CYBER CRIMES

Introduction: Cyber crime is a term used to broadly describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity and include everything from electronic cracking to denial of service attacks. It is also used to include traditional crimes in which computers or networks are used to enable the illicit activity. Computer crime mainly consists of unauthorized access to computer systems data alteration, data destruction, theft of intellectual properly. Cyber crime in the context of national security may involve activism, traditional espionage, or information warfare and related activities [9]. Cyber-crime Science =Crime Science + Information Security:

Types of cyber attacks Data is a precious asset in this modern age of Cyber world. Data is an important raw-material, for Business organizations, Call Centers and I.T. Companies. Data is an important tool and weapon for companies, to capture larger market shares. Due to the importance of Data, its security is a major issue in the I.T. industry. The piracy of data is a threat, faced by the I.T. players, who spend millions to compile or buy Data from the market. Their profits depend upon the security of the Data. [4] Some of the common cyber attacks are as follows :1) Cyber stalking [5] Cyber stalking is also called as online harassment or online abuse It is a technology based attack that uses internet or other electronic means to target a person for particular reasons such as anger, control or revenge. Its motive can be to bring embarrassment or humiliation of the victim, harassing family and friends in order to isolate the victim or even emptying bank accounts (misusing credit card etc.). A cyber stalker is a person who uses technology to trace and locate his victim and keep a track of their movements from a distance. 2) Hacking [5] Hacking is the activity of gaining unauthorized access to data stored in a computer system and performing some illegal act on it. People who indulge in such acts are called hackers. They do such activity by installing backdoor programs on their systems. Some of them also use softwares to crack passwords. These softwares use hit and trial method to check several billions of passwords to find the correct password and have an unauthorized access to data. Hacking is done to interrupt normal working of the computer system or computer network.

Earlier the term hacking was used in a positive sense done for some constructive work but today it is used for people to do malicious programming act on the internet.

3) Spyware [3] It is a software that runs on computers monitoring the users computer activities and collecting the associate information, which might encompass from keystrokes to data files of the current logon user. It can propagate to remote collectors without the awareness or consent of the users. In many cases, the spyware is bundled with other pieces of free software that can be downloaded and installed from the web sites. Without loss of generality, the main purpose of spyware is to collect information and send it to the gatherer. 4) Phishing [5] Phishing is a kind of fraud in which unsolicited emails are sent to the customers of a financial firm, they are asked to fill their username, password and other personal information which gets recorded and the attacker can access their accounts. This is done by creating a false replica of the original site and when the user clicks on a particular link they are directed to this false site and malicious acts are performed. It can also be done by sending emails to the victim claiming to be a legitimate enterprise and waiting for them to commit the mistake of giving the personal details to the attacker. 5) Social Engineering [6] Social engineering is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. It is typically trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases the attacker never comes face-toface with the victims. [7] Social engineering attacks may involve individuals posing as new employees or as current employees requesting assistance to prevent getting fired. Sometimes attackers threaten, cajole, or beg to sway the target. 6) Session-Hijacking [8] Session hijacking is the exploitation of a valid computer session (also called a session key) to gain unauthorized access to information or services in a computer system.

It is relevant to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. A popular method is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through its machine. In general, any attack that involves the exploitation of a session between devices is session hijacking. [9] The attacker generates a sequence number and sends a reset message to one of the parties informing it that the session has ended. After taking one of the party offline, he can use its IP address to connect to the party still online and perform malicious acts.

7) Cross Site Scripting [5] In an XSS attack, a malicious code that can be an HTML code or a browser side script is injected in the legitimate web page and the victim does not get to know that the data he is viewing is actually a malicious code as it thinks that the code came from a trusted source. The malicious can access cookies, session tokens etc and extract sensitive information retained in the browser and use that site 8) Denial of Service & Distributed Denial of Service (Dos & DDos) [6] In a denial-of-service (DoS) attack, the attacker sends a large number of connection or information requests to a target. So many requests are made that the target system becomes overloaded and cannot respond to legitimate requests for service. The system may crash or become unable to perform ordinary functions. A distributed denial-of-service (DDoS) is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Most DDoS attacks are preceded by a preparation phase in which many systems, are compromised. The compromised machines are turned into zombies, machines that are directed remotely (usually by a transmitted command) by the attacker to participate in the attack 9) Man-in the-Middle Attacks [10] In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious party then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of the sender or the receiver. Thus, the attacker can fool the victim into disclosing confidential information.

Figure 1 Man In The Middle Attack

10) Vishing [5] Vishing is a cyber attack technique in which Voice-Over-Internet-Protocol is used to spoof caller IDs to fraud customers of any financial institutions. Believing the caller ID the customers agree to share the private data with the illegitimate caller. It is similar to phishing but does not always occur over the Internet and is carried out using voice technology. It can be conducted by voice email or landline or cellular telephone. 11) Salami Attacks The salami attack approach gets its name from salami or sausage that is made by fushing small bits of meat and fat. In salami attack bits of seemingly inconsistent data are merged to get powerful results. [11] In the salami technique, criminals steal money or resources a bit at a time. [12] The classic story about a salami attack is the old " collect-the-roundoff " trick. In this scam, a programmer modifies arithmetic routines, such as interest computations. Typically, the calculations are carried out to several decimal places beyond the customary two or three kept for financial records. For example, the roundoff goes up to the nearest penny about half the time and down the rest of the time. If a programmer arranges to collect these fractions of pennies in a separate account, a sizable fund can grow with no warning to the financial institution. [12] 12) Bot Networks [5] It is a cyber crime in which a remote system takes control of the victims computer without letting him realize. The victim gets connected to the Bot network when downloading unknowingly a malicious code like a Trojan horse from an email attachment etc and thus the attacker can access and use its computing powers many computer systems. Backdoor is the method used for bypassing normal authentication, or of securing remote access to a computer, while attempting to remain hidden from

casual inspection. The backdoor may be an installed program, or could be a modification of legitimate program. 13) Spoofing [6] Spoofing is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. It is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. In e-mail spoofing, the sender information shown in e-mails (the "From" field)is spoofed. This technique is commonly used by spammers to hide the origin of their e-mails. In website spoofing, an identical website as the original one is created with the intention of misleading readers that the website has been created by a different person or organization. Normally, the spoof website will adopt the design of the target website and sometimes has a similar URL. The 5 principles of opportunity reduction [1] The five principles try to prevent the crime or to deter the offender. The first three principles are economic in nature, the last two are psychological: Increase the effort of crime, for example better locks require more effort to pick, or better passwords require more effort to guess; Increase the risks of crime, for example well lit windows increase the risk of being caught during burglary, or an operator monitoring the network increases the risk of being caught during a hacking attempt; Reduce the rewards of crime, for example marked parts of a stolen vehicle are harder to fence, or encrypted data is harder to sell. Reduce provocations that invite criminal behaviour, for example rapid cleaning of graffiti discourages the application of more graffiti, or rapid restoration of defaced web sites discourages repetition. Remove excuses for criminal behaviour.

Ubiquitous Cyber Terrorism with the Accumulation of all Intangible Fears [3] Cyber terrorists or extremists utilize sophisticated applications combining with voluminous content rich multimedia websites aiming to provide psychological warfare, fundraising, cooperation and distribution of propaganda materials through the Internet channels. It is a reality that the contemporary terrorists or extremists already extensively utilized the Internet, which embodies ubiquitous access, anonymous posting, global reach and ambiguous regulations fostering the terrorists or extremists directly broadcast to the global audiences, supporters as well as adversaries, with little chance of being caught.

The necessity is to improve the techniques to deal with the potential cyber attacks across the entire spectrum, from pre-attack warming, real-time responding mechanism to postattack forensics in order to mitigate the anxiety from cyber threats. Ubiquitous cyber terrorism will make the prevention even harder and sometimes the cyber forensics infeasible due to the prerequisite, which needs real time cooperation among global countries with different regulations, jurisdictions as well as political relationships. With sophisticated complication in its nature, this makes the civilians live in an atmosphere with the sum up of all intangible fears.

Vulnerability of Critical Infrastructures for Cyber Terrorists - The Process Control Systems (PCSs) [3] A Process Control System (PCS) frequently applies in industry or factory automation, which supervises the real-time operating status of the current systems. PCSs are responsible for the safe, reliable and efficient operations of many critical infrastructure components. PCSs play a crucial mechanism for the proper execution for those critical infrastructures. The functionality of a PCS is to monitor the operation of a certain system, for example, the current status of a nuclear plant. Any feedback from the system will trigger specific operations based on the responding mechanism that was embedded in the PCS. PCSs require providing real-time or nearly real-time response for a certain critical infrastructures, which are expected to offer availability round the clock. Once the PCS is compromised, the critical infrastructures will be in danger.

Case Study [3] November 9, 2008, an accident that killed 20 people on a new Russian nuclear submarine was caused by a malfunction of the fire safety system that spewed out chemicals. It was Russias worst naval accident since the nuclear submarine Kursk sank after an onboard torpedo explosion on August 12, 2000, killing all 118 crew members (http://www.cnn.com). The incident indicated that the breakdown of the distinct PCS caused the disaster, which resulted in radioactive contamination to the environment. From the cyber terrorism point of view, the scenario can be duplicated just by triggering different causes right from the keyboard on the terrorists PDA or smart phone, as long as the cyber terrorist has the access authority over the remote PC that controls the PCS.

Factors that encourage cyber crimes [13] The factors that enhance the probability that a company will be the target of theft, fraud, embezzlement, and corruption, including computer crime, can be either motivational (related to the corporate reward system and company policies) or personal (related to the character of a particular perpetrator).

1) Motivational Factors Inadequate rewards, including pay, fringe benefits, stock and stock options, bonuses, incentives, perquisites, job security, meaningful work, and promotional opportunities Failure to offer counseling when performance or behavior falls below acceptable levels. Acceptance of mediocre performance as the standard. Inadequate operational reviews, audits, inspections, and follow-throughs to ensure compliance with company policies, priorities, procedures, and government regulations. Failure to control bias or unfairness in selection, promotion, compensation, and appraisal. An uncertain future where a company faces merger, acquisition, or failure. 2) Personal Factors Inadequate standards of recruitment and selection. Inadequate orientation and training on security matters and on sanctions for violating security rules. Unresolved personal financial problems. Unresolved problems relating to personal status. Prevention and detection of cyber crimes General Prevention Schemes [14] To prevent the cyber stalking one must avoid disclosure of any information pertaining to oneself. This is as worse as disclosing one's identity to strangers in a public place. One should always avoid sending photographs online particularly to strangers and/or chat friends since there have been many incidents of misuse of these photographs. One must always use latest and updated antivirus softwares to guard against attacks by viruses. One must always keep back up volumes or disk backups so that one may not suffer data loss in case of virus contamination One must also never send one's credit card information to any website that is not secured as in ssl HTTPS, to guard against such frauds. One must always keep a watch on the sites that one's children access to prevent any kind of depravation or harassment in children. It is also much better to use security programmes that give control over to the cookies and might send information back to the site such as leaving the client side cookies unguarded may prove fatal. Site owners must watch traffic and should check any irregularities on the website. Putting intrusion detection devices which are host-based, on servers might do this. Also using firewalls might be beneficial.

 Web-servers hosting public sites should be physically protected from internal corporate network. Counter Measures to Computer Crimes [13] Controls that allow only authorized people access to sensitive systems include the following: Passwords Use passwords that are long enough to be difficult to guess. Passwords should not be composed of simple words, names of relatives, and so on, and should be changed regularly. Some organizations have had good results by requiring every password to combine upper and lower case letters, numbers, and special characters. Using intrusion alert programs [15] As it is important to identify and close existing security holes, we also need to put some watchdogs into service. There are some intrusion programs, which identify suspicious activity and report so that necessary action is taken. They need to be operating constantly so that all unusual behavior on network is caught immediately. Use of biometrics Use fingerprints, iris recognition, hand geometry, and other new technologies for added measures of control. Using encryption [15] Encryption is able to transform data into a form that makes it almost impossible to read it without the right key. This key is used to allow controlled access to the information to selected people. The information can be passed on to anyone but only the people with the right key are able to see the information. Encryption allows sending confidential documents by E-mail or save confidential information on laptop computers without having to fear that if someone steals it the data will become public. With the right encryption/decryption software installed, it will hook up to mail program and encrypt/decrypt messages automatically without user interaction. Use of one-time passwords Use hardware or software that generates a new password for each access. This may be generated through the passage of time or using a calculator-like device to enter a randomly generated "challenge" number and get a response number that is then entered into the computer to validate identity. Firewalls [6] A firewall in an information security program is similar to a buildings firewall in that it prevents specific types of information from moving between the outside world, known as the untrusted network and the inside world, known as the trusted network. The firewall may be a separate computer system, a software service running on an existing router or server, or a separate network containing a number of supporting devices.

