Welcome to the first edition of “Jeepers Creepers: The History of Digital Forensics!” the fascinating, sometimes scary, always interesting history of digital forensics!
This is your place to join us as we explore the fascinating, sometimes scary, and still-growing world of digital forensics! Don’t get too worried- it’s a wild ride, but industry veteran and testifying expert Andy Reisman of Repario will be here to help you every step of the way!
Read on for our first edition, where Andy explores the FIRST foray into what would become digital forensics work!
The Creeper: The First Computer Data Security Threat
One can argue that digital forensics traces its origin back to an experimental cat and mouse game between two early pioneers of modern computing. This article discusses development of what became known as the first computer virus and antivirus software, and explores how that helped shape our modern data security landscape and the need for skilled digital forensic experts.
Threats to computer data security literally had a creepy beginning. The first program developed to autonomously spread across computer networks was “The Creeper”, which Bob Thomas of BBN Technologies developed in the early 1970s. Unlike modern malware, The Creeper was relatively benign, simply causing the message “I’m the creeper, catch me if you can!” to appear on computer screens
Game On: The Reaper
Like Newton’s third law of motion, development of The Creeper caused an equal opposite reaction. Ray Tomlinson, who famously developed the first email program, designed a program named “The Reaper” to move through computer networks finding instances of The Creeper and removing them.
Implications for Data Security and Digital Forensics
The Creeper and The Reaper had obvious implications for what would become a massive cybersecurity industry, but also played a foundational role in the evolution of the digital forensics field. The Creeper demonstrated that software could perform actions that had potentially significant consequences on networked computers, and The Reaper demonstrated that people could develop tools to track such actions across computer systems.
More fundamentally, The Creeper and its progeny raised awareness regarding the need for systems to monitor and log activity, evidence that analysts frequently must examine to determine the nature and extent of potential computer misuse.
The Need for Skilled Digital Forensics Experts
The scope of potential computer misconduct, and the digital forensic techniques needed in response, is vastly more complicated than Bob Thomas or Ray Tomlinson ever could have envisioned in the 1970s. Today, practically everyone carries a phone more powerful than the largest supercomputers of that era.
We can access data from our organizations’ networks from virtually anywhere and send it near-instantaneously to various storage locations beyond our employers’ reach. We have achieved amazing efficiencies with their terrifying implications for data security, with Newton’s third law of motion working overtime.
Today, no single piece of software can provide all of the answers in the way The Reaper was able to take on The Creeper.
The variety of devices and accounts capable of storing and transmitting data has grown exponentially. Skilled digital forensic practitioners can help identify and preserve electronically stored evidence, and piece together what happened when, how.
The best such experts translate such complexities into a clear narrative easily digestible by even the most technophobic finders of fact. Bottom line, you often can overcome a creepy start by reaping the benefits of hiring the right digital forensics team.
The ARPANET Crash of 1980
ARPANET, the precursor to today’s Internet, in October 1980 suffered a significant network crash that disrupted communications across the United States.
This article highlights an early example of using digital forensics techniques to diagnose the issue, foreshadowing the critical role of forensic analysis in determining whether certain events were due to deliberate misconduct or something less sinister.
Around the time that your author also was coming online, the U.S. Department of Defense began funding development of the Advanced Research Projects Agency Network (ARPANET) to enable resource sharing between remote computers. By the early 1970s, several dozen university and government hosts were connected to this early network, and in 1980 the system supported thousands of users.
The ARPANET Crash and Investigation
In October 1980, ARPANET suffered a widespread failure, affecting connected computers nationwide. What followed was one of the earliest examples of a large-scale digital forensic investigation aimed at identifying the root cause of a network disruption.
Although available digital forensics tools were rudimentary compared to today’s advanced software, investigative steps included those often used today, such as network log file analysis. By examining network logs and tracing communication patterns, software engineers discovered that the root cause of the crash was not hackers, but rather an endless loop of message retransmissions that overwhelmed and collapsed the network. This early use of forensic analysis helped pinpoint the exact moments of failure and allowed engineers to fix the issue, restoring ARPANET’s functionality.
The Importance of Identifying Whether there Really is a Bad Actor
Much like early experiments with viruses and anti-viruses in the 1970s, the ARPANET crash demonstrated that sophisticated experts often are needed to identify and interpret log files in order to piece together whether activity on computer systems was due to potential wrongdoing or more benign causes.
For example, although I have been involved in many plaintiff-side cases in which my team and I identified evidence of intentional data theft from log file analysis, we also have seen experienced digital forensic analysts misinterpret such logs. On the defense-side, getting an experienced digital forensic expert involved early can help you figure out if there’s an actual fire to extinguish, or if the opposition is just blowing smoke.
Want to hear how Repario can bring you the best in digital forensics expertise, both in and out of the courtroom? Reach out to our sales team!
General questions about Repario and our incredible workforce? Email marketing@repariodata.com with all your questions!
