.

Wednesday, December 11, 2019

Digital Crimes Electronic Within Crimes †Myassignmenthelp.Com

Question: Explain On Digital Crimes Electronic Within Crimes? Answer: Introduction In the recent years, digital crimes or crimes within electronic and digital media have become quite prevalent. The most common of these has been the cyber crime. As a result of this, there has been a growing need for investigation of digital crimes by both individual organizations and criminal justice systems. These crimes are done partially or entirely via electronic media and the internet. Digital forensics often requires resources and procedures to facilitate searching, location, and preservation of all electronic evidence. An example of digital evidence that can be used in such cases is encrypted data which is used to facilitate criminal activities. Analysis of such data is very important in digital forensics (Aziz,2014). Digital forensics is the process through which electronic data is uncovered and interpreted. Digital forensics aims at preserving any evidence in its original form in the course of forensic investigations in order to enable reconstruction of past events. Digital Financial Services (DFS), which provides financial services for individuals, employees and Companies, is faced with a real-time data threat that is likely to have an impact its more than 250 employees as well as the more than 3 million customers that it serves. John Stuarts incidence has necessitated the formation of a team to investigate the alleged misconduct and violation of company rules by Tom wills through his act of logging into a colleague's account. For that reason, an investigation has been launched by a team of auditors to ascertain the extent of his activities, the extent to which others are involved, the people affected as well as if there is a necessity of criminal charges against Tom. This digital forensics Investigative plan is aimed at enabling systematic collection of evidence and analysis of electronic and digital data. Digital forensics methodology Methodology refers to the theoretical and systematic study of the method used in a field of study. It encompasses a theoretical investigation of methods and principles that are related to a particular branch of knowledge. The forensic investigation requires the use of an investigative methodology that has been used previously with a combination of tools ensure as that data is collected and preserved in a sound and legal manner. Computer forensics is concerned with identifying, preserving, extraction, documentation, and interpretation of computer data. Computer forensics can be viewed as a process involving the use of analysis techniques and computer investigation in order to determine potential evidence in the case of a wide range of computer crimes. Examples of computer crime include fraud, destruction of intellectual property and theft of trade secrets( Caloyannides,2014). A Number of forensic investigation methodologies have been developed to aid in forensic investigation. Some of these methodologies have been developed for use in specific instances while others have been developed for general application. Among the main methodologies used in the Forensic analysis is the method developed by Heiser and Kruse II which involves the acquisition, authentication, analysis and presentation of evidence (Kruse Heiser,2013). Another methodology was developed farmer and Venema in which they identified some main steps in computer forensic analysis. These steps included securing and isolation, recording of the scene, systematic search for evidence, collection and packaging of evidence and maintenance of chain of custody. Mandia and precise also developed a methodology for use in forensic investigations (EC-CounciL Press,2017). Their methodology involves steps such as pre-incidence preparation, incidents detection, first response, Formulation of response strategy, duplication, analysis, implementation of security measure, network monitoring, recovery, reporting and finally reporting. Digital Forensic Research workshop has also developed am method of forensic analysis which is divided into phases such as identification, preservation, collection, examination, analysis presentation and decision. Due to the fact that the organization servers are UNIX/LINUX, The most appropriate methodology for use will be SANS methodology the main reason for choosing this methodology is that its level of reliability in evidence presentation is quite high. The method will also enable the forensic investigation to remain on the right track (Kruse Heiser,2013). This makes it the most appropriate method for investigation for investigating the IFSA Security issue. This method is divided into eight steps. Verification This is the first done as part of incidence response Verification will be done to ascertain that the incident has taken place. The verification stage will also involve the determination of the scope and breadth of the incident. In short, the factors to be determined here will be the situation, the specifics, and nature of the case. Verification is important because it will facilitate identification of the best approach for identifying, preserving and collecting evidence (Newman, 2007). System description This step will involve gathering data about the incident at hand. The team will need to describe the system for analysis in terms of where it is being acquired, its role in the in the organization as well as in the network. This will be followed by outlining the systems operating system and general configuration such as the format of its disk, the location of evidence and its RAM capacity (Philipp, Cowen Davis,2010). Acquisition of Evidence This step will involve identification of possible sources of data, acquisition of both volatile and nonvolatile data and verification of data integrity and maintenance of chain of custody. This step will also involve prioritization of evidence collection as well as the engagement of the business owners with an aim of identifying the possible impact of the selected strategies. Of central focus should also be the order in which volatile data is collected because of because of the fact that it changes over time. For this reason, volatile data will need to be collected using trusted binaries in running processes, open files, RAM Contents and login sessions. After data acquisition, its integrity should then be determined (Maras, 2015). Timeline Analysis This step will involve forensic lab analysis and investigation for which the first step is timeline analysis under timeline analysis information such as time of data modification, access, change and creation of human readable format. Data will be gathered using