Digital Forensics to Capture Data Sources With reference to network intrusion, the first strategy is to carry out an account auditing to identify the data source and review user account to identify the servers that intruders employ to gain access to the organizational network systems. The goal of the accounting auditing is to identify the weakness in the authentication and analyze the type of passwords used to log into the system. The accounting auditing is also used to establish whether the user accounts are active. (NIST, 2002). However, accounting auditing can be challenging when dealing with multiple operating systems because each operating system has a different user account. In essence, role auditing and user account are very critical for a data source with reference to network intrusion because the strategy will assist an administrator to understand whether the account has been misused.
Prioritizing Data Sources
Live System Data
Intrusion Detection System
Event Log Analysis
Prioritizing data sources
Insider File Deletion
Prioritizing data sources
Use of Uneraser program Recovers the Deleted Data
A recent advance in information technology has brought about both benefits and threats to business organizations. While businesses have been able to achieve competitive market advantages through the internet technology, the hackers are also using the opportunities to penetrate the organizational network systems to steal sensitive data worth billions of dollars. A recent wave of cybercrimes leads to the growth of forensic investigation dealing with a collection of evidence to track cyber offenders. The study investigates different data sources that can assist in enhancing digital forensic investigation. The study identifies event log analysis, port scanning, account auditing, and intrusion detection system as important strategies for data sources.
The explosive growth of interconnection of network and computer systems has brought about benefits and inherent risks to organizations and individuals. Hackers and other cyber criminals have taken the advantages of the recent advance in technology to penetrate organizational network systems and steal sensitive data worth billions of dollars. In the United States, criminals steal data that worth billions of dollars from both private and public organizations yearly. The most intrigue aspect of the recent wave of criminality is that much traditional law enforcement agents are not well trained to track down the criminals because of the sophistication involved. The new wave of computer crimes has led to a development of the computer forensic science dealing with the digital tool for a collection, identification, examination, analysis of the network system to assist in preserving the integrity of data and information system. More importantly, the digital forensic experts assist in investigating the crime, collect and analyze vital evidence that can be used to prosecute cyber criminals. Digital forensic science deals with the investigation of data sources by collecting and examining the electronic evidence as well assessing the electronic attacks to recover lost information from the information system in order to prosecute the cyber criminals. In another word, digital forensic investigators collect a multitude of data sources to capture the evidence to be used for a legal procedure. In essence, forensic investigators need to differentiate data from different sources, compare data, prioritizing them in their level of importance.
The objective of this paper carries a comprehensive analysis of the strategy forensic investigators employ to collect data from their sources. The paper also provides challenges faced with regard to collecting and examining evidence from these sources.
Forensic experts carry out their investigation to capture evidence based on different events. A network intrusion is an intentional act with an attempt to intrude into an organizational network system in order to compromise the integrity, confidentiality, and availability of the network, computer, and data stored in the systems. The network intrusion is the most important events because it is the most common technique that many intruders employ to gain an unauthorized access into the network system. Typically, the network intrusion can cause a significant damage to an organization leading to altering, damage or stolen of sensitive data from the information system. When attackers are able to gain access to the network systems, they can cause a significant damage to the hardware and software.
The case, (2005) argues that that an investigation involving a network intrusion are both costly and complex, which can take a great deal of time to resolve. The author cites an example of a case study where intruders penetrated the information systems of several laboratories in 2000 leading to shut down of the organizations for several days and loss of the enormous amount of revenue. When the forensic investigators were invited to come in, they used several procedure to carry out the investigation that includes using the incident handlers to acquire the evidence. It also took enormous of time to track the offenders. It was in 2004 that the offenders were finally brought to ...
Kent, Chevalier, Grance, et al. (2006) argue that the first step in the forensic investigation with reference to the network intrusion system is the identification of the potential source of data, and acquire data stored in the devices. Common data sources based on the level of importance include servers, desktop computers, laptop, network storage devices, and external drives such as DVDs, CDs, and USB (Universal Serial Bus). Other data sources include Firewire and PC memory card where a user can attach the external data devices and media. The investigators can also collect data from the log files of the network activity. Other sources of data include Thumb drive, flash and memory cards, magnetic disc and optical discs. Many standard computers also contain some volatile data available in the system until the systems are rebooted or shut down. Moreover, computer related devices such as digital recorders, audio players, digital cameras, cell phones, and the audio player may contain data. Another helpful data sources are the application systems that forward copies.
