What is Computer?

First electronic computer (1943) : the building of ColossusBy designing a huge machine now generally regarded as the world's first programmable electronic computer, the then Post Office Research Branch played a crucial but secret role in helping to win the Second World War. The purpose of Colossus was to decipher messages that came in on a German cipher machine, called the Lorenz SZ.The original Colossus used a vast array of telephone exchange parts together with 1,500 electronic valves and was the size of a small room, weighing around a ton. This 'string and sealing wax affair' could process 5,000 characters a second to run through the many millions of possible settings for the code wheels on the Lorenz system in hours - rather than weeks.Both machines were designed and constructed by a Post Office Research team headed by Tommy Flowers at Dollis Hill and transported to the secret code-breaking centre at Bletchley Park, near Milton Keynes, where it was demonstrated on December 8, 1943. We have to fast forward nearly thirty years to 1972 for the arrival of the first desktop all-in-one computer, which are more familar to us today. That honour falls to the HP9830. But unfortunately few people got to hear about it because Hewlett Packard marketed it primarily to scientists and engineers - by nature very quiet people!Colossus (1941) : inside the machineDuring the Second World War the Germans used a Lorenz encoding teleprinter to transmit their high-command radio messages. The teleprinter used something called the 5-bit Baudot code, which enciphered the original text by adding to it successively two characters before transmission. The same two characters were applied to the received text at the other end to reveal the original message.Gilbert Vernam had developed this scheme in America, using two synchronised tapes to generate the additional random characters. Lorenz replaced the tapes with mechanical gearing - so it wasn't a genuinely random sequence - just extremely complex.But in August 1941 the Germans made a bad mistake. A tired operator sent almost the same message again, using the same wheel settings. It meant the British were able to calculate the logical structure inside the Lorenz.Colossus was then built to find the Lorenz wheel settings used for each message, using a large electronic programmable logic calculator, driven by up to 2,500 thermionic valves. The computer was fast, even by today's standards. It could break the combination in about two hours - the same as today's modern Pentium PC.Colossus Mk II (1944) : a bigger better ColossusWithout the contribution of the codebreaking activity, in which Colossus played such a major part, the Second World War would have lasted considerably longer.By the time of the Allied invasion of France in the early summer of 1944, a Colossus Mk II (using nearly twice as many valves to power it) was almost ready.The head of the Post Office Research Team, Tommy Flowers, had been told that Colossus Mk II had to be ready by June 1944 or it would not be of any use. He was not told the reason for the deadline, but realising that it was significant he ensured that the new version was ready for June 1, five days before D-Day.It was in the build-up to D-Day and during the European campaign that followed that Colossus proved most valuable, since it was able to track in detail communications between Hitler and his field commanders.Top secret : the ultimate Chinese wallsColossus weighed around 35 tonnes in Mark II form. Its 2,500 valves, consuming 4.5 Kwatts, were spread over two banks of racks 7 feet 6 inches high by 16 feet wide spaced 6 feet apart. Thus the whole machine was around 80 feet long and 40 feet wide.This huge machine was also one of the most closely guarded secrets of the war yet required dozens of people to build, many of them outside the military establishment in the Post Office.Tommy Flowers was one of the very few entrusted with the overall plan - and even he didn't know the full details of the German codes.In order to ensure security, Colossus was broken down into modules - each given to a separate Post Office team at Dollis Hill. The teams were kept apart - each having no idea of the overall shape of the ground breaking machines they were creating.The building of SIGSALY (1943) : pioneer digital telephone systemAnother secret wartime computer whose existence was finally revealed many years later was SIGSALY - the secret 'scrambling' system devised to protect the security of high level Allied telephone traffic.SIGSALY - originally codenamed Project X - was also known as 'Green Hornet'. It was the first unbreakable speech coding system, using digital cryptography techniques, with one time digital keys being supplied by synchronised gramophone discs.SIGSALY was built in the USA, though using pulse code modulation (PCM) digital encoding techniques invented in 1937 by the English engineer Alec Reeves.The first priority was to protect the hotline between the Cabinet War Room bunker under Downing Street and the White House in Washington D.C. The 50-ton London terminal was shipped over in 1943 and housed in the basement of the Selfridges annexe in Oxford Street, under tight guard.At a basic level, computer forensics is the analysis of information contained within and created with computer systems and computing devices, typically in the interest of figuring out what happened, when it happened, how it happened, and who was involved.This can be for the purpose of performing a root cause analysis of a computer system that had failed or is not operating properly, or to find out who is responsible for misuse of computer systems, or perhaps who committed a crime using a computer system or against a computer system. This being said, computer forensic techniques and methodologies are commonly used for conducting computing investigations - again, in the interest of figuring out what happened, when it happened, how it happened, and who was involved.Think about a murder case or a case of financial fraud. What do the investigators involved in these cases need