country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

The Case: A Digital Forensic Investigation Plan

tag 378 Downloads10 Pages / 2,296 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT

Question:

As part of the auditing team in capacity of a Digital Forensics expert, your task is to prepare digital forensics investigative plan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic and digital data. Assuming all systems are Windows based, this plan should detail following:

  • justify why use of the digital forensic methodology and approach is warranted including procedures for corporate investigation.
  • describe the resources required to conduct a digital forensic investigation, including team member skill sets and required tools.
  • outline an approach for data/evidence identification and acquisition that would occur in order to prepare the auditors for review of the digital evidence.
  • outline an approach and steps to be taken during the analysis phase making the assumption the computer system is a Microsoft Windows-based computer.
create a table of contents for the investigative plan describing

 

 

Answer:

Abstract

Information technology has become integral part of the human life, no matter of the age. And businesses have exploited the information technology to a great extent that every business activity is automated to decrease the time and increase the productivity. Though it is a good and encouraging aspect with the IT, the cyber crimes are also increasing at the same pace. So, the companies have to emphasize on the security of the intellectual information as the companies do for the automation through the information technology. Global Finance company has materialized its vision of globalization through information technology and faced the challenge of the compromise of the system. The digital forensic investigation team can encounter such challenges to find the sources of the compromise and secure the systems and network back with necessary safety standards.

Introduction

Global Finance company is one of the huge companies in Australia, with wide range of finance products and wide range of customers, throughout the world. The company has enabled the information technology with necessary infrastructure in the head office and all of its child organizations. A suspect of compromise has been detected from the manager’s computer from the Queensland branch, which is one of its child organizations. The investigation audit team is formed to investigate the source of the compromise. The team has been deployed in the branch office to conduct the digital forensic investigation.

Compnay and Background

Global Finance is the company that needs the digital forensic investigation done by the audit team. The case study includes the following important points about the company.

  1. Global Finance Company is located in Australia and its branches are spread all over the world.
  2. It has over 10,000 employees throughout the world.
  3. The company stands to be an international player in global finance market.
  4. The company provides investment, superannuation and retirement services to the clients. The clients include right from individuals to larger corporate.
  5. The company has the expert employees in global shares, property, private equity, fixed interest and credit.
  6. An information security concern has been raised from a branch office to the information security office in the head office.

Concern of the Compnay

  1. Global Finance facilitated its global business with the support of the information technology.
  2. After year 2000, regular updates for application infrastructure and network infrastructure starts missing in the child organizations.
  3. The access among the child organizations is flat and relatively less secured. So, the users from one child organization can access the data from the servers and workstations from any other child organizations.
  4. One of the branch managers from Brisbane branch felt compromise in his computer.
  5. Both the servers and workstations from all the offices are based on Microsoft Windows.
  6. The firewalls and network segmentation are poorly implemented.
  7. Though intrusion detection and logging exist in the branches, these are hardly used.
  8. Head office consists of enough infrastructure for the investigative and forensic capabilities.
  9. An auditor team has been formed to conduct a digital forensic investigation in the branch office, where the suspect has been felt.
  10. The team has the responsibilities of both reviewing paper based documents as well as digital forensic analysis, by finding the digital evidences from all the files like MS-Word, Spreadsheet, deleted files and Outlook.

Digital Forensic Methodology and Need

Digital forensic methodology is preferred to be processed or executed by the information security office. It is because all the other methodologies, like computer forensic, mobile forensic, network forensic and data recovery can give partial investigation results rather than complete investigation of the source of the compromise, as these are all the sub branches of the digital forensic.

Digital forensic investigation conducted for the regional office of the Global Finance Company has the following scopes.

  1. Security lap identification from the network of the regional office
  2. Malicious activities identification with details of who, what, why, when and where
  3. Legal procedure identification, if the cyber crime is illegal
  4. Identifying the impact of the compromised manager’s computer, if there is any compromise
Digital Forensic Investigation Approach

The audit team of the Global Finance Company can follow Four Step Forensics Process or FSFP. This digital forensic investigation model stands to be a most effective model for investigation of the compromise happened in the regional branch of the Global Finance Company.

