Update Paper Digital Forensic

Anonymous
timer Asked: Sep 7th, 2018
account_balance_wallet $40

Question Description

Can you address all the comments in the paper. Please make sure resourse are after 2009 and APA formate.

Unformatted Attachment Preview

Running head: DIGITAL FORENSIC ANALYSIS Project 6: Digital Forensic Analysis Class Student Name College DIGITAL FORENSIC ANALYSIS 2 Table of Contents Abstract ...................................................................................................................................... 4 Investigations ............................................................................................................................. 5 Purpose ................................................................................................................................... 5 Objectives ............................................................................................................................... 5 Requirements .......................................................................................................................... 6 Digital Forensics ........................................................................................................................ 6 Analysis Methodology ........................................................................................................... 7 Preparation ......................................................................................................................... 7 Extraction ........................................................................................................................... 8 Identification ....................................................................................................................... 8 Analysis ............................................................................................................................... 8 Analysis Tools and Techniques.............................................................................................. 9 Forensic Analysis Tools...................................................................................................... 9 Web Log and Session Analysis ........................................................................................... 9 Hash Analysis ..................................................................................................................... 9 Live and Static Acquisitions ............................................................................................... 9 Device Imaging Procedures ................................................................................................. 10 Disk ................................................................................................................................... 10 File .................................................................................................................................... 10 Network............................................................................................................................. 10 Mobile ............................................................................................................................... 10 DIGITAL FORENSIC ANALYSIS 3 Relevance to Investigations .............................................................................................. 10 Log Inspections .................................................................................................................... 11 Analysis for Forensic Investigations ................................................................................ 11 Retrieving Deleted Files ....................................................................................................... 11 Purpose ............................................................................................................................. 11 Procedure ......................................................................................................................... 11 Lab Results............................................................................................................................... 12 Conclusion ............................................................................................................................... 13 References ................................................................................................................................ 15 DIGITAL FORENSIC ANALYSIS 4 Abstract Although the digital forensic analysis is still in its early stages of development, this field has become very diverse and increasingly important in the contemporary world today with the ever-changing technological advancements. As a result, there has been a growth in the number of professionals in this genre. As such, various researchers in the field have come up with various models to insure the security of information, information systems, and other networks. Usually, when cyber incidents occur, a number of actions are undertaken including using digital forensic analysis to establish the causes and find out relevant information. This research aims at exploring the defensive measures and information that has been acquired from various resources so as to identify, analyse and report the events that might occur within a network to secure sensitive information, and to provide practical assistance and a theoretical basis in all elements of the data investigations along with the application of computer forensics in enforcement of the law. Aside from checking the strategies put in place by various authorities, this paper suggests that digital investigations should be frequently improved in order to reduce the prevalence of cyber-attacks within various digital ecosystems. DIGITAL FORENSIC ANALYSIS 5 Investigations Purpose The purpose of this investigation is to assess the measures put in place for review and investigation of digital data collected through various computer networks. Consequently, it provides an understanding of the concepts of digital forensics analysis as stipulated by the National Institute for Standards and Technology (NIST) as well as the methodology used. In short, it addresses digital forensic methodology, the significance of employing the use of forensic tools in the collection, evaluation and consequent analysis of evidence and hashing in the context of digital forensics and how to certify that the evidence collected is not interfered with. This analysis also probes into the significance of the forensics experts’ ability to prove the credibility of the evidence presented in a court. Objectives The main objectives of this research are: • To provide a theoretical basis on various aspects of digital investigation and back it up with practical assistance and evidence, especially in the use of computer evidence in law enforcement and forensic fields. • To show and explore the methodology used in investigating crime, preserving digital evidence, preparing for computer digital forensics and the measures put in place for response in case of security breaches. • To discuss the defensive measures put in place and use the information collected from different sources in the identification, analysis, and reporting of events that are likely to occur within various computer networks to ensure the security of information systems. DIGITAL FORENSIC ANALYSIS • 6 To affirm that incidences of cybercrime have increased over time and can only be solved through the defensive measures put in place. Requirements The requirements for this research paper is to bring to life the four fundamental phases of forensic analysis which are a collection, examination, analysis, and reporting as stipulated by the National Institute for Standards and Technology (NIST). Digital Forensics The use and importance of forensic tools in the analysis and collection of evidence cannot be undermined. Various software has been made for this purpose, for instance, the Forensic Toolkit (FTK) and EnCase. A forensic Toolkit is software developed by AccessData that can be used to scan a computer’s hard drive to gather information. Consequently, it can be used to locate deleted files or emails, data filtering, cracking capabilities including encryptions and passwords among other functions (AccessData, 2016). In turn, EnCase provides a wide range of services all useful in the digital forensic analysis which include security analytics, cyber security, forensic and use for e-discovery (Bunting & Wei, 2006). As such, digital forensic tools are imperative in providing accurate and reliable computer analysis as well as the collecting of digital evidence that may be used appropriately for various industry and legal purposes. One type of digital forensic tools is called hashing. Hashing is generating values using a string of mathematical functions that help protect against security tampering (Chadalavada, 2017). There are several types of hashing tools or techniques that store keys in memory for the purpose of increasing key access efficiency and make hashing more effective and efficient. One type of hashing technique is Cuckoo Hashing which produces a high efficiency level in memory usage with constant real time access (Chadalavada, 2017). hashing means the use of various hash functions in verifying DIGITAL FORENSIC ANALYSIS 7 whether or not an image is similar to its source media. Hashing can be used to perform several other functions such as indexing and retrieving the original string of data (Chadalavada, 2017). It is important to ensure that the evidence collected has not been tampered with. This can be done through a series of steps including conducting a vulnerability analysis on a copy of the original data while securing the latter, and ensuring it is not altered during the process of making a copy. Secondly, all actions undertaken should be documented to ensure and show that the investigation was lawfully undertaken. Lastly, all seized items should be properly handled and stored. It is important to prove this in a court of law to verify the integrity of the evidence presented. This can be done by using forensic analysis tools to show that all aspects of the analysis are legal and that the data has not been altered in any way (Arce et al., 2014). Analysis Methodology The National Institute of Standards and Technology provides a definition of digital forensics “The application of science to the identification, collection, examination, evaluation and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data” (Kent, et al., p. 15). The four phases described in digital forensics analysis methodology include preparation, extraction, identification, and analysis respectively (Mell & Grance, 2014). Preparation The preparation phase involves the preparation of relevant tools and techniques to be used in the process, including the search warrants according to legal requirements, management support and the monitoring authorizations. In this stage, it is imperative to ensure that all information needed to successfully complete the process is available. Software DIGITAL FORENSIC ANALYSIS and equipment intended for use should be tested for functionality. 8 tested. Once the forensic platform has been established and the law enforcement procedures followed, the integrity of the information is verified. Extraction After the integrity of the data has been established, the data is ready for extraction. This data is organized and refined into simple questions and analysed using relevant forensic tools which foster the understanding of preliminary ideas that are being sought out for. This process helps to create appropriate leads from which data relevant to the search is extracted. Identification Here, data that are requested are identified and processed. The data is added to the relevant data list and any new leads evaluated. Consequently, the identification process should be repeated for each lead on the list. However, if incriminating evidence is found but not in the scope of the acquired search warrant, law enforcement guidelines require that all activity is stopped and a search warrant of a larger scope acquired after notifying all relevant individuals. Analysis The analysis phase involves determining the significance of the forensic request, reconstructing the fragments of data collected and finally drawing relevant conclusions according to the evidence found on the Relevant Data List. After completing this cycle, the team can move to the reporting phase where document findings are reported to the requester and other relevant persons. DIGITAL FORENSIC ANALYSIS 9 Analysis Tools and Techniques Forensic Analysis Tools For better analysis and evaluation of forensic requests, developers have created a number of forensic analysis tools which can be divided into a number of categories including; file, registry, email, internet, mobile devices, MAC OS, network, disk and data capture, and database forensic tools. Some of these tools include Xplico, X-ways Forensics, CAINE, The Sleuth Kit, Volatility Framework, ProDiscover Forensic and SANS SIFT (Khan et al., 2014). Web Log and Session Analysis Initially, the purpose of helping web operators to increase their bandwidth according to their server capacity was by