Update Ditigal Forensic

User Generated

zzz2012

Writing

Description

Please revise paper and lab screenshots (not all) and include citations and references.

Digital Forensic Analysis

Start Here

This project will provide an introduction to digital forensic analysis.

Digital forensic analysis is used to review and investigate data collected through digital communications and computer networks. The National Institute for Standards and Technology (NIST) has defined four fundamental phases for forensic analysis: collection, examination, analysis, and reporting. You will learn more about these concepts as you navigate throughout the steps of this project and read the literature and links found in each step.

There are four steps that will lead you through this project. Begin with Step 1: “Methodology. The deliverables for this project are as follows:

  • Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
  • In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab.

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

  • 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
  • 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response.
  • 8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement.

Step 1: Methodology

The methodology includes following a systems process. Identify the requirements, purpose, and objectives of the investigation. Click the links below to review information that will aid in conducting and documenting an investigation:

  • secure programming fundamentals
  • forensics fundamentals

Learn about the investigation methodology. Consider secure programming fundamentals. Define the digital forensics analysis methodology, and the phases of the digital forensics fundamentals and methodology, including the following:

  • preparation
  • extraction
  • identification
  • analysis

This information will help you understand the process you will use during an investigation.


Step 2: Tools and Techniques

Select the following links to learn about forensics analysis tools, methods, and techniques:

  • forensics analysis tools
  • web log and session analysis
  • hash analysis


Step 4: Digital Forensics Research Paper

Now that you have learned basics of digital forensics analyses and methodology, and have experienced one of the common forensic tools, use the material presented in this project as well as research you've conducted outside of the course materials to write a research paper that addresses the following:

  • digital forensic methodology
  • the importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase)
  • hashing in the context of digital forensics
  • How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in a court of law?

The deliverables for this project are as follows:

  • Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
  • In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

  • 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
  • 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response.
  • 8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement.

