You have been employed as part of a cyber security team located in a successful consultancy. Your boss, who does not have a technical background in IT or Cyber Security, has heard that you have studied Computer Forensics as part of your undergraduate degree in cyber security. He is interested in this since he has heard that Forensic Computing could be a new and profitable focus of the consultancy work. He wants to find out about the following issues:
- Why is it important for general computer security professionals to become familiar with forensic computing and digital evidence? Do they still need broad cyber security skills? Do you think that they will find this work feasible to complete based on their other developed undergraduate skills?
- What are the main challenges of investigating computer-related crime?
- What are the various methods that data is stored and erased in the Windows environment and how can we access this data and turn it into digital evidence?
- If he buys Magnet Axiom for his staff and also gets them trained, what are the basic technical processes that his staff will need to carry out in order to find robust (but not complex) digital evidence for a court or some other kind of investigation.
Defining Forensic Computing
In recent times, the discussion around the concept of ‘Forensic Computing’ can be discussed as essential in the field of computing. Forensic Computing defines the process and practice of analysis and further investigation that would be used for gaining knowledge from any particular and specific computing device in relation to a legal case. The aim of forensic computing is based on gathering necessary form of information in the form of a proper investigation that would be further be presented in a well-structured manner (Roussev, 2015). This branch of computing, which is considered as a part of digital forensic sciences, searches for evidence that would be stored within tablets, smartphones and any other form of digital storage media.
The discussion in this assignment would focus on the important aspects of consideration that would be made by computing security professionals in order to perform works on digital evidence and forensic computing. The various challenges faced during investigation purposes have also been discussed. Further the research also emphasizes on methods of data storage and digital evidence and discusses on a presented scenario based on investigation.
Computer security professionals should have a core knowledge regarding advanced computing systems, mechanisms, incidents and related investigations. These professionals working in the field of digital forensics should have proper knowledge regarding digital evidences and forensic computing principles (Illes et al., 2019). The forensic analysts would be needed to perform the recovery of data that would have been deleted, hidden or encrypted within the mobile devices. These experts would also need to write detailed and meaningful reports based on performing legal settings and perform major areas of investigation. Additionally, apart from working in the digital forensic labs, the forensic experts would need to apply the technique of digital investigation within the field for the major purpose of uncovering metadata that would hold major importance within the court of law.
Hence, in order to ensure feasibility of work within the sector of digital forensics, the computing security professionals would need to perform a special training course on Digital Forensics, which would further be helpful for clearing of concepts regarding the particular domain area (Henseler & van Loenhout, 2018). Apart from the undergraduate skills, the forensic experts should be accompanied with trainings and certifications in relation to computer forensics. According to the observations made by different forensic experts, it has been analysed that the professional community in the domain area of forensic computing should need to perform enhanced modes of investigation. The other aspects of the job role that needs to be performed by the forensic experts includes: collection, identification of raw data, acquisition, examination, preservation, analysis and presentation based on evidence for the purposes of prosecution.
Challenges Faced by Cybersecurity Professionals
The forensic experts who would be responsible for the work being performed should be capable for performing recovery of data that might have been encrypted, deleted or kept under a hidden format. These data could be presented in law courts and related evidence could be further used during various investigations. The collected data could also be used in various kind of challenging cases (Karie et al., 2018). The forensic experts should be capable of supporting major cases involving the aspects of data breach, security incidents and intrusions. Based on the application of proprietary applications based on software forensics and techniques, they would be able to examine a particular system or certain platforms.
Cybercrime or computer-related crime is considered as such kind of crime in which different threats are being faced by computer security professionals in the areas of working over any online software. The result of these crimes are resulting in high cost incur over companies as they need to determine the proper measure based on which they could reduce the high impacts of the cybercrime (Al-Masri et al., 2018). The cybercrime has become one of the mature industry and special tools are being used by cyber criminals in order to gain a strong foothold over the target system. The tools that are being used by various cyber criminals are specialist web hosts, malicious code writers and practitioners and high knowledgeable computer specialists who have a vast experience for gaining a strong hold over any system.
The various cybercrimes that are performed across companies are considered to be legally intricate and technically complex in nature. The different inherent differences that are found in relation to cybercrimes depends on the legal systems and technical complexities, which also varies across various nations (Sieber & Neubert, 2017). These further complicate the prospect of identifying the particular underlying problems of cybercrimes. The cybercrimes do not belong to any particular jurisdiction. Criminals performing the acts of cybercrime move from one kind of illegal activity to another, which further varies across different nations. They help in suggesting the fact that several obstacles are being created with the misuse of the technology.
The other kind of challenges that are being faced by investigators is based on investigating any particular kind of crime, which would be committed within the Internet. The criminals primarily make use of fake identities, support little information and perform fake information about credit cards. These criminals further hide their IP (Internet protocol) address. (Plunkett et al., 2015) These can be considered as the major factor towards the contribution of identification and linking of specific individual towards the crime thus creating more form of difficulty.
Methods of Storing and Erasing Digital Data in Windows Environment
The methods that have been used for storing of data in the Windows Environment are discussed as follows:
- Storing of app data on a local format– Whenever a certain application would be installed within the Windows environment, the system is able to create an app data containers over the device (Ahmed & Xue Li, 2018). The app data container is comprised within the app sandbox, based on which no other application would be able to access the information.
- Local Storage– The local storage could comprise of settings (LocalSettings) and files (LocalFolder), which comprises of information based on user value, which cannot be recreated. The data stored in Local would be backed up within the system.
- LocalCache– With the help of LocalCache, the system would be able to store application data that would be need to be persisted within the application sessions. The LocalCache can be defined as the proper place for data that would be stored under the same lifetime as of the application (Teing et al., 2016). This data could be easily recreated and downloaded based on the needs of user.
On the other hand, the methods of erasing data within the Windows environment are discussed as follows:
- Completing wipe up of computer with resetting of PC– In this method, the reset feature is activated in Windows OS during the performing of reinstallation of operating system (Zhou et al., 2018). This has an option of removal of every file present within the hard drive.
- Wiping of hard drive using hard driver eraser software– This can be considered as the secure way of erasing data based on overwriting data and refilling the hard disk based on the use of random data or zeros (Gutmann & Warner, 2019). Based on using this method, the old information cannot be recovered with any form of disk recovery software.
- Physical Destroy– Based on performing a physical destroy for the hard drive, it could be ensured that the data would be unrecoverable forever (Aldaej et al., 2017). This solution is mainly used when the user would not recycle the PC.
The data stored in the Windows environment could be access and used as a form of digital evidence based on the following measures:
- History and log files comprising of a large form of evidence for forensic experts. Chat communications are accompanied with nicknames and timestamps for the other involved parties, which further helps the forensic experts fir determining the respondent (Maghsoudi & Martin, 2016). This would be used for determining of exact name of files and location based on performing further analysis.
- The recent version of Windows OS comprise of user-created and application-generated data within Program Files, AppData and under the Settings and Documents folder. The computing environment also comprises of virtualized storage for launched applications that would have administrative permissions (Sari, 2015). Thus, investigators should search for these specific areas to retrieve data.
Magnet Axiom can be defined as a complete platform for performing digital investigation that would allow the examiner for acquiring and analysing over forensic data while determining the findings. This platform further helps in the acquiring of images and analysing for evidence based on computers and smartphones (Dizdarevi? et al., 2019). Thus, this platform helps in using a Single Stage Processing for acquiring data automatically for performing detailed analysis.
The technical processes that could be used by staff for carrying out of robust form of digital evidence for investigation or display in court are being discussed as follows:
- Using Connections could be used for streamlining the process of analysing over the digital evidence (Riadi & Sunardi, 2018). Based on using the technical feature of Magnet Axiom, the staff would be gaining a visual representation of the ways in which artefacts would be related to any particular investigation.
- The forensic experts could also make the use of the Enhanced Timeline view for performing a comprehensive compilation of timestamps and dates that would be parsed within the case. These would include the timestamps, which would be reported based on the file system (Patel et al., 2017). Axiom helps in performing the approach of processing of data and any timestamp that would be parsed from the artefacts within a case would also be included.
- The Examine feature within Axiom provides an ability for performing advanced filtering of data, which would include multiple kind of search terms, include or exclude functions and proximity searches. This feature would allow for surfacing over data that would be needed during the investigation in a quick process (Jones et al., 2019). Forensic experts could also perform string searches based on utilizing of regular expressions. They could also make use of features of granular filter, which would help in specifying of whole words or case sensitivity.
Conclusion
The above discussion thus focuses on the aspect of digital evidence and presenting a successful way in which digital information could be retrieved by forensic experts. Thus, the initial discussion is based on understanding the ways in which computer security professionals would be able to develop their skills for performing the works on digital evidence and data collection. Challenges faced in the areas of investigation over digital crime have also been discussed. Thus, based on the discussion, various methods of data storage and erasing from the Windows environment has been focused clearly. The final part of the report thus focuses on the technical process that are performed by staff based on carrying out robust methods of digital evidence and presenting them in court. Based on the discussion over these aspects, it has been concluded that digital forensics plays a major role in extracting digital evidence from computing systems and presenting them for various uses.
References
Ahmed, A. A., & Xue Li, C. (2018). Analyzing data remnant remains on user devices to determine probative artifacts in cloud environment. Journal of forensic sciences, 63(1), 112-121.
Aldaej, A., Ahamad, M. G., & Uddin, M. Y. (2017, March). Solid state drive data recovery in open source environment. In 2017 2nd International Conference on Anti-Cyber Crimes (ICACC) (pp. 228-231).
Al-Masri, E., Bai, Y., & Li, J. (2018, September). A fog-based digital forensics investigation framework for IoT systems. In 2018 IEEE International Conference on Smart Cloud (SmartCloud) (pp. 196-201).
Dizdarevi?, A., Barakovi?, S., & Husi?, J. B. (2019, June). Examination of Digital Forensics Software Tools Performance: Open or Not?. In International Symposium on Innovative and Interdisciplinary Applications of Advanced Technologies (pp. 442-451).
Gutmann, A., & Warner, M. (2019, June). Fight to be forgotten: Exploring the efficacy of data erasure in popular operating systems. In Annual Privacy Forum (pp. 45-58). Springer, Cham.
Henseler, H., & van Loenhout, S. (2018). Educating judges, prosecutors and lawyers in the use of digital forensic experts. Digital Investigation, 24, S76-S82.
Illes, M., Wilson, P., & Bruce, C. (2019). Forensic epistemology: testing the reasoning skills of crime scene experts. Canadian Society of Forensic Science Journal, 52(4), 151-173.
Jones, G. M., Winster, S. G., & Kumar, S. S. (2019). Analysis of Mobile Environment for Ensuring Cyber-Security in IoT-Based Digital Forensics. In Soft Computing and Signal Processing (pp. 145-152).
Karie, N. M., Kebande, V. R., & Swaziland, K. (2018). Knowledge Management as a Strategic Asset in Digital Forensic Investigations. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 7(1), 10-20.
Maghsoudi, E., & Martin, M. J. (2016). Thermally actuated buckling beam memory: A non-volatile memory configuration for extreme space exploration environments. Microsystem Technologies, 22(5), 1043-1053.
Patel, P., Kannoorpatti, K., Shanmugam, B., Azam, S., & Yeo, K. C. (2017, January). A theoretical review of social media usage by cyber-criminals. In 2017 International Conference on Computer Communication and Informatics (ICCCI) (pp. 1-6).
Plunkett, J., Le-Khac, N. A., & Kechadi, T. (2015, January). Digital forensic investigations in the Cloud: a proposed approach for Irish law enforcement. In 11th Annual IFIP WG 11.9 International Conference on Digital Forensics (IFIP119 2015), Orlando, Florida, United States, 26-28 January 2015.
Riadi, I., & Sunardi, S. (2018). Comparative Analysis of Forensic Software on Android-based Blackberry Messenger using NIJ Framework. Proceeding of the Electrical Engineering Computer Science and Informatics, 5(5), 472-477.
Roussev, V. (2015, January). Building a forensic computing language. In 2015 48th Hawaii International Conference on System Sciences (pp. 5228-5233).
Sari, A. (2015). A review of anomaly detection systems in cloud networks and survey of cloud security measures in cloud storage applications. Journal of Information Security, 6(02), 142.
Sieber, U., & Neubert, C. W. (2017). Transnational criminal investigations in cyberspace: challenges to national sovereignty. Max Planck Yearbook of United Nations Law Online, 20(1), 239-321.
Teing, Y. Y., Dehghantanha, A., Choo, K. K. R., Muda, Z., Abdullah, M. T., & Chai, W. C. (2016, November). A closer look at Syncany Windows and Ubuntu clients’ residual artefacts. In International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (pp. 342-357).
Zhou, L., Mao, J., Ren, Y., Han, S. T., Roy, V. A., & Zhou, Y. (2018). Recent advances of flexible data storage devices based on organic nanoscaled materials. Small, 14(10), 1703126.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2020). The Essay On Digital Forensics And Challenges Faced By Cybersecurity Professionals Is Crucial.. Retrieved from https://myassignmenthelp.com/free-samples/cse3cfn-introduction-to-computer-forensics.
"The Essay On Digital Forensics And Challenges Faced By Cybersecurity Professionals Is Crucial.." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/cse3cfn-introduction-to-computer-forensics.
My Assignment Help (2020) The Essay On Digital Forensics And Challenges Faced By Cybersecurity Professionals Is Crucial. [Online]. Available from: https://myassignmenthelp.com/free-samples/cse3cfn-introduction-to-computer-forensics
[Accessed 14 November 2024].
My Assignment Help. 'The Essay On Digital Forensics And Challenges Faced By Cybersecurity Professionals Is Crucial.' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/cse3cfn-introduction-to-computer-forensics> accessed 14 November 2024.
My Assignment Help. The Essay On Digital Forensics And Challenges Faced By Cybersecurity Professionals Is Crucial. [Internet]. My Assignment Help. 2020 [cited 14 November 2024]. Available from: https://myassignmenthelp.com/free-samples/cse3cfn-introduction-to-computer-forensics.