Computer Forensics: A Literature Review
VerifiedAdded on 2020/03/23
|15
|4173
|38
AI Summary
This assignment requires a detailed literature review on the field of computer forensics. It necessitates examining various books and publications that cover essential topics in computer forensics, including evidence collection, analysis, legal frameworks, and ethical considerations. The review should critically analyze the presented information, highlight key themes, identify gaps in existing knowledge, and demonstrate an understanding of the evolution and current state of computer forensics.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Computer forensics investigation plan for UniCareer Pty. Ltd
Name
Institution
Professor
Course
Date
Name
Institution
Professor
Course
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive summary
Human life aspect has changed drastically in relation technological advancements that has been
implemented in business operations. Technological innovation has shown that, it is quite useful
in despite challenges it presents to operations of daily business. With high absorption of
technology in the today’s organizational operations, it poses a lot of threats to activities of the
day through use of organizational information systems. In this case, UniCareer Pty. Ltd has been
the company of focus and its security has been threatened and compromised by absorption of
technology in their business operations. With technology advancement and absorption in
business operations, cyber security has been a major threat which has been facing organizations.
UniCareer Pty. Ltd has been on the same trend of cyber security threats since it has suffered
security attacks that has been used by competitors to advertise their business by sending emails
to students and staff. Similarly, one of the organizational employee has been using organizational
network to watch pornographic materials which is against the rules of organizations. In regard to
these two cases, UniCareer Pty. Ltd has been seeking possible ways to establish the origin of the
attacker and the measures possible to prevent their occurrence. In order to be able to dig deeper
to the root cause of these security lapses, there is need to establish strict organizational rules and
regulations that would guide operation of company. In this regard, there is need to carryout
forensic investigation in order to be able to make outstanding decision on the cause of cyber
security lapses. It is through forensic research that UniCareer Pty. Ltd would be able to unearth,
gather and analyze possible evidence which would help in coming up with final solution.
Contents
Human life aspect has changed drastically in relation technological advancements that has been
implemented in business operations. Technological innovation has shown that, it is quite useful
in despite challenges it presents to operations of daily business. With high absorption of
technology in the today’s organizational operations, it poses a lot of threats to activities of the
day through use of organizational information systems. In this case, UniCareer Pty. Ltd has been
the company of focus and its security has been threatened and compromised by absorption of
technology in their business operations. With technology advancement and absorption in
business operations, cyber security has been a major threat which has been facing organizations.
UniCareer Pty. Ltd has been on the same trend of cyber security threats since it has suffered
security attacks that has been used by competitors to advertise their business by sending emails
to students and staff. Similarly, one of the organizational employee has been using organizational
network to watch pornographic materials which is against the rules of organizations. In regard to
these two cases, UniCareer Pty. Ltd has been seeking possible ways to establish the origin of the
attacker and the measures possible to prevent their occurrence. In order to be able to dig deeper
to the root cause of these security lapses, there is need to establish strict organizational rules and
regulations that would guide operation of company. In this regard, there is need to carryout
forensic investigation in order to be able to make outstanding decision on the cause of cyber
security lapses. It is through forensic research that UniCareer Pty. Ltd would be able to unearth,
gather and analyze possible evidence which would help in coming up with final solution.
Contents
Executive summary...................................................................................................................................2
Introduction.................................................................................................................................................4
Company background...........................................................................................................................4
Objective of the report..........................................................................................................................4
Scope of the report.................................................................................................................................6
Justification of Current Methodology and Computer Forensic Methodologies...................................6
Digital Forensic Methodologies............................................................................................................6
Steps involved in digital forensic investigations..................................................................................7
Resources used in collecting Forensic evidence.......................................................................................8
Preparation plan in digital forensic investigation...............................................................................8
Tools in digital forensic research..........................................................................................................8
Skills required by forensic investigators..............................................................................................9
Forensic investigation tools and other peripherals.............................................................................9
Forensic Acquisition of evidence..............................................................................................................9
Plan for forensic evidence acquisition..................................................................................................9
Contingency plan.................................................................................................................................10
Tools used in data Acquisition............................................................................................................10
Validation and verification of forensic data......................................................................................10
Phase of Forensic Investigation..............................................................................................................11
Analyzing hidden data and files..........................................................................................................11
Time frame, network and email analysis...........................................................................................11
Information Security Policies for UniCareer Pty. Ltd......................................................................12
Conclusion and Recommendations........................................................................................................12
References................................................................................................................................................13
Introduction.................................................................................................................................................4
Company background...........................................................................................................................4
Objective of the report..........................................................................................................................4
Scope of the report.................................................................................................................................6
Justification of Current Methodology and Computer Forensic Methodologies...................................6
Digital Forensic Methodologies............................................................................................................6
Steps involved in digital forensic investigations..................................................................................7
Resources used in collecting Forensic evidence.......................................................................................8
Preparation plan in digital forensic investigation...............................................................................8
Tools in digital forensic research..........................................................................................................8
Skills required by forensic investigators..............................................................................................9
Forensic investigation tools and other peripherals.............................................................................9
Forensic Acquisition of evidence..............................................................................................................9
Plan for forensic evidence acquisition..................................................................................................9
Contingency plan.................................................................................................................................10
Tools used in data Acquisition............................................................................................................10
Validation and verification of forensic data......................................................................................10
Phase of Forensic Investigation..............................................................................................................11
Analyzing hidden data and files..........................................................................................................11
Time frame, network and email analysis...........................................................................................11
Information Security Policies for UniCareer Pty. Ltd......................................................................12
Conclusion and Recommendations........................................................................................................12
References................................................................................................................................................13
Introduction
Company background
UniCareer Pty. Ltd is a Company based in United States of America. It is a leading
educational provider with ability to provide various study qualifications in education industry.
Some of the qualifications offered by the company include; OCPJ, CFA, OCAJ, FRM and
CCNP. Within its 5 years of establishment, the company is celebrating a huge margin of success
in education industry. The company has a population of 25,000 students and 10 campuses within
5 different areas in various states. It employs more than 50 staff members which are involved in
various service delivery from within the organization. UniCareer Pty. Ltd has a well surfaced
information technology infrastructure which gives a boost to its service delivery taking into
account the amount students served and mode of service delivery used. Though organization
relies heavily on technological service delivery, it is pathetic UniCareer Pty. Ltd has not updated
its technological infrastructure for quite some time. It makes use of both laptops and mac OS in
their daily operation of business. Security features related to network including organizational
firewalls segmentation have not been updated for some years and is poorly implemented
throughout the organizational network covering several states. Security parameters such as
intrusion detection and prevention have been set up in the organizational network but does not
provide required services to the organization which corresponds to waste of resources. Due to
growing industry market, UniCareer Pty. Ltd is facing severe competition from companies such
as ABC Pty Ltd and should address security threats arising from its competitors.
Objective of the report
Recently, there has emerged some claims which poses security threats to organizational
industry success. UniCareer Pty. Ltd students and staff members have complained of receiving
an email which convinces them to join ABC Pty Ltd, a competing firm in professional education
Company background
UniCareer Pty. Ltd is a Company based in United States of America. It is a leading
educational provider with ability to provide various study qualifications in education industry.
Some of the qualifications offered by the company include; OCPJ, CFA, OCAJ, FRM and
CCNP. Within its 5 years of establishment, the company is celebrating a huge margin of success
in education industry. The company has a population of 25,000 students and 10 campuses within
5 different areas in various states. It employs more than 50 staff members which are involved in
various service delivery from within the organization. UniCareer Pty. Ltd has a well surfaced
information technology infrastructure which gives a boost to its service delivery taking into
account the amount students served and mode of service delivery used. Though organization
relies heavily on technological service delivery, it is pathetic UniCareer Pty. Ltd has not updated
its technological infrastructure for quite some time. It makes use of both laptops and mac OS in
their daily operation of business. Security features related to network including organizational
firewalls segmentation have not been updated for some years and is poorly implemented
throughout the organizational network covering several states. Security parameters such as
intrusion detection and prevention have been set up in the organizational network but does not
provide required services to the organization which corresponds to waste of resources. Due to
growing industry market, UniCareer Pty. Ltd is facing severe competition from companies such
as ABC Pty Ltd and should address security threats arising from its competitors.
Objective of the report
Recently, there has emerged some claims which poses security threats to organizational
industry success. UniCareer Pty. Ltd students and staff members have complained of receiving
an email which convinces them to join ABC Pty Ltd, a competing firm in professional education
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
service delivery. This is very serious cyber security threat since all emails received by students
should come from the company. Receiving an email requesting them to join competing firm
shows there is an access to organizational students and staff database. It would be possible to
raise some speculations on the where about of such emails. Since UniCareer Pty. Ltd allows both
staff and students to use their laptops and smartphones within organizational network, it might be
possible data captured by such devices was used to gain access to organizational network and
database. The second scenario focuses on one of organizational employees watching
pornographic material within organizational network premises while using organizational
MacOS computer. This shows poor network security where firewalls filtering has not been done
for security of some site access while using UniCareer Pty. Ltd network. The main goal of this
report is to come up with forensic plan which would help UniCareer Pty. Ltd. To solve its cyber
security threats. The report focuses on detailed and justifiable components of digital forensic
investigation plan. First, it gives an introductory approaches on types of forensics available and
their justifications. Resources required and available to carry out digital forensic investigation
which involves skills possessed by team members, tools within organizational expert reach to
support technological needs and security policies as it will be addressed in security policy plan to
guide organization in addressing security lapses. Third part of the report would be addressing
acquisition plan in forensic investigation which factors; contingency plan, acquisition plan
procedures and verification and validation procedures. Forensic analysis investigation would be
addressed in the proceeding section which would involve analysis of the emails received by both
student and staff members and network analysis techniques on security features available as
addressed in firewall configuration regarding site access from within and use of organizational
network. The last part of report would address both policy formulation, findings and
should come from the company. Receiving an email requesting them to join competing firm
shows there is an access to organizational students and staff database. It would be possible to
raise some speculations on the where about of such emails. Since UniCareer Pty. Ltd allows both
staff and students to use their laptops and smartphones within organizational network, it might be
possible data captured by such devices was used to gain access to organizational network and
database. The second scenario focuses on one of organizational employees watching
pornographic material within organizational network premises while using organizational
MacOS computer. This shows poor network security where firewalls filtering has not been done
for security of some site access while using UniCareer Pty. Ltd network. The main goal of this
report is to come up with forensic plan which would help UniCareer Pty. Ltd. To solve its cyber
security threats. The report focuses on detailed and justifiable components of digital forensic
investigation plan. First, it gives an introductory approaches on types of forensics available and
their justifications. Resources required and available to carry out digital forensic investigation
which involves skills possessed by team members, tools within organizational expert reach to
support technological needs and security policies as it will be addressed in security policy plan to
guide organization in addressing security lapses. Third part of the report would be addressing
acquisition plan in forensic investigation which factors; contingency plan, acquisition plan
procedures and verification and validation procedures. Forensic analysis investigation would be
addressed in the proceeding section which would involve analysis of the emails received by both
student and staff members and network analysis techniques on security features available as
addressed in firewall configuration regarding site access from within and use of organizational
network. The last part of report would address both policy formulation, findings and
recommendation as required in information system security measures to curtail UniCareer Pty.
Ltd cyber security threats.
Scope of the report
The report has been set up in context of evaluating UniCareer Pty. Ltd current scenario,
network and firewall infrastructure setup, procedures in UniCareer Pty. Ltd business operations
and other security procedures. Therefore, UniCareer Pty. Ltd organizational scope would cover
the two cases in the company to make sure all security aspects are addressed. The report would
focus on information system cyber security threats as addressed from two organizational
scenarios.
Justification of Current Methodology and Computer Forensic Methodologies
Digital Forensic Methodologies
To come up with solution to cyber security threats, UniCareer Pty. Ltd would be required
to come up with forensic evaluation of its system in a bid to determine its storage of data and
evaluate how result of the research would be used to secure organizational data. Results obtained
from forensic investigation would might be in various form for purpose of coming up with
diverse range of evidence which could be used in criminal case proceedings (Maghaireh, 2009).
There are three distinct steps which are involved in the process of digital search of evidence.
They include; acquisition of data, validation of evidence collected and analysis to ensure it is
authentic for use in criminal case proceedings. It is important to make sure forensic research is
quite flexible so that it facilitates more ways of collecting required evidence. Methodologies
involved in forensic research are; facts restoration technique which is used by researchers to
restore data into its original state after information system has been compromised by attackers.
To restore data, various restoration procedures are required in order to make process more
authentic and acceptable. The process of data restoration take place if organizational information
Ltd cyber security threats.
Scope of the report
The report has been set up in context of evaluating UniCareer Pty. Ltd current scenario,
network and firewall infrastructure setup, procedures in UniCareer Pty. Ltd business operations
and other security procedures. Therefore, UniCareer Pty. Ltd organizational scope would cover
the two cases in the company to make sure all security aspects are addressed. The report would
focus on information system cyber security threats as addressed from two organizational
scenarios.
Justification of Current Methodology and Computer Forensic Methodologies
Digital Forensic Methodologies
To come up with solution to cyber security threats, UniCareer Pty. Ltd would be required
to come up with forensic evaluation of its system in a bid to determine its storage of data and
evaluate how result of the research would be used to secure organizational data. Results obtained
from forensic investigation would might be in various form for purpose of coming up with
diverse range of evidence which could be used in criminal case proceedings (Maghaireh, 2009).
There are three distinct steps which are involved in the process of digital search of evidence.
They include; acquisition of data, validation of evidence collected and analysis to ensure it is
authentic for use in criminal case proceedings. It is important to make sure forensic research is
quite flexible so that it facilitates more ways of collecting required evidence. Methodologies
involved in forensic research are; facts restoration technique which is used by researchers to
restore data into its original state after information system has been compromised by attackers.
To restore data, various restoration procedures are required in order to make process more
authentic and acceptable. The process of data restoration take place if organizational information
system has been compromised by an incident of cyber attacker such as one evidenced in
UniCareer Pty. Ltd. Data recovery procedures makes sure system is brought back into operations
once organizational information system has been compromised and its secure operations cannot
be guaranteed (Nelson, Phillips & Steuart, 2010). Next, organizational network forensics has
been used and continue to be one of the major parameters which organizations use for forensic
investigations. It serves as one of the best tools to use when organizational network need to be
analyzed for forensic evidence. Information data such as network and server logs are used by
forensic experts to come up with reports which would be used to mitigate security threats to
organization information systems (Kleiman, 2007). Additionally, in cases of events such as
UniCareer Pty. Ltd, E mail forensic evaluation would be required since one of the scenarios that
led to forensic research is unrecognized email received by both staff and students. Some of the
email analysis that should be done include; emails header which can be used to explain the
destination of the email, email IP address with intent of collecting computer used to send it, date
and time when such an email was sent (Carbone, 2014). Situations where network forensics is
useful are spam emails, phishing emails or different malicious emails. Lastly, Digital forensic
research can be used as an ideal methodology to carry out forensic research in this case. Altheide
& Carvey (2011) argues that, both email and analysis of network is very essential because it can
be used to dig the proof if any system compromise took place.
Steps involved in digital forensic investigations
In order to come up with valuable and recognized approach in digital forensic procedures,
UniCareer Pty. Ltd may adopt following steps; UniCareer Pty. Ltd may evaluate these two cases
through use of forensic investigators so that suitable approach may be taken to solve security
lapses. Next, it might require UniCareer Pty. Ltd to develop a demand tick check of list which
would be used to facilitate digital forensic research. In addition to that, it can be used to come up
UniCareer Pty. Ltd. Data recovery procedures makes sure system is brought back into operations
once organizational information system has been compromised and its secure operations cannot
be guaranteed (Nelson, Phillips & Steuart, 2010). Next, organizational network forensics has
been used and continue to be one of the major parameters which organizations use for forensic
investigations. It serves as one of the best tools to use when organizational network need to be
analyzed for forensic evidence. Information data such as network and server logs are used by
forensic experts to come up with reports which would be used to mitigate security threats to
organization information systems (Kleiman, 2007). Additionally, in cases of events such as
UniCareer Pty. Ltd, E mail forensic evaluation would be required since one of the scenarios that
led to forensic research is unrecognized email received by both staff and students. Some of the
email analysis that should be done include; emails header which can be used to explain the
destination of the email, email IP address with intent of collecting computer used to send it, date
and time when such an email was sent (Carbone, 2014). Situations where network forensics is
useful are spam emails, phishing emails or different malicious emails. Lastly, Digital forensic
research can be used as an ideal methodology to carry out forensic research in this case. Altheide
& Carvey (2011) argues that, both email and analysis of network is very essential because it can
be used to dig the proof if any system compromise took place.
Steps involved in digital forensic investigations
In order to come up with valuable and recognized approach in digital forensic procedures,
UniCareer Pty. Ltd may adopt following steps; UniCareer Pty. Ltd may evaluate these two cases
through use of forensic investigators so that suitable approach may be taken to solve security
lapses. Next, it might require UniCareer Pty. Ltd to develop a demand tick check of list which
would be used to facilitate digital forensic research. In addition to that, it can be used to come up
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
with organizational list of resources which would be used in forensics. This resources include
personnel, equipment and money. Similarly, UniCareer Pty. Ltd should take risk prevention and
elimination procedures which would make it easy for organization to solve its cyber security
problems. Lastly, UniCareer Pty. Ltd should make sure organizational data integrity is
maintained with all validation procedures being put in to practice.
Resources used in collecting Forensic evidence
Preparation plan in digital forensic investigation
While preparing digital forensic plan for UniCareer Pty. Ltd, subject parties should
follow clearly formulated steps which guarantees non-disruption of current business activities
and all forensic procedures are done in accordance with the law. Violating any operational
procedure in forensic research renders the whole process useless since evidence collected cannot
be used in criminal case proceeding. Next, data verification and validation should be involved in
the process of forensic research to make sure that, evidence collected conforms to standard set of
rules and procedures. Lastly, there is need to come up proper storage mechanisms of storing any
forensic evidence so that it can be verifiable and accurate when needed for use.
Tools in digital forensic research
Meyer (2014) stipulates that, in forensic research, involved parties should be able to
choose most suitable and available tools which renders involved parties accuracy and cognizance
of the process. It has been proved that, it is forensic research tools which determines the outcome
of the research because without relevant tools, it may not be possible for investigators to come
dig deeper into analysis of the affected information system. It is upon subject organization to
avail required tools, devices and finances because failure to provide such resources would render
forensic process ineffective. Important to note is that, tools and devices required range from
software and hardware which investigators would use in their process (Jones & Valli, 2009). The
personnel, equipment and money. Similarly, UniCareer Pty. Ltd should take risk prevention and
elimination procedures which would make it easy for organization to solve its cyber security
problems. Lastly, UniCareer Pty. Ltd should make sure organizational data integrity is
maintained with all validation procedures being put in to practice.
Resources used in collecting Forensic evidence
Preparation plan in digital forensic investigation
While preparing digital forensic plan for UniCareer Pty. Ltd, subject parties should
follow clearly formulated steps which guarantees non-disruption of current business activities
and all forensic procedures are done in accordance with the law. Violating any operational
procedure in forensic research renders the whole process useless since evidence collected cannot
be used in criminal case proceeding. Next, data verification and validation should be involved in
the process of forensic research to make sure that, evidence collected conforms to standard set of
rules and procedures. Lastly, there is need to come up proper storage mechanisms of storing any
forensic evidence so that it can be verifiable and accurate when needed for use.
Tools in digital forensic research
Meyer (2014) stipulates that, in forensic research, involved parties should be able to
choose most suitable and available tools which renders involved parties accuracy and cognizance
of the process. It has been proved that, it is forensic research tools which determines the outcome
of the research because without relevant tools, it may not be possible for investigators to come
dig deeper into analysis of the affected information system. It is upon subject organization to
avail required tools, devices and finances because failure to provide such resources would render
forensic process ineffective. Important to note is that, tools and devices required range from
software and hardware which investigators would use in their process (Jones & Valli, 2009). The
choice of tools used by forensic researchers determines the kind of results obtained and the
nature of attacker to the information system.
Skills required by forensic investigators
According to (Casey & Altheide, 2010), forensic investigation requires a range of skills
which are both professional and self-acquired. Forensic investigators should have skills such as
interpersonal which helps investigators in solving problems without enduring so many
challenges, enable them to work under immense pressure and be creative enough to use locally
available tools in maximizing the process of investigation in order to achieve the best outcome.
Similarly, there are aspects of technical skills which are acquired professionally and forensic
researchers should have them. These skills should be approved through certifications such as
network certification which are acquired from various institutions (Ziccardi, 2012).
Forensic investigation tools and other peripherals
In order to carryout authentic and efficient forensic analysis, researchers should have
arrange of tools. There is need for researchers have acquired high speed computers which have
more powerful software power to evaluate the nature of system compromise (Davis, Cowen &
Philipp, 2005). These machines should be provided so that all possible data analysis can be done
to unearth any incidence that might have taken place without knowledge of organizational cyber
security experts.
Forensic Acquisition of evidence
Plan for forensic evidence acquisition
Forensic evidence acquisition is used as a means of gathering information which could be
used to determine the nature of system compromise and extend to which such compromise might
nature of attacker to the information system.
Skills required by forensic investigators
According to (Casey & Altheide, 2010), forensic investigation requires a range of skills
which are both professional and self-acquired. Forensic investigators should have skills such as
interpersonal which helps investigators in solving problems without enduring so many
challenges, enable them to work under immense pressure and be creative enough to use locally
available tools in maximizing the process of investigation in order to achieve the best outcome.
Similarly, there are aspects of technical skills which are acquired professionally and forensic
researchers should have them. These skills should be approved through certifications such as
network certification which are acquired from various institutions (Ziccardi, 2012).
Forensic investigation tools and other peripherals
In order to carryout authentic and efficient forensic analysis, researchers should have
arrange of tools. There is need for researchers have acquired high speed computers which have
more powerful software power to evaluate the nature of system compromise (Davis, Cowen &
Philipp, 2005). These machines should be provided so that all possible data analysis can be done
to unearth any incidence that might have taken place without knowledge of organizational cyber
security experts.
Forensic Acquisition of evidence
Plan for forensic evidence acquisition
Forensic evidence acquisition is used as a means of gathering information which could be
used to determine the nature of system compromise and extend to which such compromise might
have taken place. There are range of tools which could be used to produce information for digital
forensic research such a hard disks, servers and network logs. All these media can be mirrored to
provide a copy of data which can be analyzed later after incident (Prosise, Mandia & McGraw-
Hill, 2003). UniCareer Pty. Ltd can make various forms of data acquisition provided they are
relevant and can give possible solution in relation to subject scenario.
Contingency plan
Generally, there are some measures which should be put in place in advance by
organization to make sure data can be recovered when organization has been hit by disaster or an
attacker. Organizational potential risks that have been reported so far are; watching of
pornographic materials while in organizations and while using organizational computers.
Possibility of solving such problem is through use of formulation of filtering features from
firewalls and implementing strong security measures in the network (Caloyannides, 2001). Given
the sort and scope of UniCareer Pty. Ltd cyber security cases, back up plans would surface
effectively.
Tools used in data Acquisition
Set of tools to be used in data acquisition process are dependent on scenario present. In
case of UniCareer Pty. Ltd, tools required would majorly be based on network analysis and email
evaluation. Network analyzers would be used since the main focus would be on how
organizational network was used to watch prohibited and filtered materials. Similarly, email
analysis would be done to ascertain staff and students received emails advertising latters’
competitor. Therefore, one scenario tools cannot be used in another related scenario tools
because their nature varies in intensity and mode of occurrence (Cyber Defense Training
Systems. & Lewis, 2007).
forensic research such a hard disks, servers and network logs. All these media can be mirrored to
provide a copy of data which can be analyzed later after incident (Prosise, Mandia & McGraw-
Hill, 2003). UniCareer Pty. Ltd can make various forms of data acquisition provided they are
relevant and can give possible solution in relation to subject scenario.
Contingency plan
Generally, there are some measures which should be put in place in advance by
organization to make sure data can be recovered when organization has been hit by disaster or an
attacker. Organizational potential risks that have been reported so far are; watching of
pornographic materials while in organizations and while using organizational computers.
Possibility of solving such problem is through use of formulation of filtering features from
firewalls and implementing strong security measures in the network (Caloyannides, 2001). Given
the sort and scope of UniCareer Pty. Ltd cyber security cases, back up plans would surface
effectively.
Tools used in data Acquisition
Set of tools to be used in data acquisition process are dependent on scenario present. In
case of UniCareer Pty. Ltd, tools required would majorly be based on network analysis and email
evaluation. Network analyzers would be used since the main focus would be on how
organizational network was used to watch prohibited and filtered materials. Similarly, email
analysis would be done to ascertain staff and students received emails advertising latters’
competitor. Therefore, one scenario tools cannot be used in another related scenario tools
because their nature varies in intensity and mode of occurrence (Cyber Defense Training
Systems. & Lewis, 2007).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Validation and verification of forensic data
According to Ec-Council Press (2010), data validation and verification is an important
aspect as it guarantees organizational data integrity and consistency is up to date. Compromising
UniCareer Pty. Ltd data leaves it in inconsistent state which is against principles of data security.
Therefore, validation of data collected as a forensic evidence need to be validate for accuracy
and relevant to the event (Newman, 2007).
Phase of Forensic Investigation
Analyzing hidden data and files
Intruders uses different methods to interfere with the system. They may decide to hide data
delete data or change it to unreadable form. According to forensic principles, all hidden files
need to be analyzed to uncover any proof in it. To uncover the truth in hidden files, vaious
equipements need to be made available for analysis (Volonino, Anzaldua & Godwin, 2006).
According to (Blitz, 2011), all relevant documents should be analyzed in order to make sure
required evidence has been solicited. Analysis can be done by evaluating how the file was
achieved, manipulation made on data, configuration made on the network and IP address used in
accessing a given set of data (Bunting, 2012).
Time frame, network and email analysis
According to International Council of E-Commerce Consultants (2017), time of event
occurrence is very important as it helps in determining who accessed which data and from where.
It may also help in determining the number of times organizational system was accessed
illegally. To achieve time analysis, data stamps and time frame analysis are the most important
aspects to be evaluated (Mohay, 2006). Similarly, both network and email analysis is very
important in this case because these are the main aspects through which UniCareer Pty. Ltd was
According to Ec-Council Press (2010), data validation and verification is an important
aspect as it guarantees organizational data integrity and consistency is up to date. Compromising
UniCareer Pty. Ltd data leaves it in inconsistent state which is against principles of data security.
Therefore, validation of data collected as a forensic evidence need to be validate for accuracy
and relevant to the event (Newman, 2007).
Phase of Forensic Investigation
Analyzing hidden data and files
Intruders uses different methods to interfere with the system. They may decide to hide data
delete data or change it to unreadable form. According to forensic principles, all hidden files
need to be analyzed to uncover any proof in it. To uncover the truth in hidden files, vaious
equipements need to be made available for analysis (Volonino, Anzaldua & Godwin, 2006).
According to (Blitz, 2011), all relevant documents should be analyzed in order to make sure
required evidence has been solicited. Analysis can be done by evaluating how the file was
achieved, manipulation made on data, configuration made on the network and IP address used in
accessing a given set of data (Bunting, 2012).
Time frame, network and email analysis
According to International Council of E-Commerce Consultants (2017), time of event
occurrence is very important as it helps in determining who accessed which data and from where.
It may also help in determining the number of times organizational system was accessed
illegally. To achieve time analysis, data stamps and time frame analysis are the most important
aspects to be evaluated (Mohay, 2006). Similarly, both network and email analysis is very
important in this case because these are the main aspects through which UniCareer Pty. Ltd was
compromised through (Sheetz, 2007). It is only through network that organization can be able to
acquire all forensic information relating to its system compromise.
Information Security Policies for UniCareer Pty. Ltd
In order to make sure organizational information is safe, it is important to formulate
additional rules and regulations which might help UniCareer Pty. Ltd to secure its information
system. According to Ec-Council Press (2017) UniCareer Pty. Ltd has to set some rules that
would help in governing organizational data security. These rules should include; UniCareer Pty.
Ltd should implement strong and rapidly updated paswords. Maras (2015) argues that,
organizational security parameters should not be exposed to unauthorized parties in order to
makes sure operational procedures are availed to relevant users only. Similarly, organizational
information system should be designed in such a way that, there is automatic log off after a given
period of idle time. Additionally, UniCareer Pty. Ltd should implement strong security features
such as firewalls and authentication procedures required to access the system (Clarke & IT
Governance Publishing, 2010). Lastly, devices such as network servers and network routers
should be safely stored in well fenced houses and in secured cabinets to prevent them from
unauthorized access.
Conclusion and Recommendations
Data security has been a major challenge in today’s business and there is need to come up
measures which would help UniCareer Pty. Ltd to keep its data secure and free from authorize
by third party. The main focus has been on implementing digital forensic plan for UniCareer Pty.
Ltd which will help in securing its information system from being compromised. A range of
activities including data hiding techniques and data recovery procedures has been recommended
for secure and accurate retrieval of forensic evidence. Upon evaluation of data security threats
that faced UniCareer Pty. Ltd, possible solutions to problems have been suggested to help in
acquire all forensic information relating to its system compromise.
Information Security Policies for UniCareer Pty. Ltd
In order to make sure organizational information is safe, it is important to formulate
additional rules and regulations which might help UniCareer Pty. Ltd to secure its information
system. According to Ec-Council Press (2017) UniCareer Pty. Ltd has to set some rules that
would help in governing organizational data security. These rules should include; UniCareer Pty.
Ltd should implement strong and rapidly updated paswords. Maras (2015) argues that,
organizational security parameters should not be exposed to unauthorized parties in order to
makes sure operational procedures are availed to relevant users only. Similarly, organizational
information system should be designed in such a way that, there is automatic log off after a given
period of idle time. Additionally, UniCareer Pty. Ltd should implement strong security features
such as firewalls and authentication procedures required to access the system (Clarke & IT
Governance Publishing, 2010). Lastly, devices such as network servers and network routers
should be safely stored in well fenced houses and in secured cabinets to prevent them from
unauthorized access.
Conclusion and Recommendations
Data security has been a major challenge in today’s business and there is need to come up
measures which would help UniCareer Pty. Ltd to keep its data secure and free from authorize
by third party. The main focus has been on implementing digital forensic plan for UniCareer Pty.
Ltd which will help in securing its information system from being compromised. A range of
activities including data hiding techniques and data recovery procedures has been recommended
for secure and accurate retrieval of forensic evidence. Upon evaluation of data security threats
that faced UniCareer Pty. Ltd, possible solutions to problems have been suggested to help in
determining security lapses that have faced UniCareer Pty. Ltd information system. Besides rules
and regulations, various data analysis tools and resources including personnel have been
discussed in to detail and relevant skills required by various groups of digital forensic
investigators. Having analyzed all various aspects of digital forensic, it would be worthy to note
that, if all aspects are put in place as required, digital forensic would be a success to any subject
organization.
References
Altheide, C., & Carvey, H. A. (2011). Digital forensics with open source tools: Using open
source platform tools for performing computer forensics on target systems: Windows, Mac,
Linux, UNIX, etc. Burlington, MA: Syngress.
Blitz, A. (2011). Lab manual for guide to computer forensics and investigations, fourth edition.
Boston, MA: Course Technology, Cengage Learning.
Bunting, S. (2012). EnCase computer forensics: The official EnCE : EnCase certified examiner
study guide. Hoboken, N.J: Wiley.
Caloyannides, M. A. (2001). Computer forensics and privacy. Boston: Artech House.
Carbone, F. (2014). Computer forensics with FTK. Birmingham, U.K: Packt Pub.
Casey, E., & Altheide, C. (2010). Handbook of digital forensics and investigation. Burlington,
Mass: Academic Press.
Clarke, N., & It Governance Publishing. (2010). Computer forensics: A pocket guide. Ely,
Cambridgeshire: IT Governance Publishing.
and regulations, various data analysis tools and resources including personnel have been
discussed in to detail and relevant skills required by various groups of digital forensic
investigators. Having analyzed all various aspects of digital forensic, it would be worthy to note
that, if all aspects are put in place as required, digital forensic would be a success to any subject
organization.
References
Altheide, C., & Carvey, H. A. (2011). Digital forensics with open source tools: Using open
source platform tools for performing computer forensics on target systems: Windows, Mac,
Linux, UNIX, etc. Burlington, MA: Syngress.
Blitz, A. (2011). Lab manual for guide to computer forensics and investigations, fourth edition.
Boston, MA: Course Technology, Cengage Learning.
Bunting, S. (2012). EnCase computer forensics: The official EnCE : EnCase certified examiner
study guide. Hoboken, N.J: Wiley.
Caloyannides, M. A. (2001). Computer forensics and privacy. Boston: Artech House.
Carbone, F. (2014). Computer forensics with FTK. Birmingham, U.K: Packt Pub.
Casey, E., & Altheide, C. (2010). Handbook of digital forensics and investigation. Burlington,
Mass: Academic Press.
Clarke, N., & It Governance Publishing. (2010). Computer forensics: A pocket guide. Ely,
Cambridgeshire: IT Governance Publishing.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cyber Defense Training Systems. & Lewis, J. A. (2007). Corporate computer forensics training
system text manual. Volume I. Leslie, Mich: Cyber Defense and Research Initiative.
Davis, C., Cowen, D., & Philipp, A. (2005). Hacking exposed: Computer forensics secrets &
solutions. Emeryville: McGraw-Hill/Osborne.
Ec-Council Press. (2010). Computer forensics: Investigating data and image files. Clifton Park,
NY: Course Technology Cengage Learning.
Ec-Council Press. (2017). Computer forensics: Investigating network intrusions and cybercrime.
International Council of E-Commerce Consultants. (2017). Investigation Procedures and
Response.
Jones, A., & Valli, C. (2009). Building a digital forensic laboratory: Establishing and managing
a successful facility. Burlington, Mass: Butterworth-Heinemann/Syngress Pub.
Maghaireh, A. (2009). Jordanian cybercrime investigation: a comparative analysis of search for
and seizure of digital evidence’, Research Online, pp. 1-36.
Maras, M.-H. (2015). Computer forensics: Cybercriminals, laws, and evidence, second edition.
Burlington, MA: Jones & Bartlett Learning
Meyer, T. T. (2014). Careers in computer forensics. New York: Rosen Publishing.
Mohay, G. M. (2006). Computer And Intrusion Forensics. Norwood: Artech House.
Nelson, B, Phillips, A & Steuart, C. (2010). ‘Guide to Computer Forensics and Investigation’,
Course Technology. Cengage Learning, Boston, MA
system text manual. Volume I. Leslie, Mich: Cyber Defense and Research Initiative.
Davis, C., Cowen, D., & Philipp, A. (2005). Hacking exposed: Computer forensics secrets &
solutions. Emeryville: McGraw-Hill/Osborne.
Ec-Council Press. (2010). Computer forensics: Investigating data and image files. Clifton Park,
NY: Course Technology Cengage Learning.
Ec-Council Press. (2017). Computer forensics: Investigating network intrusions and cybercrime.
International Council of E-Commerce Consultants. (2017). Investigation Procedures and
Response.
Jones, A., & Valli, C. (2009). Building a digital forensic laboratory: Establishing and managing
a successful facility. Burlington, Mass: Butterworth-Heinemann/Syngress Pub.
Maghaireh, A. (2009). Jordanian cybercrime investigation: a comparative analysis of search for
and seizure of digital evidence’, Research Online, pp. 1-36.
Maras, M.-H. (2015). Computer forensics: Cybercriminals, laws, and evidence, second edition.
Burlington, MA: Jones & Bartlett Learning
Meyer, T. T. (2014). Careers in computer forensics. New York: Rosen Publishing.
Mohay, G. M. (2006). Computer And Intrusion Forensics. Norwood: Artech House.
Nelson, B, Phillips, A & Steuart, C. (2010). ‘Guide to Computer Forensics and Investigation’,
Course Technology. Cengage Learning, Boston, MA
Newman, R. C. (2007). Computer forensics: Evidence collection and management. Boca Raton,
FL: Auerbach Publications.
Prosise, C., Mandia, K., & McGraw-Hill. (2003). Incident response & computer forensics. New
York: McGraw-Hill/Osborne.
Sheetz, M. (2007). Computer forensics: An essential guide for accountants, lawyers, and
managers. New Jersey: John Wiley & Sons.
The official CHFI study guide (Exam 312-49): For computer hacking forensic investigator.
Place of publication not identified: Syngress.
Volonino, L., Anzaldua, R., & Godwin, J. (2006). Computer forensics: Principles and practices.
Upper Saddle River, N.J: Pearson Education.
Ziccardi, G. (2012). Privacy, sicurezza informatica, computer forensics e investigazioni digitali.
Milano: Giuffrè.
FL: Auerbach Publications.
Prosise, C., Mandia, K., & McGraw-Hill. (2003). Incident response & computer forensics. New
York: McGraw-Hill/Osborne.
Sheetz, M. (2007). Computer forensics: An essential guide for accountants, lawyers, and
managers. New Jersey: John Wiley & Sons.
The official CHFI study guide (Exam 312-49): For computer hacking forensic investigator.
Place of publication not identified: Syngress.
Volonino, L., Anzaldua, R., & Godwin, J. (2006). Computer forensics: Principles and practices.
Upper Saddle River, N.J: Pearson Education.
Ziccardi, G. (2012). Privacy, sicurezza informatica, computer forensics e investigazioni digitali.
Milano: Giuffrè.
1 out of 15
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.