Unformatted Attachment Preview

Lab 6 Image Summary s.ad1 fied Running head: DIGITAL FORENSIC ANALYSIS Digital Forensic Analysis Student’s Name Professor’s Name Course Title Date DIGITAL FORENSIC ANALYSIS 2 Table of Contents Abstract ...................................................................................................................................... 3 Investigations ............................................................................................................................. 4 Purpose ................................................................................................................................... 4 Objectives ............................................................................................................................... 4 Requirements .......................................................................................................................... 5 Digital Forensics ........................................................................................................................ 5 Analysis Methodology ........................................................................................................... 5 Preparation ......................................................................................................................... 5 Extraction ........................................................................................................................... 6 Identification ....................................................................................................................... 6 Analysis ............................................................................................................................... 6 Analysis Tools and Techniques.............................................................................................. 7 Forensic Analysis Tools...................................................................................................... 7 Web Log and Session Analysis ........................................................................................... 7 Hash Analysis ..................................................................................................................... 7 Live and Static Acquisitions ............................................................................................... 7 Device Imaging Procedures ................................................................................................... 8 Disk ..................................................................................................................................... 8 File ...................................................................................................................................... 8 Network............................................................................................................................... 8 Mobile ................................................................................................................................. 8 Relevance to Investigations ................................................................................................ 8 Log Inspections ...................................................................................................................... 9 Analysis for Forensic Investigations .................................................................................. 9 Retrieving Deleted Files ......................................................................................................... 9 Purpose ............................................................................................................................... 9 Procedure ........................................................................................................................... 9 Lab Results............................................................................................................................... 10 Conclusion ............................................................................................................................... 11 References ................................................................................................................................ 12 DIGITAL FORENSIC ANALYSIS 3 Abstract Although digital forensic analysis is still in its early stages of development, this field has become very diverse and increasingly important in contemporary world today with the ever-changing technological advancements. As a result, there has been a growth in the number of professionals in this genre. Consequently, since the industry is an open resource and readily available to everyone, there have been increasing incidences of cybercrime globally. As such, various researchers in the field have come up with various models to insure security of information, information systems and other networks. Usually, when cyber incidents occur, a number of actions are undertaken including using digital forensic analysis to establish the causes and find out relevant information. This research aims at exploring the defensive measures and information that has been acquired from various resources so as to identify, analyse and report the events that might occur within a network to secure sensitive information, and to provide practical assistance and a theoretical basis in all elements of the data investigations along with the application of computer forensics in enforcement of the law. Aside from checking the strategies put in place by various authorities, this paper suggests that digital investigations should be frequently improved in order to reduce the prevalence of cyber-attacks within various digital ecosystems. DIGITAL FORENSIC ANALYSIS 4 Investigations Purpose The purpose of this investigation is to assess the measures put in place for review and investigation of digital data collected through various computer networks. Consequently, it provides an understanding on the concepts of digital forensics analysis as stipulated by the National Institute for Standards and Technology (NIST) as well as the methodology used. In short, it addresses digital forensic methodology, the significance of employing the use of forensic tools in the collection, evaluation and consequent analysis of evidence and hashing in the context of digital forensics and how to certify that the evidence collected is not interfered with. This analysis also probes into the significance of the forensics experts’ ability of proving the credibility of evidence presented in a court. Objectives The main objectives of this research are; • To provide a theoretical basis on various aspects of digital investigation and back it up with practical assistance and evidence, especially in the use of computer evidence in law enforcement and forensic fields. • To show and explore the methodology used in investigating crime, preserving digital evidence, preparing for computer digital forensics and the measures put in place for response in case of security breaches. • To discuss the defensive measures put in place and use the information collected from different sources in the identification, analysis and reporting of events that are likely to occur within various computer networks to ensure the security of information systems. DIGITAL FORENSIC ANALYSIS • 5 To affirm that incidences of cybercrime have increased over time and can only be solved through the defensive measures put in place. Requirements The requirements for this research paper is to bring to life the four fundamental phases of forensic analysis which are collection, examination, analysis, and reporting as stipulated by the National Institute for Standards and Technology (NIST). Digital Forensics Analysis Methodology The definitions of digital forensics have been varied depending on the different forensic examiners. As such, the National Institute of Standards and Technology provide their definition according to Kent et al., (2006) as “The application of science to the identification, collection, examination, evaluation and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data” (p. 15). The four phases described in digital forensics analysis methodology include preparation, extraction, identification and analysis respectively. Preparation The preparation phase involves the preparation of relevant tools and techniques to be used in the process, including the search warrants according to legal requirements, management support and the monitoring authorizations. In this stage, it is imperative to ensure that all information needed to successfully complete the process are available. Software and equipment intended for use should be also be tested. Consequently, any patches, updates and reconfigurations should be retested (Carol, Brannon & Song, 2008). Once the forensic DIGITAL FORENSIC ANALYSIS 6 platform has been established and the law enforcement procedures followed, the integrity of the information is verified. Extraction After the integrity of the data has been established, the data is ready for extraction. This data is organized and refined into simple questions and analysed using relevant forensic tools which foster the understanding of preliminary ideas that are being sought out for. This process helps to create appropriate leads from which data relevant to the search is extracted. According to Carol, Brannon & Song (2008), these leads can be added to an “Extracted Data List”. Identification Here, data relevant to the request are identified and processed. The data is added to the “Relevant Data List” (p.3) and any new leads evaluated. Consequently, if the identification process should be repeated for each lead on the list. However, if incriminating evidence is found but not in the scope of the acquired search warrant, law enforcement guidelines require that all activity is stopped and a search warrant of a larger scope acquired after notifying all relevant individuals. Analysis The analysis phase involves determining the significance of the forensic request, reconstructing the fragments of data collected and finally drawing relevant conclusions according to the evidence found on the Relevant Data List. After completing this cycle, the team can move to the reporting phase where document findings are reported to the requester and other relevant persons. DIGITAL FORENSIC ANALYSIS 7 Analysis Tools and Techniques Forensic Analysis Tools For better analysis and evaluation of forensic requests, developers have created a number of forensic analysis tools which can be divided into a number of categories including; file, registry, email, internet, mobile devices, MAC OS, network, disk and data capture, and database forensic tools. Some of these tools include Xplico, X-ways Forensics, CAINE, The Sleuth Kit, Volatility Framework, ProDiscover Forensic and SANS SIFT. Web Log and Session Analysis Initially, web log and session analysis was initiated with the purpose of helping web operators to increase their bandwidth according to their server capacity (Agosti & Di Nunzio, 2007) and companies now seek to use this information to get information on their visitors’ profiles and buyer activities. As such, any traces of hacker attacks can be dealt with early and effectively. Some of the methodologies that can be employed include conceptual framework, phenomenology, content analysis, ethnography and case studies among others. Hash Analysis A hash function is used to calculate, evaluate and verify that data has not been interfered with using various procedures and analytic tools. This analysis is therefore important in solving authentication problems. Live and Static Acquisitions Forensic analysis can be done in two modes; static or live. A static acquisition involves a traditional approach in which analysis is done after the memory of a source has been secured and the system has been shut down. Live acquisitions involve analysis when the compromised system is still functional and data can be gathered and analysed throughout the process. The tools used in live acquisitions provide clear results because they use memory DIGITAL FORENSIC ANALYSIS 8 dumps, network connections and running processes that are not available in static acquisitions. Device Imaging Procedures Disk Disk imaging is used in the making of a data copy that can be considered sound forensically so that the data stored is maintained for longer time periods. This becomes more useful especially for cases that may take longer than usual to be resolved (Pladna, 2009). File The digital files enable storage of large data amounts. For instance, a file may contain the criminal record of one individual thus multiple files contain different individual criminal records but well stored for reference and retrieval each time they are needed. Network Forensic imaging works differently on different networks. The three image types are physical, logical and targeted collection. Each of these types is efficient on specific networks hence the need to note the network type before settling on the image type. Mobile Mobility is a strength of the digital imaging procedures meaning evidence can be accessed anywhere or rather produced anywhere, anytime when needed. Relevance to Investigations These procedures are relevant to the investigations being conducted as they basically enable information availability real time hence efficiency and effectiveness of operations. DIGITAL FORENSIC ANALYSIS 9 Log Inspections Analysis for Forensic Investigations Logs can be referred to as machine-generated records involving a digital system network and consequent user activity. When properly set up, the logs serve a significant constituent of forensic investigations because they provide evidence of user activity on a computer. They show which systems were used and the precise activities that took place say a breach in security occurs. As such, logs provide insight and protection to sensitive data and also act as a support response in forensic analysis of electronic crimes. They are therefore a source of primary evidence. Retrieving Deleted Files Purpose The purpose of retrieving deleted files in digital forensics is to recover data that had been deleted, hidden or even damaged by a user. For instance, as a result of virus attacks, files have to be retrieved by forensic experts. Procedure According to Nabity & Landry (2013), deleted files in a computer can be retrieved through the following process; • Download or purchase file recovery software and then instal it in a hard drive different from the one that contains deleted files. • Select the location of the missing files and allow the software to scan for deleted files. • Once scanning is done, select the files you want to restore. • Choose a different location to save the retrieved file. DIGITAL FORENSIC ANALYSIS 10 In the case of a physically damaged hardware, retrieval can be done after replacing the disk parts, or using disk-imaging procedures to recover the bits saved which can allow reconstruction of the original files. Lab Results Fig 1 (Retrieved from https://www.livemint.com/Politics/ayV9OMPCiNs60cRD0Jv75I/11592cases-of-cyber-crime-registered-in-India-in-2015-NCR.html ) This data shows a report presented by the NCRB on the cases and motives of cybercrime in India. It affirms that the motives for electronic crime are increasing and affects people of all groups. Consequently, it shows the need for digital forensics in addressing such matters. DIGITAL FORENSIC ANALYSIS 11 Fig 2 (Retrieved from https://factly.in/cyber-crimes-in-india-which-state-tops-the-chart/ ) Figure 2 also shows a survey done in India on the number of cases of cybercrime. This study shows that as a result digital forensics, some cases have been reported and various persons arrested. The increase in cybercrime in this country is attributed to the social media and technological advancements. Conclusion Although various defensive measures and legal regulations have been set in place to insure information security and counter cyber-crime among other electronic threats, the increase in levels of cybercrime in recent times comes as a result of challenges associated with training effective forensic personnel, coupled by the fact that legal challenges exist which make the process of analysis expensive and time consuming (Garfinkel, 2010). DIGITAL FORENSIC ANALYSIS 12 References Agosti, M., & Di Nunzio, G. M. (2007, June). Web Log Mining: A study of user sessions. In Proceedings of the 10th DELOS Thematic Workshop on Personalized Access, Profile Management, and Context Awareness in Digital Libraries (PersDL). Arce, I., Clark-Fisher, K., Daswani, N., DelGrosso, J., Dhillon, D., Kern, C., & Seltzer, M. (2014). Avoiding the top 10 software security design flaws. Technical report, IEEE Computer Societys Center for Secure Design (CSD). Carroll, O. L., Brannon, S. K., & Song, T. (2008). Computer forensics: Digital forensic analysis methodology. US Att'ys Bull., 56, 1. Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. digital investigation, 7, S64-S73. https://factly.in/cyber-crimes-in-india-which-state-tops-the-chart/ [Retrieved on 18th August, 2018] https://www.livemint.com/Politics/ayV9OMPCiNs60cRD0Jv75I/11592-cases-of-cybercrime-registered-in-India-in-2015-NCR.html [Retrieved on 18th August, 2018] Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response. NIST Special Publication, 10, 800-86. Khan, S., Shiraz, M., Abdul Wahab, A. W., Gani, A., Han, Q., & Bin Abdul Rahman, Z. (2014). A comprehensive review on adaptability of network forensics frameworks for mobile cloud computing. The Scientific World Journal, 2014. Mambodza, W. T., & Nagoor Meeran, A. R. (2015). Anti-forensic: Design and Implementation of an Android Forensic Analyzer. DIGITAL FORENSIC ANALYSIS 13 Mell, P., & Grance, T. (2014). Nist cloud computing forensic science challenges. Draft Nistir, 8006. Nabity, P., & Landry, B. J. (2013). Recovering deleted and wiped files: A digital forensic comparison of FAT32 and NTFS file systems using evidence eliminator. NCCFSW Group. (2014). Nist cloud computing forensic science challenges. Draft NISTIR, 8006. Pladna, B. (2009). Computer Forensics Procedures, Tools, and Digital Evidence Bags. Quirolgico, S., Voas, J., Karygiannis, T., Michael, C., & Scarfone, K. (2015). Vetting the security of mobile applications. US Department of Commerce, National Institute of Standards and Technology. Rodrigues, J. J., De La Torre, I., Fernández, G., & López-Coronado, M. (2013). Analysis of the security and privacy requirements of cloud-based electronic health records systems. Journal of medical Internet research, 15(8). “Understanding Software: A Primer for Managers” from Getting the Most Out of Information Systems is available under a Creative Commons NonCommercial-ShareAlike 3.0 Unported license without attribution as requested by the site’s original creator or licensee “Web Analytics and Conversion Optimization” from Online Marketing Essentials is available under a Creative Commons NonCommercial-ShareAlike 3.0 Unported license without attribution as requested by the site’s original creator or licensee. Web Analytics and Conversion Optimiza Project 6 Deliverable I. II. III. IV. V. VI. VII. Title Page Abstract (150-250 words) Investigations a. Purpose b. Objective c. Requirements Digital Forensics a. Analysis Methodology (define what it is and the four phases of it, provide citation) i. Preparation (describe phases in detail, provide citations for each) ii. Extraction iii. Identification iv. Analysis b. Analysis Tools & Techniques i. Forensic Analysis Tools ii. Web Log and Session Analysis iii. Hash Analysis iv. Live and Static Acquisitions. c. Device Imaging Procedures i. Disk ii. File iii. Network iv. Drive v. Mobile vi. Relevance to Investigations d. Log Inspections (describe what this is) i. Analysis for Forensic Investigations (describe why log inspections are important for forensic investigations) e. Retrieving Deleted Files i. Purpose ii. Procedure iii. Importance Lab Results (insert and explain the results of your workspace exercise) Conclusion References
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello,Find attached the completed work.Feel free to ask for any editing or clarification if need be.Looking forward to working with you again in the future.Thank you
Attached.

