IT Security Policy Analysis and Recommendations
Added on 2020-03-28
20 Pages4292 Words53 Views
|
|
|
Forensics Preparation Report
[Name]
[Institution]
[Name]
[Institution]
Executive Summary
Forensic investigation plays a critical role in identifying and analyzing evidence relating to cyber
crimes. Challenges in digital forensics are increasingly becoming more and more difficult, as
technology advances, and use of mobile smart phones becomes more widespread.
In the case under review, the focus is on identifying how a competitor got hold of email accounts
of students and staff at UniCareer Pty. Ltd. The investigation also seeks to determine if indeed
one of the company’s staff has possession of child pornography, as reported. Applying a
computer forensics methodology to this investigation will encourage a complete and rigorous
investigation, reduce chances of error and ensure proper handling of evidence and analysis.
X-Ways Forensics and SIFT –SANS Investigative Forensics Toolkit will be used in the
investigation, as they contains all tools and technology necessary in evidence acquisition and
analysis.
The plan for the investigation will cover the following steps:
Data acquisition: Process incident scene, Seize physical computer evidence, Collect data
from live system for the e-mail server, Collect special content data such as emails and
graphics
Data validation & verification: Integrity of data collected will be verified by making hash
values and checksums for both the image and the original data and comparing them.
Forensic Analysis Steps: Preparation, creating copies of evidence for analysis, Data
extraction, Timeframe analysis, Data hiding analysis, Application, files and email
analysis
The report also proposes a security policy document for the company, which includes policies on
use of the company IT resources such as emails and computers, policy on updates and patching
of software, policy on vulnerability assessment on the company’s network infrastructure.
Forensic investigation plays a critical role in identifying and analyzing evidence relating to cyber
crimes. Challenges in digital forensics are increasingly becoming more and more difficult, as
technology advances, and use of mobile smart phones becomes more widespread.
In the case under review, the focus is on identifying how a competitor got hold of email accounts
of students and staff at UniCareer Pty. Ltd. The investigation also seeks to determine if indeed
one of the company’s staff has possession of child pornography, as reported. Applying a
computer forensics methodology to this investigation will encourage a complete and rigorous
investigation, reduce chances of error and ensure proper handling of evidence and analysis.
X-Ways Forensics and SIFT –SANS Investigative Forensics Toolkit will be used in the
investigation, as they contains all tools and technology necessary in evidence acquisition and
analysis.
The plan for the investigation will cover the following steps:
Data acquisition: Process incident scene, Seize physical computer evidence, Collect data
from live system for the e-mail server, Collect special content data such as emails and
graphics
Data validation & verification: Integrity of data collected will be verified by making hash
values and checksums for both the image and the original data and comparing them.
Forensic Analysis Steps: Preparation, creating copies of evidence for analysis, Data
extraction, Timeframe analysis, Data hiding analysis, Application, files and email
analysis
The report also proposes a security policy document for the company, which includes policies on
use of the company IT resources such as emails and computers, policy on updates and patching
of software, policy on vulnerability assessment on the company’s network infrastructure.
Table of Contents
Executive Summary.......................................................................................................... 2
1.0 Introduction.......................................................................................................... 5
2.0 Justification.......................................................................................................... 5
3.0 Resources necessary for evidence gathering...................................................................7
4.0 Approach for data acquisition.................................................................................... 7
4.1 Process incident scene.......................................................................................... 8
4.2 Seize physical computer evidence............................................................................9
4.3 Collect data from live system................................................................................ 10
4.4 Collect special content data.................................................................................. 10
4.4.1 E-mail content....................................................................................... 10
4.4.2 Graphics or photographic images..........................................................11
5.0 Type of data acquisition tools needed.........................................................................11
5.1 X-WAYS FORENSICS...................................................................................... 11
5.2 SIFT –SANS Investigative Forensics Toolkit............................................................11
6.0 Data validation & verification procedures...................................................................12
7.0 Forensic Analysis Steps......................................................................................... 12
7.1 Step 1: Preparation............................................................................................ 12
7.2 Step 2: Extraction.............................................................................................. 13
7.2.1 Physical extraction................................................................................13
7.2.2 Logical extraction..................................................................................13
7.3 Step: Analysis of extracted data.............................................................................14
7.3.1 Timeframe analysis...............................................................................14
7.3.2 Data hiding analysis..............................................................................15
7.3.3 Application, files and email analysis......................................................15
8.0 Security policies for the Company.............................................................................16
8.1 Risk assessment policy....................................................................................... 16
8.2 Internet DMZ Equipment Policy............................................................................16
8.3 Monitoring and Filtering Policy............................................................................ 17
8.3.1 The Internet Use Filtering System.........................................................17
8.3.2 The Filtering Rule Changes for Internet Use..........................................17
8.4 Acceptable Use Policy........................................................................................ 17
Executive Summary.......................................................................................................... 2
1.0 Introduction.......................................................................................................... 5
2.0 Justification.......................................................................................................... 5
3.0 Resources necessary for evidence gathering...................................................................7
4.0 Approach for data acquisition.................................................................................... 7
4.1 Process incident scene.......................................................................................... 8
4.2 Seize physical computer evidence............................................................................9
4.3 Collect data from live system................................................................................ 10
4.4 Collect special content data.................................................................................. 10
4.4.1 E-mail content....................................................................................... 10
4.4.2 Graphics or photographic images..........................................................11
5.0 Type of data acquisition tools needed.........................................................................11
5.1 X-WAYS FORENSICS...................................................................................... 11
5.2 SIFT –SANS Investigative Forensics Toolkit............................................................11
6.0 Data validation & verification procedures...................................................................12
7.0 Forensic Analysis Steps......................................................................................... 12
7.1 Step 1: Preparation............................................................................................ 12
7.2 Step 2: Extraction.............................................................................................. 13
7.2.1 Physical extraction................................................................................13
7.2.2 Logical extraction..................................................................................13
7.3 Step: Analysis of extracted data.............................................................................14
7.3.1 Timeframe analysis...............................................................................14
7.3.2 Data hiding analysis..............................................................................15
7.3.3 Application, files and email analysis......................................................15
8.0 Security policies for the Company.............................................................................16
8.1 Risk assessment policy....................................................................................... 16
8.2 Internet DMZ Equipment Policy............................................................................16
8.3 Monitoring and Filtering Policy............................................................................ 17
8.3.1 The Internet Use Filtering System.........................................................17
8.3.2 The Filtering Rule Changes for Internet Use..........................................17
8.4 Acceptable Use Policy........................................................................................ 17
8.5 The activities with strict prohibitions and without exceptions include:-............................18
8.6 Policy relating to use of company’s issued email addresses...........................................18
8.6.1 Prohibited Use....................................................................................... 18
8.7 Security policy relating to software Updates, routers and IDS........................................19
9.0 Recommendations................................................................................................ 19
References................................................................................................................... 19
8.6 Policy relating to use of company’s issued email addresses...........................................18
8.6.1 Prohibited Use....................................................................................... 18
8.7 Security policy relating to software Updates, routers and IDS........................................19
9.0 Recommendations................................................................................................ 19
References................................................................................................................... 19
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents