Digital Forensics: Incidents, Incident Response Measures, Legislation and Regulations
VerifiedAdded on  2023/06/13
|14
|4347
|379
AI Summary
This article covers the basics of digital forensics, including incidents and incident response measures. It also discusses legislation and regulations affecting development, and includes two risk scenarios and a case study on unauthorized emails. The article provides insights on anticipatory measures, incident management, and long-term incident response measures.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: DIGITAL FORENSICS
Digital Forensics
Name of the Student
Name of the University
Author Note
Digital Forensics
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1DIGITAL FORENSICS
Question 1: Incidents and incident response measures
Digital Forensics is a branch of computer security and recovery services that deal with
the recovering and investigating data in digital devices. This generally occurs when security
issues have arisen in an organization or with an individual with the mishandling of intricate or
confidential data (Edwards et al. 2017). When a compromise of security, any illegal action or an
unauthorized intervention is suspected on the cyberworld, it becomes increasingly essential that
the data be protected more intricately. It materializes the level of security compromising and also
the location of the position the cybercrime has been committed.
An incident has a life cycle, which follows a particular motion that drives the incident
towards attaining a solution (Scott 2015). The system begins with detection of the incident
followed by its reporting, initial diagnosis, management actions based on the initial diagnosis,
collection of evidence based on the diagnosis, next level of matured diagnosis, actions taken on
the matured diagnosis, recovery of business or assets, remedial and civil activities, law
enforcement agency activity and criminal and regulatory proceedings based on the incident.
Two cases of risk scenarios would be discussed based on this incident management about
acknowledging these cases as incidents and it would then be followed by suggestions regarding
anticipatory, incident management and long-term incident response measures.
Risk Scenario 1: In an organization, if there are numerous computers, which are
interconnected to each other and one of the systems goes down, that is if an essential computer
system goes down, it has a capability to generate risk from various aspects in the organization.
This scenario mainly starts on the initial level as a triggering event that has the potential to harm
the data and information system of the organization. The case study would qualify as a scenario
Question 1: Incidents and incident response measures
Digital Forensics is a branch of computer security and recovery services that deal with
the recovering and investigating data in digital devices. This generally occurs when security
issues have arisen in an organization or with an individual with the mishandling of intricate or
confidential data (Edwards et al. 2017). When a compromise of security, any illegal action or an
unauthorized intervention is suspected on the cyberworld, it becomes increasingly essential that
the data be protected more intricately. It materializes the level of security compromising and also
the location of the position the cybercrime has been committed.
An incident has a life cycle, which follows a particular motion that drives the incident
towards attaining a solution (Scott 2015). The system begins with detection of the incident
followed by its reporting, initial diagnosis, management actions based on the initial diagnosis,
collection of evidence based on the diagnosis, next level of matured diagnosis, actions taken on
the matured diagnosis, recovery of business or assets, remedial and civil activities, law
enforcement agency activity and criminal and regulatory proceedings based on the incident.
Two cases of risk scenarios would be discussed based on this incident management about
acknowledging these cases as incidents and it would then be followed by suggestions regarding
anticipatory, incident management and long-term incident response measures.
Risk Scenario 1: In an organization, if there are numerous computers, which are
interconnected to each other and one of the systems goes down, that is if an essential computer
system goes down, it has a capability to generate risk from various aspects in the organization.
This scenario mainly starts on the initial level as a triggering event that has the potential to harm
the data and information system of the organization. The case study would qualify as a scenario
2DIGITAL FORENSICS
with the likely consequences it would bear and the possible reactions it would attain. When a
computer system breaks down, it has the potential to harm several other systems that has
connections to it. Other than that it has the ability to make the business to become inattentive to
responding to queries (Butler 2015). When a computer system breaks down, the revenue systems
would easily be affected since there would be no chance that the business organization could
respond to the customer and client’s queries, therefore this would hamper the revenue systems as
well. The sooner the computer systems make the business unable to respond to queries, the
greater chances would be there that the revenue systems would be affected. It depends on the
organization structure to make sure how soon the company can recover the losses it has incurred
due to the breakdown of the system and in the meantime, what data recovery has been
performed.
Anticipatory measures: As an anticipatory measure, it could be suggested that the
anticipatory measures could be the various likely triggers for situations, including the times of
occurrences of an incident with a potential to incur revenue blockage in the organization.
Therefore, in this case scenario, it is essential that regular checking is to be done of all the
systems in the organization holding intricate information. The times the system falters needs
reporting of the same to the concerned authorities. In addition, it should be monitored if the
faults in the system are creating any sort of monetary blockage of incoming revenues in the
organization. It is suggested that the incident be checked thoroughly for any analysis of the
desirable evidences (Banach et al. 2017). The analysis should then be compared with the current
situation of the incident and what are the deficiencies in the incidents that have been identified.
