Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Digital Forensic Methodology

Verified

Added on 2023/03/30

AI Summary

This article discusses the use of digital forensic methodology in investigating IT threats and cyber criminals. It includes a case study analysis and describes the resources required for conducting digital forensic investigations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DIGITAL FORENSIC METHODOLOGY
DIGITAL FORENSIC METHODOLOGY
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1DIGITAL FORENSIC METHODOLOGY
Executive Summary
High-Tech Pty Ltd is a very reputed technology company who deals with the supply of
logistics like computer and other technical products for various other companies. It grew its
operations and thus became one of the most leading technical logistics company. The
workforce of the company reached a staggering figure of 500 after it was established in 2005.
The organization gave priority towards the business operation and the IT department of the
company was dedicated for that purpose majorly. The factors like integrity and security of the
network system was ignored by the company as a result of this new strategy. The network
system was kept unsecured by this new business strategy. In 2019, the High-Tech Pty Ltd
was receiving complaints about purchase fraud case from its clients. Digital forensic
methodology helps to investigate any type of IT threats of a company and the cyber criminals
are identified by thorough inspection of the affected servers and hard drives. The information
security officer who was contacted by the team leader formed a team of digital forensic
specialist and investigated about the case. The security officer investigated the case and found
out that there was a breach in the network system of the company. Some employees of the
Brisbane branch are identified to be the culprits of this incident. The company's officials
approached and notified the Information Security Officer of this problem. The inquiry
indicates that some of the company's inner staff violated the company's network scheme.

2DIGITAL FORENSIC METHODOLOGY
Table of Contents
1. Introduction............................................................................................................................3
2. Analysis of case study............................................................................................................4
3. Discussion..............................................................................................................................6
3.1. Justification of the use of digital forensic methodology.................................................6
3.2. Description of the resources required to conduct digital forensic methodology............7
3.3. Approach of the investigation for identification of evidence..........................................8
3.4. Approach for the analysis phase of the investigation......................................................9
3.5. Relevant security policies for the Company.................................................................10
3.6. Recommendations to the Company for dealing with similar future problems.............12
4. Conclusion............................................................................................................................14
5. References............................................................................................................................15

3DIGITAL FORENSIC METHODOLOGY
1. Introduction
One of the most leading technology company of Australia named High-Tech Pty Ltd
is a dealer of computers and office equipment. It was established in 2005 and after that the
company grew rapidly and now it has more than 250 employees along with more than 5000
business in and around Australia. High-Tech Pty Ltd gave priority towards the business
operation and the IT department of the company was dedicated for that purpose majorly. The
network environment of the company was neglected due to this incident. Due to the
compromise in the network system of the company the safety systems for preventing
intrusion was neglected.
High-Tech Pty Ltd faced some complaints from the logistics department of its clients.
The clients complained that after the confirmation of the purchase, money got deducted from
their end but they were not delivered with the products. The authorities of the company
contacted the Information Security Officer and informed this issue. The investigation
suggests that the network system of the company was breached by some internal employees
of the company. The employees who are connected to this incident belongs to the Brisbane
branch of High-Tech Pty Ltd.
This report will discuss about the investigation methods and the application of the
digital forensic methodologies applied by the Information Security Officer of the company to
investigate this case. The analysis of the case study is given in this report along with the plan
used for the case study.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4DIGITAL FORENSIC METHODOLOGY
2. Analysis of case study
High-Tech Pty Ltd is a very reputed technology company who deals with the supply
of logistics like computer and other technical products for various other companies. The main
office of the company is established in Melbourne and has its branches in other cities like
Adelaide, Brisbane, Sydney and Perth.
High-Tech Pty Ltd wanted to achieve some advantages over its competitors and for
that reason from 2010 they applied a new strategy for their business. According to the new
strategy of the company they invested hugely on the information technology only for
supporting the business operation of the company. The factors like integrity and security of
the network system was ignored by the company as a result of this new strategy. The network
system was kept unsecured by this new business strategy. The chance of intrusion prevailed
due to the application of this new strategy. The higher authority of the organization should
have checked the consequences before implementing this strategy. This strategy made the
system of the organization vulnerable and it should have been avoided.
Since the starting of 2019, the High-Tech Pty Ltd was receiving complaints about
purchase fraud case from its clients. The clients of the company complained that after
ordering some logistics the money was deducted from their account and the purchase was
also confirmed from the company, but the clients did not receive any type of products from
the company. Finally High-Tech Pty Ltd had to look after this matter as it was a serious
concern of fraud transaction and the fraud was done from the end of the company. The team
leader immediately contacted the higher authorities of the company and the higher authority
appointed an Information Security Officer. The duty of the information security officer was
to identify the cause of the accident at any cost.

5DIGITAL FORENSIC METHODOLOGY
The security officer investigated the case and found out that there was a breach in the
network system of the company. The servers and the workstations of the company was
mainly based on the software of Microsoft Windows (Scandariato et al. 2014). The users
from Brisbane office accessed the servers and new type of software program was installed in
the system for executing this fraud. Information security officer formed a team of computer
forensic investigators for investigating this case. The Microsoft Windows software based
already had a bad reputation of getting affected by malware.
3. Discussion
3.1. Justification of the use of digital forensic methodology
Digital forensic methodology is done in an organization to control the IT regarded
crimes by the hackers and intruders (Perumal, Norwawi and Raman 2015). The data from the
database system of the organization can easily be compromised using hacking software. The
company facing this type of incident can opt for this methodology of digital forensic.
Digital forensic methodology tries to investigate any type of IT threats of a company
and the cyber criminals are identified by thorough inspection of the affected servers and hard
drives (Hitchcock, Le-Khac and Scanlon 2016). Cybercrime always leaves some type of
evidence in the server or the hard drives of the affected system. The responsibility of the
digital forensic specialist is to trace the threat and eliminate the threat from the system for
obtaining maximum security in future.
In the case of High-Tech Pty Ltd, the fraud was done by some internal employee of
Brisbane branch. The company faced complaints from its clients about the fraud. The money
was deducted from the account of the clients but the logistics were not delivered from the

6DIGITAL FORENSIC METHODOLOGY
behalf of High-Tech Pty Ltd. The information security officer had to create a special team
consisting of digital forensic specialist to find out the cause of the fraud.
The fraud was done by internal employees of the High-Tech Pty Ltd and thus it was
against the ethics as it harmed the clients of the organization (Han and Xiao 2014). The good
name of the company was also hampered by this incident. This was a case of cybercrime and
thus the identification of the employees who committed this cybercrime should be identified
and should be punished according to the laws of the organizations and also according to the
law of the country in which the organization is situated. Though the servers of the High-Tech
Pty Ltd were not maintained properly and there was a case of negligence from the
organization but this does not mean that the employees can cause harm to the system of the
organization.
Digital forensics ensures that the cybercriminals would be punished according to the
laws (Garrie 2014). The employees behind this fraud case would be expelled from the
company and they also have to serve sentence according to the law (Nelson, Phillips and
Steuart 2014). The incident is illegal and the clients faced a problem and the goodwill of the
company was also destroyed (Sicari et al. 2015). The clients would not trust the system of the
High-Tech Pty Ltd easily in future. Thus the application of the digital forensics methodology
is completely justified in this case.
3.2. Description of the resources required to conduct digital forensic methodology
The digital forensic methodology is one of the new field in the forensic science. The
term forensic means investigating any crime by using various scientific techniques or
methods. The application of the scientific methods make the investigation of any crime easier
(Ribaux and Wright 2014). The massive development in field of technology made everything
digital and thus the crime related to the digital world also increased. Some crime which are

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7DIGITAL FORENSIC METHODOLOGY
related to the digital world are hacking of servers or hacking of the database systems of
various organizations (Quick and Choo 2016). Thus the concept of digital forensic or
computer forensic methodology is much newer when compared to other forensic
methodologies.
The set of hardware and software are required for proper evaluation. The experts who
are engaged with this methodology should be very much experienced about the hardware as
well as the software of the systems (Skopik, Settanni and Fiedler 2016). They should be able
to access any type of online servers.
3.3. Approach of the investigation for identification of evidence
The digital forensic methodology involves some basic steps which are collection of
the data, validation of the collected data or the evidence, identification of the source of the
data, analysis of the data, interpretation of the data along with the documentation and
presentation of the digital evidences or the data.
The process which is followed for conducting the digital forensic methodology are
extraction or preparation of the evidence. In this case the internal employee of the High-Tech
Pty Ltd were involved with the case. The investigating team have to collect proper evidence
against the employees who are connected with this case. The primary way to collect the
evidence is by extracting the information from all the computers of the employees of that
organization (Coulthard, Johnson and Wright 2016). The employees related to this case
would also be investigated by the investigating team. The software and the hardware of the
machines used by those employees are validated by the investigating team for the best
outcome.
After the validation, identification of the related employees are also very important as
the other employees cannot be blamed who were not guilty. The system identification is a