Digital Forensic Investigation Approach Resources

Digital forensic investigation needs a lot of resources to successfully process and create a report for the same. It demands technological support with the tools, techniques to implement the processes as well as it demands the expertise of the audit team in multiple dimensions.

Digital forensic methodologies that can be implemented are static methodologies and dynamic methodologies. Various tools, like EnCase, ProDiscover and many other tools are needed to conduct thorough check on the existing network system present in the branch office.

ACPO or Association of Chief Police Officers is the standard guideline set consisting of four principles. When the computer or digital forensic investigation is conducted, the audit team has to follow the following principles.

Principle 1: The data present and collected from the targeted computers are to be preserved as is, without performing any alterations or changes.

Principle 2: The data collected must be well preserved safely, so the audit team must have enough expertise and should be enough competent to handle the collected data safely, and whenever it is required, the course of action during the processes must be explained with necessary evidences.

Principle 3: All the documentation and audit trails must be created clearly and should be preserved. When the third party executes the process, the same results are expected.

Principle 4: Each and every team member of the audit team should be responsible for the entire investigation conducted.

The audit team members should posses enough expertise in the core level operating system, networking system and the necessary tools and techniques needed to use for the investigation. The skill set must be extended to the multiple dimensions, like cyber crime knowledge, legal procedures and many related to the same.

Preparation

  1. The impact of the investigation must be known prior to the initiation of the investigation, in terms of affected productivity, because of the down time, etc.
  2. All information from the manager’s workstation, servers and other workstations must be collected.
  3. Obtain all the important network information
  4. Identify the storage content, both internal and external devices
  5. Forensic tools that are applicable and to be used for the investigation are to be listed and made available for usage.
  6. Each and every activity must be well documented during the course of investigation
  7. Target computer forensic imaging has to be done and then hashed to check the integrity of the data
  8. Live network traffic has to be captured

Digital evidences must be collected from the workstations of the managers, others and the servers present in the regional office.   The following evidences are useful.

  1. IP addresses
  2. System Log files
  3. Windows registry information
  4. Network topology and diagrams
  5. Network information that consists of hubs, routers, network topology documentation, switches, servers, network diagrams and firewalls
  6. Information from both the internal storage and external storage devices, like CD, flash drive, DVD, USB drive, remote computers, portable hard disc and memory card.

Digital evidence collection: Digital evidence acquisition in the regional branch of the Global Finance company has to be done in two stages.

 

Volatile memory is the temporary memory, for which the data is held, only while the workstation or server is working. Primarily volatile memory is RAM. Same LAN must be accessed to access the manager’s computer to acquire this data.

Give the command, cryptcat 6543 –k key

Computer data can now be acquired with the command,

cryptcat -1 –p 6543 –k key >>

In addition to these commands, graphic user interface tools, like Tcpview, Rootkit Revealer and Process Explorer would be helpful to the team to retrieve the volatile data like, system data, time, logged user, open ports, running processes and network connections.

There are many other tools used for Windows based systems for volatile data capture are,

netusers and qusers, netfile,HBGra’s F-Response, ipconfig, HBGray’s FastDump, doskey, to identify all the network traffic towards the manager’s computer.

The clipboard content which is potential digital evidence is also collected by the team.

Non-Volatile Memory Acquisition

Permanent memory or non volatile memory stands significant source for the digital forensic investigation. Permanent data is collected through both online and offline methods.

Offline data is collected from the hard drive duplicator tools, such as FTK imager, Guymager, DCFLdd, IXimager and EnCase are used to collect the data from the hard drives of the manager’s workstation, other workstations and the servers. Other permanent storage devices like CD, DVD, memory cards, flash drives, pen drives and other drives are also collected from the office.

Online data, like firewall logs, antivirus logs and domain controller logs is collected with the help of tools like ethereal and Wireshark tools.

Examination

Once all the potential digital forensic evidences are collected, detailed examination is done by comparing the original and logical copies collected and checked for any hypothesis and deviations. Such examinations can give clues of how the manager’s computer is compromised.

Detailed examination is done for windows registry, network forensic, file system and database forensic. The team uses the following commands for the same.

c:echo text_mess > file1.txt:file2.txt

the above file is then retrieved through the command,

c:more <file1.txt:file2.txt

windows registry examination is done with the following hives and structures present in it,

  • HKEY_USERS
  • HKEY_CURRENT_USER
  • HKEY_CURRENT_CONFIG
  • HKEY_CLASSES_ROOT
  • HKEY_LOCAL_MACHINE

Network forensic is enabled using the tools and techniques so that the following potential information can be accessed from the manager’s computer.

  • System information
  • Service listings
  • Process listings
  • Registry information
  • Network connections
  • Registered and Logged on users
  • Binary dump of memory

The above information can be accessed with the network forensic tools, NetStumbler, TCPDumpWindump, Wireshark, Sleuth Kit and Argus.

Analysis with Assumotions

Many tools and methodologies are used by the audit team to analyze the collected and examined evidences. Analysis is done according to the following.

 
  1. Keyword searches in all the files
  2. Recovering the deleted files
  3. Registry information extraction from the workstation of the manager and other systems.

The tools used in this phase for the team are EnCase, FTK and ILOOKIX. These tools are helpful to recover the internet documents, chat logs, emails, images, internet history, accessible and deleted space from the manager’s computer and cache files of OS. Hash signature forensic tool helps to find notable files. When SSD drives are present in the systems, even after secure erase operations also the data can be recovered.

Once the analysis is done by the team, it extracts the answers for the following objectives.

  • Opportunities for reconstruction of the events
  • Accountability of the users and administrators
  • Detection of the attempts violation
  • Providing information of identification of the problems

Report

The final report is generated by the audit team, with all the documented information.

Final Report

Purpose of the Report

Digital Forensic Investigation conducted on the compromise of the manager’s computer in a regional office of the Global Finance Company

Author of the Report

The audit team

Incident Summary

The sources of compromise are x, y, z reasons

Evidences

All the effected files, registry data, log data

Analysis

All the analyzed data from the analysis part

Conclusion

All the digital evidences are extracted and the sources of compromise are found

Documents to Support

Volatile and non- volatile data, tool generating info, log info and registry info and so on.

 

Conclusion

 The source of compromise of the manager’s computer in the regional branch of Global Finance Company is found through digital forensic investigation.

References

    1. “Cyber Forensic Investigation Plan”, International Journal of Advance Research (2008), UOAR.org, Volume 1
    2. Siti Rahayu Selamat, Robiah Yusof, Shahrin Sahib (2008), “Mapping Process of Digital Forensic Investigation Framework”, JCSNS International Journal of Computer Science and Network Securit, Vol 8.

 

 
  1. Kenneth J. Zahn (2013), “Case Study: 2012 DC3 Digital Forensic Challenge Basic Malware Analysis Exercise”, GIAC (FREM) Gold Certification
  2. John Ashcroft (2001), “Electronic Crime Scene Investigation, A guide for First Responders”, NIJ Guide
  3. M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence
  4. Richard Brian Adams (2012), “The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice”
  5. Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). “Systematic Digital Forensic Investigation Model”, International Journal of Computer Science and Security, 5(1), 118-130.
  6. Armstrong, C. (2003), “Mastering Computer Forensics. In C. Irvine & H. Armstrong”, Security Education and Critical Infrastructures Kluwer Academic Publishers.
  7. Aquilina, M.J., (2003), “Malware Forensics, Investigating and Analyzing Malicious Code”, Syngress,
  8. Carvey, H., (2005), “Windows Forensics and Incident Recovery”, Boston: Pearson Education Inc.

 

 

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2016). The Case: A Digital Forensic Investigation Plan. Retrieved from https://myassignmenthelp.com/free-samples/the-case-a-digital-forensic-investigation-plan.

"The Case: A Digital Forensic Investigation Plan." My Assignment Help, 2016, https://myassignmenthelp.com/free-samples/the-case-a-digital-forensic-investigation-plan.

My Assignment Help (2016) The Case: A Digital Forensic Investigation Plan [Online]. Available from: https://myassignmenthelp.com/free-samples/the-case-a-digital-forensic-investigation-plan
[Accessed 03 June 2020].

My Assignment Help. 'The Case: A Digital Forensic Investigation Plan' (My Assignment Help, 2016) <https://myassignmenthelp.com/free-samples/the-case-a-digital-forensic-investigation-plan> accessed 03 June 2020.

My Assignment Help. The Case: A Digital Forensic Investigation Plan [Internet]. My Assignment Help. 2016 [cited 03 June 2020]. Available from: https://myassignmenthelp.com/free-samples/the-case-a-digital-forensic-investigation-plan.


MyAssignmenthelp.com is one of the noted service providers that deliver essay help. We provide tailored essay assistance to make sure that student gets online essay help exactly in the way they want it to be written. We at MyAssigemnthelp.com have built teams of consultants, who readily attend every query related to help me writing my essay. We provide essay writing help in forms of tips and steps in order o assist students with tough essay assignments.

Latest Management Samples

ICT710 ICT Professional Practice And Ethics System

Download : 0 | Pages : 12

Answer: Introduction Disciplinary ethical codes allow an ICT professional to define standard of conduct and ensure the individual practitioners to meet those standards (Fleischmann, Hui and Wallace 2017). This study will discuss the case ethical issue caused by Edward Snowden in NSA. Moreover, the study will analyze this situation using Doing Ethics Technique. Apart from that, the study will also analyze the situation based on the ACS code of...

Read More arrow

PA304 Financial Research Methods

Download : 0 | Pages : 23

Answer: Introduction  This segment of the paper mainly explains the researches done by previous researchers in similar topics with respect to online retail industry. This section will undertake a comprehensive explanation on the practical and theoretical views of the earlier studies undertaken on online shopping in the retail sector. This is inclusive of the attractiveness of the prices, saving of time, risks that are perceived, exciteme...

Read More arrow

PA304 Financial Research Methods

Download : 0 | Pages : 23

Answer: Introduction  This segment of the paper mainly explains the researches done by previous researchers in similar topics with respect to online retail industry. This section will undertake a comprehensive explanation on the practical and theoretical views of the earlier studies undertaken on online shopping in the retail sector. This is inclusive of the attractiveness of the prices, saving of time, risks that are perceived, exciteme...

Read More arrow

PA304 Financial Research Methods

Download : 0 | Pages : 23

Answer: Introduction  This segment of the paper mainly explains the researches done by previous researchers in similar topics with respect to online retail industry. This section will undertake a comprehensive explanation on the practical and theoretical views of the earlier studies undertaken on online shopping in the retail sector. This is inclusive of the attractiveness of the prices, saving of time, risks that are perceived, exciteme...

Read More arrow

HLT54115 Diploma Of Nursing

Download : 0 | Pages : 12
  • Course Code: HLT54115
  • University: Australia Institute Of Business And Technology
  • Country: Australia

Answer: Introduction Nursing history is performed at the time of admission in-order to understand the patient’s past medical illnesses which serves as a guide for the patient care. It helps to understand about their cultural values and beliefs so as to plan care based on it. It helps us to understand about the present signs and symptoms so as to plan care based on the patient’s needs. It helps the nurses to provide more appropriat...

Read More arrow
Next
watch

Save Time & improve Grade

Just share Requriment and get customize Solution.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,328,472

Orders

4.9/5

Overall Rating

5,076

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

234 Order Completed

100% Response Time

Samantha Ji

PhD in Chemistry with Specialization in Organic

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 4/5

248 Order Completed

100% Response Time

Lloyd Bernabe

MSc in Accounting

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

184 Order Completed

96% Response Time

Arapera Billing

Masters in Management, MMgt

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 4/5

3076 Order Completed

99% Response Time

Emily Wei

Doctor of Philosophy (Ph.D) in Civil Engineering

Singapore, Singapore

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

Receive good grades for the said subject even receive my work in the quickest possible time, although there were spelling mistakes, it was overall a good work.

flag

User Id: 421441 - 03 Jun 2020

Australia

student rating student rating student rating student rating student rating

Work well done. I am very happy with the information received and the level of service is top class.

flag

User Id: 385702 - 03 Jun 2020

Australia

student rating student rating student rating student rating student rating

Great work is done by experts. All the requirements are done whatever, I asked for> I again appreciate the whole team. I would rate 5 stars to them. thanks

flag

User Id: 279240 - 03 Jun 2020

Australia

student rating student rating student rating student rating student rating

It was good, but could be better if the pictures weren't used for case studies. Also the plaigarism was low.

flag

User Id: 58382 - 03 Jun 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?