Global Finance Background and Concern.
Digital Forensic Methodology.
Scope of the Case.
Digital Forensic Methodology Approach.
PHASE 1 - COLLECTING THE RESOURCES.
Volatile Data Capture.
Non- Volatile Data Capture.
PHASE 2: EXAMINATION..
File System Examination.
Windows Registry Examination.
Network Forensic Examination.
Database Forensic Examination.
PHASE 3 - ANALYSIS.
PHASE 4 - FINDINGS.
PHASE 5 – REPORT.
Global Finance company stands to be one of the largest finance company, providing the investment, superannuation and retirement services in Australia. It has a wider range of clients right from individuals to the corporation and superannuation fund investors. Very soon the company has widened its services throughout the globe with information technology support and strives to overcome the security challenges of the company.
Global Finance company experiences a suspect or compromise of the information in one manager’s computer, working in the Queensland branch. Information security officer is accountable to this challenge and enforced an investigation audit team to investigate the source of the compromise to overcome the challenge.
The Global Finance Company is in the following state as considered by the audit team.
Digital forensic investigation methodology is recommended and employed by the information security officer, as the methodology can find and reveal the source of compromise of the manager’s computer, by detecting all the workstations and networking among them. Digital forensic investigation methodology involves the sub tasks of data recovery, in case if any of the potential data is lost and network forensic to find if there is any compromise caused through the network.
Before the investigation started by the audit team, they need to follow the following principles.
Digital forensic investigation done in the Global Finance company has the following scope.
There are many digital forensic methodology approaches followed according to the situation, so there is no one common approach that fits all the cases. In the case of the compromise of the branch of the Global Finance company, the approach recommended is FSFP or Four Step Forensics Process.
The approach has the following processes.
The arrow is the indication of preservation of the document evidence throughout the process.
Digital forensic investigation is done in the following phases.
Collection consists of identification, labeling and recording the data from all the sources possible, followed by the maintaining the integrity of the data. Data is primarily collected as both volatile and non volatile data.
The same LAN connection is to be used to access the forensic workstation of the manager and other workstations. Server of manager’s computer is taken as the target in this case. Microsoft Windows software is run in this server. To hear from the server, ‘cryptcatp tool is used. The team creates toolset optical drive and opened through a trusted console, comd.exe.
The following statements are then executed.
Cryptcat 6543 – k key
Use the following command, for the data capture from the forensic workstation.
Cryptcat -1 –p 6543 –k key >>
Other tools that can be used here are the graphical user interface tools, like Process Explorer, Tcpview and Rootkit Revealer. The other Windows based tools used to capture the data are,
Ipconfig – for collection of the subject system details
HBGray’s fastDump – to acquire the local physical memory
Doskey or history - for collection of command history
HBGray’s F-Response – to acquire remote physical memory
Netfile – for identification of the drivers and services
Netusers and qusers – for identification of the logged in user information
Other potential data is collected from the clipboard. Other potential data is network connection present, running processes and network data.
Volatile data capture involves the data collection from the RAM, registry and cache memory.
Potential non volatile data collection involves the collection of the antivirus logs, database logs, windows event logs, IDS logs, domain controller logs, application logs, firewall logs and other online data. Collection of the non volatile data is also called as forensic imaging.
The non volatile data collection involves data present in the hard disc and other removable discs, like flash drives, USB drives, CD, DVD, memory cards, remote hard drives and remote computers, in the form of MS Outlook, MS Word and Spreadsheet. Collection continues with the other computers, switches, network topology documentation, network diagrams, routers and servers. Live networking traffic can clue very significant and potential digital data for the investigation.
Forensic imaging involves copy of the entire non volatile data from the manger’s system and no further alterations are to be done. Various tools used for forensic imaging are FTK, EnCase and ProDiscover with write block. Forensic imaging is better than the hard disc cloning, as it copies the integrated data that includes the metadata, which is significant in the investigation. The audit team does both this offline data and other online data using the tools, ethereal and Wireshrk tools.
All the collected data is well documented by the audit team.
After the digital data collection is done, examination is conducted using forensic investigation tools. Investigation is done for the manager’s computer, as the following.
New Technology File System disc or NTFS disc file has MFT or Master File Table information. MFT has all the files and disc crucial information. MFT contains the metadata of the files, which are existing and deleted, noted by the operating system.
