Digital Forensic Report: IT Security at Building Finance PVT Ltd
VerifiedAdded on 2021/05/31
|19
|4670
|77
Report
AI Summary
This digital forensic report details an investigation into a security breach at Building Finance PVT Ltd. The report outlines the investigation process, which includes the digital forensic methodology implemented by the audit team, and the resources utilized. It covers the approach for data and evidence identification and acquisition, including the collection of volatile and non-volatile memory, network traffic analysis, and the use of various forensic tools. The analysis phase focuses on keyword searches, deleted file recovery, and registry data extraction. The report also addresses relevant security policies and provides recommendations to improve the company's security posture. The investigation aims to identify the source of the compromise and protect the system and network with the necessary security standards.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Forensic Digital Report
Forensic Digital Report
Student Name
University Name
Student number
Student email address
Tutor Name
Unit Coordinator
1
Forensic Digital Report
Student Name
University Name
Student number
Student email address
Tutor Name
Unit Coordinator
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Forensic Digital Report
Executive Summary
Information Technology now becomes an integral or most important part of a human life. Today
almost all businesses used information technology as a great deal so that all business related activities
are automatically done to minimize time as well as to increase the business productivity. Although
there is an excellent and exciting aspect of IT, but with that cyber crime is also increasing with the
same speed. Therefore, it is important to emphasize the safety and security of intellectual information
so that companies can do automation for information technology. Building Finance PVT Ltd
Company has implemented financial management software information technology and invested in IT
for supporting all its business related operations to achieve competitive benefits over its rivals and
competitors but faced huge challenges of system compromise. Digital forensic examination team has
to face such challenges so that the main sources of big compromise can be found and the system and
network will be protected with the necessary security standards.
2
Executive Summary
Information Technology now becomes an integral or most important part of a human life. Today
almost all businesses used information technology as a great deal so that all business related activities
are automatically done to minimize time as well as to increase the business productivity. Although
there is an excellent and exciting aspect of IT, but with that cyber crime is also increasing with the
same speed. Therefore, it is important to emphasize the safety and security of intellectual information
so that companies can do automation for information technology. Building Finance PVT Ltd
Company has implemented financial management software information technology and invested in IT
for supporting all its business related operations to achieve competitive benefits over its rivals and
competitors but faced huge challenges of system compromise. Digital forensic examination team has
to face such challenges so that the main sources of big compromise can be found and the system and
network will be protected with the necessary security standards.
2
Forensic Digital Report
Contents
Introduction..............................................................................................................................................4
Compnay & Background......................................................................................................................4
Digital Forensic Report............................................................................................................................5
Part 1....................................................................................................................................................5
Digital forensic methodology...........................................................................................................5
Digital Forensic examination or Investigation Approach................................................................5
Part 2....................................................................................................................................................6
Digital Forensic Investigation Approach Resources........................................................................6
Part 3....................................................................................................................................................7
Approach for data/evidence identification and acquisition..............................................................7
Part 4..................................................................................................................................................11
Analysis phase................................................................................................................................11
Part 5..................................................................................................................................................12
Relevant security policies for the Company..................................................................................12
Part 6..................................................................................................................................................14
Recommendations..............................................................................................................................14
Conclusion..............................................................................................................................................15
References..............................................................................................................................................16
3
Contents
Introduction..............................................................................................................................................4
Compnay & Background......................................................................................................................4
Digital Forensic Report............................................................................................................................5
Part 1....................................................................................................................................................5
Digital forensic methodology...........................................................................................................5
Digital Forensic examination or Investigation Approach................................................................5
Part 2....................................................................................................................................................6
Digital Forensic Investigation Approach Resources........................................................................6
Part 3....................................................................................................................................................7
Approach for data/evidence identification and acquisition..............................................................7
Part 4..................................................................................................................................................11
Analysis phase................................................................................................................................11
Part 5..................................................................................................................................................12
Relevant security policies for the Company..................................................................................12
Part 6..................................................................................................................................................14
Recommendations..............................................................................................................................14
Conclusion..............................................................................................................................................15
References..............................................................................................................................................16
3
Forensic Digital Report
Introduction
A team of Brisbane Office contacted the IT Security Office immediately to the Department of
Finance, with few concerns about the Office of Computer Systems. He suspects some illegal activities
someone has compromised some computers in his office building with his computer. The
investigation audit team has been set up to examine the compromised source. The branch team has
been deployed for digital forensic examination. Manager noted that some innovative features of the
finance management system software introduced in computer system. Additionally, some files of the
customer's personal data have been customized from some official computers. In Brisbane office, a
team of digital forensic investigators has been formed to investigate the suspect. In addition to
reviewing paperwork based company documents, the team has the task of conducting a digital forensic
examination of networks and computer systems in Brisbane office. These include organizing network
analysis, collecting digital proofs from servers, PCs and e-mail accounts, organizing cloud inspections,
and checking social media etc.
Compnay & Background
Building Finance PVT Ltd is a leading client company in the Australia. Building Finance is operating
more than 1,000 workers and Building Finance has more than three million customer services in
Australia. Building Finance PVT Ltd offers different services such as car loans, personal loans, credit
cards, interest-free retailing in finance and personal insurance. Building Finance has made huge
investments for the motion technology to support its commercial operations and to achieve
competitive advantages over its competitors (Wong and Ma, 2014). The company had invested
heavily in early 2000, but management has lost focus on updating network and layout structures,
which in turn has supported business practices in recent years. All network premises in Building
Finance Company offices are flat as well as relatively unobstructed. Users at one office can get
systems plus servers from some another office. Servers and Workstations are commonly known as
4
Introduction
A team of Brisbane Office contacted the IT Security Office immediately to the Department of
Finance, with few concerns about the Office of Computer Systems. He suspects some illegal activities
someone has compromised some computers in his office building with his computer. The
investigation audit team has been set up to examine the compromised source. The branch team has
been deployed for digital forensic examination. Manager noted that some innovative features of the
finance management system software introduced in computer system. Additionally, some files of the
customer's personal data have been customized from some official computers. In Brisbane office, a
team of digital forensic investigators has been formed to investigate the suspect. In addition to
reviewing paperwork based company documents, the team has the task of conducting a digital forensic
examination of networks and computer systems in Brisbane office. These include organizing network
analysis, collecting digital proofs from servers, PCs and e-mail accounts, organizing cloud inspections,
and checking social media etc.
Compnay & Background
Building Finance PVT Ltd is a leading client company in the Australia. Building Finance is operating
more than 1,000 workers and Building Finance has more than three million customer services in
Australia. Building Finance PVT Ltd offers different services such as car loans, personal loans, credit
cards, interest-free retailing in finance and personal insurance. Building Finance has made huge
investments for the motion technology to support its commercial operations and to achieve
competitive advantages over its competitors (Wong and Ma, 2014). The company had invested
heavily in early 2000, but management has lost focus on updating network and layout structures,
which in turn has supported business practices in recent years. All network premises in Building
Finance Company offices are flat as well as relatively unobstructed. Users at one office can get
systems plus servers from some another office. Servers and Workstations are commonly known as
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Forensic Digital Report
Microsoft Windows. The Firewalls as well as network partitions have been implemented all through
the entire environment. Resolve recognition moreover logging on the system exists but it is not used
effectively (Soyer and Tettenborn, 2016).
Digital Forensic Report
Part 1
Digital forensic methodology
DFM are also preferred to process and execute through the IT security Office. This is just because all
methods like computer forensics, mobile forensics, data retrieval and network forensic can give only
partial inspection results instead of checking the sources of compromises because these are the sub-
departments of digital forensics. The following scope is the digital forensic examination conducted in
the local Office of Building Finance PVT Ltd.
Finding Safety Laps in the Regional Office Network
Malicious activities recognition with details such as what, who, when, where and why
Find out the legal process if the cybercrime is unlawful
Determining the effect of the compromised administrator’s computer, if something is
compromised (Bornmann and Leydesdorff, 2014)
Digital Forensic examination or Investigation Approach
The Building Finance Company Audit team has implemented four step forensic processes and named
it as FSFP (Tian, Jiang and Li, 2015). The Digital Forensic Exploration Model is the most influential
model to investigate the compromise in the provincial branch of Building Finance PVT Ltd.
5
Microsoft Windows. The Firewalls as well as network partitions have been implemented all through
the entire environment. Resolve recognition moreover logging on the system exists but it is not used
effectively (Soyer and Tettenborn, 2016).
Digital Forensic Report
Part 1
Digital forensic methodology
DFM are also preferred to process and execute through the IT security Office. This is just because all
methods like computer forensics, mobile forensics, data retrieval and network forensic can give only
partial inspection results instead of checking the sources of compromises because these are the sub-
departments of digital forensics. The following scope is the digital forensic examination conducted in
the local Office of Building Finance PVT Ltd.
Finding Safety Laps in the Regional Office Network
Malicious activities recognition with details such as what, who, when, where and why
Find out the legal process if the cybercrime is unlawful
Determining the effect of the compromised administrator’s computer, if something is
compromised (Bornmann and Leydesdorff, 2014)
Digital Forensic examination or Investigation Approach
The Building Finance Company Audit team has implemented four step forensic processes and named
it as FSFP (Tian, Jiang and Li, 2015). The Digital Forensic Exploration Model is the most influential
model to investigate the compromise in the provincial branch of Building Finance PVT Ltd.
5
Forensic Digital Report
Part 2
Digital Forensic Investigation Approach Resources
Digital forensic investigations require significant resources to appropriately process as well as create
reports for this purpose. It requires technical support as well as tools and techniques to implement the
process and requires extensive audit team expertise. Digital forensics methods that may also be
implemented or executed are statics methods or dynamic methods. Several tools, such as
ProDiscover , EnCase, as well as many other tools, require a thorough examination of the existing
network systems of the branches. The ACPO or the main police association is a set of standard
guidelines consisting of different standards when conducting PC and digital forensic examination
audit or review group must follow below mentioned principles (Saini and Kaur, 2016).
Principle 1: Information or data collected from the targeted computers and collected is saved without
any change or change (Bholebawa and Dalal, 2016).
Principle 2: The compiled data should be securely protected, so that the auditing team must have
sufficient expertise in addition to be able to handle or manage the data jointly and should be required
to act with it when necessary during the process (Forshaw, 2018).
Principle 3: Documentation and review footprint should clearly be prepared and protected. Similar
results are expected when the third party processes the process (Miguel, Sundaram and Aung, 2016).
Principle 4: The audit team must be responsible for the complete inspection of each team member.
Audit team members must have a core level OS, networking system moreover sufficient expertise in
the required tools and technologies needed to investigate. Skill sets must be comprehensive to
manifold dimensions, such as cybercrime knowledge, legal process and several related to it (Park and
Lee, 2015). FTK imager forensic computer tools have been used for sophisticated applications using
easy-to-use and convenient graphical user interface based access to command line environments.
Advance search patterns are very useful in these tools. Computers are available for all types of
6
Part 2
Digital Forensic Investigation Approach Resources
Digital forensic investigations require significant resources to appropriately process as well as create
reports for this purpose. It requires technical support as well as tools and techniques to implement the
process and requires extensive audit team expertise. Digital forensics methods that may also be
implemented or executed are statics methods or dynamic methods. Several tools, such as
ProDiscover , EnCase, as well as many other tools, require a thorough examination of the existing
network systems of the branches. The ACPO or the main police association is a set of standard
guidelines consisting of different standards when conducting PC and digital forensic examination
audit or review group must follow below mentioned principles (Saini and Kaur, 2016).
Principle 1: Information or data collected from the targeted computers and collected is saved without
any change or change (Bholebawa and Dalal, 2016).
Principle 2: The compiled data should be securely protected, so that the auditing team must have
sufficient expertise in addition to be able to handle or manage the data jointly and should be required
to act with it when necessary during the process (Forshaw, 2018).
Principle 3: Documentation and review footprint should clearly be prepared and protected. Similar
results are expected when the third party processes the process (Miguel, Sundaram and Aung, 2016).
Principle 4: The audit team must be responsible for the complete inspection of each team member.
Audit team members must have a core level OS, networking system moreover sufficient expertise in
the required tools and technologies needed to investigate. Skill sets must be comprehensive to
manifold dimensions, such as cybercrime knowledge, legal process and several related to it (Park and
Lee, 2015). FTK imager forensic computer tools have been used for sophisticated applications using
easy-to-use and convenient graphical user interface based access to command line environments.
Advance search patterns are very useful in these tools. Computers are available for all types of
6
Forensic Digital Report
forensic toll-free and professional versions which support scientific testing. The National Institute of
Standards and Technology has proposed a computer forensic device and its framework defines the
functioning and requirements of such devices. Specific requirements the forensic toolkit is a bundle of
many components such as viewing the registry, filing a known file, and so on. All components have
their own installation modules. Image modules are basically imaging components that capture media,
image files and folder contents on disk. Some decisions have to be made when an FTK device is
started, the investigator is based on selecting a preview or taking mode and choosing to do the future
extends the screen about the function of the FTK device (Zayets, 2017). Different types of networks
are forensic devices, each with diverse functions. Some are only packet sniffers as well as some of
these are related to identity cards, fingerprinting, mapping, location, web services, and email
communications etc. The following table lists a few of free-source devices that may easily be utilized
for the networks forensics along with their functionality.
Part 3
Approach for data/evidence identification and acquisition
Preparation
Before the investigation begins, it is necessary to understand the impact of the examination, in
the terms of the affected productivity, due to downtime and other reasons.
All information on manager's workstation, other workstations and servers should be collected.
7
forensic toll-free and professional versions which support scientific testing. The National Institute of
Standards and Technology has proposed a computer forensic device and its framework defines the
functioning and requirements of such devices. Specific requirements the forensic toolkit is a bundle of
many components such as viewing the registry, filing a known file, and so on. All components have
their own installation modules. Image modules are basically imaging components that capture media,
image files and folder contents on disk. Some decisions have to be made when an FTK device is
started, the investigator is based on selecting a preview or taking mode and choosing to do the future
extends the screen about the function of the FTK device (Zayets, 2017). Different types of networks
are forensic devices, each with diverse functions. Some are only packet sniffers as well as some of
these are related to identity cards, fingerprinting, mapping, location, web services, and email
communications etc. The following table lists a few of free-source devices that may easily be utilized
for the networks forensics along with their functionality.
Part 3
Approach for data/evidence identification and acquisition
Preparation
Before the investigation begins, it is necessary to understand the impact of the examination, in
the terms of the affected productivity, due to downtime and other reasons.
All information on manager's workstation, other workstations and servers should be collected.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Forensic Digital Report
Get the significant network information
Recognize storage components, both external and internal devices
Forensic devices used and used for inquiry should be listed as well as made available for use.
Every activity should be properly documented at the time of investigation process
It is important to have a computational forensic imaging and then check the reliability of the
information (Walter, Unger and Cimiano, 2016).
Capture the live traffic network
Managers present in the regional office must collect workstations, others and digital evidences from
the server. The following evidence is useful.
IP addresses
Windows registry data
System Log documents or files
Network diagrams and Network topology
Network data that consist of network topology documentation, routers, hubs, switches,
network diagrams, servers as well as firewalls
Data from both external storage moreover internal storage devices, for example, DVD,
flash drive, CD, remote computers, USB drive, and portable hard discs also memory cards.
Digital evidences archive: Digital proof of digital proofs should be done in two phases of the Global
Finance Company's Regional Branch. Unstable memory is a provisional memory, and for this data is
organized, only when the server and workstation is running. It is mainly unstable memory RAM. To
access this data, you must enter the same LAN to access the master's computer (Rashidian, Mandil
and Mahjour, 2017).
Give command, cryptcat 6543 –k key
PC information is acquired with commands: cryptcat -1 –p 6543 –k key >>
8
Get the significant network information
Recognize storage components, both external and internal devices
Forensic devices used and used for inquiry should be listed as well as made available for use.
Every activity should be properly documented at the time of investigation process
It is important to have a computational forensic imaging and then check the reliability of the
information (Walter, Unger and Cimiano, 2016).
Capture the live traffic network
Managers present in the regional office must collect workstations, others and digital evidences from
the server. The following evidence is useful.
IP addresses
Windows registry data
System Log documents or files
Network diagrams and Network topology
Network data that consist of network topology documentation, routers, hubs, switches,
network diagrams, servers as well as firewalls
Data from both external storage moreover internal storage devices, for example, DVD,
flash drive, CD, remote computers, USB drive, and portable hard discs also memory cards.
Digital evidences archive: Digital proof of digital proofs should be done in two phases of the Global
Finance Company's Regional Branch. Unstable memory is a provisional memory, and for this data is
organized, only when the server and workstation is running. It is mainly unstable memory RAM. To
access this data, you must enter the same LAN to access the master's computer (Rashidian, Mandil
and Mahjour, 2017).
Give command, cryptcat 6543 –k key
PC information is acquired with commands: cryptcat -1 –p 6543 –k key >>
8
Forensic Digital Report
Additionally these commands, GUI tools such as Tcpview, Process Explorer and Rootkit Revealer
will help audit team to recover unstable data such as system data, time, open ports, logged users,
network connections and running processes.
There are some of the tools utilized for a Windows-based system for unstable data capture,
To identify all network traffic on NetSlasers and Cusors, Netfile, HBGRA F-Response, iPaponging,
HBGrhe Fast Dump, DOSCIN, Manager's PC Clipboard content with possible digital evidences are
also gathered by a team.
Non-Volatile Memory Acquisitions
Non-volatile and Permanent memory is important sources for digital forensic testing. The Permanent
information gathered with the help of online as well as offline ways. The Offline information are
aggregated from a hard drives duplicate tool, for example Guymager, IXimager, FTK imager, EnCase
furthermore DCFLdd are utilized to gather data from the workstation of managers, other workstations
and hard drives of servers. Other stable storage devices such as CDs, DVDs, flash drives, memory
cards, pen drives, as well as drives are likewise collected by the office. Audit team examine online
data such as firewall logs, domain controllers and antivirus logs are collected with assistance of tools
such as ethereal as well as Wireshark tools.
Examination
When possible digital forensic evidence is collected, a detailed checkup is also done by collecting
original as well as logical copies and checking for any hypotheses as well as deviations. Such tests can
suggest how auditing director’s compromises are compromised. Properly detail tests are complete for
the network forensics, Windows registry, as well as file systems plus also database forensics. Team
simply utilizes the subsequent command for this (Ma and Chowdhury, 2015).
C: echo text mess > file1.txt:file2.txt
9
Additionally these commands, GUI tools such as Tcpview, Process Explorer and Rootkit Revealer
will help audit team to recover unstable data such as system data, time, open ports, logged users,
network connections and running processes.
There are some of the tools utilized for a Windows-based system for unstable data capture,
To identify all network traffic on NetSlasers and Cusors, Netfile, HBGRA F-Response, iPaponging,
HBGrhe Fast Dump, DOSCIN, Manager's PC Clipboard content with possible digital evidences are
also gathered by a team.
Non-Volatile Memory Acquisitions
Non-volatile and Permanent memory is important sources for digital forensic testing. The Permanent
information gathered with the help of online as well as offline ways. The Offline information are
aggregated from a hard drives duplicate tool, for example Guymager, IXimager, FTK imager, EnCase
furthermore DCFLdd are utilized to gather data from the workstation of managers, other workstations
and hard drives of servers. Other stable storage devices such as CDs, DVDs, flash drives, memory
cards, pen drives, as well as drives are likewise collected by the office. Audit team examine online
data such as firewall logs, domain controllers and antivirus logs are collected with assistance of tools
such as ethereal as well as Wireshark tools.
Examination
When possible digital forensic evidence is collected, a detailed checkup is also done by collecting
original as well as logical copies and checking for any hypotheses as well as deviations. Such tests can
suggest how auditing director’s compromises are compromised. Properly detail tests are complete for
the network forensics, Windows registry, as well as file systems plus also database forensics. Team
simply utilizes the subsequent command for this (Ma and Chowdhury, 2015).
C: echo text mess > file1.txt:file2.txt
9
Forensic Digital Report
These above files are then retrieving through command,
C: more <file1.txt:file2.txt
Windows registry examination is done with the following hives and structures present in it,
• HKEY_USER
• HKEY_CURRENT_USERs
• HKEY_CURRENT_CONFIG
• HKEY_CLASSES_ROOT
• HKEY_LOCAL_MACHINE
The networks are totally enabled use forensic technologies and tools to access information from
computer's computer (Lukongo and Miller, 2018).
System data
Services listings
Registry data
Process listings
Networks connections
Logged on users and Registered users
Binary dump in the memory (Kornhuber and Zoicas, 2017)
Part 4
Analysis phase
To analyze compiled and verified evidence, several tools and methods are utilized by the forensic
auditing team. The analysis is done as follows
10
These above files are then retrieving through command,
C: more <file1.txt:file2.txt
Windows registry examination is done with the following hives and structures present in it,
• HKEY_USER
• HKEY_CURRENT_USERs
• HKEY_CURRENT_CONFIG
• HKEY_CLASSES_ROOT
• HKEY_LOCAL_MACHINE
The networks are totally enabled use forensic technologies and tools to access information from
computer's computer (Lukongo and Miller, 2018).
System data
Services listings
Registry data
Process listings
Networks connections
Logged on users and Registered users
Binary dump in the memory (Kornhuber and Zoicas, 2017)
Part 4
Analysis phase
To analyze compiled and verified evidence, several tools and methods are utilized by the forensic
auditing team. The analysis is done as follows
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Forensic Digital Report
Search keywords in all files
Recover deleted files
The Extraction of registry data from the workstation of managers and other systems
EnCase, ILOOKIX and FTK are the tools used for this team. These tools help to recover the Internet
document, images, emails, internet record, chat logs, accessibility, as well as deleted location
manager's computers or OS cache file. The hash mark digital forensic tools also support to found
significant file. When the SSD drive exists in system, then data can be retrieved even after securing a
safe operation (Hou and He, 2014).
Once the team has analyzed it, it answers the following objectives:
1- Program Reconstruction Opportunity
2- Responsibility for users and administrators
3- Check violation investigation
4- Providing Data to recognize the problem
Report
Final report has been prepared by the forensic auditing team with all the reports.
Final Report
11
Search keywords in all files
Recover deleted files
The Extraction of registry data from the workstation of managers and other systems
EnCase, ILOOKIX and FTK are the tools used for this team. These tools help to recover the Internet
document, images, emails, internet record, chat logs, accessibility, as well as deleted location
manager's computers or OS cache file. The hash mark digital forensic tools also support to found
significant file. When the SSD drive exists in system, then data can be retrieved even after securing a
safe operation (Hou and He, 2014).
Once the team has analyzed it, it answers the following objectives:
1- Program Reconstruction Opportunity
2- Responsibility for users and administrators
3- Check violation investigation
4- Providing Data to recognize the problem
Report
Final report has been prepared by the forensic auditing team with all the reports.
Final Report
11
Forensic Digital Report
Initially, the forensic team needed to analyze the evidence gathered and verified. The forensic team
will pay close attention to this information to see if any hidden files and exception files have been
submitted. Then, if exception handling is in progress and any sockets are open, the forensic digital
team will also see if any application requests an exception. The forensic team will then examine the
account and then submit some unusual accounts. The forensic team can also find out the degree of
repair system (Hitchcock, Le-Khac and Scanlon, 2016). Through the analysis results, the forensic
team will know if any malicious activities have been introduced, and then the forensic team will
develop another kind of court search strategy, such as complete memory analysis, complete analysis of
the file system, and events. According to the study of this matter, there was malicious activity in their
networks frameworks and it was also confirmed through our preliminary recognization.
Part 5
Relevant security policies for the Company
Full standards for assessing the organization of the organization's security system International
standard ISO 1777: Practice code for the information safety management has been accepted in 2000.
Standard ISO 17799 are an global adaptation of the British standard7799. There are practical
standards for information in ISO 17799. Security management as well as administrative, technical and
physical safety measures (ISO/IEC 17797: 2005) can be used as criteria for evaluating institutional
level safety practices (CHELGHOUM, LOUAI and NAIT-SAID, 2014).
Practical rules divided according to following sections:
1- Information security organization;
2- Security Policy;
3- Property management;
4- Human Resource Protection;
12
Initially, the forensic team needed to analyze the evidence gathered and verified. The forensic team
will pay close attention to this information to see if any hidden files and exception files have been
submitted. Then, if exception handling is in progress and any sockets are open, the forensic digital
team will also see if any application requests an exception. The forensic team will then examine the
account and then submit some unusual accounts. The forensic team can also find out the degree of
repair system (Hitchcock, Le-Khac and Scanlon, 2016). Through the analysis results, the forensic
team will know if any malicious activities have been introduced, and then the forensic team will
develop another kind of court search strategy, such as complete memory analysis, complete analysis of
the file system, and events. According to the study of this matter, there was malicious activity in their
networks frameworks and it was also confirmed through our preliminary recognization.
Part 5
Relevant security policies for the Company
Full standards for assessing the organization of the organization's security system International
standard ISO 1777: Practice code for the information safety management has been accepted in 2000.
Standard ISO 17799 are an global adaptation of the British standard7799. There are practical
standards for information in ISO 17799. Security management as well as administrative, technical and
physical safety measures (ISO/IEC 17797: 2005) can be used as criteria for evaluating institutional
level safety practices (CHELGHOUM, LOUAI and NAIT-SAID, 2014).
Practical rules divided according to following sections:
1- Information security organization;
2- Security Policy;
3- Property management;
4- Human Resource Protection;
12
Forensic Digital Report
5- Environmental and Physical safety;
6- Communication and operation management;
7- Access control;
8- Editing, development, as well as maintenance of information systems;
9- Data safety incident management;
10- Commerce continuity management;
11- Conformity
These departments currently describe the institutionalized security system implemented in government
and commercial organizations around the world. Numerous inquiries emerge in the wake of
considering the requirements of a few mixes of company needs for Internet. What programming
moreover equipment or authoritative arrangements are expected to address the issues of the
association? What is the hazard? What ought to be the ethical perfect for the association with the
assistance of web? Who ought to be in charge of that? There is a reasonable security approach in view
of the responses to these inquiries. The accompanying areas contain security strategies for secure tasks
on the Internet. These pieces were made in view of the primary sorts of security writes. Security
approaches can be separated into two classes: utilizing equipment and programming and utilizing
managerial procedures, running a specialist, utilizing the framework and individuals running (Casey,
2018).
The security policy must meet specific requirements:
Related to national as well as international law
There is a provision for training workers on security risks
Include instructions to identify and prevent malicious software
Describe the results of the safety policy violation
Consider the business continuity requirement
13
5- Environmental and Physical safety;
6- Communication and operation management;
7- Access control;
8- Editing, development, as well as maintenance of information systems;
9- Data safety incident management;
10- Commerce continuity management;
11- Conformity
These departments currently describe the institutionalized security system implemented in government
and commercial organizations around the world. Numerous inquiries emerge in the wake of
considering the requirements of a few mixes of company needs for Internet. What programming
moreover equipment or authoritative arrangements are expected to address the issues of the
association? What is the hazard? What ought to be the ethical perfect for the association with the
assistance of web? Who ought to be in charge of that? There is a reasonable security approach in view
of the responses to these inquiries. The accompanying areas contain security strategies for secure tasks
on the Internet. These pieces were made in view of the primary sorts of security writes. Security
approaches can be separated into two classes: utilizing equipment and programming and utilizing
managerial procedures, running a specialist, utilizing the framework and individuals running (Casey,
2018).
The security policy must meet specific requirements:
Related to national as well as international law
There is a provision for training workers on security risks
Include instructions to identify and prevent malicious software
Describe the results of the safety policy violation
Consider the business continuity requirement
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Forensic Digital Report
It is necessary to define a person responsible for a process of reviewing as well as updating the
security policy provisions
The safety policies should be repeated as consequence of following:
Some change in the institutional infrastructures of Building Finance
Change to Building Finance technical infrastructure (Carlton, 2014)
Subject to a regular evaluation of the security policies have the following features:
Results and outcomes of the image on the performance of the organization (ISO / IEC 17797: 2005)
Part 6
Recommendations
The Office of Information Security takes the doubt seriously. In addition to filling hardware and
software specifications related information, computer forensics investigators must keep an accurate
record of all the activities related to the investigation, all the methods used to check system
performance and to retrieve, copy and store data, as well as collect, test and evaluate all the evidence
Cave Not only does the clarity on how the integrity of the user data is maintained, all these parties
have followed the right policies and procedures (Bruderer, 2017). Building Finance PVT Ltd requires
cyber security experts to investigate different types of online criminal activity and increase the ability
to face increasing lines due to cyber threats. To understand how confidential information flows around
an organization, it is necessary to understand the current workflow between operating system and
practice. Finding a key business process that involves confidential information is a deeper scope, but a
more in-depth examination is required to determine the risk of leakage. Based on a risk assessment,
the organization can rapidly create delivery strategies for several sorts of delicate and confidential
information. These policies accurately moderate which types of content can access or access and
sometimes take enforcement action for those policies. Confidential Information The ability to monitor
14
It is necessary to define a person responsible for a process of reviewing as well as updating the
security policy provisions
The safety policies should be repeated as consequence of following:
Some change in the institutional infrastructures of Building Finance
Change to Building Finance technical infrastructure (Carlton, 2014)
Subject to a regular evaluation of the security policies have the following features:
Results and outcomes of the image on the performance of the organization (ISO / IEC 17797: 2005)
Part 6
Recommendations
The Office of Information Security takes the doubt seriously. In addition to filling hardware and
software specifications related information, computer forensics investigators must keep an accurate
record of all the activities related to the investigation, all the methods used to check system
performance and to retrieve, copy and store data, as well as collect, test and evaluate all the evidence
Cave Not only does the clarity on how the integrity of the user data is maintained, all these parties
have followed the right policies and procedures (Bruderer, 2017). Building Finance PVT Ltd requires
cyber security experts to investigate different types of online criminal activity and increase the ability
to face increasing lines due to cyber threats. To understand how confidential information flows around
an organization, it is necessary to understand the current workflow between operating system and
practice. Finding a key business process that involves confidential information is a deeper scope, but a
more in-depth examination is required to determine the risk of leakage. Based on a risk assessment,
the organization can rapidly create delivery strategies for several sorts of delicate and confidential
information. These policies accurately moderate which types of content can access or access and
sometimes take enforcement action for those policies. Confidential Information The ability to monitor
14
Forensic Digital Report
policy enforcement and enforcement of critical assets is important. To control the use of information
and control the traffic, complying with the distribution policy and implementing control points that
violate those policies must be established (Bauer, Wutzke and Bauernhansl, 2016). All advanced
criminology begins with recognizable proof. Before doing whatever else, it's essential to distinguish
where information is put away. In the days of yore, agents found the information they required in file
organizers. Today, it's essentially all electronic. Information is put away on the hard drives of PCs and
servers, streak drives, arrange hardware there's information on it. At last, once examination is finished,
it's a great opportunity to display the discoveries as a case report. All that documentation that recorded
makes making this report one serious parcel simpler at last. And the majority of the data we gathered
ideally prompts some complete conclusion. All things considered, what occurs next isn't up to the
specialist. Once more, the key here is to assemble however many ancient rarities as could be expected
under the circumstances, and there are frequently numerous relics to be found. Truth be told, any
activity performed on a PC can make up to five ancient rarities in various areas. A decent case is a
basic Google seek. At whatever point scan for something, it's not simply signed in the program
history; there's additionally a planning registry ancient rarity that focuses to that pursuit.
Conclusion
This report includes how to use computational forensic investigation and suspicious activity checking
in different ways and how to use different tools. The digital forensic examination is very challenging
process as each event is different from other events. Computer forensic examiner should be capable of
technological and legal work to check. The evidence also provides by the computer forensic examiner
may be very significant part because investigation description should be complete or detailed.
Maintaining the property of confidential information in an enterprise is not a one-time program but
rather a journey. This basically requires a methodical way of identifying sensitive data; Understanding
current business procedures; Craft proper access, use, and distribution strategies; and by going through
15
policy enforcement and enforcement of critical assets is important. To control the use of information
and control the traffic, complying with the distribution policy and implementing control points that
violate those policies must be established (Bauer, Wutzke and Bauernhansl, 2016). All advanced
criminology begins with recognizable proof. Before doing whatever else, it's essential to distinguish
where information is put away. In the days of yore, agents found the information they required in file
organizers. Today, it's essentially all electronic. Information is put away on the hard drives of PCs and
servers, streak drives, arrange hardware there's information on it. At last, once examination is finished,
it's a great opportunity to display the discoveries as a case report. All that documentation that recorded
makes making this report one serious parcel simpler at last. And the majority of the data we gathered
ideally prompts some complete conclusion. All things considered, what occurs next isn't up to the
specialist. Once more, the key here is to assemble however many ancient rarities as could be expected
under the circumstances, and there are frequently numerous relics to be found. Truth be told, any
activity performed on a PC can make up to five ancient rarities in various areas. A decent case is a
basic Google seek. At whatever point scan for something, it's not simply signed in the program
history; there's additionally a planning registry ancient rarity that focuses to that pursuit.
Conclusion
This report includes how to use computational forensic investigation and suspicious activity checking
in different ways and how to use different tools. The digital forensic examination is very challenging
process as each event is different from other events. Computer forensic examiner should be capable of
technological and legal work to check. The evidence also provides by the computer forensic examiner
may be very significant part because investigation description should be complete or detailed.
Maintaining the property of confidential information in an enterprise is not a one-time program but
rather a journey. This basically requires a methodical way of identifying sensitive data; Understanding
current business procedures; Craft proper access, use, and distribution strategies; and by going through
15
Forensic Digital Report
and monitoring internal infrastructure, what is important to comprehend is that there are potential
costs as well as hurdles to notify the system to protect non-public data from inside. Computerized
legal sciences are the method towards deciphering and revealing electronic data. The main objective
of process are to save any evidence in its mainly unique shapes as playing out organized assessment
by meeting and approving computerized information to reconstructs the past occasion. Courses of
event are also basic for a demonstrating who do what, or when. In any case, computerize time stamp is
famously missing, or may without most of the stretches be parodied, in superior data. These are
extremely troublesome with a computerize crime sight study.
16
and monitoring internal infrastructure, what is important to comprehend is that there are potential
costs as well as hurdles to notify the system to protect non-public data from inside. Computerized
legal sciences are the method towards deciphering and revealing electronic data. The main objective
of process are to save any evidence in its mainly unique shapes as playing out organized assessment
by meeting and approving computerized information to reconstructs the past occasion. Courses of
event are also basic for a demonstrating who do what, or when. In any case, computerize time stamp is
famously missing, or may without most of the stretches be parodied, in superior data. These are
extremely troublesome with a computerize crime sight study.
16
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Forensic Digital Report
References
Bauer, D., Wutzke, R. and Bauernhansl, T. (2016). Wear@Work – A New Approach for Data
Acquisition Using Wearables. Procedia CIRP, 50, pp.529-534.
Bruderer, R., Bernhardt, O., Gandhi, T., Xuan, Y., Sondermann, J., Schmidt, M., Gomez-Varela, D.
and Reiter, L. (2017). WITHDRAWN: Heralds of parallel MS: Data-independent acquisition
surpassing sequential identification of data dependent acquisition in proteomics. Molecular & Cellular
Proteomics, pp.mcp.M116.065730.
Carlton, G. (2014). A Simple Experiment with Microsoft Office 2010 and Windows 7 Utilizing
Digital Forensic Methodology. Journal of Digital Forensics, Security and Law.
Casey, E. (2018). Clearly conveying digital forensic results. Digital Investigation, 24, pp.1-3.
CHELGHOUM, L., LOUAI, F. and NAIT-SAID, N. (2014). A NEW APPROACH FOR PREISACH
DISTRIBUTION FUNCTION IDENTIFICATION USING FEW EXPERIMENTAL DATA. Acta
Electrotechnica et Informatica, 14(3), pp.54-60.
Hitchcock, B., Le-Khac, N. and Scanlon, M. (2016). Tiered forensic methodology model for Digital
Field Triage by non-digital evidence specialists. Digital Investigation, 16, pp.S75-S85.
Hou, F. and He, H. (2014). Ultra simple way to encrypt non-volatile main memory. Security and
Communication Networks, 8(7), pp.1155-1168.
Kornhuber, J. and Zoicas, I. (2017). Neuropeptide Y prolongs non-social memory and differentially
affects acquisition, consolidation, and retrieval of non-social and social memory in male mice.
Scientific Reports, 7(1).
Lukongo, O. and Miller, T. (2018). Data obtained with a novel approach to estimate installment loan
acquisition costs. Data in Brief, 18, pp.1257-1266.
Ma, S. and Chowdhury, S. (2015). Data acquisition and data mining techniques for metabolite
identification using LC coupled to high-resolution MS. Bioanalysis, 5(10), pp.1285-1297.
17
References
Bauer, D., Wutzke, R. and Bauernhansl, T. (2016). Wear@Work – A New Approach for Data
Acquisition Using Wearables. Procedia CIRP, 50, pp.529-534.
Bruderer, R., Bernhardt, O., Gandhi, T., Xuan, Y., Sondermann, J., Schmidt, M., Gomez-Varela, D.
and Reiter, L. (2017). WITHDRAWN: Heralds of parallel MS: Data-independent acquisition
surpassing sequential identification of data dependent acquisition in proteomics. Molecular & Cellular
Proteomics, pp.mcp.M116.065730.
Carlton, G. (2014). A Simple Experiment with Microsoft Office 2010 and Windows 7 Utilizing
Digital Forensic Methodology. Journal of Digital Forensics, Security and Law.
Casey, E. (2018). Clearly conveying digital forensic results. Digital Investigation, 24, pp.1-3.
CHELGHOUM, L., LOUAI, F. and NAIT-SAID, N. (2014). A NEW APPROACH FOR PREISACH
DISTRIBUTION FUNCTION IDENTIFICATION USING FEW EXPERIMENTAL DATA. Acta
Electrotechnica et Informatica, 14(3), pp.54-60.
Hitchcock, B., Le-Khac, N. and Scanlon, M. (2016). Tiered forensic methodology model for Digital
Field Triage by non-digital evidence specialists. Digital Investigation, 16, pp.S75-S85.
Hou, F. and He, H. (2014). Ultra simple way to encrypt non-volatile main memory. Security and
Communication Networks, 8(7), pp.1155-1168.
Kornhuber, J. and Zoicas, I. (2017). Neuropeptide Y prolongs non-social memory and differentially
affects acquisition, consolidation, and retrieval of non-social and social memory in male mice.
Scientific Reports, 7(1).
Lukongo, O. and Miller, T. (2018). Data obtained with a novel approach to estimate installment loan
acquisition costs. Data in Brief, 18, pp.1257-1266.
Ma, S. and Chowdhury, S. (2015). Data acquisition and data mining techniques for metabolite
identification using LC coupled to high-resolution MS. Bioanalysis, 5(10), pp.1285-1297.
17
Forensic Digital Report
Mani, G., Jyothi, G., Swathi, G. and Daniel., R. (2016). SENTIMENT ANALYSIS OF SOCIAL
MEDIA DATA USING NAIVE BAYESIAN CLASSIFIER IN HADOOP AND HIVE. International
Journal of Advanced Research, 4(5), pp.176-184.
Rashidian, A., Mandil, A. and Mahjour, J. (2017). Improving evidence informed policy-making for
health in the Eastern Mediterranean Region. Eastern Mediterranean Health Journal, 23(12), pp.793-
794.
Stelly, C. and Roussev, V. (2017). SCARF: A container-based approach to cloud-scale digital forensic
processing. Digital Investigation, 22, pp.S39-S47.
Walter, S., Unger, C. and Cimiano, P. (2016). Automatic Acquisition of Adjective Lexicalizations of
Restriction Classes: a Machine Learning Approach. Journal on Data Semantics, 6(3), pp.113-123.
Zayets, V. (2017). High-Speed Non-Volatile Optical Memory: Achievements and Challenges.
Electronics, 6(1), p.7.
Asghar Hosseini, S. (2018). Building Information Modelling and Its Application in Digital
Architecture to Achieve Sustainability. International Journal of Engineering & Technology, 7(2.15),
p.192.
Bholebawa, I. and Dalal, U. (2016). Design and Performance Analysis of OpenFlow-Enabled Network
Topologies Using Mininet. International Journal of Computer and Communication Engineering, 5(6),
pp.419-429.
Bornmann, L. and Leydesdorff, L. (2014). Scientometrics in a changing research landscape:
Bibliometrics has become an integral part of research quality evaluation and has been changing the
practice of research. EMBO reports, 15(12), pp.1228-1232.
Dakhil, A. and Alshawi, M. (2014). Client's Role in Building Disaster Management through Building
Information Modelling. Procedia Economics and Finance, 18, pp.47-54.
Forshaw, J. (2018). Attacking network protocols. [S.l.]: No Starch Press.
Miguel, R., Sundaram, S. and Aung, K. (2016). Secure Object Stores (SOS): Non-Volatile Memory
Architecture for Secure Computing. Journal of Computers, 11(3), pp.189-194.
18
Mani, G., Jyothi, G., Swathi, G. and Daniel., R. (2016). SENTIMENT ANALYSIS OF SOCIAL
MEDIA DATA USING NAIVE BAYESIAN CLASSIFIER IN HADOOP AND HIVE. International
Journal of Advanced Research, 4(5), pp.176-184.
Rashidian, A., Mandil, A. and Mahjour, J. (2017). Improving evidence informed policy-making for
health in the Eastern Mediterranean Region. Eastern Mediterranean Health Journal, 23(12), pp.793-
794.
Stelly, C. and Roussev, V. (2017). SCARF: A container-based approach to cloud-scale digital forensic
processing. Digital Investigation, 22, pp.S39-S47.
Walter, S., Unger, C. and Cimiano, P. (2016). Automatic Acquisition of Adjective Lexicalizations of
Restriction Classes: a Machine Learning Approach. Journal on Data Semantics, 6(3), pp.113-123.
Zayets, V. (2017). High-Speed Non-Volatile Optical Memory: Achievements and Challenges.
Electronics, 6(1), p.7.
Asghar Hosseini, S. (2018). Building Information Modelling and Its Application in Digital
Architecture to Achieve Sustainability. International Journal of Engineering & Technology, 7(2.15),
p.192.
Bholebawa, I. and Dalal, U. (2016). Design and Performance Analysis of OpenFlow-Enabled Network
Topologies Using Mininet. International Journal of Computer and Communication Engineering, 5(6),
pp.419-429.
Bornmann, L. and Leydesdorff, L. (2014). Scientometrics in a changing research landscape:
Bibliometrics has become an integral part of research quality evaluation and has been changing the
practice of research. EMBO reports, 15(12), pp.1228-1232.
Dakhil, A. and Alshawi, M. (2014). Client's Role in Building Disaster Management through Building
Information Modelling. Procedia Economics and Finance, 18, pp.47-54.
Forshaw, J. (2018). Attacking network protocols. [S.l.]: No Starch Press.
Miguel, R., Sundaram, S. and Aung, K. (2016). Secure Object Stores (SOS): Non-Volatile Memory
Architecture for Secure Computing. Journal of Computers, 11(3), pp.189-194.
18
Forensic Digital Report
Park, C. and Lee, C. (2015). Investigation of light programmable non-volatile memory in an organic
phototransistor. physica status solidi (RRL) - Rapid Research Letters, 9(4), pp.269-274.
Saini, K. and Kaur, S. (2016). Forensic examination of computer-manipulated documents using image
processing techniques. Egyptian Journal of Forensic Sciences, 6(3), pp.317-322.
Soyer, B. and Tettenborn, A. (2016). Ship Building, Sale and Finance. Taylor and Francis.
Tian, Z., Jiang, W. and Li, Y. (2015). A transductive scheme based inference techniques for network
forensic analysis. China Communications, 12(2), pp.167-176.
Watson, D., Jones, A. and Thornton, F. (2016). Digital forensics processing and procedures.
Waltham, MA: Syngress.
Wong, W. and Ma, T. (2014). Emerging technologies for information systems, computing, and
management. New York, NY: Springer.
19
Park, C. and Lee, C. (2015). Investigation of light programmable non-volatile memory in an organic
phototransistor. physica status solidi (RRL) - Rapid Research Letters, 9(4), pp.269-274.
Saini, K. and Kaur, S. (2016). Forensic examination of computer-manipulated documents using image
processing techniques. Egyptian Journal of Forensic Sciences, 6(3), pp.317-322.
Soyer, B. and Tettenborn, A. (2016). Ship Building, Sale and Finance. Taylor and Francis.
Tian, Z., Jiang, W. and Li, Y. (2015). A transductive scheme based inference techniques for network
forensic analysis. China Communications, 12(2), pp.167-176.
Watson, D., Jones, A. and Thornton, F. (2016). Digital forensics processing and procedures.
Waltham, MA: Syngress.
Wong, W. and Ma, T. (2014). Emerging technologies for information systems, computing, and
management. New York, NY: Springer.
19
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.