Any kind of documentation or further monitoring of the system problems are highly
recommended in this incident since it has a potential to make out the point that might have been
with the likely consequences it would bear and the possible reactions it would attain. When a
computer system breaks down, it has the potential to harm several other systems that has
connections to it. Other than that it has the ability to make the business to become inattentive to
responding to queries (Butler 2015). When a computer system breaks down, the revenue systems
would easily be affected since there would be no chance that the business organization could
respond to the customer and client’s queries, therefore this would hamper the revenue systems as
well. The sooner the computer systems make the business unable to respond to queries, the
greater chances would be there that the revenue systems would be affected. It depends on the
organization structure to make sure how soon the company can recover the losses it has incurred
due to the breakdown of the system and in the meantime, what data recovery has been
performed.
Anticipatory measures: As an anticipatory measure, it could be suggested that the
anticipatory measures could be the various likely triggers for situations, including the times of
occurrences of an incident with a potential to incur revenue blockage in the organization.
Therefore, in this case scenario, it is essential that regular checking is to be done of all the
systems in the organization holding intricate information. The times the system falters needs
reporting of the same to the concerned authorities. In addition, it should be monitored if the
faults in the system are creating any sort of monetary blockage of incoming revenues in the
organization. It is suggested that the incident be checked thoroughly for any analysis of the
desirable evidences (Banach et al. 2017). The analysis should then be compared with the current
situation of the incident and what are the deficiencies in the incidents that have been identified.
Any kind of documentation or further monitoring of the system problems are highly
recommended in this incident since it has a potential to make out the point that might have been
3DIGITAL FORENSICS
missed in the first analyzing factor. It is then advised that there should be a proper backup taken
of the entire archiving procedures with the facilities providing proper evidences about the
incident. The evidences that are collected in this process should be collected and preserved in a
specific manner affiliated by a policy written as a part of the organization incident management
structure. Therefore, it can also be said that incident management of this incident requires that a
company should have a procedure or policy describing in which way evidences for an incident
be collected and preserved. This should be maintained by an incident management team
predefined and specialized for handling these incidents.
Incident Management: In this case scenario, incident management measures should
follow a specific working structure to be effective as a measure taken to find solution for events.
This would be done firstly by immediate reporting of the first occurrence of any suspicious faults
noticed in the system, for instance, flickering of the screen, random shutting down of system, and
others (Ngampornsukswadi et al. 2018). Initial diagnosis is to be maintained by an individual,
however, every employee in the organization should have a clear discretion of whom to report if
they happen to witness any sort of gaffe in the computers. The situation should then be handled
by an expert with sound knowledge of his or her diagnostic skills. Not just this, but an IT expert
should also check thoroughly through the matter to find out if the problems in the systems are
being exaggerated or not.
Long-term Incident Response Measures: As a matter of long-term incident response
measure it could be implemented that after the analysis of the systems in the organization the
sole strategy to respond to the incidents could be by documenting the entire event for further
incident occurrences like this. The proper documentation and incident analysis leads to having
reference for similar occurrences. The IT expert, who would be responsible to analyze the entire
missed in the first analyzing factor. It is then advised that there should be a proper backup taken
of the entire archiving procedures with the facilities providing proper evidences about the
incident. The evidences that are collected in this process should be collected and preserved in a
specific manner affiliated by a policy written as a part of the organization incident management
structure. Therefore, it can also be said that incident management of this incident requires that a
company should have a procedure or policy describing in which way evidences for an incident
be collected and preserved. This should be maintained by an incident management team
predefined and specialized for handling these incidents.
Incident Management: In this case scenario, incident management measures should
follow a specific working structure to be effective as a measure taken to find solution for events.
This would be done firstly by immediate reporting of the first occurrence of any suspicious faults
noticed in the system, for instance, flickering of the screen, random shutting down of system, and
others (Ngampornsukswadi et al. 2018). Initial diagnosis is to be maintained by an individual,
however, every employee in the organization should have a clear discretion of whom to report if
they happen to witness any sort of gaffe in the computers. The situation should then be handled
by an expert with sound knowledge of his or her diagnostic skills. Not just this, but an IT expert
should also check thoroughly through the matter to find out if the problems in the systems are
being exaggerated or not.
Long-term Incident Response Measures: As a matter of long-term incident response
measure it could be implemented that after the analysis of the systems in the organization the
sole strategy to respond to the incidents could be by documenting the entire event for further
incident occurrences like this. The proper documentation and incident analysis leads to having
reference for similar occurrences. The IT expert, who would be responsible to analyze the entire
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4DIGITAL FORENSICS
issue, can use this reference further for all the incidences like this that occurs in the business
timeline (Montasari, Peltola and Carpenter 2016). Any inconveniences noticed are suggested to
be documented in the same way so that these could also be treated as a reference to the upcoming
incidents similar to the incidents that have been faced by the organization before. There is no
chance that any detailed and documented issue cannot be treated as an incident management
program for the long run.