Live System Data
The live system data is another data source for the network instruction investigation. Typically, the live data provides one of the promising evidence from the compromised systems. Moreover, the live system delivers the evidence in a real time and method the intruders employ to gain access to the systems. The investigators can use the Encase program to capture a live data. Moreover, the program such as tcpurify can be used to capture network data. The method will assist the investigators to identify the strategy that the penetrators employ to gain access to the network system. (Vigina, Johnson, Kruegel, 2003). Essentially, live data sources allow forensic investigators to capture volatile data which may not be available during the postmortem investigation. The information to be captured during the live investigation includes network information, event logs, and registered drivers, running process and registered services. For example, the running services assist the investigators to capture data running on the computer system. These services command higher priorities, and many users may be unaware of the existence of the services. Based on their high priority and lack of attention from the system administrators, they are typical a common target for hackers. Thus, conducting a live instigation will assist an investigator to view the state of service, which are very crucial to the investigation. Despite the benefits associated to live forensic, preserving the state of the system to ensure that the data captured are legible can be challenging. The best strategy to make the data visible is to use the forensic toolkit that assists in keeping the process as automated as possible.
Intrusion Detection System
The IDS (Intrusion detection system) is another strategy that investigators can use to capture data from their sources. The IDS is particularly useful to monitor live analysis. For example, the IDS can be configured to monitor network traffic and watch the intruders in actions. Moreover, the IDS can be used to detect how hackers are assessing the systems. The strategy can assist the investigators to procure critical evidence based on their findings. The benefits of the IDS is that it allows the investigator to detect network intrusion because it can be programmed to make the system administrators detecting an unauthorized access to the network system. Typically, the IDS is similar to the burglary that alerts the house owners that a thief is attempting to intrude into their properties. Despite the benefits associated to IDS, some IDS alerts can be harmless to the system, and investigating this type of activities can lead to a waste of time. Kumar et al. (2013) argue that the goal of the IDS is to identify and capture an unauthorized access into the network system in a real time. The goal of the IDS is also to detect anomalies revealing that the symptoms are illegal, and can lead to a criminal and intrusive activity. Typically, the forensic investigators can use IDS as a tool of investigation to obtain sufficient evidence about…
With reference to network intrusion, the first strategy is to carry out an account auditing to identify the data source and review user account to identify the servers that intruders employ to gain access to the organizational network systems. The goal of the accounting auditing is to identify the weakness in the authentication and analyze the type of passwords used to log into the system. The accounting auditing is also used to establish whether the user accounts are active. (NIST, 2002). However, accounting auditing can be challenging when dealing with multiple operating systems because each operating system has a different user account. In essence, role auditing and user account are very critical for a data source with reference to network intrusion because the strategy will assist an administrator to understand whether the account has been misused.
The rapid development of predictive routing algorithms that seek to anticipate security breaches are also becoming more commonplace (Erickson, 2009). Evidence acquisition through digital forensics seeks to also define preservation of all patterns of potential crime, regardless of the origination point (Irons, 2006). The collaboration that occurs in the open source forensic software industry acts as a catalyst of creativity specifically on this point. There are online communities that
Typically, a database uses either the simple recovery model or the full recovery model. The full recovery model can be supplemented by switching to the bulk-logged recovery model before bulk operations." (Microsoft, 2010 P. 2). Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with
GIS Client/Server Systems Geographic Information System (GIS): Overview Use of GIS Client/Server Systems by U.S. Government Agencies Department of Agriculture (USDA) Census Bureau Environmental Protection Agency (EPA) Department of the Interior Fish and Wildlife Service Federal Emergency Management Authority Department of Homeland Security (DHS) Successful Deployment of GIS Technologies in Facilities Management and Transportation Real Life Application of GIS in Recent Times Application in other Jurisdictions The Future of GIS: Opportunities for Application An Examination of the Use of GIS (Geographic Information Systems) Client/Server
Leveraging Information Systems for Disaster Management In today's digital age, natural as well as man-made disaster management has become an easier task. Several IT features are at our disposal, which can help in both prevention and recovery from disaster. Information technology advances such as satellite communication, the Internet, remote sensing, geographic information system (GIS), etc. have proven extremely valuable in hazard reduction planning and execution processes (Vyas & Desai, 2007). IT
computer used by the employee has either been compromised physically with a password cracking software (EC-Council,2010;Beaver & McClure,2010) or it has bee compromised remotely with the help of a keylogging software.A keylogger is noted by APWG (2006) as a special crimeware code that is designed with the sole intention of collecting information from the end-user terminal. The stolen information includes every strike of the keyboard which it captures.The most
i.e. modifying the domain name system. 7. DNS-Based Phishing ("Pharming"): This offense is based on interference in the domain name searching process by modifying the domain name resolution sending the user to a different IP address. 8. Content-Injection Phishing: The phisher introduces fraudulent content into a legitimate website. 9. Data Theft: Malicious code that collects sensitive information stored within the machines in which it is installed. 10. Man-in-the-Middle Phishing: The phisher takes a