Compartmentalization Restrict users to the specific files and programs they have a job-related need to access. This requires updates on an "as necessary" basis to conform access to the needs of people moving from assignment to assignment within the organization.

Access Control Organizations can use access control mechanism to protect its resources from unauthorized access while providing seamless and legitimate use of resources. For each resource Access Control List must be maintained that specifies which users or systems or procedures are allowed to access that resource and what operations can be performed by them on the resource. Automatic log off Use this measure to prevent unauthorized access to the system when authorized users fail to log off. Time-day controls Restrict personnel access to those times when they are supposed to be on duty. An extension of this concept for companies using automated time clock systems is to deny access and report a violation if access is attempted when an employee is not shown in the time clock system as being present. Dial-back systems Use these systems when access is through a dial-up system. On accepting a user ID and password, the system hangs up and dials an established number at which the approved user is standing by. This is very helpful when a person works at a predictable location, for example, the home office of a telecommuting employee. MAC address controls Where an employee is located at the end of a broadband connection, it may be possible to limit connectivity to your system only to those physical devices you have authorized. Every Ethernet adapter, for example, has what is called a Machine Address Control (or MAC) address unique to that adapter. Random personal information checks Implement this means of identifying unauthorized log-in attempts. The system randomly transmits a question that only the authorized individual could answer and denies access unless the right answer is received. If several personal questions are on file, this technique can be very effective.

Digital Forensics Digital forensics is the science of identifying, extracting, analyzing and presenting the digital evidence that has been stored in the digital devices. Digital information is fragile in that it can be

easily modified, duplicated, restored or destroyed, etc. In the course of the investigation, the investigator should assure that digital evidence is not modified without proper authorization .Various digital tools and techniques are being used to achieve this [4]. Digital forensics can be used for two key purposes [6]: To investigate allegations of digital malfeasance: A crime against or using digital media, computer technology, or related components (computer as source or object of crime) is referred to as digital malfeasance. To investigate digital malfeasance, it is a must use digital forensics to gather, analyze, and report the findings of an investigation. This is the primary mission of law enforcement in investigating crimes involving computer technologies or online information. To perform root cause analysis Evidentiary Material Evidentiary material (EM), also known as an item of potential evidentiary value, is any information that could potentially support the organizations legal or policy-based case against a suspect [6]. Digital Forensic Investigation Logging Logging can be a security administrators best friend. Its like an administrative partner that is always at work, never complains, never gets tired, and is always on top of things. If properly instructed, this partner can provide the time and place of every event that has occurred in the network or system [16]. Each network device or system has its own logging system such as UNIX servers, Windows servers, firewalls, routers, cache engines, IDSs, applications. Log Files A log file is a file that contains a list of events, which have been "logged" by a computer [17]. Logs are collection of log entries and each entry contains information related to a specific event that has taken place within a system or network [18]. The information is frequently recorded chronologically, and is located in the root directory, or occasionally in a secondary folder, depending on how it is set up with the server. The only person who has regular access to the log files is the system/network administrator, and a log file is generally password protected, so that the administrator has a record of everyone and everything that wants to look at the log files for a specific server [19]. Many logs within an association contain records associated with computer security which are generated by many sources, including operating systems on servers, workstations, networking equipment and other security software, such as antivirus software, firewalls, intrusion detection and prevention systems and many other applications. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. Logs are also useful for performing auditing and forensic analysis, supporting internal investigations, establishing baselines, and identifying operational trends and long-term problems [18].

Log Files In Cyber Forensic In Cyber forensic, log files are like the black box on an airplane that records the events occurred within an organizations system and networks. Logs are composed of log entries that play a very important role in evidence gathering and each entry contains information related to a specific event that has occurred within a system or a network. Log files help cyber forensic process in probing and seizing computer, obtaining electronic evidence for criminal investigations and maintaining computer records for the federal rules of evidence. So it can be said that logging is closely related to Forensic Computing. To make the logs admissible for the use in court, there is a necessity to prove that the logs have not been modified after being generated. Moreover, since the logs contain confidential information, they must be protected strictly. Therefore, a secure logging scheme that ensures the integrity and confidentiality of the logs is needed [18]. Structure of Log Files [20] Each log file contains the following parts: A title. A link to the Client Session Index or Depot Session Index. A link to a list of errors contained in the log. This link exists even if no errors were recorded. A link to any warnings contained in the log. This link exists even if no warnings were recorded. The body of the log file, containing detailed log information. Within the body of the log, the color and weight of the text indicates whether the information describes the status of a normal operation, a warning, or a serious error. The following text conventions are used: Normal Text in normal typeface indicates status messages for a normal operation. Bold Text in bold typeface indicates text that is also displayed to the client, either through the Tivoli Software Installation Service console or as output from a command. Red Text in red indicates a problem. The text indicates whether a message is a warning or fatal error message.

A list of error messages. A list of warning messages.

Log Management [18] With the world wide deployment of IT field the numbers of threats against networks and systems have greatly increased so revolution of computer security needed variety of computer security logs and their management. Log management is essential to ensure that computer security records are stored in sufficient detail for an appropriate period of time. Log management is the process for generating, transmitting, storing, analyzing, and disposing of computer security log data. The fundamental problem with log management is effectively Log generation and storage, protecting the confidentiality, integrity, and availability of logs.

The Challenges In Log Management [18] First, there are several potential problems with the initial generation of logs because of their variety and prevalence. Second, the confidentiality, integrity, and availability of generated logs could be breached inadvertently or intentionally. Finally, the people responsible for performing log analysis are often inadequately prepared and supported. Digital Forensics Methodology In digital forensics, all investigations follow the same basic methodology [6]: Identify relevant items of evidentiary value (EM) Acquire (seize) the evidence without alteration or damage Take steps to assure that the evidence is at every step verifiably authentic and is unchanged from the time it was seized Analyze the data without risking modification or unauthorized access Report the findings to the proper authority Stages of Forensic Investigation: Digital forensics includes Assess, preserving, collecting, confirming, identifying, analyzing, recording, and presenting crime scene information. Stage 1: Assess the Crime scene: To conduct a computer investigation, first one needs to obtain proper authorization. That process begins with the step of assessing the case, asking people questions, and documenting the results in an effort to identify the crime and the location of the evidence. Review the organizations policies and laws and build a team for the investigation. Conduct a thorough assessment of the crime scene. In this investigators prioritise the actions and justify the resources for the internal investigation [4]. Stage 2: Collection phase: Finding the evidence, discovering relevant data, preparing an Order of Volatility, eradicating external avenues of alteration, gathering the evidence, and preparing a chain of custody are the main steps in the collection phase [4]. The principal responsibility of the response team is to acquire the information without altering it [6]. Using proprietary tools, experts can collect a wide range of data and can [21]: Retrieve data from seemingly inaccessible media Access active data on the media Recover deleted data and/or deleted email Access password protected and encrypted files Gather information from databases, contact managers, electronic calendars and other proprietary software Regardless of how the data is collected, a copy of all media (computer hard drives, servers, disks, tapes, etc.) must be made using appropriate and usually proprietary imaging software. This

imaging process provides the client and computer forensic investigators with a snap-shot or mirror image of the data contained on the media. The snap shot is a perfect sector-by-sector copy of the drive, including all of the unused and partially overwritten spaces, the nooks and crannies where important evidence may reside [21]. Computers modify data constantly. The biggest challenge is to show that the person under investigation is the one who stored, used, and maintained the EM, or who conducted the unauthorized activity. To pull means to pull the power cord on whatever computer technology is suspected of housing the EM. By removing the power source, the investigatory team can freeze the system in a known state. Pulling the plug is the only way to assure the system does not change before it can be imaged. The problem is that pulling the plug can destroy information in volatile memory, such as temporary processes or threads. The system may also be critical to the ongoing operations of the organization, like an online file server for example, in which case management cannot afford to allow the system to be taken offline [6]. Chain of Custody Maintaining the chain of custody is the important step. Chain of evidence or chain of custody is defined as the detailed documentation of the collection, storage, transfer, and ownership of collected evidence from the crime scene through its presentation in court. Identification of the evidence must be preserved to maintain its integrity. So, hash calculation is applied into each collected evidence [4]. Step 3: Analysis phase: Examine the collected data/files and finding out the actual evidence. The computer forensic investigator must trace, filter, and extract hidden data during the process [4]. Forensic investigators can examine hidden information associated with recovered files (including deleted data or data from inactive or unused storage areas on the media) and provide a historical ledger of the content contained in the files. In essence, they can reveal evidence of the conduct of those people who had access to the drive. Computer forensic engineering analysis can include [21]: Recreating a specific chain of events or user activity, including internet activity and email communication Searching for key words and key dates Searching for copies of previous document drafts Authenticating data files and the date and time stamps of those files Advising on what evidence is likely to be found on the computer media and identifying the most effective set of data to search Step 4: Report phase: In the report generation phase, the audience will be able to understand the evidence data which has been acquired from the evidence collection and analysis phases [4]. Once the investigators have found a suitable amount of information, they can summarize their findings, along with a synopsis of their investigatory procedures, in a report and submit it to the appropriate authority

[6]. Additionally, it records the time and provides hash values of the collected evidence for the chain-of-custody [4].

Figure 2 Flow chart of Digital Forensic Investigation processes [4]

REFERENCES [1] Cyber-crime Science = Crime Science + Information Security, Pieter Hartel, Marianne Junger, and Roel Wieringa, University of Twente, Version 0.19, 24th August 2011.

[2] Cybercrime: A threat to Network Security, Ammar Yassir and Smitha Nayak, Department of Computing, Muscat College, Sultanate of Oman. [3] Next Generation of Terrorism: Ubiquitous CyberTerrorism with the Accumulation of all Intangible Fears, Journal of Universal Computer Science, vol. 15, no. 12 (2009), 23912404 [4] Digital Forensic Investigation Tools and Procedures, K. K. Sindhu, Dr. B. B. Meshram Shah And Anchor Kutchhi Engg College. Mumbai, India, Veermata Jijabai Technological Institute, Mumbai, India [5] An Overview Study on Cyber crimes in Internet, V.Karamchand Gandhi, Assistant Professor, Department of Computer Science, Bharath College of Science and Management, Thanjavur, Tamil Nadu South India. [6] Principles of Information Security, Michael E.Whitman Herbert J.Mattord, Fourth edition, Cengage Learning. [7] http://en.wikipedia.org/wiki/Social_engineering_(security) [8] http://en.wikipedia.org/wiki/Session_hijacking [9]http://www.windowsecurity.com/articles/understanding-man-in-the-middle-attacks-arppart3.html [10] http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attack [11] http://social.microsoft.com/Forums/is/LearningManagerKB/thread/0ce995b5-cb91-4528bed8- e601fb83b728 [12] http://www.networkworld.com/newsletters/sec/2002/01467137.html [13]http://www.aicpa.org/interestareas/forensicandvaluation/resources/fraudpreventiondetectionr esponse/pages/controls%20for%20preventing%20and%20detecting%20computer%20crime.aspx [14] http://www.naavi.org/pati/pati_cybercrimes_dec03.htm [15] http://www.cidap.gov.in/documents/Cyber%20Crime.pdf [16]http://www.sans.org/reading_room/whitepapers/logging/importance-logging-trafficmonitoring- information-security_1379 [17] http://www.techterms.com/definition/logfile [18] A Review of Computer forensic & Logging System, Mayank Saxena, Nikhil Kumar Singh, Satyendra Singh Thakur, and Parmalik kumar, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 2, Issue 1, January 2012 [19] http://www.brickmarketing.com/define-log-file.htm [20]http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic= %2Fcom.ibm.tivoli.frmwrk.doc%2Finstguid193.htm

[21]http://www.krollontrack.co.uk/publications/UK%20EE%20Newsletter%20I1%20V3%20AP %20CF.pdf