The data in file is stored as
c: echo text_mass > file1.txt:file2.txt
The following command is used to retrieve the above,
virus is also another potential data malfunction and so has to be considered for investigation.
Windows registry logs can reveal modification of the file information according to the time, lastwrite registry details, precise data in a database for the user application along with the hardware device reference point.
The Windows registry structure is
The important keys and values are,
User Activity: user performed actions and activities over the manager’s computer can be accessed through HKEY_CURRENT_USER
Autostart : This registry is a set that is launched without initiation of the user.
MRU or Most Recent Used List: to keep track of the current activities.
Other important clues are USB Removable storage, UserAssit, Wireless SSIDs, etc.
Tracking of packet forensics or packet mining is tracked via the network to track the network traffic like mails, browsing history, queries, etc.
Network forensic tools can be applied in one of the two ways, security related and the other is forensic data according to the enforcement of the law. The team uses many network forensic tools and techniques to discrete investigated data like registry information, process listing, service listing, system information, logged on users, registry users, network connections and binary memory dump to explore and investigate. Packet sniffers help identifying and mapping the fingerprinting, web services and email communication, etc.
Database data is tracked through the queries for data identification and then preserved to analyze. IP addresses are tracked for remote connections. Database transactions are tracked though Data Manipulation and Data Definition Languages, DML and DDL. Customized file configuration is used to execute Database Consistency Checker and Distributed Management Views towards intrusion explosion.
Detailed data analysis is done after considering each of the digital evidence data. The analysis includes the following actiivites.
The crucial malware analysis includes various tasks within, like, examining the logs, prefetch examination, search of known malware using either dynamic or static analysis.
After the analysis the findings are summarized as,
Investigation is done over the manager’s computer and all other computers and computing devices present in the branch office. Audit team creates a formal report and then submitted to the information security officer.
The report has the purpose of submission of the formal investigated information, related to the sources of compromise occurred to the manager’s and all other computers.
Author of the Report
Information Security Officer
All the source of the compromise that are found and suspected on manager’s computer.
All relevant log files and other potential digital evidences found in the investigation
Analysis of the sources of the compromise
The manager’s computer is digitally investigated for the sources of compromise, along with the and other computers in the regional office
Volatile, non- volatile data, registry info, log info and the reports generated from the tools.
The suspected manager’s or targeted computer is completely digitally investigated using digital forensic technology, from the Queensland branch office and finally the formal report is being submitted to the information security officer.
“Cyber Forensic Investigation Plan”, International Journal of Advance Research (2008), UOAR.org, Volume 1, Issue 1, accessed on 9 January, 2015.
7safe, (2013) “Good Practice Guide for Computer-Based Electronic Evidence”.
Siti Rahayu Selamat, Robiah Yusof, Shahrin Sahib (2008), “Mapping Process of Digital Forensic Investigation Framework”, JCSNS International Journal of Computer Science and Network Securit, Vol 8.
ACPO (2013), “Good Practice Guide for Computer-Based Electronic Evidence”, V4.0
Aquilina, M.J., (2003), “Malware Forensics, Investigating and Analyzing Malicious Code”, Syngress,
Kenneth J. Zahn (2013), “Case Study: 2012 DC3 Digital Forensic Challenge Basic Malware Analysis Exercise”, GIAC (FREM) Gold Certification
Fowler, K., (2007), “Forensic Analysis of a SQL Server 2005 Database Server”.
Khanuja, H.K., and Adane, D.S., (2011), “Database Security Threats and Challenges in Database Forensic: A Survey”, IPCSIT vol.20 (2011), Singapore: IACSIT Press.
John Ashcroft (2001), “Electronic Crime Scene Investigation, A guide for First Responders”, NIJ Guide
M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence
Kent, K., et.al., (2006). “Guide to Integrating Forensic Techniques into Incident Response”, National Institute of Standards and Technology (Ed.) (Vol. 800-86): U.S. Department of Commerce.
Richard Brian Adams (2012), “The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice”
Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). “Systematic Digital Forensic Investigation Model”, International Journal of Computer Science and Security, 5(1), 118-130.
Shiner, D.L.D., and Cross, M., (2002), ” Scene of the Cybercrime”, 2nd edn, Syncress: Burlington.
Reino, A. (2012), “Forensics of a Windows System”, Roche.
Armstrong, C. (2003), “Mastering Computer Forensics. In C. Irvine & H. Armstrong”, Security Education and Critical Infrastructures Kluwer Academic Publishers.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2015). Digital Forensic Case Study. Retrieved from https://myassignmenthelp.com/free-samples/digital-forensic-case-study.
"Digital Forensic Case Study." My Assignment Help, 2015, https://myassignmenthelp.com/free-samples/digital-forensic-case-study.
My Assignment Help (2015) Digital Forensic Case Study [Online]. Available from: https://myassignmenthelp.com/free-samples/digital-forensic-case-study
[Accessed 10 December 2019].
My Assignment Help. 'Digital Forensic Case Study' (My Assignment Help, 2015) <https://myassignmenthelp.com/free-samples/digital-forensic-case-study> accessed 10 December 2019.
My Assignment Help. Digital Forensic Case Study [Internet]. My Assignment Help. 2015 [cited 10 December 2019]. Available from: https://myassignmenthelp.com/free-samples/digital-forensic-case-study.
MyAssignmenthelp.com is the perfect solution to render quality solution for all sort of academic issues. We have hired professionals from different fields of study to provide assistance with different subjects. We successfully have provided different types of assignment solutions on 100+ subjects. We have hired industry experts to deliver nursing assignment, hr assignment and finance assignment help. To offer quality content with IT assignments, we have hired IT professionals to render programming language assignment help and IT assignment help for other types of IT assignments as well.
Answer: Background Information This assignment tests your understanding of and ability to apply the programming concepts we have covered in the unit so far, including the usage of variables, input/output, data types, selection, iteration, functions and data structures. Pseudocode As emphasised in the case study of Module 5, it is important to take the time to properly design a solution before starting to write code. Hence, this assignment...Read More
Answer: Business Rules for the system The business rules for the system are: The system should be able to gather information about the players in the system and the players in the system would be identified by their unique ID. Records of all the games and the sections are to be stored in the database along with their scores. The winner of each game is to be stored in the system. The ranking of the teams is to be stored in the system. T...Read More
Introduction Software testing is done so that bugs can be removed from the program code. Software testing can be classified as unit testing, system testing and integration testing. All these kinds of testing can be done by use of various software testing techniques which include white box testing, black box testing and grey box testing (Khan, & Khan, 2012). In black box testing we are able to test the UI part of the software itself wher...Read More
Answer: Introduction The Collin Bank wants to make its bank services an automatic service for providing good service to their customers. The customers of the Collin’s Bank faces difficulties to reach the bank for do their simple transaction (Bahill & Madni, 2017). To mitigate the problem of bank rush, the bank wants to develop an ATM system that is helpful to both, the customers and the employees involved with the bank system. The e...Read More
Answer: Introduction Data and system integration has combined data from different sources, the technologies are stored in various sources and data has unique view. System integration as bring the component of sub-systems from one aggregation of cooperating subsystems so the system have able to deliver an overarching functioning and ensure a subsystems function. In data and system integration the mashups and restful services concept has done i...Read More
Just share your requirements and get customized solutions on time.
Our writers make sure that all orders are submitted, prior to the deadline.
Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.
Feel free to contact our assignment writing services any time via phone, email or live chat.
Our writers can provide you professional writing assistance on any subject at any level.
Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.
Get all your documents checked for plagiarism or duplicacy with us.
Get different kinds of essays typed in minutes with clicks.
Calculate your semester grades and cumulative GPa with our GPA Calculator.
Balance any chemical equation in minutes just by entering the formula.
Calculate the number of words and number of pages of all your academic documents.
Our Mission Client Satisfaction
THIS ASSIGNMENT WAS GOOD AND I GOT THE MAKE 66% OUT OF ONE HUNDRED. HOPE NEXT ASSSIGMENT WILL GET MORE
Quality formatting now, and easy to understand the values being added to balance and adjusted ledgers.
Great Job, Great Job, Great Job, No Plagio, Very Professional, I recommended. Great Job, Great Job
Hi thank you for helping out with mi assignment the content is good but after but the plagiarism is too high. Then among the internet sources there is ur site appearing.This then defeat s the purpose of using you guys as if the assignment can be tra...