COMPANY X SAR

CONDUCTED DATE
BY NAME

BS CERTIFICATES

Vulnerabilities Assessment Report


What is system vulnerability?



What is the importance of a security assessment report?



What is the importance of security risk assessment?



System Vulnerability leads to compromised information security in terms of:


Compromised information confidentiality



Compromised information integrity

Operating systems(OS)
Vulnerabilities
Linux vulnerabilities

Windows vulnerabilities


Poor data management
system



Outdated running third party
software's like PHP



Weak security policy setting





Undated antispyware and
antivirus software's

Insufficient system hardening
from interception under less
secured networks



Non-existence or weak
passwords on logins, files and
wireless networks



Weak or lack of passwords in
the system



Lack of backups for Linux
based systems



No patching methods for the
system unlike windows

OS Specific Problems


200 of the company machines have Windows OSs
of varying versions 8-10



50 of the company machines have Linux OS of
different versions as well



Three database servers crashed suddenly



Anomalies were also detected in the system
servers and routers

Business Risk versus Security Risk
The major business and security risks the company is prone to are:


Organized crime by either outsiders or insiders (mostly insiders)
who have unauthorized access to the system



Information thieves



Spies (military, commercial)



Enemy states & terrorists

Cyber-threat and attacks


Viruses



Password cracking



Intrusion and penetration attacks



Eavesdropping attacks



Communication hijacking attacks



OS/Application vulnerability attacks



Server and access point impersonation



Phishing and fraud



Social Engineering

Vulnerabilities Assessment Tools
Microsoft Baseline Security
Analyzer(MBSA)


Works with windows OS



It can only scan for service
packs and system and security
updates not the critical
updates





Offers solutions and
suggestions corresponding to
fixing the vulnerability
MBSA is mostly used by small
and medium sized business
organizations in providing
security management to their
entire system

Open VAS


Works with different operating
systems



Services offered are free to the
user



It identifies detailed security
factors related to the
organization system and
network.



With the help of Network
Vulnerability Assessments,
Open VAS is always updated.

Recommendations


Installation of a good identity management system.



Use MBSA vulnerability scanner (Wales, 2003).



It is easily available and easier to use.



This should be after the installation of Windows OS on all
machines.

The role of People


People are the weakest link



The proposed security solutions should be tied to the
company business processes



Effective Corporate governance



Employees throughout the company should be asked to
assume a security responsibility

References


Ali Alheeti, Khattab M.. (2011). Intrusion Detection System and Artificial
Intelligent. 10.5772/15271. (PDF) Intrusion Detection System and Artificial
Intelligent. Available from:
https://www.researchgate.net/publication/221911298_Intrusion_Detection_Syste
m_and_Artificial_Intelligent [accessed Aug 22, 2018]



Assessment, C. R. (1996). Proposed guidelines for carcinogen risk assessment.
Federal Register, 61(79), 17960-18011.



Curphey, M., & Arawo, R. (2006). Web application security assessment tools. IEEE
Security & Privacy, 4(4), 32-41.



Jajodia, S., & Noel, S. (2010). Topological vulnerability analysis. In Cyber
situational awareness (pp. 139-154). Springer, Boston, MA.



Malaka, E. L. (2017). Benchmarking Vulnerability Scanners: An Experiment on
SCADA Devices and Scientific Instruments(Doctoral dissertation, UNIVERSITY OF
ARIZONA).



Robins, Mark. "Feature centric release manager method and system." U.S. Patent
No. 7,266,502. 4 Sep. 2007.



Tanenbaum, A. S. (2009). Modern operating system. Pearson Education, Inc.



Wales, E. (2003). Vulnerability assessment tools. Network Security, 7, 15-17.

Questions and Contact Information


[Insert Contact information]


Running head: DIGITAL FORENSIC ANALYSIS

Digital Forensic Analysis
Student’s Name
Professor’s Name
Course Title
Date

DIGITAL FORENSIC ANALYSIS
Table of Contents
Abstract ...................................................................................................................................... 4
Investigations ............................................................................................................................. 5
Purpose ................................................................................................................................... 5
Objectives ............................................................................................................................... 5
Requirements .....................................................................................

Similar Content

Related Tags