8DIGITAL FORENSIC METHODOLOGY
lengthy process as false identification can lead to chaos inside the organization. The source of
the data which was used to breach the system should be pin pointed by the investigating team
for better identification (Hegarty, Lamb and Attwood 2014). The process of identification
should be done in an iterative way for collecting the best results. The determination of the
type of substance used for the piracy is done and according to that result the data required are
marked (Lillis et al. 2016). The searching of the evidence is very important for issuing a
warrant against the employees related with the crime.
The investigating team can seize the computer used by those employees for the better
identification of the evidence. The team will inform the authorities as soon as they find out
about the employees connected with the crime. All the activities should be kept on hold as the
employees can try to escape punishment, for that instantly informing the authorities about the
employees is very important (Watson and Dehghantanha 2016). There can be other
employees related with the employees thus the secrecy should be maintained by the team in
order to get hold of all the culprits (Dehghantanha and Franke 2014). The iterative process
helps the process of collecting proper information more accurate.
3.4. Approach for the analysis phase of the investigation
The analysis of the collected information or the evidence is also very important. In the
analysis phase of the investigation the investigators of the case connects all the linking point
of the case. The team tries to obtain the relevant information about the system involved in the
case along with the employees of the case (Agarwal and Kothari 2015). The basic principle of
analysis is questioning. The questions which are frequently asked by the investigators during
this stage are “why, when, how and where”. The investigators tries to obtain the possible
explanation for every situations. The situations can be complicated for the employees related
with the case, thus the investigating team have to think like the employees in order to obtain
maximum information about the situations.

9DIGITAL FORENSIC METHODOLOGY
The investigating team has to produce an alternative timelines for the course of the
events that happened during the case. They will make a coherent story for better
understanding. There is also another motive of the analysis method that the investigating
team, they have to inform about the every findings to the higher authorities. The team has to
identify each and every relevant thing like the accessing or the modification of the servers by
the employees, the modified or deleted information from the servers (Thethi and Keane,
2014). The team usually tries to explain the chain of events that occurred during the
incidents.
The investigation runs through a series or cycle and after completion of each cycle
another cycle is obtained for completion. At the end the team moves to the reporting phase of
the forensic methodology. The reporting phase is for the higher authorities as they need to
have an explanation from the investigators. The higher authorities cannot completely rely on
the data given by the investigators, they also have to intervene in order to get the best results.
3.5. Relevant security policies for the Company
The leading technology company named High-Tech Pty Ltd in Australia provides
wide range of computers and also official equipment that are needed by the business
organizations. In the verge of being competitive and gaining more advantages over their
competitors they have heavily invested on their information technology systems so as to
provide extra support to their business operations (Fenz et al. 2014). During this activity and
process they have installed and implemented for gaining more profits and fame over their
competitors, they have lost their focus from the security management towards their setups
that have been installed and running previously (Laudon and Laudon 2016). The

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10DIGITAL FORENSIC METHODOLOGY
Management Information System (MIS) staffs neglected the part of the maintenance over
their server and hardware side of the organization.
There was high negligence by the management team on looking after and
maintaining the network updates and all infrastructure applications in the recent times. This
has caused a breach in the system by the users of the company and has resulted in high
instability in the network environment across all, the companies and stores of the High-Tech
Pty Ltd offices (Joiner 2017). The users or the employees of one particular office gained
access over the systems and also the server sites of the other outlets and the offices.
The main reason being the firewalls that are implied in the systems of the offices were
outdated and not updated in the recent years. The firewalls that were used were not properly
secured throughout the environment of the of company offices (Neitzel 2013). Use of trial
packs or non-renewal of the expired firewalls anti-virus systems led to the breach that has
been committed by the users of the company which affected the company’s reputation on the
customers as the customers lodged complaints against the company activities where the
customers did not receive the bought items irrespective of the payments that have been
completed (Abawajy 2014). As an information security officer, the necessary security
policies that are needed to be developed are the high maintenance of the system and server
that are installed in the offices and the headquarters.
The new backup procedures are needed to be installed so that the track record can be
visible by the management information system staffs so that breaches can be located. This
will prevent and minimize the threat from damaging the private or lone copy of the
information of an individual employee (Cavelty 2014). Installing of new updated firewalls
and strong firewalls like the McAfee, Palo Alto and Cisco ASA 5505 are the best options for
installing in a business organization. This will produce Deterrence to the unacceptable use or

11DIGITAL FORENSIC METHODOLOGY
to some destructive activities within the organization. The next important step is the
implementation of the Containment process. Applications like SCAR help to reduce the
active threads in a limit within the recorded areas. This is done by applying segmentation on
different types of information.
The most important security policy is the development of the cyber security plan
according to the cyber laws. The HIPAA Security Rule needs organizations, their company
partners and sometimes even their subcontractors to keep and enforce technical information
and software protection policies and processes (Coventry et al. 2014). Layered security
process implementation in the business environment across all the centers in Australia will
help to secure the end-points by the firewalls and anti-exploit software.
The update of the security patches is needed to be done by setting a limited frequency
for the browsers that are allowed for the transaction purpose of the business in the
organization along with the Operating Systems and the applications. The training will
comprise of the methodologies of detection of social engineering tactics and the knowledge
of access to the remote workers of the network (Laudon and Laudon 2016). Automated
backup to a multifactor authenticated cloud server needs to be enabled. The policy also
contains the identifications of the responsibilities of the workers (Joiner 2017). Once the
policies are applied the main function will be the training of the users and ho to maintain it
and segregation of the duties to the MIS is important. The password management systems are
needed to be utilized for the safety of the system.

12DIGITAL FORENSIC METHODOLOGY
3.6. Recommendations to the Company for dealing with similar future problems.
The High-Tech Pty Ltd is a leading technology company in Australia. In respect of
holding the position in the business market in the near future the company needs to
understand the regulations and the rules that are needed to be set and maintained by the
officials and security managers of the company (Luiijf, Besseling and Graaf 2013). It is
highly recommended to understand the degree of the data whether it is sensitive or not. The
sensitive data comprises of the user’s account information, buyers card details or transaction
numbers that can be tampered by the other users by breaching the system (Neitzel 2013).
Creating a new team of security management that will take care of the system functions and
updates and maintenance is important to keep the healthy position of the business without any
breach.
Educating the employees about the system and cyber breaches and how to protect the
data is a vital step that is recommended by the information security investigator. Applications
like PCI-DSS (payment card industry data security standards) are needed to secure the
security breaches within the organization (Safa,Solms and Furnell 2016). The company
employees are also required to get accustomed with the laws like the ACS codes of ethics in
the field of professional development and professionalism (Osho and Onoja 2015). The
employees should also be informed about the action that stand against the breach of the ACS
codes and the penalties that are implied. Implying of the genuine Web Application Firewall is
also necessary to protect the server site of the organization. Hiring an external specialist to
assess the hazards and keep property and information safe would be the last recommendation
as the primitive members are not up to date with the modern structures of security.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13DIGITAL FORENSIC METHODOLOGY

14DIGITAL FORENSIC METHODOLOGY
4. Conclusion
This report concludes that the computer forensic investigation plan that has been
implied on the Australia based leading technology company High-tech Pty Ltd. The
management team of the company lost the focus from the security management of the
company IT structure. As a result the company faced severe breaches within the organization.
The company faced some complaints from its customer’s logistics department. Users
complained that cash had been debited from their end after the purchase confirmation but that
they had not been supplied with the goods. The company's officials approached and notified
the Information Security Officer of this problem. The inquiry indicates that some of the
company's inner staff violated the company's network scheme. The breach was caused by
some internal employees of the organization. The goodwill of this reputed organization was
destroyed by the actions of these employees. The report has discussed about the methods of
the investigation done by the team lead by the information security officer.
This study has addressed and concluded that the inquiry techniques and the
implementation of the company's digital forensic methodologies to explore this situation have
been done. This report analyzes the case study together with the strategy used for the case
research. The description of the resources has been illustrated that are required to conduct the
digital forensic methodology along with the approach and regulations that are needed to be
implied. Hence the report concludes that the maintenance of the security patches of the
servers and maintenance of the firewalls are necessary for the organization to carry on the
healthy business structure in the future.