to ascertain? What happened, when did it happen, how did it happen, and who was involved.In many cases, information is gathered during a computer forensics investigation that is not typically available or viewable by the average computer user, such as deleted files and fragments of data that can be found in the space allocated for existing files - known by computer forensic practitioners as slack space. Special skills and tools are needed to obtain this type of information or evidence. Think of a case where the specific firearm that fired a bullet needs to be identified. This information could not be readily ascertained by just any member of law enforcement, so ballistics professional with special skills and tools is needed.The more technical definition we use at CyberSecurity Institute to describe computer forensics or forensic computing in the vein of computer crime or computer misuse is as follows:The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found.Let's break this definition down.PreservationWhen performing a computer forensics analysis, we must do everything possible to preserve the original media and data. Typically this involves making a forensic image or forensic copy of the original media, and conducting our analysis on the copy versus the original.IdentificationIn the initial phase, this has to do with identifying the possible containers of computer related evidence, such as hard drives, floppy disks, and log files to name a few. Understand that a computer or hard drive itself is not evidence - it is a possible container of evidence.In the analysis phase, this has to do with identifying the information and data that is actually pertinent to the situation at hand. Sifting through Gigabytes of information, conducting keyword searches, looking through log files, etc.ExtractionAny evidence found relevant to the situation at hand will need to be extracted from the working copy media and then typically saved to another form of media as well as printed out.InterpretationThis is a biggie. Understand that just about anyone can perform a computer forensics "analysis." Some of the GUI tools available make it extremely easy. Being able to find evidence is one thing, the ability to properly interpret it is another story. Entire books could be written citing examples of when computer forensics experts misinterpreted their results of a forensic analysis . We'll cite one example.The experts for the prosecution in a case used a popular GUI tool that came with a script for finding Internet search engine activity. When they ran the script, they found literally hundreds and hundreds of "searches" that supposedly had been conducted by the defendant. Therefore, the defendant had intentionally accessed certain types of information related to these searches - the searches showed intent.When the experts for the defense examined the same evidence, they realized that each and every one of these "searches" was actually a hyperlink and not a search at all. The hyperlinks were formed in such a way that when a link was clicked, a database was searched to pull up the most current information related to the link. The way that the links within the page were formed was what the GUI tool honed in on, as they were formed similarly to fragments and Web pages that could be found to indicate search engine activity.The experts for the prosecution took for granted that their automated tool was accounting for any variables, and would only show them searches that had actually been conducted. A big mistake. Theses experts lacked the technical skills to authenticate their results, so they depended entirely on a single automated tool.This leads to a very important lesson. Results from any tool should always be thoroughly checked by someone versed in the underlying technology to see if what appears to be a duck is actually a duck.In the very same case, the experts for the defense recovered reams of email that the prosecution experts did not find. This was due to the fact that the prosecution experts simply did not know how to find it.It is interesting to note that both the experts for the defense and the prosecution used the same primary tool in their analysis. The differences in what was found by one side versus the other, as well as the differences in interpretation was due to the experience and education levels of the experts - it had nothing to do with the tool being used.DocumentationDocumentation needs to be kept from beginning to end, as soon as you become involved in a case. This includes what is commonly referred to as a chain of custody form, as well as documentation pertinent to what you do during your analysis. We cannot overemphasize the importance of documentation. When involved in a situation where you are conducting a computer forensics analysis, we recommend that you establish and keep the mindset that the case or situation is going to end up in court. This will go a long way in helping you to make sure that you are keeping the appropriate documentation. Take for granted that you will be questioned on every aspect of the case, and everything that you do.Rules of EvidenceThere are various tests that courts can apply to the methodology and testimony of an expert in order to determine admissibility, reliability, and relevancy. The particular test(s) used will vary from state to state and even from court to court within the same state. Commonly, you will hear about the Frye test and the Daubert test. You need to be aware of the Rules of Evidence for your locale and situation. Your best bet is to ask legal counsel about any Rules of Evidence that you need to be aware of pertinent to the situation, and familiarize yourself with this information early on.We recommend that you find and read the Federal Rules of Evidence on the Internet, and conduct searches using the terms "daubert test" and "frye test" as keywords.Legal ProcessesThis has to do with the processes and procedures for search warrants, depositions, hearings, trials, and discovery just to name a few.This can also be related to processes relevant to your employer, as