Risk Scenario 2: This scenario states that a company website had been hacked for a
company providing service to its clients by taking their personal information, such as credit
reports, and helping them in checking their credit report as well as the credit grantors to decide
the offering range of products and services to the customers. The hacking had resulted in
breaching the data of millions of customers and leaking out their personal information over a
website causing the publication of intricate and private data of common mass (Chawki et al.
2015). This scenario is identified as an incident. This incident had made the company lose its
evaluation revenue and also make the clients grow disregard for the organization as well.
Anticipatory measures: As an anticipatory measure, it could be suggested that in an
organization, the team required to check for the security of the data reported any trivial issue
about the data scanning being held from somewhere other than the organization itself. This could
be acquired by the proper checking of the data being accessed from various sources by checking
their IPs (Taylor 2016). This would easily analyze that there is a chance that the data could be
breached or has been breached.
Incident Management: It is suggested that the incident regarding the data breach in this
scenario be managed by a team responsible in handling the security of the data and information
issue, can use this reference further for all the incidences like this that occurs in the business
timeline (Montasari, Peltola and Carpenter 2016). Any inconveniences noticed are suggested to
be documented in the same way so that these could also be treated as a reference to the upcoming
incidents similar to the incidents that have been faced by the organization before. There is no
chance that any detailed and documented issue cannot be treated as an incident management
program for the long run.
Risk Scenario 2: This scenario states that a company website had been hacked for a
company providing service to its clients by taking their personal information, such as credit
reports, and helping them in checking their credit report as well as the credit grantors to decide
the offering range of products and services to the customers. The hacking had resulted in
breaching the data of millions of customers and leaking out their personal information over a
website causing the publication of intricate and private data of common mass (Chawki et al.
2015). This scenario is identified as an incident. This incident had made the company lose its
evaluation revenue and also make the clients grow disregard for the organization as well.
Anticipatory measures: As an anticipatory measure, it could be suggested that in an
organization, the team required to check for the security of the data reported any trivial issue
about the data scanning being held from somewhere other than the organization itself. This could
be acquired by the proper checking of the data being accessed from various sources by checking
their IPs (Taylor 2016). This would easily analyze that there is a chance that the data could be
breached or has been breached.
Incident Management: It is suggested that the incident regarding the data breach in this
scenario be managed by a team responsible in handling the security of the data and information
5DIGITAL FORENSICS
produced by the company that scanned over the entire customer data. The incident is then
managed over the security system handling by making sure that all permeable aspects of data
security system be handled well making the security system impermeable to the hackers. This is
because making the data and security system vulnerable to the hackers would demand the
authenticity of the organization to the clients (Karagiannopoulos 2016). This would eventually
result in the clients to lose the trust it has on the organization. In addition, the organization
should also adapt to documenting the entire incident into a proper and systematic manner. This
would enable the IT experts responsible to handle the issue in referring the documents for any
further reoccurrence of the incident.
Long-term Incident Response Measures: As a long-term Incident Response, it is
advised that the company arranged for security systems much reliable than the traditional version
if the old version did not justify the needs in securing data of the organization (Watson and
Dehghantanha 2016). In addition, the documentation for the previous incidences would work as
the references for these issues that have been in vogue in the previous cases as well.
Question 2: Legislation and Regulation – Checking unauthorized emails
Background of the case: The case study that has been presented in this regard is the
scenario including two people Alice and Bob. Alice and Bob are friends and therefore, as a
favor, Alice had asked Bob to access her personal Gmail account from an open browser on her
laptop and send a quick email. It is to be further clarified if the act has been an offense or an
academic misconduct and if it qualifies as an offense then if anyone amongst Alice or Bob
should be held as the primary offender. In addition to that, the following would include
information about the law the offence and the conditions that make it belong under UK
produced by the company that scanned over the entire customer data. The incident is then
managed over the security system handling by making sure that all permeable aspects of data
security system be handled well making the security system impermeable to the hackers. This is
because making the data and security system vulnerable to the hackers would demand the
authenticity of the organization to the clients (Karagiannopoulos 2016). This would eventually
result in the clients to lose the trust it has on the organization. In addition, the organization
should also adapt to documenting the entire incident into a proper and systematic manner. This
would enable the IT experts responsible to handle the issue in referring the documents for any
further reoccurrence of the incident.
Long-term Incident Response Measures: As a long-term Incident Response, it is
advised that the company arranged for security systems much reliable than the traditional version
if the old version did not justify the needs in securing data of the organization (Watson and
Dehghantanha 2016). In addition, the documentation for the previous incidences would work as
the references for these issues that have been in vogue in the previous cases as well.
Question 2: Legislation and Regulation – Checking unauthorized emails
Background of the case: The case study that has been presented in this regard is the
scenario including two people Alice and Bob. Alice and Bob are friends and therefore, as a
favor, Alice had asked Bob to access her personal Gmail account from an open browser on her
laptop and send a quick email. It is to be further clarified if the act has been an offense or an
academic misconduct and if it qualifies as an offense then if anyone amongst Alice or Bob
should be held as the primary offender. In addition to that, the following would include
information about the law the offence and the conditions that make it belong under UK
6DIGITAL FORENSICS
legislation (Feng, Dawam and Amin 2017). The entire scenario with these explanations would
contain the acknowledgement of the event and the probable solution of lawfully preventing the
matter.
Reasons behind the situation being an offense or an academic misconduct: The
following situation describes a scenario where two friends Alice and Bob had been in a situation
where Alice, being a friend of Bob, had asked him to access her personal Gmail account with the
help of an open browser to check and send an email quickly. Analyzing the situation, it could be
said that the entire incident is regarded as an offense. The incident is not just an academic
misconduct but also it is a legal offense (Holt, Bossler and Seigfried-Spellar 2015). This is
because, emailing through someone else’s profile implies that the person is impersonating
another person, which is ethically incorrect due to unauthorized access. On Alice’s part as well,
there have been several misconducts. These are, keeping the browser open on her computer,
which is ethically incorrect since anybody could barge into her personal details through this with
or without her permission. Again, there could be other obligations as well in this regard. The
matter is not clear if her Gmail account has never been logged off of or the account username or
passwords may have been transferred to Bob over the phone since there is evidence that she has
contacted Bob over the phone to instruct sending the mail. In both the cases, her conduct is
lawfully illegal as per ICT and UK legislations (Conti et al. 2018). Bob has impersonated as
Alice to send the mail. Alice had also made mistakes by keeping her browser open and
instructing Bob to send the mail posing as her. In both the cases the misconducts have been
severe. Therefore, the actions can be regarded as committing an offense.
Finding the actual offender: After analyzing the entire case, it could be said that the
misconducts that Bob has done is wrong but comparatively high on the scale of offense that
legislation (Feng, Dawam and Amin 2017). The entire scenario with these explanations would
contain the acknowledgement of the event and the probable solution of lawfully preventing the
matter.
Reasons behind the situation being an offense or an academic misconduct: The
following situation describes a scenario where two friends Alice and Bob had been in a situation
where Alice, being a friend of Bob, had asked him to access her personal Gmail account with the
help of an open browser to check and send an email quickly. Analyzing the situation, it could be
said that the entire incident is regarded as an offense. The incident is not just an academic
misconduct but also it is a legal offense (Holt, Bossler and Seigfried-Spellar 2015). This is
because, emailing through someone else’s profile implies that the person is impersonating
another person, which is ethically incorrect due to unauthorized access. On Alice’s part as well,
there have been several misconducts. These are, keeping the browser open on her computer,
which is ethically incorrect since anybody could barge into her personal details through this with
or without her permission. Again, there could be other obligations as well in this regard. The
matter is not clear if her Gmail account has never been logged off of or the account username or
passwords may have been transferred to Bob over the phone since there is evidence that she has
contacted Bob over the phone to instruct sending the mail. In both the cases, her conduct is
lawfully illegal as per ICT and UK legislations (Conti et al. 2018). Bob has impersonated as
Alice to send the mail. Alice had also made mistakes by keeping her browser open and
instructing Bob to send the mail posing as her. In both the cases the misconducts have been
severe. Therefore, the actions can be regarded as committing an offense.
Finding the actual offender: After analyzing the entire case, it could be said that the
misconducts that Bob has done is wrong but comparatively high on the scale of offense that
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7DIGITAL FORENSICS
Alice has committed. She has, although unintentionally, left open her computer with her browser
being on and took the advantage of Bob being her friend to make him log into her Gmail account
to send a quick email. This obviously made Bob be an offender as he impersonated or pretended
to be Alice while sending the mail, but also it can be taken into account that Alice had made him
conduct the same (Garfinkel 2015). Alice had conducted a series of mistake in this regard.
Firstly, she left for the university keeping her browser open. Secondly, she had asked her friend
to log into her personal account in an unethical way and also quickly reply to a mail after
checking it. He was compelled by his friend to impersonate as her while sending an email which
is a legal offense. However, agreeing to the task and conducting the mistake was completely on
own discretion. He could have declined to offer Alice the help with conducting this unethical act.
Therefore, it can be said that Bob is an offender in this regard.
Reasons for appropriate UK legislation applicable in the scenario: These actions fall
under the Computer Misuse Act 1990: S1 Unauthorized Access to Computer Material (Alharbi,
Weber-Jahnke and Traore 2015). This legislation clears that it is regarded an offence if a
computer is used by a person to perform any function that result into impersonating someone
else or trying to gain unauthorized access over someone else’s personal account information and
private data. This can be also considered or referred to as hacking. However, this would provide
the need of proof to justify the fact that the person accessing someone else’s profile is an
unauthorized access. If found and proven guilty, this legislation would even make a person
summon to imprisonment of 6 months or as per the English decisions of law, is eligible for a
Level V fine. In this case, Bob had conducted the crime on account of helping his friend Alice to
send a mail (Yusoff, Ismail and Hassan 2017). However, as per general discretion, he should
have declined the request knowing the fact that accessing someone else’s profile is legally
Alice has committed. She has, although unintentionally, left open her computer with her browser
being on and took the advantage of Bob being her friend to make him log into her Gmail account
to send a quick email. This obviously made Bob be an offender as he impersonated or pretended
to be Alice while sending the mail, but also it can be taken into account that Alice had made him
conduct the same (Garfinkel 2015). Alice had conducted a series of mistake in this regard.
Firstly, she left for the university keeping her browser open. Secondly, she had asked her friend
to log into her personal account in an unethical way and also quickly reply to a mail after
checking it. He was compelled by his friend to impersonate as her while sending an email which
is a legal offense. However, agreeing to the task and conducting the mistake was completely on
own discretion. He could have declined to offer Alice the help with conducting this unethical act.
Therefore, it can be said that Bob is an offender in this regard.
Reasons for appropriate UK legislation applicable in the scenario: These actions fall
under the Computer Misuse Act 1990: S1 Unauthorized Access to Computer Material (Alharbi,
Weber-Jahnke and Traore 2015). This legislation clears that it is regarded an offence if a
computer is used by a person to perform any function that result into impersonating someone
else or trying to gain unauthorized access over someone else’s personal account information and
private data. This can be also considered or referred to as hacking. However, this would provide
the need of proof to justify the fact that the person accessing someone else’s profile is an
unauthorized access. If found and proven guilty, this legislation would even make a person
summon to imprisonment of 6 months or as per the English decisions of law, is eligible for a
Level V fine. In this case, Bob had conducted the crime on account of helping his friend Alice to
send a mail (Yusoff, Ismail and Hassan 2017). However, as per general discretion, he should
have declined the request knowing the fact that accessing someone else’s profile is legally
8DIGITAL FORENSICS
unethical. The only condition to summon Bob as guilty in this scenario is by proving the fact that
he has trespassed Alice’s private information system in an unethical and illegal manner. A phone
call from her friend Alice would not qualify as a permission to barge into her computer to access
her account as unauthorized personnel.
Question 3: Legislation and Regulations
Legislation and Regulations that affects development of penetration testing tools:
There is confusion in the clarifications between scanning of vulnerability and testing penetration.
Penetration testing is about checking whether a computer system is vulnerable to impending
security attacks in the long run of the system. This is generally done by organizations to check if
the security systems used by the organizations are permeable by hackers or not (Casey 2015). On
the other hand, penetration tools provide unauthorized access that typically includes network
penetration testing and application security testing as well as controls and processes around the
networks and applications, and should occur from both outside the network trying to come in
(Lillard 2014). However, the entire issue is only applicable when there is enough evidence that
the penetration is being an authorized testing of the entire event. This is because sometimes
penetration testing is done to see how many loopholes does an organization possess with its
organization structure to prevent a potential threat of hacking.
Relevance with digital forensics: Penetration testing cannot be regarded as a branch of
digital forensics. This is because penetration testing is mostly done to look for any loopholes in
an information security system, whereas digital forensics is all about looking for evidences about
any incident that have been proven malicious with the use of any kind of devices (Baryamureeba
and Tushabe 2014). Where penetration testing finds any sort of lacking in the security system to
unethical. The only condition to summon Bob as guilty in this scenario is by proving the fact that
he has trespassed Alice’s private information system in an unethical and illegal manner. A phone
call from her friend Alice would not qualify as a permission to barge into her computer to access
her account as unauthorized personnel.
Question 3: Legislation and Regulations
Legislation and Regulations that affects development of penetration testing tools:
There is confusion in the clarifications between scanning of vulnerability and testing penetration.
Penetration testing is about checking whether a computer system is vulnerable to impending
security attacks in the long run of the system. This is generally done by organizations to check if
the security systems used by the organizations are permeable by hackers or not (Casey 2015). On
the other hand, penetration tools provide unauthorized access that typically includes network
penetration testing and application security testing as well as controls and processes around the
networks and applications, and should occur from both outside the network trying to come in
(Lillard 2014). However, the entire issue is only applicable when there is enough evidence that
the penetration is being an authorized testing of the entire event. This is because sometimes
penetration testing is done to see how many loopholes does an organization possess with its
organization structure to prevent a potential threat of hacking.
Relevance with digital forensics: Penetration testing cannot be regarded as a branch of
digital forensics. This is because penetration testing is mostly done to look for any loopholes in
an information security system, whereas digital forensics is all about looking for evidences about
any incident that have been proven malicious with the use of any kind of devices (Baryamureeba
and Tushabe 2014). Where penetration testing finds any sort of lacking in the security system to
9DIGITAL FORENSICS
prevent it from hacking, digital forensics is the process that helps in finding a malicious hacker
with the digital evidences present after the hacking has been performed (Jang and Kwak 2015).
Therefore, it is a confusing fact that penetration testing might be related to digital forensics, but
in reality penetration testing is done before an incident has happened and digital forensics is
performed after the incident.
Impending controversies and its nature: There have been enough controversies with
penetrating techniques, penetration testing and the digital forensics. This controversy has led into
the invention of terms like white hat hacking and black hat hacking (Perumal, Norwawi and
Raman 2015). In legal terms, white hat hacking is ethical but black hat hacking is an illegal set of
hacking. White hat hacking is mostly done by authorized personnel or mostly what is known as
ethical hackers, whereas black hat hackers are the people who unethically barge into people’s
personal digital data by exploiting their security system. What brews in the controversy is the
other kind of hacker which are the amalgamation of white and black hat hackers. These are the
grey hat hackers, one of the most controversial aspect of digital forensics and penetration system.
Gray hat hackers pose a danger because of the uninformed opinions they use to justify their
actions (Lillis et al. 2016). This paper shows similar negative judgments of gray hat hacking
from a variety of viewpoints by surveying three prominent normative ethical theories. The target
audience is security and computing personnel, managers, supervisors, and others working with
computers who may have little to no experience with philosophy and ethics.
Resolving the issues and comparison of the analysis: The only way grey hat hacking
can be resolved is by implementing more and more legislative measures. A Grey Hat in the
computer security community refers to a skilled hacker who sometimes acts for offensive
purpose, sometimes in good will, and sometimes for defensive purpose (Gupta and Anand 2017).
prevent it from hacking, digital forensics is the process that helps in finding a malicious hacker
with the digital evidences present after the hacking has been performed (Jang and Kwak 2015).
Therefore, it is a confusing fact that penetration testing might be related to digital forensics, but
in reality penetration testing is done before an incident has happened and digital forensics is
performed after the incident.
Impending controversies and its nature: There have been enough controversies with
penetrating techniques, penetration testing and the digital forensics. This controversy has led into
the invention of terms like white hat hacking and black hat hacking (Perumal, Norwawi and
Raman 2015). In legal terms, white hat hacking is ethical but black hat hacking is an illegal set of
hacking. White hat hacking is mostly done by authorized personnel or mostly what is known as
ethical hackers, whereas black hat hackers are the people who unethically barge into people’s
personal digital data by exploiting their security system. What brews in the controversy is the
other kind of hacker which are the amalgamation of white and black hat hackers. These are the
grey hat hackers, one of the most controversial aspect of digital forensics and penetration system.
Gray hat hackers pose a danger because of the uninformed opinions they use to justify their
actions (Lillis et al. 2016). This paper shows similar negative judgments of gray hat hacking
from a variety of viewpoints by surveying three prominent normative ethical theories. The target
audience is security and computing personnel, managers, supervisors, and others working with
computers who may have little to no experience with philosophy and ethics.
Resolving the issues and comparison of the analysis: The only way grey hat hacking
can be resolved is by implementing more and more legislative measures. A Grey Hat in the
computer security community refers to a skilled hacker who sometimes acts for offensive
purpose, sometimes in good will, and sometimes for defensive purpose (Gupta and Anand 2017).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10DIGITAL FORENSICS
Therefore, it would also be useful if the hackers are made to realize the degree of illegal act they
impose upon so that their ways can be mended (Regalado et al. 2015). Consequently, grey hat
penetrations of systems tend to be for far more passive activities such as testing, monitoring, or
less destructive forms of data transfer and retrieval. In that account the issues can be resolved if
digital forensics are implied in details during or after a computer hacking has been performed.
Therefore, it would also be useful if the hackers are made to realize the degree of illegal act they
impose upon so that their ways can be mended (Regalado et al. 2015). Consequently, grey hat
penetrations of systems tend to be for far more passive activities such as testing, monitoring, or
less destructive forms of data transfer and retrieval. In that account the issues can be resolved if
digital forensics are implied in details during or after a computer hacking has been performed.
11DIGITAL FORENSICS
Reference
1. Edwards, D., LISA, T.W.A., Plans, H.F., Training, R.H., Day, D.S. and Plan, E.F., 2017.
Failure Happens: Improving Incident Response in Large-Scale Organizations.
2. Scott, S.L., 2015. Recommendations to implement a cyber incident response plan in
Oneida County, New York (Doctoral dissertation, Utica College). Chroust, G. and
Finlayson, D., 2017, August. ANTICIPATION AND SYSTEMS THINKING: A KEY
TO RESILIENT SYSTEMS. In Proceedings of the 60th Annual Meeting of the ISSS-
2016 Boulder, CO, USA (Vol. 1, No. 1).
3. Butler, R., 2015. Computer Incident Response.
4. Banach, D.B., Johnston, B.L., Al-Zubeidi, D., Bartlett, A.H., Bleasdale, S.C., Deloney,
V.M., Enfield, K.B., Guzman-Cottrill, J.A., Lowe, C., Ostrosky-Zeichner, L. and
Popovich, K.J., 2017. Outbreak Response and Incident Management: SHEA Guidance
and Resources for Healthcare Epidemiologists in United States Acute-Care
Hospitals. Infection Control & Hospital Epidemiology, 38(12), pp.1393-1419.
5. Ngampornsukswadi, P., Amirsalami, S.S.R., Mallender, J.L., Schembri, M.E., Hanrath,
O.G. and Elson, C.S., Royal Bank of Canada, 2018. System for network incident
management. U.S. Patent Application 15/679,086.
6. Montasari, R., Peltola, P. and Carpenter, V., 2016, June. Gauging the effectiveness of
computer misuse act in dealing with cybercrimes. In Cyber Security And Protection Of
Digital Services (Cyber Security), 2016 International Conference On(pp. 1-5). IEEE.
7. Chawki, M., Darwish, A., Khan, M.A. and Tyagi, S., 2015. Unauthorized Access
Offences in Cyberworld. In Cybercrime, Digital Forensics and Jurisdiction (pp. 27-37).
Springer, Cham.
Reference
1. Edwards, D., LISA, T.W.A., Plans, H.F., Training, R.H., Day, D.S. and Plan, E.F., 2017.
Failure Happens: Improving Incident Response in Large-Scale Organizations.
2. Scott, S.L., 2015. Recommendations to implement a cyber incident response plan in
Oneida County, New York (Doctoral dissertation, Utica College). Chroust, G. and
Finlayson, D., 2017, August. ANTICIPATION AND SYSTEMS THINKING: A KEY
TO RESILIENT SYSTEMS. In Proceedings of the 60th Annual Meeting of the ISSS-
2016 Boulder, CO, USA (Vol. 1, No. 1).
3. Butler, R., 2015. Computer Incident Response.
4. Banach, D.B., Johnston, B.L., Al-Zubeidi, D., Bartlett, A.H., Bleasdale, S.C., Deloney,
V.M., Enfield, K.B., Guzman-Cottrill, J.A., Lowe, C., Ostrosky-Zeichner, L. and
Popovich, K.J., 2017. Outbreak Response and Incident Management: SHEA Guidance
and Resources for Healthcare Epidemiologists in United States Acute-Care
Hospitals. Infection Control & Hospital Epidemiology, 38(12), pp.1393-1419.
5. Ngampornsukswadi, P., Amirsalami, S.S.R., Mallender, J.L., Schembri, M.E., Hanrath,
O.G. and Elson, C.S., Royal Bank of Canada, 2018. System for network incident
management. U.S. Patent Application 15/679,086.
6. Montasari, R., Peltola, P. and Carpenter, V., 2016, June. Gauging the effectiveness of
computer misuse act in dealing with cybercrimes. In Cyber Security And Protection Of
Digital Services (Cyber Security), 2016 International Conference On(pp. 1-5). IEEE.
7. Chawki, M., Darwish, A., Khan, M.A. and Tyagi, S., 2015. Unauthorized Access
Offences in Cyberworld. In Cybercrime, Digital Forensics and Jurisdiction (pp. 27-37).
Springer, Cham.
12DIGITAL FORENSICS
8. Taylor, L., 2016. Investigation Into The Current Use Of Computer Forensic Tools In The
Area Police Force And Their Effects On Finding Police Evidence (Doctoral dissertation,
Cardiff Metropolitan University).
9. Karagiannopoulos, V., 2016. Insider unauthorised use of authorised access: What are the
alternatives to the Computer Misuse Act 1990?. International Journal of Law, Crime and
Justice, 47, pp.85-96.
10. Watson, S. and Dehghantanha, A., 2016. Digital forensics: the missing piece of the
Internet of Things promise. Computer Fraud & Security, 2016(6), pp.5-8.
11. Feng, X., Dawam, E.S. and Amin, S., 2017. Digital forensics model of smart city
automated vehicles challenges.
12. Holt, T.J., Bossler, A.M. and Seigfried-Spellar, K.C., 2015. Cybercrime and digital
forensics: An introduction. Routledge.
13. Conti, M., Dehghantanha, A., Franke, K. and Watson, S., 2018. Internet of Things
security and forensics: Challenges and opportunities.
14. Garfinkel, S.L., 2015. Digital forensics research: The next 10 years. digital
investigation, 7, pp.S64-S73.
15. Alharbi, S., Weber-Jahnke, J. and Traore, I., 2015, August. The proactive and reactive
digital forensics investigation process: A systematic literature review. In International
Conference on Information Security and Assurance (pp. 87-100). Springer, Berlin,
Heidelberg.
16. Yusoff, Y., Ismail, R. and Hassan, Z., 2017. Common phases of computer forensics
investigation models. International Journal of Computer Science & Information
Technology, 3(3), pp.17-31.
8. Taylor, L., 2016. Investigation Into The Current Use Of Computer Forensic Tools In The
Area Police Force And Their Effects On Finding Police Evidence (Doctoral dissertation,
Cardiff Metropolitan University).
9. Karagiannopoulos, V., 2016. Insider unauthorised use of authorised access: What are the
alternatives to the Computer Misuse Act 1990?. International Journal of Law, Crime and
Justice, 47, pp.85-96.
10. Watson, S. and Dehghantanha, A., 2016. Digital forensics: the missing piece of the
Internet of Things promise. Computer Fraud & Security, 2016(6), pp.5-8.
11. Feng, X., Dawam, E.S. and Amin, S., 2017. Digital forensics model of smart city
automated vehicles challenges.
12. Holt, T.J., Bossler, A.M. and Seigfried-Spellar, K.C., 2015. Cybercrime and digital
forensics: An introduction. Routledge.
13. Conti, M., Dehghantanha, A., Franke, K. and Watson, S., 2018. Internet of Things
security and forensics: Challenges and opportunities.
14. Garfinkel, S.L., 2015. Digital forensics research: The next 10 years. digital
investigation, 7, pp.S64-S73.
15. Alharbi, S., Weber-Jahnke, J. and Traore, I., 2015, August. The proactive and reactive
digital forensics investigation process: A systematic literature review. In International
Conference on Information Security and Assurance (pp. 87-100). Springer, Berlin,
Heidelberg.
16. Yusoff, Y., Ismail, R. and Hassan, Z., 2017. Common phases of computer forensics
investigation models. International Journal of Computer Science & Information
Technology, 3(3), pp.17-31.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13DIGITAL FORENSICS
17. Casey, E., 2015. Digital evidence and computer crime: Forensic science, computers, and
the internet. Academic press.
18. Baryamureeba, V. and Tushabe, F., 2014, August. The enhanced digital investigation
process model. In Proceedings of the Fourth Digital Forensic Research Workshop (pp. 1-
9).
19. Lillard, T.V., 2014. Digital forensics for network, Internet, and cloud computing: a
forensic evidence guide for moving targets and data. Syngress Publishing.
20. Jang, Y.J. and Kwak, J., 2015. Digital forensics investigation methodology applicable for
social network services. Multimedia Tools and Applications, 74(14), pp.5029-5040.
21. Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT)
digital forensic investigation model: Top-down forensic approach methodology.
In Digital Information Processing and Communications (ICDIPC), 2015 Fifth
International Conference on (pp. 19-23). IEEE.
22. Lillis, D., Becker, B., O'Sullivan, T. and Scanlon, M., 2016. Current challenges and
future research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
23. Regalado, D., Harris, S., Harper, A., Eagle, C., Ness, J., Spasojevic, B., Linn, R. and
Sims, S., 2015. Gray Hat Hacking The Ethical Hacker's Handbook. McGraw-Hill
Education Group.
24. Gupta, A. and Anand, A., 2017. Ethical Hacking and Hacking Attacks. International
Journal Of Engineering And Computer Science, 6(4).
17. Casey, E., 2015. Digital evidence and computer crime: Forensic science, computers, and
the internet. Academic press.
18. Baryamureeba, V. and Tushabe, F., 2014, August. The enhanced digital investigation
process model. In Proceedings of the Fourth Digital Forensic Research Workshop (pp. 1-
9).
19. Lillard, T.V., 2014. Digital forensics for network, Internet, and cloud computing: a
forensic evidence guide for moving targets and data. Syngress Publishing.
20. Jang, Y.J. and Kwak, J., 2015. Digital forensics investigation methodology applicable for
social network services. Multimedia Tools and Applications, 74(14), pp.5029-5040.
21. Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT)
digital forensic investigation model: Top-down forensic approach methodology.
In Digital Information Processing and Communications (ICDIPC), 2015 Fifth
International Conference on (pp. 19-23). IEEE.
22. Lillis, D., Becker, B., O'Sullivan, T. and Scanlon, M., 2016. Current challenges and
future research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
23. Regalado, D., Harris, S., Harper, A., Eagle, C., Ness, J., Spasojevic, B., Linn, R. and
Sims, S., 2015. Gray Hat Hacking The Ethical Hacker's Handbook. McGraw-Hill
Education Group.
24. Gupta, A. and Anand, A., 2017. Ethical Hacking and Hacking Attacks. International
Journal Of Engineering And Computer Science, 6(4).
1 out of 14
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.