Login Signup
Verified Document

Computer Forensic Investigation Making An Research Paper

Related Topics:
Computer Science Forensic Science Forensics Forensic Evidence
Open Document Cite Document

Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with log back ups is equivalent of full database back up. Starting the back up from the log transaction is the best practice to perform a full database back-up. The illustration in Fig 2 reveals the strategy to implement a full back up. As being revealed in the Fig 2, the back up starts from the transaction logs and the next step is to schedule the full database back up and file backups at subsequent interval to satisfy our company requirements. From the illustrations in the Fig 2, the backup (a, C, B, a) is the order in which file back-ups are carried out to satisfy the business requirements. The next step is to place the data back up in separate devises to enhance business continuity.

Fig 2: Data Restore and Back-up Strategy for Our Company

1.4. Create a Detailed Checklist

This section provides detailed checklists t to safeguard our data from the hostile IP address.

Steps

Details Description

First Step

Identification of the Hostile IP address. The identification will include the country origin, and the website associated with IP address.

Second Step

The next step is to block the IP address from communicating with our systems. We will need to install IP address management software to achieve this objective. The strategy will assist our systems to stop exporting data to the hostile IP address.

Next Step

The next step is to recover our lost data as well as implementing the full back up strategy. The SQL Server 2008 R2 is effective in restoring our lost data.

Next Step

The next step is to put the recovered data at a separate devices

Next Step

Inspect the recovered data whether all the data are intact.

Next Step

Other step is to install the IPS to prevent unauthorized network into our systems.

Final Step

Final step is to install firewall to block all the unwanted traffic from our systems.

1.5. Determine the Resources Needed

Both financial resources and human resources will be needed to carry out the project. Typically, the company will need to set aside minimum of $30,000 dollars to carry out the task. The company could use an in-house staff or third part providers to carry out the tasks. To safeguard the data integrity, it is critical to use the in-house employees. The following resources will be needed for the project implementation:

Purchase of Forensic tool to recover the lost data exported to the hostile IP address,

Installation of SQL Server 2008 for the data backup,

Installation AutoShun technology or other IP Trace technology to block the hostile IP address getting access to our data,

Set aside skilled manpower in association with a forensic expert to implement the project.

1.6. Establishing the Chain of Custody.

The purpose of this chain of custody is to establish the electronic evidence that leads to the export of data to an identified IP address.

On 25 June 2013, Mr. James Anderson, a forensic expert in our organization collects the evidence that a hostile IP address has corrupted our system leading all our system to export data to the hostile IP address. Our intrusion detection system has notified us that our systems are exporting data to the hostile IP addresses.

The IP address is 58.1456.1246.1 hosted by a company having the major objective to commit criminal activities. The documented evidence reveals the file paths of the data lost from our systems to the hostile IP address.

The evidence of the data theft is from our hard drives and revealed as follows: We have made:

All the image copy of the data restored and data freshly wiped from our system.

Image copy of our operating system logs.

Typically, data are lost from the following systems to the hostile IP:

Data are lost from our server,

Data are lost from our database

Data are lost all from the hard disks of our computer systems,

Data are lost from all software,

Data are lost from all our storage devices, which include tapes, USB, and other storage devices that we use in storing our data.

The type of the data stolen from our system to the hostile IP address is as follows:

Credit card information of our clients,

Sensitive data such as SSN, health information, bank accounts, email, phone number, and addresses of our clients.

The strategy that we use to trace the hostile IP address is as follows:

Using of tracing tools include that include Netscan Pro and Neotrace.

We also Use IDS logs.

With the assistance of our computer forensic expert, the following professionals also assist in the investigation:

Incident team and corporate security,

Security investigator,

Emergency response core team,

Application owner,

Application developer,

Mr. James Anderson.
1.7. Obtaining and copying an evidence disk drive.

The report identifies that much of the evidence needed to support our forensic investigation is in the disks, hard drives and other storage devices in our systems. We have used forensic tool kits to locate the sample of this evidence. To collect the sample of evidence, our company will need to make the back up of all the data systematically restored. We also make the copy of all the following in the course of our investigation:

We make a copy of all our windows especially the Registry because it contains a wealth of information.

We also make a copy of our password files, the filesystem, and the shell,

We make copy of hard drive as an evidence disk drive,

From the hard drive, we make a copy of restore image and freshly wiped data.

We also make a copy of our operating system logs.

1.8. Analyzing and recovering the digital evidence.

Analysis phase involves gathering all data recovered in a central location for interpretation purpose. The data are recovered from the following:

data files, email, music files, application files,

Internet history files,

Hard disks web activity files, and the analysis of the recovered data revealed that the complete data are restored. The following file are recovered and data inside them are complete:

Serial Number

Files Recovered

Data in the application files are recovered

Operating systems

Hard disk drive

Card reader

Disk storage

USB mass storage device class

Network-attached storage?

Optical computer storage

Punched card?

flash drives smart cards, re-writable CDs and DVDs

1.9. Investigating the Data Recovered

The report uses the FTK recovery application to investigate the data recovered from the target drive. The application displayed the file recovered and the file recovered displayed a complete reconstruction of the data restored. Based on the investigation, it is revealed that there are noticeable evidence of the original file and data recovered. Typically, the structure of the files in the FAT 32 and NFST drives are different from the original data.

Despite the difference in the data structure of the original file and data recovered, the contents of the data are still the same. Thus, our company is able to retrieve all the data, which include:

credit card information of our client,

Bank account number,

Social security number of our client,

Email,

Address,

Health information,

Telephone number.

1.10. Completing the Case Report

The report carries out the incident response and computer forensic investigation that occurs in our systems. The detailed work carried out is adhered to the rigorous professional practice protocols in digital forensic handling. The forensic computer investigation carried our revealed that our systems are exporting data to a hostile IP address. Upon the investigation, the report has identified that the IP address is owned a company with the objective to carry out the criminal activities. The intension of the owner of the IP address is to steal sensitive information from our systems.

The report has used several forensic tools to stop our systems from exporting data to the hostile IP address, and communicating with the IP address. The AutoShun technology is used to block the IP address from communicating with our systems. Moreover, the report has taken step to recover the data exported to the IP address. Despite that many of the data that have been exported have been deleted from our systems, the report uses different forensic tools to recover the data, and the complete data are recovered.

Thus, the report uses a comprehensive approach to discover the evidence and store the digital evidence to assist our organization to track the criminals. The report also uses a standard digital evidence recovery procedure to restore the lost data exported to the hostile IP address. The evidence of the data captured is from the media source, hard drive, and discs, and the report verifies that the data recovered are not altered.

1.11. Critique of the Case

The report has compiled the evidences that a penetrator has used a hostile IP address to communicate with our systems in order to steal sensitive information. Despite the nature of the evidence collected, the evidence collected are virtual evidence and we have not been able to have access to the physical evidence. Thus, we will still require a good legal practitioner to prove in the court of law that this IP address has really stolen data from our systems. In the digital business environment, virtual evidences face challenges to convince the jury that a penetrator has actually committed an offense. Thus, the next battle that we are going to face is the strategy…

Continue Reading...
Sources used in this document:
References

Allaire, P. Augat, J. Jose, J. et al. (2012). Reduce Costs and Risks for Data Migrations. Hitachi White Paper.

Massachusetts Government (2012).South Shore Hospital to Pay $750,000 to Settle Data Breach Allegations. Boston.USA.

Mahoney, M.V. & Chan, P.K. (2011).PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Department of Computer Sciences Florida Institute of Technology.

Microsoft (2010). Introduction to Backup and Restore Strategies in SQL Server. Microsoft Corporation.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Computer Forensic Tools: The Use of Computers
Words: 1019 Length: 3 Document Type: Essay

Computer Forensic Tools: The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of

Read More
Essay
Forensic Accounting Is a Special Subsection of
Words: 2063 Length: 7 Document Type: Essay

Forensic accounting is a special subsection of accounting that goes beyond the typical job description of an accountant. Forensic accountants use their work in courtroom and other legal settings to help. Their primary roles are litigation support and investigative accounting (Zysman, 2012). To do this, forensic accountants combine accounting, auditing, and investigative skills. However, conducting investigations is only one component of a forensic accountant's job description; they also have to

Read More
Essay
Computer Forensics: Donning Your Detective
Words: 403 Length: 1 Document Type: Term Paper

Specialized forensic tools will be necessary to retrieve and analyze deleted, renamed and encrypted data that search tools will overlook. Further, forensic tools will help with complex information correlation. For example, to construct a timeline of events it may be necessary to tie network log stamps and data together with database access and usage logs. Reporting is the final phase of forensic investigation. Here, the article is weak, only recommending

Read More
Essay
Forensic Accounting in Practice
Words: 2031 Length: 6 Document Type: Term Paper

roles of forensic accountants in preventing and detecting fraud within a business community. The paper highlights the requisites and basic responsibilities of a forensic accountant. The paper also makes references on the special cases where forensic accountants have assisted in fraud detection and prevention. Overview of Forensic Accounting Forensic accounting is the specialty area of accounting used to train an individual to develop the special accounting skills to detect and prevent

Read More
Essay
Computer Used by the Employee Has Either
Words: 1061 Length: 4 Document Type: Essay

computer used by the employee has either been compromised physically with a password cracking software (EC-Council,2010;Beaver & McClure,2010) or it has bee compromised remotely with the help of a keylogging software.A keylogger is noted by APWG (2006) as a special crimeware code that is designed with the sole intention of collecting information from the end-user terminal. The stolen information includes every strike of the keyboard which it captures.The most

Read More
Essay
Forensic Science and Technology
Words: 2146 Length: 8 Document Type: Research Paper

Forensics in Criminal Investigations Exploring the Use of Forensics in Criminal Investigations Forensic Science and Technology This paper explores the role of forensic science and technology in modern criminal investigations. It first examines the nature and role of physical evidence in regards to how it is uncovered, preserved, and analyzed within forensics today. Physical evidence is described in the varying types and categories. Then, the paper moves to evaluating different types of forensic

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now