well as conducting computing investigations internally for your employer.If you are conducting computing investigations for your employer, the best advice we can offer is to work as closely as possible with legal counsel and those in your Human Resources department before and during a computing investigation. You'll not know everything you need to know when you start working in this field - it is a learning process.Integrity of EvidenceThis has to do with keeping control over everything related to the case or situation. We are talking about establishing and keeping a chain of custody, as well as making sure that you do not alter or change the original media. As well, you cannot talk to other people about the case or situation specifics that are not involved.Factual Reporting of the Information FoundYour findings and reports need to be based on proven techniques and methodology, and you as well as any other competent forensic examiner should be able to duplicate and reproduce the results.Providing Expert OpinionYou may have to testify or relate your findings and opinions about your findings in a court of law or other type of legal or administrative proceeding.Two Primary Types of Computer Forensics InvestigationsComputer forensics techniques and methodology is used in two primary types of investigations. The first is when the computer(s) was/were used as an instrument to commit a crime or involved in some other type of misuse.The second is when the computer is used as the target of a crime - hacked into and information stolen for example. When computer forensics techniques and methodology are used in this situation to figure out what happened, we typically call this incident response.In the first type of investigation, you may or may not be present when the computing device is shut down to begin an investigation. You may have hard drives and other media delivered to you to analyze.In the second type of investigation, you will typically always want to capture information that is extremely volatile, such as information contained in RAM concerning network connections and running processes.Regardless of the situation, and whether the evidence will be used in a court of law or as the grounds for a letter of reprimand, the techniques, procedures, and methodologies used should be largely the same.What starts out as a letter of reprimand given to an employee for misusing company computing resources, may end up as a lawsuit against the employer.What starts out as an investigation concerning Internet access at odd times may reveal that child pornography was accessed.It is for the above reasons that we must use sound and proven techniques for any work performed related to computer forensics, and always approach a situation as if we will end up in a court of law or possibly be handing the case over to law enforcement.Active, Archival, and Latent DataIn computer forensics, there are three types of data that we are concerned with - active, archival, and latent.Active data is the information that you and I can see. Data files, programs, and files used by the operating system. This is the easiest type of data to obtain.Archival data is data that has been backed up and stored. This could consist of backup tapes, CD's, floppies, or entire hard drives to cite a few examples.Latent (also called ambient) data is the information that one typically needs specialized tools to get at. An example would be information that has been deleted or partially overwritten.A computer investigation could entail looking at one or more of these data types depending on the circumstances. Obtaining latent data is by far the most time consuming and costly.Public Sector, Private Sector, and ConsultingThere are three primary areas that you will find computer forensics used. Public sector, private sector, and consulting.Public SectorComputer forensics is used in the public sector by government and law enforcement personnel to investigate and prosecute crimes. Criminals are using computer technology when committing "traditional" crimes such as homicide, rape, fraud, and auto theft to name a few. They are also using computer technology to commit crimes that would not be possible without computing devices, such as breaking into a networked system and stealing or altering data, posting child pornography to a newsgroup, or harassing someone via email.Computers can be the target of a crime (your computer system is attacked over the Internet), the tool in the commission of a crime, (sending and receiving child pornography), or as incidental to a crime (keeping records concerning the houses you've burgled). When computing devices are used in committing crimes, you'll often hear the term "Cybercrime" used. Although the word "Cyber" does get peoples attention, it is often misused - Cyber typically denotes being online. You are not in "CyberSpace" just by turning your computer on.At any rate, government and law enforcement use of computer forensics is increasing, as more and more criminals are using computing technology. Computer evidence is used by Prosecutors everyday to aid in convicting criminals involved in fraud, murder, drug trafficking, child pornography, embezzlement, and terrorism.Private SectorIn the private sector, computer forensic techniques and methodologies are used to investigate electronic break-ins, embezzlement, improper use of computing resources by employees, and theft of trade secrets among other things.Those in the insurance business may use information retrieved from computer systems to identify fraud in workman's compensation, automobile or personal accident cases, or arson. I'm aware of a few cases were emails were sent outlining plans to fake back injuries and other ailments in order to receive money from insurance. These emails were used to convict those making the false claims.ConsultingThe majority of work that I perform in regards to computer forensics is not as an employee of a law enforcement agency or company; it is for individuals or law firms as a consultant. Some may argue that working for a law firm should be in the private sector category, as law firms are companies and corporations, and I do agree to a certain extent. I believe however that the type of work that I (and countless others like me) perform in the area of computer forensics needs it's own category due to the uniqueness of the work performed.Four PossibilitiesAs an educator, I come into contact with countless students who want to get into computer forensics.As I tell my students, there are basically four possibilities.1. Get into law enforcement, the FBI, CIA, or other investigative agency. The reality is, members of law enforcement and government investigative agencies typically do their own computer forensics work.2. Get into the information security or computing investigations department of a private company.3. Work for a company that specializes in computer forensics and/or electronic discovery.4. Start your own business providing computer forensic services and consulting. It is in this area that I believe most of the opportunity exists. Attorneys regularly need the services of computing professionals with computer forensic skills to aid in litigation, and there are also individuals that need the services of someone skilled in computer forensics for personal and civil matters. There is now, and will continue to be, an infinite demand for computer forensics experts.To better explain what I'm saying here, I'll cite some examples of cases where some of my colleagues and I have used computer forensics techniques and methodologies, in the capacity of a consultant.Medical MalpracticeIn a medical malpractice/wrongful death suit, a computer was examined to extract evidence relevant to the decedents part time business. The information recovered was used to determine how much the decedent would have made had they lived another thirty or so years, and helped to determine the settlement amount for the surviving spouse.Spying SpouseA recently divorced woman was being harassed by her former spouse. She was being told that he could see everything that she was doing while her computer was turned on. An investigation was conducted of her hard drive contents, and her computer was monitored for several weeks. The findings were that nothing out of the ordinary was happening, or had taken place in the past with the computer.Finding a WillIn this case, a decedents computer was examined to determine if there was any information relevant to a will. The decedent was a cryptologist, and many files had to "cracked" as they were encrypted. Information was recovered that helped settle the decedents estate.Troubled TeenA parent wanted to know what their son was doing online. The investigation showed that their son was frequenting sites on making bombs, and was also planning to make one. The son confessed to this and was given help to deal with a situation at school that was causing pent up anger that he could not deal with on his own.Is it Just About What's On The Computer?Evidence gleaned from a forensic investigation and examination is not limited to what is found or extracted from magnetic media such as hard drives, floppy drives, and tapes.Evidence can be in the form of visual output on a computer monitor, printouts, passwords written down, notes made in computer or software manuals, or logs from systems external to the subject computer itself, such as proxy servers of firewalls. The computer forensics practitioner that limits themselves to looking at only the magnetic media on the subject computer will be missing important clues.A computer forensics practitioner must always remember that there might be, and probably is, evidence related to the situation that is external to the computer itself. In some situations this external evidence could not only make or break the case, it might even be the best evidence that you can obtain.In a case I was involved in regarding alleged access to pornographic Websites, my retaining attorney was questioning the expert for the opposition concerning the proxy and firewall logs that were pertinent to the case.The expert was unable to answer the questions, and admitted not much experience in this area. I remember asking myself what is he doing representing them? The expert for the opposition had years of experience working with evidence from personal computers.The problem here was that he had focused his investigation solely on what was found on the subject computer itself, and had totally ignored other sources of information that could have helped his client to prove their case. In short, he had done a poor job of preparing himself and his retaining counsel concerning the aspects of the case, and the types of questions that might be asked. A computer forensic practitioner needs to always look at the big picture, and obtain and examine all evidence that may be relevant. If they find an aspect of their case that they are unfamiliar with, they need to seek assistance.What is Computer Ethics?** This article first appeared in Terrell Ward Bynum, ed., Computers & Ethics, Blackwell, 1985, pp.266 – 75. (A special issue of the journal Metaphilosophy.)James H. MoorA Proposed DefinitionThe Revolutionary MachineAnatomy of the Computer RevolutionThe Invisibility FactorA Proposed DefinitionComputers are special technology and they raise some special ethical issues. In this essay I will discuss what makes computers different from other technology and how this difference makes a difference in ethical considerations. In particular, I want to characterize computer ethics and show why this emerging field is both intellectually interesting and enormously important.On my view, computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology. I use the phrase “computer technology” because I take the subject matter of the field broadly to include computers and associated technology. For instance, I include concerns about software as well as hardware and concerns about networks connecting computers as well as computers themselves.A typical problem in computer ethics arises because there is a policy vacuum about how computer technology should be used. Computers provide us with