Discussion: Computer Forensic Analysis and Incident Response

Verified

Added on 2022/08/22

AI Summary

This discussion post provides a comprehensive overview of computer forensics, addressing various aspects of cybercrime and incident response. The post begins by defining cybercrime and analyzing recent examples, including the Yahoo data breach, the Home Depot POS system breach, and the WannaCry attack, discussing their impact and potential preventative measures. It then delves into the setup of a digital forensic lab, detailing essential hardware and software tools for analyzing Windows, Mac, Linux, mobile, and IoT devices. The importance of Windows registry and event logs as key forensic artifacts is highlighted, along with methods for extracting data and utilizing relevant tools. Furthermore, the post explores incident response strategies for Apple and Linux computers, mentioning tools like Wazuh, GPR, and osquery. Email forensics is also examined, outlining the process of analyzing email headers and bodies using tools like MailXaminer. The discussion concludes by addressing network and mobile forensics, with examples like the Citrix breach and riskware apps. Finally, the post mentions the Cycroft Singapore 2020 event, highlighting key speakers and the event's focus on digital forensics and cybersecurity. The post is well-researched and provides valuable information for students studying computer forensics.

Running head: COMPUTER FORENSIC
INTRODUCTION TO COMPUTER FORENSIC
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

COMPUTER FORENSIC 2
Question one
Cyber-crime is any activity deemed to be illegal. It involves a computer, a computer
network, or any other digital device. Some of the common types of cyber-attacks are software
vulnerability, network attacks like DDOS, and social engineering. One of the commonly known
cybercrime was the yahoo data breach. The breach resulted in the theft of three billion user
accounts. Some of the stolen data were the yahoo login ID, recovery mail, cellphone numbers,
zip code, date of birth, the has password, and the country code. Yahoo failed to disclose its data
breach in a reasonable amount of time. Another cyber-crime was the 2014 US retailer Home
Depot’s POS system breach. This resulted in a loss of 50 million personal credit cards. Lack of
an incident response team resulted in the loss of a lot of credit cards. Lastly, was the WannaCry
attack which was launched by North Korea; this infected over 300,000 computers around the
world. Lack of goof anti-virus resulted in widespread of WannaCry attack.
One of my peers have listed phishing as the main method used by cyber-criminals to
cause cyber-attacks. It is important to note that most cyber-crimes are due to botnets, and flood
attacks. Another one of my peer has listed, lack of the best antivirus as the reason yahoo faced
data breach but from various articles browser hijacking is the major cause yahoo faced a data
breach as it was featured by XSS type of attack (Ngo-Lam, 2019).
Question two
Digital forensics in the area of computer science that focuses on identifying, acquiring,
processing, reporting, and analyzing data stored on a digital media, user computer, and other
digital storage devices. They are many hardware and software tools needed to be used in a digital
forensic lab. Some of the major hardware tools which are needed are cell or mobile phone

COMPUTER FORENSIC 3
acquisition devices, portable storage gadgets, phone and computer cables, adapters, and cloning
devices. These devices are used to analyze phone related devices. Also, a digital lab is
dependent on other important assortments of hardware like computers, write blockers, and
servers. Some of the software tools which are required include ThreatQuotient, ThreatStream,
and Lockheed Martin; all these tools are used to analyze several devices. When dealing with
windows it is recommended to use windows based forensic tools. Also, it is important to analyze
the windows registry as it holds a database of values that gives important pieces of information.
With Linux, one should analyze the system root folders, the var/log folder. When dealing with
phones it is important to deal with phone jammers tools and faraday bag. When dealing with
Mac products one can use both Linux and Mac based digital forensic products (Årnes, 2018) .
When dealing or extracting traces from IoT devices, the major digital forensic devices used are
QBee, Wink, and iSmartala; the tools are used for memory images and filesystem images.
Question three
Windows operating system is the commonly used type of operating system. Ninety-one
percent of network traffic comes from computers that use Windows as their operating systems.
One of the most important artifact in windows digital forensic is the windows registry. The
windows operating system registry is a valuable source of digital forensic artifact for all forensic
analysts and examiners. The registry tool holds settings and Microsoft windows OS
configurations which are suitable for the .IN extension files. Also, the windows registry keeps
records of the Operating System and all of the windows application configurations and settings.
The windows registry also records and monitors certain user data to structure and enhanced user
experience. One point of interest for forensic analyst in windows registry is key cell structure

COMPUTER FORENSIC 4
which are the size, node type, offset to parent key, node ID, lastwrite, amount of values, key
name’s length, and offset to list of subkey records. The two cases which proved the windows
registry to be instrumental were the credit card theft and child pornography case in Texas
(InfoSec, 2013). Another common windows artifact which is considered in digital forensics is
the event logs. It assists in picturing out what happens when information is deleted from a
computer using the standard delete button. Event logs have what Microsoft refers to as headers
and particulars entries which have both unique identifiers known as Lfle
Question four
Digital forensic investigators have traditionally dealt with Windows machines. Over the
years there has been an increase use of apple and Linux computers. Incident response is a means
of managing and organizing responses to cyber-security incidents. Typically an IR is performed
by an incident response team; composed of security professionals commonly known as CSIT
team or CERT team. Any Incident response composes of six steps which are preparation and
evaluation, analysis and identification, containment and neutralization, eradication, recovery and
restoration, improvement and retrospective. Some of the common tools which can be also be
used on Apple and Linux computers is the Wazup; it is an open-source security platform for
threat detection, and incident response. The tool works through monitoring a connected server
that gathers intelligence and performs an analysis. One can use Wazuh in a docker container or
Apple or Linux systems. Other IR tools are the GPR response tool and the osquery (Maayan,
2020).
Question Five

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

COMPUTER FORENSIC 5
Emails have been said to one of the major carriers for transporting malicious content and
spam over the computer wide area network. It is also one of the primary sources of numerous
criminal activities on the wide-area network. At times email analysis can be challenging due to
various fields that can be forged by malicious users or hackers and the flexibility of editing,
deleting and composing of emails. Forensic investigation of an email is supposed to examine
both the email body and header. A forensic email analysis needs to have four major steps which
are sender email examination, initiation protocol such as SMTP and HTTP examination, message
ID examination, and examining the sender’s IP address. MailXaminer is one of the common
tools which needs to be used in this case. The tool has the search option feature which is used to
indicate how one can perform a search of the major words in a mail content that was deleted. The
option also supports the recovery capability of any mail which could have been deleted
intentionally or accidentally (Devendran, 2015).
Question Six
A cyber-attack is an attack launched from one digital device or network against another
computer, network, or mobile phone. In the cause of this week network and mobile forensic were
talked about and it is evident that network artifacts and mobile devices are also being used to
complete a cyber-attack. One example of attack was the Citrix breach; where attackers used
network artifacts within the Iranian government to gain access to the Citrix system. Citrix
company assists in the securing of millions of internet connections and even though the company
was not compromised in fell a victim of password spraying in March 2019 (Fruhlinger, 2020).
Mobile apps are usually used to cause unintentional data leakage. One of the commonly used
mobile phone app us the riskware app. The app is found in the official app store; the app is

COMPUTER FORENSIC 6
thought by many to be an advertising app but it is used by attackers to send personal and even
potentially corporate data to a certain remote server where it is later mined by cybercriminals
(Karspekey, n.d).
Question Seven
One of the widely known events is the Cycroft Singapore 2020 organized by The Teh
Group in Singapore. The location of the event will be Marina Bay Singapore which was initially
known as marina mandarin. The event will focus on digital forensic and investigation within the
current cyberspace. In addition, the organizers of the event will explore the best approaches and
practices within cybersecurity. One of the major featured speakers will be Christopher Church
who is a senior forensic specialist within the DFL at the Interpol global cyber complex.
Christopher is one of the digital forensic experts who has been majorly involved in supporting
over 190 countries faced with challenges of tackling cyber-crimes. Also Zabri, a senior cyber-
security analyst will be a major speaker. Zabri has vast knowledge in cyber-crimes. He has
featured in a lot of cases related to cyber-crimes both in Malaysia and globally. Other key note
speakers will be Barker, head digital forensic at Standard chartered bank, and Venkatesh who is
the global chief information security officer at Olan international (TheTehGroup, 2020).

COMPUTER FORENSIC 7
ReferencesÅ
rnes, A. (2018). Digital Forensic. Chicago: John & Wiley.
Devendran, V. K. (2015). A Comparative Study of Email Forensic Tools. Journal of Information
Security.
Fruhlinger, J. (2020, February 27th). What is a cyber attack? Recent examples show disturbing
trends. Retrieved from CSO: https://www.csoonline.com/article/3237324/what-is-a-
cyber-attack-recent-examples-show-disturbing-trends.html
InfoSec. (2013, September 24th). Windows Systems and Artifacts in Digital Forensics, Part I:
Registry. Retrieved from Info Sec: https://resources.infosecinstitute.com/windows-
systems-and-artifacts-in-digital-forensics-part-i-registry/#gref
Karspekey. (n.d). Top Mobile threats 2020. Retrieved from Kasperkey:
https://usa.kaspersky.com/resource-center/threats/top-seven-mobile-security-threats-
smart-phones-tablets-and-mobile-internet-devices-what-the-future-has-in-store

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

COMPUTER FORENSIC 8
Maayan, G. D. (2020, February 11th). 9 Free Tools to Automate Your Incident Response
Process. Retrieved from Altexsoft: https://www.altexsoft.com/blog/incident-response-
tools/
Ngo-Lam, V. (2019, December 24th). Cyber Crime: Types, Examples, and What Your Business
Can Do. Retrieved from Exabeam:
https://www.exabeam.com/information-security/cyber-crime/
TheTehGroup. (2020, February). Cycroft Singapore 2020. Retrieved from Cycroft:
https://thetehgroup.com/cycroft/Singapore-2020.html