Free Case Study On Rationale For Digital Forensic Methodology 3

Type of paper: Case Study

Topic: Information, Evidence, System, Computers, Windows, Internet, Network, Education

Pages: 10

Words: 2750

Published: 2020/10/05

Executive summary

Digital forensics is a significant process that is needed in analyzing a crime that involves digital equipment. It is a field which has been developing with the way technology has been developing. It is important to understand the issues that has attracted research in the recent past. Digital forensics requires that a lot if human understanding and technological alignment in order to get what is happening with the case that has been stated. This paper will focus on the methodology of gathering digital evidence and carrying out investigations regarding a case. It will focus mainly on the procedures to be followed for Global Finance, Inc., which is a financial institution that has branches in Brisbane. The problem that is being investigated is about the suspicion that is of a case where one of the branch managers is concerned about compromised situation of the computer devices that they have.

Executive summary 1

Introduction 3

Resources required 6

Data evidence/identification approach 8
Steps to be taken in analysis 9
Conclusion 10
References 12
Introduction
Digital forensics is a significant concept that has been known to help in the management and enhancement of getting digital evidence. When undertaking a digital forensic analysis, it is important to gather the requirements that will be used in the process and have ways in which to get the digital evidence that is required. This paper will focus on procedures that will be taken in getting the digital forensics in the Global Finance case. The suspicion that has been got by the branch managers in the branch offices is an issue of concern that should be investigated and deal with thoroughly. It is in this paper that the digital evidence report and procedures will be undertaken in order to undertake the required steps. The use of digital evidence and procedures makes it a good approach in getting the evidence that is needed for the case that has been presented.
Rationale for digital forensic methodology
Digital forensic methodology is a significant process that is used for gathering evidence for investigating a crime. In the Global Finance case, it is important to make use of the digital forensics. One of the reasons for the use of digital forensics is the fact that there are steps that are systematic that will ensure that the analysis of the case is done thoroughly. The first step that is done when undertaking digital forensic analysis is to verify if an incident has actually happened. In the case that has been stated, the branch manager suspects that their computer has been compromised. It is a compromise and there is no evidence that actually some crime has taken place. It is important to understand the issues that are associated with the case. The verification stage will ensure that the case will be validated and will be assured that there is a crime which has taken place. It will help to understand the breadth and the extent in which the case has taken place. It is important to understand these issues and come up with a plan that will have these issues in place. The verification will involve gathering evidence that will be used in the case. It will help in understanding the issues that are there in the case.
Digital forensics is appropriate in the case because of the fact that it will help in describing the system that has been stated to be compromised. Having to use digital forensics will enable he experts to examine the systems that are in doubt. After the examination of the systems that are said to be compromised will help have the suspicious acts that are stated to be suspicious. It will also help to gather the characteristics of the case, and will help to understand how to handle the case in the long run. It will also help the forensic experts to understand the role of the system in the branches in the network and the whole Global Finance Company.
In the case, the misconduct that has been reported is that of compromising the systems of the branches. In this case, there is some aspect where network intrusion might have been done in the case. Since there is some weakness of the system in the way the branches undertake their operations, there is some suspicion that some of the branch users might have accessed the said branches. Using digital forensics methodology will ensure that there is an understanding of the case from the devices which have been compromised.
Unlike the use of other investigative methodologies, digital forensics is better because it is comprehensive. The case cannot be done by network forensics because the network forensics will check on the network and ignore the incidences from the system. In the use of network forensics, the experts will not be able to get the tampering that might have been done on the computer devices. It will not be able to understand whatever might have taken place in the computer. From the incident that has been reported, it is evident that there is a need to have facts from the devices that have been used in the case. It will enable the experts to draw on the way forward. It is important to understand the case from the computer device that has been stated.
Using other methodologies will not enable the experts get the evidence from the computer devices that are used. It will limit the sources where the evidences will be acquired. It is because of the fact that the evidences that will be gathered will not come from such vital devices like mobile phones in the scene.in the case of the use of network forensics, the experts will deal with the computer network and networking tools and leave the vital processes and tools like the use of devices in the vicinity. The use of digital forensics in the Global Finance Case will enable the experts to look into the whole case of the scene of crime that has been stated. It will be important to understand the issues and the environment that the branch managers was operating. It is important to understand the issues that have been stated in the case (Walls, Levine, Liberatore, & Shields, 2011).
Digital forensics is better than data recovery because with the data recovery, it will focus on the lost data and how to recover the lost data. For the case, it is important to analyze the whole communication device and not only the data. On the data recovery, the process will not involve the entire process and what happens in the entire computer. It is important to understand the issues and the whole process in which the computer is affected. When undertaking a research study, it will be important to understand the issues that are associated with the computer system. There are steps that will be done in computer forensics. The steps include verification, system description, evidence acquisition, and timeline analysis. Other steps include media and artifact analysis, string or byte search, and finally, reporting results. From the steps that have been presented, it is important to realize that the steps include the data recovery. It shows that data recovery is a sub-step in the digital forensics methodology. It shows that there are other issues and facts that are of concern for the digital forensic experts apart from undertaking data recovery.
Resources required
There are resources that will be required in order to undertake the process of digital forensics process of gathering the data. Some of the tools that will be required in the entire process include:
Data encryption tools. These tools will be used in the analysis and getting data and procedures that might be hidden. The case shows that there is some hidden activity that might be taking place in the entire case. There is a need to ensure that there is an understanding of the data that might be hidden in the case. The use of encryption and decryption tools will help in the analysis of the case and unhide hidden data and procedures. One of the tools that is effective for data encryption is EPRB. It is developed by ElcomSoft. Also important is M3 Bitlocker Recovery tool.
Windows forensic analysis tools. There is also a need to have tools that will be used to assess and analyze the case that has been stated. In the given state, it is important to understand the windows forensic analysis procedures. It is for this case that there is a need to ensure that windows analysis and undertaking this will require that windows analysis tools will be required. In the windows system, there are system files that will need to be analyzed. It will be important to understand the requirements that will help in analyzing the case. One of the tools that is used in this case is Registry recon tool.
Expertise required – there is some expertise that are required in analyzing the case. One area of knowledge that will be needed in the case is that of forensic science. Forensic science will help understand the whole methodology and understand the procedures that will be required in order to have a successful forensic analysis. The forensic science will help in understanding the evidence that will be required in undertaking the case. The forensic science will ensure that the knowledge that will be needed will be acquired in the entire case analysis. After the knowledge has been acquired, it will be important to understand the requirements and the ways in which the system will be acquired in the entire process.
Microsoft Engineer - Another expertise knowledge is Microsoft systems engineering. Because of the use of Microsoft products, it will be important to understand the engineering aspect of the procedures. It will help to understand the requirements and the way the procedures will be carried out. It is important to have these issues in place and have a way in which to analyze the cases that have been presented. It is important to understand the administrative aspects of the windows systems. It is for this case that there is a need to understand the administration knowledge of the windows systems. It is important to understand the way windows systems work. Getting this knowledge will help in getting the requirements and the way the system will be analyzed in the entire process. The knowledge will ensure that the windows analysis will be done and successfully done.
There is also the need to have knowledge on getting information from the people involved. There is a need to ensure that there is information that is gathered from the people that work in the branch. In the entire process, there is a need to ensure that there is an understanding of the way that people operate in the Brisbane Branch of the company. Officers should be able to get information from the people who are attached in the office. It is one way in which to acquire information from the people. The information that shall have been acquired will help to pierce together information that has been achieved in the entire process.
Data evidence/identification approach
There is a need to have an approach to digital evidence. There is a need to take a photo of the computers that are found in the manager’s office. The photographs should be taken in all positions that will warrant evidence available. If the computer is on, photographs of the screen should be taken. The collection of data should also be taken through the collection of the data that is found in the RAM. One of the tools that is widely used is that of F-Response. It will collect all the data and information that is stored in the Random Access Memory (RAM). Other data that is required should also be collected, that include network connection states, users who are currently logged in, and processes that are executing at the moment. If there is hard-disk is encrypted, there is a need to collect logical images. This process will be achieved by use of dd.exe, Helix, either from the local location or remote (Garfinkel, 2012).
There is also a need to disconnect all the cords that are used in the computer devices. If the device is a laptop, and does not go off when the power cord is removed, there is a need to remove the battery. After all the cords have been unplugged, there is a need to take a photograph of all the power cords. Have a documentation of all the label numbers of all the devices that are used in the room. It will help to understand the issues that are associated with the devices that are under control. Diagram all the cords and image all the devices using Write Blocker, F-Response, or hardware imager. After the procedures have been taken, package the collected evidence and put it in evidence bags that are anti-static. Seize all other evidences that might be found in the vicinity and put them in anti-static bags.
All the media that has been collected should be stored in safe places where they will not get any contamination. This aspect will be achieved through ensuring that all the collected media be kept away from magnets or radio transmitters. Any other device that might destroy the collected media and information should be kept away from the storage media. All instruction manuals and documentations should also be collected and take together with the evidence that has been collected. All the steps that has been used in the seizure process should also be documented for evidence. All the documentation will help in case the people who will be doing the auditing will be different. They have to be consulted in the entire process (Casey, 2011).
Steps to be taken in analysis
There are steps that are taken in the analysis processes. One of the steps is to assess the images that has been taken. In this process, all information that is contained in the storage system will be gathered and processed. It is important to understand the issues and the facts that will be useful in the entire process. All data will be analyzed whether they were part of the file system or not. It is the basis where it will enable the examining officer to check for all the data and information that might be in the existing system. It is important to understand the entire process. It will help in the aspects where the system will help to understand the whole procedures. After the images have been found, it will be good to validate the images. Validation will be achieved through the use of MD5 algorithm. In the algorithm, there is the creation of a large number of message digest messages which will be used to determine if indeed the image that has been created was the image that was found in the system.
After the image has been found, the next step will be the searching of evidence in the image. The search process will need understanding of the windows operating system. There is a need to search the user information that is found in the windows and the data that is associated with the user of the file system. The named that holds the name of the user has the same name with the username that the user has used to log into the system. There is also a need to analyze the NTUSER.DAT which has information about the configuration settings that the user has set in the system.
There is also a need to investigate the Cookies folder. It holds information that is used by the victim to access to the internet. It will contain information that will be interesting to the investigator. It can be used together with the data in the temporary internet file. Another source of information is the deleted files folder. It is normally contained in the recycle bin in Windows operating systems. There is also the data that is held by windows operating system that helps users to access the system. The files will contain the data that are used by the users in the access of the files in the entire process.
Conclusion
References
Casey, E 2011, Digital evidence and computer crime: Forensic science, computers and the internet. Academic press.
Garfinkel, S 2012, Digital forensics XML and the DFXML toolset, Digital Investigation, Vol 8, Issue 3, Pg 161-174.
Walls, RJ, Levine, BN, Liberatore, M, & Shields, C 2011, Effective Digital Forensics Research Is Investigator-Centric, In HotSec.

Cite this page
Choose cite format:
  • APA
  • MLA
  • Harvard
  • Vancouver
  • Chicago
  • ASA
  • IEEE
  • AMA
WePapers. (2020, October, 05) Free Case Study On Rationale For Digital Forensic Methodology 3. Retrieved November 05, 2024, from https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/
"Free Case Study On Rationale For Digital Forensic Methodology 3." WePapers, 05 Oct. 2020, https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/. Accessed 05 November 2024.
WePapers. 2020. Free Case Study On Rationale For Digital Forensic Methodology 3., viewed November 05 2024, <https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/>
WePapers. Free Case Study On Rationale For Digital Forensic Methodology 3. [Internet]. October 2020. [Accessed November 05, 2024]. Available from: https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/
"Free Case Study On Rationale For Digital Forensic Methodology 3." WePapers, Oct 05, 2020. Accessed November 05, 2024. https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/
WePapers. 2020. "Free Case Study On Rationale For Digital Forensic Methodology 3." Free Essay Examples - WePapers.com. Retrieved November 05, 2024. (https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/).
"Free Case Study On Rationale For Digital Forensic Methodology 3," Free Essay Examples - WePapers.com, 05-Oct-2020. [Online]. Available: https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/. [Accessed: 05-Nov-2024].
Free Case Study On Rationale For Digital Forensic Methodology 3. Free Essay Examples - WePapers.com. https://www.wepapers.com/samples/free-case-study-on-rationale-for-digital-forensic-methodology-3/. Published Oct 05, 2020. Accessed November 05, 2024.
Copy

Share with friends using:

Related Premium Essays
Other Pages
Contact us
Chat now