the variables that identify you and your machine should you decide to join the dark side. Sure, you can operate in some secret mode and disguise your machine, your identity, and your location, but there is still a lot of data that relates only to you.
So, it is not a matter of looking out for a single big identifier, more a large combination of seemingly insignificant properties – in effect, a multi-dimensional fingerprint.
Consider what a digital fingerprint might look like - and what follows is not a comprehensive list. It is just a taster of what we could look for if we were on the trail of some bad guy:
- Choice of font – style size
- Page formatting
- Span and use of vocabulary
- Word, phrase, slang, colloquialism, terminology use
- Sentence and paragraph structure
- Spelling and grammatical errors
- Flesch-Kincaid reading index
- Choice of software
- Language settings
- Keyboard setting
- Speed, style and rhythm of typing
- Errors and corrections
- Time and duration spent online
- Preference settings
- Applications
- Operating system
- Plugins
- Device type
- Screen size
- Connection type
- Carrier, ISP, networks
- Operational ports
- Update settings
- Routing
- Point, or apparent point of origin
I’m sure you get the idea in terms of the uniqueness of this data as a combinatorial identifier. It is very difficult indeed to break our regular patterns of operation and to randomise everything completely.
And even if we do attempt to do that, guess what? It involves even more patterns that just add another line to the list.
On an even more positive note: the world has far more good neurons than bad - by a long, long way.
(Source: silicon.com)