initially viewing the web log and session analysis. Companies now seek to use this information to get information on their visitors’ profiles and buyer activities. As such, any traces of hacker attacks can be dealt with early and effectively. Some of the methodologies to ??? that can be employed include conceptual framework, phenomenology, content analysis, ethnography and case studies among others. Hash Analysis A hash function is used to calculate, evaluate and verify that data has not been interfered with using various procedures and analytic tools. This analysis is therefore important in solving authentication problems. Live and Static Acquisitions Forensic analysis can be done in two modes; static or live. A static acquisition involves a traditional approach in which analysis is done after the memory of a source has been secured and the system has been shut down. Live acquisitions involve analysis when the compromised system is still functional and data can be gathered and analysed throughout the process (Khan et al., 2014). The tools used in live acquisitions provide clear results because DIGITAL FORENSIC ANALYSIS 10 they use memory dumps, network connections and running processes that are not available in static acquisitions. Device Imaging Procedures Disk Disk imaging is used in the making of a data copy that can be considered sound forensically so that the data stored is maintained for longer time periods. This becomes very useful especially for data recovery. File The digital files enable storage of large data amounts. For instance, a file may contain the criminal record of one individual thus multiple files contain different individual criminal records but well stored for reference and retrieval each time they are needed. Network Forensic imaging works differently on different networks. The three image types are a physical, logical and targeted collection. Each of these types is efficient on specific networks hence the need to note the network type before settling on the image type. Mobile Mobility is a strength of the digital imaging procedures meaning evidence can be accessed anywhere or rather produced anywhere, anytime when needed. Relevance to Investigations These procedures are relevant to the investigations being conducted as they basically enable information availability real time hence efficiency and effectiveness of operations. DIGITAL FORENSIC ANALYSIS 11 Log Inspections Analysis for Forensic Investigations Logs can be referred to as machine-generated records involving a digital system network and consequent user activity. When properly set up, the logs serve a significant constituent of forensic investigations because they provide evidence of user activity on a computer. They show which systems were used and the precise activities that took place say a breach in security occurs. As such, logs provide insight and protection to sensitive data and also act as a support response in forensic analysis of electronic crimes. They are therefore a source of primary evidence. Retrieving Deleted Files Purpose The purpose of retrieving deleted files in digital forensics is to recover data that had been deleted, hidden or even damaged by a user. For instance, as a result of virus attacks, files have to be retrieved by forensic experts. Procedure According to Nabity & Landry (2013), deleted files in a computer can be retrieved through the following process; • Download or purchase file recovery software and then install it in a hard drive different from the one that contains deleted files. • Select the location of the missing files and allow the software to scan for deleted files. • Once scanning is done, select the files you want to restore. • Choose a different location to save the retrieved file. DIGITAL FORENSIC ANALYSIS 12 In the case of a physically damaged hardware, retrieval can be done after replacing the disk parts or using disk-imaging procedures to recover the bits saved which can allow reconstruction of the original files. Lab Results The lab experience involved using the FTK image software in verifyng a number of sample pictures using the MD5 and the SHA1 hash algorithms. In verification, the results confirmed that the images were similar to the source material used. The figures below show the screenshots that verify this. Figure 1 DIGITAL FORENSIC ANALYSIS 13 Figure 2 shows the image summary of the whole process. Conclusion There are different tools and techniques through which digital forensic analysis can be performed, among them, EnCase and Forensic Toolkit (FTK). Others such as hash analysis DIGITAL FORENSIC ANALYSIS 14 are also imperative in ensuring the integrity of the evidence is secured, and that this can be effectively proven in a court of law. According to Garfinkel (2010), although various defensive measures and legal regulations have been set in place to insure information security and counter cyber-crime among other electronic threats, the increase in levels of cybercrime in recent times comes as a result of challenges associated with training effective forensic personnel, coupled by the fact that legal challenges exist which make the process of analysis expensive and time consuming. DIGITAL FORENSIC ANALYSIS 15 References AccessData. (2016). Forensic Toolkit® (FTK®): Recognized around the world as the standard digital forensic investigation solution. Retrieved August 29, 2018, from http://accessdata.com/solutions/digital-forensics/forensic-toolkit-ftk. Arce, I., Clark-Fisher, K., Daswani, N., DelGrosso, J., Dhillon, D., Kern, C., & Seltzer, M. (2014). Avoiding the top 10 software security design flaws. Technical report, IEEE Computer Societys Center for Secure Design (CSD). Bunting, S., & Wei, W. (2006). EnCase Computer Forensics: The Official EnCE: EnCase? Certified Examiner Study Guide. John Wiley & Sons. Chadalavada, M. (2017). Improving cuckoo hashing with perfect hashing (Order No. 10688356). Available from ProQuest Dissertations & Theses Global. (1993448131). Retrieved from https://search-proquestcom.contentproxy.phoenix.edu/docview/1993448131?accountid=35812 Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, S64-S73. Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response. NIST Special Publication, 10, 800-86. Khan, S., Shiraz, M., Abdul Wahab, A. W., Gani, A., Han, Q., & Bin Abdul Rahman, Z. (2014). A comprehensive review on the adaptability of network forensics frameworks for mobile cloud computing. The Scientific World Journal, 2014. Mell, P., & Grance, T. (2014). Nist cloud computing forensic science challenges. Draft Nistir, 8006. DIGITAL FORENSIC ANA ...
Purchase answer to see full attachment