15DIGITAL FORENSIC METHODOLOGY
5. References
Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour
& Information Technology, 33(3), pp.237-248.
Agarwal, R. and Kothari, S., 2015. Review of digital forensic investigation frameworks.
In Information Science and Applications (pp. 561-571). Springer, Berlin, Heidelberg.
Cavelty, M.D., 2014. Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715.
Coulthard, M., Johnson, A. and Wright, D., 2016. An introduction to forensic linguistics:
Language in evidence. Routledge.
Coventry, L., Briggs, P., Jeske, D. and van Moorsel, A., 2014, June. Scene: A structured
means for creating and evaluating behavioral nudges in a cyber security environment.
In International conference of design, user experience, and usability (pp. 229-239). Springer,
Cham.
Dehghantanha, A. and Franke, K., 2014, July. Privacy-respecting digital investigation.
In 2014 Twelfth Annual International Conference on Privacy, Security and Trust (pp. 129-
138). IEEE.
Fenz, S., Heurix, J., Neubauer, T. and Pechstein, F., 2014. Current challenges in information
security risk management. Information Management & Computer Security, 22(5), pp.410-
430.
Garrie, D.B., 2014. Digital forensic evidence in the courtroom: Understanding content and
quality. Nw. J. Tech. & Intell. Prop., 12, p.i.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16DIGITAL FORENSIC METHODOLOGY
Han, W. and Xiao, Y., 2014, June. NFD: a practical scheme to detect non-technical loss fraud
in smart grid. In 2014 IEEE International Conference on Communications (ICC) (pp. 605-
609). IEEE.
Hegarty, R., Lamb, D.J. and Attwood, A., 2014. Digital Evidence Challenges in the Internet
of Things. In INC (pp. 163-172).
Hitchcock, B., Le-Khac, N.A. and Scanlon, M., 2016. Tiered forensic methodology model for
Digital Field Triage by non-digital evidence specialists. Digital investigation, 16, pp.S75-
S85.
Joiner, K.F., 2017. How Australia can catch up to US cyber resilience by understanding that
cyber survivability test and evaluation drives defense investment. Information Security
Journal: A Global Perspective, 26(2), pp.74-84.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education
India.
Lillis, D., Becker, B., O'Sullivan, T. and Scanlon, M., 2016. Current challenges and future
research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Luiijf, E., Besseling, K. and De Graaf, P., 2013. Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), pp.3-31.
Neitzel, L., 2013. Six steps to control system cybersecurity. International Society of
Automation (ISA) in Tech
Nelson, B., Phillips, A. and Steuart, C., 2014. Guide to computer forensics and
investigations. Cengage learning.
Osho, O. and Onoja, A.D., 2015. National Cyber Security Policy and Strategy of Nigeria: A
Qualitative Analysis. International Journal of Cyber Criminology, 9(1).

17DIGITAL FORENSIC METHODOLOGY
Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT) digital
forensic investigation model: Top-down forensic approach methodology. In 2015 Fifth
International Conference on Digital Information Processing and Communications
(ICDIPC) (pp. 19-23). IEEE.
Quick, D. and Choo, K.K.R., 2016. Big forensic data reduction: digital forensic images and
electronic evidence. Cluster Computing, 19(2), pp.723-740.
Ribaux, O. and Wright, B.T., 2014. Expanding forensic science through forensic
intelligence. Science & justice, 54(6), pp.494-501.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Scandariato, R., Walden, J., Hovsepyan, A. and Joosen, W., 2014. Predicting vulnerable
software components via text mining. IEEE Transactions on Software Engineering, 40(10),
pp.993-1006.
Sicari, S., Rizzardi, A., Grieco, L.A. and Coen-Porisini, A., 2015. Security, privacy and trust
in Internet of Things: The road ahead. Computer networks, 76, pp.146-164
Skopik, F., Settanni, G. and Fiedler, R., 2016. A problem shared is a problem halved: A
survey on the dimensions of collective cyber defence through security information
sharing. Computers & Security, 60, pp.154-176
Thethi, N. and Keane, A., 2014, February. Digital forensics investigations in the cloud.
In 2014 IEEE international advance computing conference (IACC) (pp. 1475-1480). IEEE.
Watson, S. and Dehghantanha, A., 2016. Digital forensics: the missing piece of the internet of
things promise. Computer Fraud & Security, 2016(6), pp.5-8.

18DIGITAL FORENSIC METHODOLOGY

1 out of 19

+13062052269

info@desklib.com

Digital Forensic Methodology

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Computer Forensics: A Literature Review

Report on Forensic Digital

IT Security Policy Analysis and Recommendations