new capabilities and these in turn give us new choices for action. Often, either no policies for conduct in these situations exist or existing policies seem inadequate. A central task of computer ethics is to determine what we should do in such cases, i.e., to formulate policies to guide our actions. Of course, some ethical situations confront us as individuals and some as a society. Computer ethics includes consideration of both personal and social policies for the ethical use of computer technology.Now it may seem that all that needs to be done is the mechanical application of an ethical theory to generate the appropriate policy. But this is usually not possible. A difficulty is that along with a policy vacuum there is often a conceptual vacuum. Although a problem in computer ethics may seem clear initially, a little reflection reveals a conceptual muddle. What is needed in such cases is an analysis which provides a coherent conceptual framework within which to formulate a policy for action. Indeed, much of the important work in computer ethics is devoted to proposing conceptual frameworks for understanding ethical problems involving computer technology.An example may help to clarify the kind of conceptual work that is required. Let’s suppose we are trying to formulate a policy for protecting computer programs. Initially, the idea may seem clear enough. We are looking for a policy for protecting a kind of intellectual property. But then a number of questions which do not have obvious answers emerge. What is a computer program? Is it really intellectual property which can be owned or is it more like an idea, an algorithm, which is not owned by anybody? If a computer program is intellectual property, is it an expression of an idea that is owned (traditionally protectable by copyright) or is it a process that is owned (traditionally protectable by patent)? Is a machine-readable program a copy of a human-readable program? Clearly, we need a conceptualization of the nature of a computer program in order to answer these kinds of questions. Moreover, these questions must be answered in order to formulate a useful policy for protecting computer programs. Notice that the conceptualization we pick will not only affect how a policy will be applied but to a certain extent what the facts are. For instance, in this case the conceptualization will determine when programs count as instances of the same program.Even within a coherent conceptual framework, the formulation of a policy for using computer technology can be difficult. As we consider different policies we discover something about what we value and what we don’t. Because computer technology provides us with new possibilities for acting, new values emerge. For example, creating software has value in our culture which it didn’t have a few decades ago. And old values have to be reconsidered. For instance, assuming software is intellectual property, why should intellectual property be protected? In general, the consideration of alternative policies forces us to discover and make explicit what our value preferences are.The mark of a basic problem in computer ethics is one in which computer technology is essentially involved and there is an uncertainty about what to do and even about how to understand the situation. Hence, not all ethical situations involving computers are central to computer ethics. If a burglar steals available office equipment including computers, then the burglar has done something legally and ethically wrong. But this is really an issue for general law and ethics. Computers are only accidentally involved in this situation, and there is no policy or conceptual vacuum to fill. The situation and the applicable policy are clear.In one sense I am arguing for the special status of computer ethics as a field of study. Applied ethics is not simply ethics applied. But, I also wish to stress the underlying importance of general ethics and science to computer ethics. Ethical theory provides categories and procedures for determining what is ethically relevant. For example, what kinds of things are good? What are our basic rights? What is an impartial point of view? These considerations are essential in comparing and justifying policies for ethical conduct. Similarly, scientific information is crucial in ethical evaluations. It is amazing how many times ethical disputes turn not on disagreements about values but on disagreements about facts.On my view, computer ethics is a dynamic and complex field of study which considers the relationships among facts, conceptualizations, policies and values with regard to constantly changing computer technology. Computer ethics is not a fixed set of rules which one shellacs and hangs on the wall. Nor is computer ethics the rote application of ethical principles to a value-free technology. Computer ethics requires us to think anew about the nature of computer technology and our values. Although computer ethics is a field between science and ethics and depends on them, it is also a discipline in its own right which provides both conceptualizations for understanding and policies for using computer technology.Though I have indicated some of the intellectually interesting features of computer ethics, I have not said much about the problems of the field or about its practical importance. The only example I have used so far is the issue of protecting computer programs which may seem to be a very narrow concern. In fact, I believe the domain of computer ethics is quite large and extends to issues which affect all of us. Now I want to turn to a consideration of these issues and argue for the practical importance of computer ethics. I will proceed not by giving a list of problems but rather by analyzing the conditions and forces which generate ethical issues about computer technology. In particular, I want to analyze what is special about computers, what social impact computers will have, and what is operationally suspect about computing technology. I hope to show something of the nature of computer ethics by doing some computer ethics.