Tutor Answer

TutorAR
School: Cornell University

Hello,Find attached the completed work.Feel free to ask for any editing or clarification if need be.Looking forward to working with you again in the future.Thank you
Attached.

Running head: DIGITAL FORENSIC ANALYSIS

Project 6: Digital Forensic Analysis
Class
Student Name
College

DIGITAL FORENSIC ANALYSIS
Table of Contents
Abstract ...................................................................................................................................... 4
Investigations ............................................................................................................................. 5
Purpose ................................................................................................................................... 5
Objectives ............................................................................................................................... 5
Requirements .......................................................................................................................... 6
Digital Forensics ........................................................................................................................ 6
Analysis Methodology ........................................................................................................... 7
Preparation ......................................................................................................................... 8
Extraction ........................................................................................................................... 8
Identification ....................................................................................................................... 8
Analysis ............................................................................................................................... 8
Analysis Tools and Techniques.............................................................................................. 9
Forensic Analysis Tools...................................................................................................... 9
Web Log and Session Analysis ........................................................................................... 9
Hash Analysis ..................................................................................................................... 9
Live and Static Acquisitions ............................................................................................. 10
Device Imaging Procedures ................................................................................................. 10
Disk ................................................................................................................................... 10
File .................................................................................................................................... 10
Network............................................................................................................................. 10
Mobile ............................................................................................................................... 11

2

DIGITAL FORENSIC ANALYSIS
Relevance to Investigations .............................................................................................. 11
Log Inspections .................................................................................................................... 11
Analysis for Forensic Investigations ................................................................................ 11
Retrieving Deleted Files ....................................................................................................... 11
Purpose ............................................................................................................................. 11
Procedure ......................................................................................................................... 12
Lab Results............................................................................................................................... 12
Conclusion ............................................................................................................................... 14
References ..................................................................................

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors