University Report: Digital Forensics and Incident Response Analysis

Verified

Added on 2022/09/12

AI Summary

This report delves into the concepts of digital forensics and incident response (DFIR), crucial components of computer security. It defines digital forensics as the process of investigating digital components to identify illegal activities or cyberattacks, emphasizing the skills required of IT professionals to detect threats. Incident response is presented as a structured process for identifying and managing security incidents, involving preparation, identification, containment, remediation, recovery, and reporting. The report evaluates the DFIR process through a six-step framework, highlighting the importance of preparation, identification of risks, containment of threats, remediation, system recovery, and stakeholder communication. A table is included to differentiate between incident response and digital forensics, comparing their goals, data requirements, and team skills. The conclusion emphasizes the importance of these processes for organizational security, recommending the involvement of the incident response team in the operational phase for effective threat assessment and information recovery.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DIGITAL FORENSIC
Forensic and incident response
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
DIGITAL FORENSIC
Table of Contents
Explanation of method...............................................................................................................2
Critical evaluation of method.....................................................................................................2
Conclusion..................................................................................................................................4
References..................................................................................................................................5

2
DIGITAL FORENSIC
Explanation of method
Digital forensic defines as a part of computer forensic which concentrates only the
determination of the digital components of the business whether there exists any illegal action
carried by the organization or any kind of cyber-attacks (Casey, Back and Barnum 2015). To
continue this kind of forensic, it requires to remain the skills of the IT professionals by which
they can identify the threats of the hard drives or any computer based devices including
malware or hacking etc. Apart from this, the incident response is a set of process of
identifying the incidents. In this process, the communication should be clear or accessible
which is conducted between the parties identified by incident response team and the manager.
This process can be executed through few steps including preparing, identifying,
containing, remediating as well as incident recovery and also reporting with perfect
communication (Agarwal and Kothari 2015). Through these steps, most of the organizations
can obtain the benefits from this DFIR process.
Critical evaluation of method
The evaluation of the digital forensic and incident response proceeds through six steps
for identifying the threats and risks for the organization. Formally, the working principle of
the incident response may provide the results of identification of threats of computer devices
or other hard drives (Montasari 2016). Before starting the process of incident response, the
organizations have to prepare the incident response team along with the managers for
achieving the identification of risks. After happening of preparing phase, the identification
phase deploys to detect the risk occurring within the organization. During the containing
phase, the incident response manager needs to check the containing of the risks so that it
cannot spread further throughout the systems (Ab Rahman and Choo 2015). After finishing
this phase, the team employs within a phase relating with the correction of the threats. After

3
DIGITAL FORENSIC
remediating, under the organizational policies, the manager tries to recover the system from
the occurrence of risks. While all of these parts are almost completed, the incident response
manager is responsible for communicating with the stakeholders for reporting on these threats
or risks.
After describing the evaluation process of digital forensic and incident response, here
a table shows the principle differentiation between the digital forensics and incident response.
Area Incident Response Digital forensic
Goals The goal of this process is to
focus the events with threats
and provide the quick
response (Kebande and
Venter 2015).
The goal of this process is to
analyse the threats after
gathering them and also
provide the resolution of the
threats thoroughly.
Data requirements This process needs the short
term based data sources that
occurs less than one month.
This process requires long
time based files or data that
occur over 300days or more
than that.
Team skills Must having strong skills for
analysis and needs to
interact with security or
operational team.
Must having strong skills for
analysis and needs to
interact with operation or
legal or HR and also
compliance team.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
DIGITAL FORENSIC
Benefits This process helps to isolate
the threats from the system
and also eliminate them in
real time monitoring.
This process provides the
full resolution of the threats
with proper judgement
(Elyas et al. 2015).
Conclusion
This discussion ends with the topic regarding the digital forensic and incident
response which is the process of identifying the threats of the hard drives or computer based
devices. Most of the organization utilize both of these processes for detecting the risks
occurring within their organizational systems.
According to my experience, this process must go through such steps otherwise it may
create any gap during evaluation procedures. At the time of evaluation of this technique, it
must involve the incident response team involving in the operational phase to determine the
impact of the threats within the organizational system. Therefore to run the organizational
system error free, I must suggest this process to ensure the recovery of the information from
threats or risks.

5
DIGITAL FORENSIC
References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident
handling in the cloud. computers & security, 49, pp.45-69.
Agarwal, R. and Kothari, S., 2015. Review of digital forensic investigation frameworks.
In Information science and applications (pp. 561-571). Springer, Berlin, Heidelberg.
Casey, E., Back, G. and Barnum, S., 2015. Leveraging CybOX™ to standardize
representation and exchange of digital forensic information. Digital Investigation, 12,
pp.S102-S110.
Elyas, M., Ahmad, A., Maynard, S.B. and Lonie, A., 2015. Digital forensic readiness: Expert
perspectives on a theoretical framework. Computers & Security, 52, pp.70-89.
Kebande, V. and Venter, H.S., 2015, July. A functional architecture for cloud forensic
readiness large-scale potential digital evidence analysis. In European Conference on Cyber
Warfare and Security (p. 373). Academic Conferences International Limited.
Montasari, R., 2016. A comprehensive digital forensic investigation process
model. International Journal of Electronic Security and Digital Forensics, 8(4), pp.285-302.