a variety of tools, extracted from Inode and then parsed and sorted in order to facilitate analysis. Timelines of memory artifacts will also need to be considered in the reconstruction process to ascertain what happened. This step will also involve generation of an idea of the date of the activity done in the system, the artifacts used, the actual action and source. SIFT Workstation tool can be used in this process (EC-Council Press, 2010) Media and Artifact Analysis This step will involve the analysis of huge sets of data in order to identify what programs were executed, downloaded files, files which were opened, directories which were opened, files which were deleted areas browsed by the use etc. This analysis will also be focused on identifying evidence on the usage of accounts and browsers download of files, creation and opening of files, execution of programs and usage of USB key. Memory analysis will also be important for examination of rogue processes, process paths, mutex, user handles and processed paths (Marshall, 2011). String/Byte search This method will be applied to search for magic cookies through the use of appropriate tools and techniques which will also facilitate low-level image search. This step will also allow string searches by the use of regular expressions to identify strings relevant to the case. Data recovery This step will involve the recovery of data from the file system. Tools will be used to analyze the file system, data layer, and Metadata layer in order to find the files of data.This step will also facilitate analysis of unallocated space, analysis of lack space as well as in-depth file system analysis. Reporting Results This will be the final phase and it will involve reporting what has been found from the analysis such as description of the actions performed, determination of other actions that needed to be performed and offering recommendations on the improvements that need to be made on policies, procedures, tools, guidelines as well as other aspects of the forensic process. Reporting is an important part of the forensic investigation (Volonino Anzaldua,2008). Required resources A number of resources and skills are required to conduct digital forensic investigation Forensic investigation tools The organization will also need to have the necessary tools to facilitate the investigation process. For the case under analysis, tools such as tool dd are required. The investigation also requires the use of tools such as Tool EnCase Sufficient Forensic capabilities As part of the skill requirement in order to carry out the process well, the team involved in handling the case will be required to possess robust forensic capabilities. This will require the team to be composed of members possessing different skills for each of them to be able to perform a different effort and collectively make the process a success Efficient Network and Computer forensics For the process to be successful, the team will also need an efficient network and computer forensics to facilitate performance of different tasks in an organization such as investigating inappropriate behavior and crimes and troubleshooting operational problems, without which the organization will encounter challenges in determining when the occurrence of the incident within the system happened (Volonino Anzaldua,2008). Policies having forensic consideration The organization also needs to have in place policies that have forensic consideration. Such policies will be applied to the people tasked with the responsibility of monitoring the network and system. These will also be applied in the investigation of the case under analysis (Volonino,Anzaldua Godwin,2007). This policy must define the roles and responsibilities of each of the individuals taking place in the investigation process as well as provide guidelines on the most appropriate course of action for different cases Approach for data evidence Identification Application of digital technology will lead to the identification of huge sets of data based because of the fact that the company uses UNIX/LINUX servers. The main sources of data used in the forensic investigation include network storage devices, data servers and storage devices among others. These can be used for identification of evidence or the required data. It is also possible to use volatile data that is available on a standard computer system on a temporary basis. The process of identifying evidence will involve seizure of the digital media under investigation; this will then be followed by acquisition which involves the creation of a forensic duplicate. Analysis of image files created during the acquisition process will then be done to identify information that either in support or contradiction of the established hypothesis. This will then be followed by reporting inform of Meta documentation or audit information (Vacca,2015). Approach and Steps to be taken Step one: This will involve the establishment of a chain of custody. This step will require the team to be aware of the location of any items that are related to the examination. Step two: This step will involve cataloging of all the information that is relevant to the investigation. In this step, attempts will be made to recover any information that has been deleted as much as possible. This step will also involve identification of any information that is password protected and encrypted information as well as any evidence of attempts that had been made to hide data. The integrity of the original media should, however, be maintained as much as possible without any form of alteration. Finally, there will be a need to create a hard drive image that would be authenticated against the original to ensure that the two are similar (Shinder, 2012). Step3: This step will require obtaining of additional sources of information if it will be necessary. Some of the sources that will be used include proxy server logs and firewall logs Step 4: Step four will involve the analysis and interpretation of information for the purpose of evidence determination. Evidence to support that the accused person did it as well as evidence to that he did it will be sought. Any files that are encrypted or protected with passwords will need to be cracked at this step. Step five will involve the presentation of a written report that contains the findings of the analysis as well as any comments from the examination (Sheetz, 2007). Approach to recover files that have been deleted from the computer Data recovery can be the most important aspect of the forensic audit. It is from this data that is recovered that evidence is gathered. Although data does not entirely disappear from the system when it is deleted; there are techniques that are needed in order to recover it for forensic analysis. Deleted files in a computer often end up in the computer recycle bin. In such a situation the deleted information can be successfully retrieved from the recycle bin which is a temporary holding point for deleted files. However, in instances where deleted files have also been erased from the dust bin, more needs to be done. If no files are found in the dustbin, the files can still be recovered through the use of a number of data recovery tools. What happens when data is deleted from a computer is that the data is not entirely wiped from the computer. Instead, a file system record that shows the exact location of that particular file on the disc is marked as deleted. The disk space previously occupied by this file is then made available for other sets of data (Quach,2014). An analysis of the file system or conducting a hard drive scan in order to identify characteristic signatures of file types that are known can facilitate recovery of both files deleted by the user and other evidence such as temporary copies of office documents; documents that have been renamed among many other types of documents. Information from other sources such as Skype chat logs that are stored in the chat sync folder can be used to supplement data from deleted files. With the existence of chat sync folder, Skype chats can be recovered even in the event of failure to recover deleted Skype database (Pilli, Joshi and Niyogi,2010). Data security policies. A number of policies can be put up by the organization to enhance the security of data within the organization. Restricting unauthorized access to information: This will involve safeguarding all sensitive institutional and personal information against access by unauthorized persons. This can be achieved through the use of stringent punishments on those found to have violated data privacy policy. Establishing password management: This policy will require the establishment of passwords for all employees who have access to corporate resources. After passwords have been established, employees should then be directed to keep their passwords private and confidential and avoid sharing them will colleagues (Cyber Defense Training Systems, Lewis,2007). Recommendations There are a number of factors that the company can consider in order to make the process a success and effectively deal with the identified problem. The first recommendation for the company is the determination of all the parts that will be involved in the forensic examination and subsequently determine the individuals who will be responsible for each of the parts. The reason for this is the fact that many parts of the forensic investigation might require specific skills and attributes( Casey,2010). The organization will need to identify if any part of the analysis will need to be performed by external parties or whether everything will be handled by the organizations staff. Additionally, the organization will have to involve teams such as the management, human resources and IT professionals to make the process more effective. Finally, the organization will have to create procedures and guidelines to be used during the process such as explaining the methodologies most appropriate as well as guidelines for ensuring the integrity of the data collected. Conclusion Based on this report, the issue experienced by Impact Financial Service Australia is quite serious can cause serious harm to the organization if nothing is done about it. The action is a threat not only to individual employees data but also organizational data. Access to unauthorized data can facilitate fraud and other crimes in an organization such as data theft. For this reason, a forensic analysis has been instituted by the organization to provide more insight about the alleged fraud and institute measures to prevent such occurrence in future. It is evident from the plan that specific tools, as well as expertise and skills, will need to be employed in the forensic investigation. The process will also involve specific methodologies. Reference List: Aziz, B., 2014. Modelling and refinement of forensic data acquisition specifications. Digital Investigation, 11(2), pp.90-101. Caloyannides, M. (2014). Privacy Protection and Computer Forensics. Norwood, Artech House. https://public.eblib.com/choice/publicfullrecord.aspx?p=227692. Casey, E. (2010). Digital investigations, security and privacy. Digital Investigation, 7(1-2), pp.1-2. Cyber Defense Training Systems, Lewis, J. A. (2007). Corporate computer forensics training system text manual. Volume I. Leslie, Mich, Cyber Defense and Research Initiative. EC-CounciL Press. (2017). Computer forensics: investigating network intrusions and cybercrime. EC-Council Press. (2010). Computer forensics: investigating wireless networks and devices. Clifton Park, NY, Course Technology Cengage Learning. EC-Council Press. (2010). Computer forensics: investigating data and image files. Clifton Park, NY, Course Technology Cengage Learning Kruse, W. G., Heiser, J. G. (2013). Computer forensics: incident response essentials. Boston, Mass. [u.a.], Addison-Wesley Maras, M.-H. (2015). Computer forensics: cybercriminals, laws, and evidence, second edition. Burlington, MA, Jones Bartlett Learning. https://www.books24x7.com/marc.asp?bookid=69834 Marshall, A. (2011). Standards, regulation quality in digital investigations: The state we are in. Digital Investigation, 8(2), pp.141-144. Newman, R. C. (2007). Computer forensics: evidence collection and management. Boca Raton, FL, Auerbach Publications. Philipp, A., Cowen, D., Davis, C. (2010). Hacking exposed computer forensics: secrets solutions. New York, McGraw-Hill/Osborne. https://www.books24x7.com/marc.asp?bookid=72523. Pilli, E., Joshi, R. and Niyogi, R. (2010). Network forensic frameworks: Survey and research challenges. Digital Investigation, 7(1-2), pp.14-27. Quach, T. (2014). Extracting hidden messages in steganographic images. Digital Investigation, 11, pp.S40-S45 Sheetz, M. (2007). Computer forensics: an essential guide for accountants, lawyers, and managers. New Jersey, John Wiley Sons. Shinder, D. L. (2012). Scene of the cybercrime: computer forensics handbook. Rockland, Syngress Media. https://public.eblib.com/choice/publicfullrecord.aspx?p=294354 Vacca, J. R. (2015). Computer forensics: computer crime scene investigation. Hingham, Mass, Charles River Media. Volonino, L., Anzaldua, R., Godwin, J. (2007). Computer forensics: principles and practices. Upper Saddle River, N.J., Pearson/Prentice Hall. Volonino, L., Anzaldua, R. (2008). Computer forensics for dummies. Hoboken, N.J., Wiley. https://www.123library.org/book_details/?id=11847.

No comments:

Post a Comment