Digital Forensics and Cyber Security
Added on 2020-03-16
37 Pages8250 Words57 Views
|
|
|
COMPUTER FORENSIC INCIDENT RESPONSE LIFECYCLE AND DIGITAL FORENSIC
PMContentsINCIDENT RESPONSE LIFECYCLE AND DIGITAL FORENSIC................................5INTRODUCTION...............................................................................................................7COMPUTER FORENSICS.................................................................................................7Digital Forensic Methodology.....................................................................................................8Incident........................................................................................................................8Event............................................................................................................................8Incident Response........................................................................................................9Benefits........................................................................................................................9INCIDENT RESPONSE METHODOLOGY...................................................................10NIST 800 -61r2..................................................................................................................10Policy Elements.........................................................................................................................11Plan Elements............................................................................................................................11Procedure Elements...................................................................................................................12Information Share with External Partners.................................................................................12Structure of Incident Response Team........................................................................................13PHASES....................................................................................................................................14PREPARATION.........................................................................................................15DETECTION AND ANALYSIS...............................................................................16CONTAINMENT, ERADICATION AND RECOVERY..........................................21POST-INCIDENT ACTIVITY..................................................................................23
PMChecklist of Incident Handling..................................................................................26Recommendations......................................................................................................27COORDINATION AND SHARING OF INFORMATION.....................................................28Coordination..............................................................................................................28Techniques for Information Sharing..........................................................................29Granular Information Sharing....................................................................................30COMPARISON WITH SANS PICERL............................................................................30Similarities.................................................................................................................................30Differences.................................................................................................................................30IMPACT OF FBI DIGITAL FORENSICS INVESTIGATION APPROACH..................31CONCLUSION..................................................................................................................33REFERENCES..................................................................................................................34
PMINCIDENT RESPONSE LIFECYCLE AND DIGITAL FORENSIC
PMEXECUTIVE SUMMARYComputer cyber crime and data breach are some of the most important and greatestchallenges faced by almost every organizations that has major online presence. Hence theinformation technology professionals in every medium to large organizations have been facingthe challenges in planning and preparing for unexpected incidents, occurred apart from settinghardest security walls to the web servers of their businesses. Incidents, which are violation oflaw, policy or unacceptable act, involving networks, computer, Smartphone, etc. are biggestthreats for every organization today, throughout the world. The threat is because, the incident tobe handled takes very long time and demands special incident response team to work full timetill the issue is completely resolved. And every minute of the incident response lifecycle, theorganization have to experience losses, as each and every task and activity of business would bepaused during this time.
PMINTRODUCTIONDigital forensics is forensic science branch works related to computer crime. The branchdeals with investigation of digital and performs recovery or correction made, in the digitaldevices. Digital forensics is a young forensic science, relatively. Digital forensic has beenadvancing in multi-dimensions, technically, legally and in terms of complexity as the complexityand size of the incidents or computer crimes have been drastically increasing throughout theworld. There are many approaches developed to conduct the investigation and recover the data,followed by increasing the security levels of the individual systems and the systems networked inlarge numbers. Each of the models and approaches has its own logical process and procedure toconduct the investigation and recovery, though many of them follow common phases[1]. The commencement and advancement of the computer security digital forensicapproaches and models have been started from 1980s, where, the concept of computer crime wasstarted, with the initiation of the FBI.COMPUTER FORENSICSComputer forensic is younger than the other forensic sciences. Computer forensic processinvolves data extraction, followed by data analysis. The process can be simplified by a flowchartthat can describe the methodology for digital forensic analysis [2]. Computer forensics can bedefined as the usage of the methods that are digital evidences derived from the digital sourcesand are scientifically derived and proven, toward the digital evidence collection, preservation,
PMvalidation, identification, interpretation, analysis, documentation and presentation. The objectiveis facilitation or events reconstruction furthering that is found to be criminal. Computer forensics makes use of the methods and tools that are scientifically verifiedand it still involves various elements like interpretation, judgement and ability. Digital Forensic Methodology Computer forensics have teh following key elements, shown in the following flowchartfigure. Figure: Computer forensic process The process is the basic and primary for the forensic team and the forensic examiner andprosecutor have to communicate and decide each other the extent of process completed by farand how many times they should iterate the process. Incident An incident is an imminent or violation threat of computer security privacy violence andstandard security practices violation [3]. For example, an attacker may instruct a botnet forconnection requests to the web server, in higher volume that may result in crashing the server. Event An event is an occurrence that is observed in a network or system. For example, an eventcan be a request received by the server for a web page, sending a mail by a user, etc. In context toteh computer forensics, an event is usually an adverse event would have negative consequence,like crash of a system or server or unauthorized access to the secured data, etc.
PMIncident Response Attacks usually end up in personal or business data compromise and it demandsimmediate and quick critical response, after the occurrence of the security breach. Hence, thecomputer security incident response became implemented and accepted widely. Incidentresponse has the capability supporting systematically respond to the incidents, such as followinga methodology of consistent incident handling, towards responding with appropriate actions [4]. Benefits Incident response support the organizations and individuals to minimize the informationtheft or loss and services disruption, resulted from the incidents. It has the ability to utilize theinformation extracted from the incident handling towards better preparation to handle anypossible future incidents and enable stronger system and data protection. The capability of theincident response helps to deal with the legal issues that arise from the incidents, properly. Incident response capability is also needed for the federal agencies and departments tocomply with the laws and regulations and policy to direct coordination and effective defenseagainst the threats to the information security.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents