Digital Forensics: Incidents, Incident Response Measures, Legislation and Regulations
Added on 2023-06-13
14 Pages4347 Words379 Views
|
|
|
Running head: DIGITAL FORENSICS
Digital Forensics
Name of the Student
Name of the University
Author Note
Digital Forensics
Name of the Student
Name of the University
Author Note
1DIGITAL FORENSICS
Question 1: Incidents and incident response measures
Digital Forensics is a branch of computer security and recovery services that deal with
the recovering and investigating data in digital devices. This generally occurs when security
issues have arisen in an organization or with an individual with the mishandling of intricate or
confidential data (Edwards et al. 2017). When a compromise of security, any illegal action or an
unauthorized intervention is suspected on the cyberworld, it becomes increasingly essential that
the data be protected more intricately. It materializes the level of security compromising and also
the location of the position the cybercrime has been committed.
An incident has a life cycle, which follows a particular motion that drives the incident
towards attaining a solution (Scott 2015). The system begins with detection of the incident
followed by its reporting, initial diagnosis, management actions based on the initial diagnosis,
collection of evidence based on the diagnosis, next level of matured diagnosis, actions taken on
the matured diagnosis, recovery of business or assets, remedial and civil activities, law
enforcement agency activity and criminal and regulatory proceedings based on the incident.
Two cases of risk scenarios would be discussed based on this incident management about
acknowledging these cases as incidents and it would then be followed by suggestions regarding
anticipatory, incident management and long-term incident response measures.
Risk Scenario 1: In an organization, if there are numerous computers, which are
interconnected to each other and one of the systems goes down, that is if an essential computer
system goes down, it has a capability to generate risk from various aspects in the organization.
This scenario mainly starts on the initial level as a triggering event that has the potential to harm
the data and information system of the organization. The case study would qualify as a scenario
Question 1: Incidents and incident response measures
Digital Forensics is a branch of computer security and recovery services that deal with
the recovering and investigating data in digital devices. This generally occurs when security
issues have arisen in an organization or with an individual with the mishandling of intricate or
confidential data (Edwards et al. 2017). When a compromise of security, any illegal action or an
unauthorized intervention is suspected on the cyberworld, it becomes increasingly essential that
the data be protected more intricately. It materializes the level of security compromising and also
the location of the position the cybercrime has been committed.
An incident has a life cycle, which follows a particular motion that drives the incident
towards attaining a solution (Scott 2015). The system begins with detection of the incident
followed by its reporting, initial diagnosis, management actions based on the initial diagnosis,
collection of evidence based on the diagnosis, next level of matured diagnosis, actions taken on
the matured diagnosis, recovery of business or assets, remedial and civil activities, law
enforcement agency activity and criminal and regulatory proceedings based on the incident.
Two cases of risk scenarios would be discussed based on this incident management about
acknowledging these cases as incidents and it would then be followed by suggestions regarding
anticipatory, incident management and long-term incident response measures.
Risk Scenario 1: In an organization, if there are numerous computers, which are
interconnected to each other and one of the systems goes down, that is if an essential computer
system goes down, it has a capability to generate risk from various aspects in the organization.
This scenario mainly starts on the initial level as a triggering event that has the potential to harm
the data and information system of the organization. The case study would qualify as a scenario
2DIGITAL FORENSICS
with the likely consequences it would bear and the possible reactions it would attain. When a
computer system breaks down, it has the potential to harm several other systems that has
connections to it. Other than that it has the ability to make the business to become inattentive to
responding to queries (Butler 2015). When a computer system breaks down, the revenue systems
would easily be affected since there would be no chance that the business organization could
respond to the customer and client’s queries, therefore this would hamper the revenue systems as
well. The sooner the computer systems make the business unable to respond to queries, the
greater chances would be there that the revenue systems would be affected. It depends on the
organization structure to make sure how soon the company can recover the losses it has incurred
due to the breakdown of the system and in the meantime, what data recovery has been
performed.
Anticipatory measures: As an anticipatory measure, it could be suggested that the
anticipatory measures could be the various likely triggers for situations, including the times of
occurrences of an incident with a potential to incur revenue blockage in the organization.
Therefore, in this case scenario, it is essential that regular checking is to be done of all the
systems in the organization holding intricate information. The times the system falters needs
reporting of the same to the concerned authorities. In addition, it should be monitored if the
faults in the system are creating any sort of monetary blockage of incoming revenues in the
organization. It is suggested that the incident be checked thoroughly for any analysis of the
desirable evidences (Banach et al. 2017). The analysis should then be compared with the current
situation of the incident and what are the deficiencies in the incidents that have been identified.
Any kind of documentation or further monitoring of the system problems are highly
recommended in this incident since it has a potential to make out the point that might have been
with the likely consequences it would bear and the possible reactions it would attain. When a
computer system breaks down, it has the potential to harm several other systems that has
connections to it. Other than that it has the ability to make the business to become inattentive to
responding to queries (Butler 2015). When a computer system breaks down, the revenue systems
would easily be affected since there would be no chance that the business organization could
respond to the customer and client’s queries, therefore this would hamper the revenue systems as
well. The sooner the computer systems make the business unable to respond to queries, the
greater chances would be there that the revenue systems would be affected. It depends on the
organization structure to make sure how soon the company can recover the losses it has incurred
due to the breakdown of the system and in the meantime, what data recovery has been
performed.
Anticipatory measures: As an anticipatory measure, it could be suggested that the
anticipatory measures could be the various likely triggers for situations, including the times of
occurrences of an incident with a potential to incur revenue blockage in the organization.
Therefore, in this case scenario, it is essential that regular checking is to be done of all the
systems in the organization holding intricate information. The times the system falters needs
reporting of the same to the concerned authorities. In addition, it should be monitored if the
faults in the system are creating any sort of monetary blockage of incoming revenues in the
organization. It is suggested that the incident be checked thoroughly for any analysis of the
desirable evidences (Banach et al. 2017). The analysis should then be compared with the current
situation of the incident and what are the deficiencies in the incidents that have been identified.
Any kind of documentation or further monitoring of the system problems are highly
recommended in this incident since it has a potential to make out the point that might have been
3DIGITAL FORENSICS
missed in the first analyzing factor. It is then advised that there should be a proper backup taken
of the entire archiving procedures with the facilities providing proper evidences about the
incident. The evidences that are collected in this process should be collected and preserved in a
specific manner affiliated by a policy written as a part of the organization incident management
structure. Therefore, it can also be said that incident management of this incident requires that a
company should have a procedure or policy describing in which way evidences for an incident
be collected and preserved. This should be maintained by an incident management team
predefined and specialized for handling these incidents.
Incident Management: In this case scenario, incident management measures should
follow a specific working structure to be effective as a measure taken to find solution for events.
This would be done firstly by immediate reporting of the first occurrence of any suspicious faults
noticed in the system, for instance, flickering of the screen, random shutting down of system, and
others (Ngampornsukswadi et al. 2018). Initial diagnosis is to be maintained by an individual,
however, every employee in the organization should have a clear discretion of whom to report if
they happen to witness any sort of gaffe in the computers. The situation should then be handled
by an expert with sound knowledge of his or her diagnostic skills. Not just this, but an IT expert
should also check thoroughly through the matter to find out if the problems in the systems are
being exaggerated or not.
Long-term Incident Response Measures: As a matter of long-term incident response
measure it could be implemented that after the analysis of the systems in the organization the
sole strategy to respond to the incidents could be by documenting the entire event for further
incident occurrences like this. The proper documentation and incident analysis leads to having
reference for similar occurrences. The IT expert, who would be responsible to analyze the entire
missed in the first analyzing factor. It is then advised that there should be a proper backup taken
of the entire archiving procedures with the facilities providing proper evidences about the
incident. The evidences that are collected in this process should be collected and preserved in a
specific manner affiliated by a policy written as a part of the organization incident management
structure. Therefore, it can also be said that incident management of this incident requires that a
company should have a procedure or policy describing in which way evidences for an incident
be collected and preserved. This should be maintained by an incident management team
predefined and specialized for handling these incidents.
Incident Management: In this case scenario, incident management measures should
follow a specific working structure to be effective as a measure taken to find solution for events.
This would be done firstly by immediate reporting of the first occurrence of any suspicious faults
noticed in the system, for instance, flickering of the screen, random shutting down of system, and
others (Ngampornsukswadi et al. 2018). Initial diagnosis is to be maintained by an individual,
however, every employee in the organization should have a clear discretion of whom to report if
they happen to witness any sort of gaffe in the computers. The situation should then be handled
by an expert with sound knowledge of his or her diagnostic skills. Not just this, but an IT expert
should also check thoroughly through the matter to find out if the problems in the systems are
being exaggerated or not.
Long-term Incident Response Measures: As a matter of long-term incident response
measure it could be implemented that after the analysis of the systems in the organization the
sole strategy to respond to the incidents could be by documenting the entire event for further
incident occurrences like this. The proper documentation and incident analysis leads to having
reference for similar occurrences. The IT expert, who would be responsible to analyze the entire
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
National Institute of Standards and Technology (NIST) Cyber Security Framework and Terminologieslg...
|11
|1515
|26