Login Signup
Verified Document

Capture Data Sources Using The Digital Forensics Tool Term Paper

Related Topics:
Data Mining Forensic Science Windows 7 Digital
Open Document Cite Document

Digital Forensics to Capture Data Sources Network Intrusion

Prioritizing Data Sources

Account Auditing

Live System Data

Intrusion Detection System

Event Log Analysis

Malware Installation

Prioritizing data sources

Activity Monitoring

Integrity Checking

Data Mining

Insider File Deletion

Prioritizing data sources

Use of Uneraser program Recovers the Deleted Data

Network Storage

A recent advance in information technology has brought about both benefits and threats to business organizations. While businesses have been able to achieve competitive market advantages through the internet technology, the hackers are also using the opportunities to penetrate the organizational network systems to steal sensitive data worth billions of dollars. A recent wave of cybercrimes leads to the growth of forensic investigation dealing with a collection of evidence to track cyber offenders. The study investigates different data sources that can assist in enhancing digital forensic investigation. The study identifies event log analysis, port scanning, account auditing, and intrusion detection system as important strategies for data sources.

Introduction

The explosive growth of interconnection of network and computer systems has brought about benefits and inherent risks to organizations and individuals. Hackers and other cyber criminals have taken the advantages of the recent advance in technology to penetrate organizational network systems and steal sensitive data worth billions of dollars. In the United States, criminals steal data that worth billions of dollars from both private and public organizations yearly. The most intrigue aspect of the recent wave of criminality is that much traditional law enforcement agents are not well trained to track down the criminals because of the sophistication involved. The new wave of computer crimes has led to a development of the computer forensic science dealing with the digital tool for a collection, identification, examination, analysis of the network system to assist in preserving the integrity of data and information system. More importantly, the digital forensic experts assist in investigating the crime, collect and analyze vital evidence that can be used to prosecute cyber criminals. Digital forensic science deals with the investigation of data sources by collecting and examining the electronic evidence as well assessing the electronic attacks to recover lost information from the information system in order to prosecute the cyber criminals. In another word, digital forensic investigators collect a multitude of data sources to capture the evidence to be used for a legal procedure. In essence, forensic investigators need to differentiate data from different sources, compare data, prioritizing them in their level of importance.

The objective of this paper carries a comprehensive analysis of the strategy forensic investigators employ to collect data from their sources. The paper also provides challenges faced with regard to collecting and examining evidence from these sources.

Network Intrusion

Forensic experts carry out their investigation to capture evidence based on different events. A network intrusion is an intentional act with an attempt to intrude into an organizational network system in order to compromise the integrity, confidentiality, and availability of the network, computer, and data stored in the systems. The network intrusion is the most important events because it is the most common technique that many intruders employ to gain an unauthorized access into the network system. Typically, the network intrusion can cause a significant damage to an organization leading to altering, damage or stolen of sensitive data from the information system. When attackers are able to gain access to the network systems, they can cause a significant damage to the hardware and software.

The case, (2005) argues that that an investigation involving a network intrusion are both costly and complex, which can take a great deal of time to resolve. The author cites an example of a case study where intruders penetrated the information systems of several laboratories in 2000 leading to shut down of the organizations for several days and loss of the enormous amount of revenue. When the forensic investigators were invited to come in, they used several procedure to carry out the investigation that includes using the incident handlers to acquire the evidence. It also took enormous of time to track the offenders. It was in 2004 that the offenders were finally brought to justice.

Prioritizing Data Sources

Account Auditing

Forensic investigators use different strategies to collect, preserve, reconstruct evidence to track offenders. With reference to network intrusion, the first strategy is to carry out an account auditing to identify the data source and review...

Parts of this document are hidden

View Full Document
svg-one

The goal of the accounting auditing is to identify the weakness in the authentication and analyze the type of passwords used to log into the system. The accounting auditing is also used to establish whether the user accounts are active. (NIST, 2002). However, accounting auditing can be challenging when dealing with multiple operating systems because each operating system has a different user account. In essence, role auditing and user account are very critical for a data source with reference to network intrusion because the strategy will assist an administrator to understand whether the account has been misused.
Kent, Chevalier, Grance, et al. (2006) argue that the first step in the forensic investigation with reference to the network intrusion system is the identification of the potential source of data, and acquire data stored in the devices. Common data sources based on the level of importance include servers, desktop computers, laptop, network storage devices, and external drives such as DVDs, CDs, and USB (Universal Serial Bus). Other data sources include Firewire and PC memory card where a user can attach the external data devices and media. The investigators can also collect data from the log files of the network activity. Other sources of data include Thumb drive, flash and memory cards, magnetic disc and optical discs. Many standard computers also contain some volatile data available in the system until the systems are rebooted or shut down. Moreover, computer related devices such as digital recorders, audio players, digital cameras, cell phones, and the audio player may contain data. Another helpful data sources are the application systems that forward copies.

Live System Data

The live system data is another data source for the network instruction investigation. Typically, the live data provides one of the promising evidence from the compromised systems. Moreover, the live system delivers the evidence in a real time and method the intruders employ to gain access to the systems. The investigators can use the Encase program to capture a live data. Moreover, the program such as tcpurify can be used to capture network data. The method will assist the investigators to identify the strategy that the penetrators employ to gain access to the network system. (Vigina, Johnson, Kruegel, 2003). Essentially, live data sources allow forensic investigators to capture volatile data which may not be available during the postmortem investigation. The information to be captured during the live investigation includes network information, event logs, and registered drivers, running process and registered services. For example, the running services assist the investigators to capture data running on the computer system. These services command higher priorities, and many users may be unaware of the existence of the services. Based on their high priority and lack of attention from the system administrators, they are typical a common target for hackers. Thus, conducting a live instigation will assist an investigator to view the state of service, which are very crucial to the investigation. Despite the benefits associated to live forensic, preserving the state of the system to ensure that the data captured are legible can be challenging. The best strategy to make the data visible is to use the forensic toolkit that assists in keeping the process as automated as possible.

Intrusion Detection System

The IDS (Intrusion detection system) is another strategy that investigators can use to capture data from their sources. The IDS is particularly useful to monitor live analysis. For example, the IDS can be configured to monitor network traffic and watch the intruders in actions. Moreover, the IDS can be used to detect how hackers are assessing the systems. The strategy can assist the investigators to procure critical evidence based on their findings. The benefits of the IDS is that it allows the investigator to detect network intrusion because it can be programmed to make the system administrators detecting an unauthorized access to the network system. Typically, the IDS is similar to the burglary that alerts the house owners that a thief is attempting to intrude into their properties. Despite the benefits associated to IDS, some IDS alerts can be harmless to the system, and investigating this type of activities can lead to a waste of time. Kumar et al. (2013) argue that the goal of the IDS is to identify and capture an unauthorized access into the network system in a real time. The goal of the IDS is also to detect anomalies revealing that the symptoms are illegal, and can lead to a criminal and intrusive activity. Typically, the forensic investigators can use IDS as a tool of investigation to obtain sufficient evidence about the criminal activity. "The problem is that it is unsure that network security services are appropriate tools to collect evidence during ongoing attacks." (Kumar et 2013 p 613). Moreover, the…

Continue Reading...
Sources used in this document:
Stallings, W. (2011). Cryptography and Network Security Principles and Practice (Fifth Edition). Pearson Education, Inc. Prentice Hall.

Vigina, G. Johnson, E. Kruegel, C. (2003). Recent Advances in Intrusion Detection: 6th International 6th International Symposium, RAID 2003, Pittsburgh, PA, USA, September 8-10, 2003, Proceedings, Volume 6. Springer Science & Business Media.

Xu, M., Yang, X. Wu, B. et al. (2013).A metadata-based method for recovering files and file traces from YAFFS2. Digital Investigation. 10 (1); 62-72.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Forensic Accounting Is a Special Subsection of
Words: 2063 Length: 7 Document Type: Essay

Forensic accounting is a special subsection of accounting that goes beyond the typical job description of an accountant. Forensic accountants use their work in courtroom and other legal settings to help. Their primary roles are litigation support and investigative accounting (Zysman, 2012). To do this, forensic accountants combine accounting, auditing, and investigative skills. However, conducting investigations is only one component of a forensic accountant's job description; they also have to

Read More
Essay
Forensic Accounting in Practice Over
Words: 876 Length: 3 Document Type: Research Paper

This means laying out for the jury and the judge the role of different parties and how this contributed to illegal activities. It is at this point when everyone can understand the full context of the case. (Singleton, 2010) (Golden, 2011) Analyze the legal responsibility a forensic accountant has while providing service to a business. The legal responsibility of a forensic accountant is to determine when fraudulent activities have taken place

Read More
Essay
Forensic Accounting Skill Set for
Words: 1680 Length: 6 Document Type: Term Paper

The forensic accounting done on Koss reveals the importance for a business's auditing firm's responsibilities. It also shows that an auditing firm is liable to face legal charges for failing to find a fraud in their accounting activities in a business. The forensic accounting carried out on Koss revealed that the Vice President Sujata and the former Senior Accountant, Julie Mulvane, engaged in a range of accounting fraud cover ups

Read More
Essay
Forensic Accounting in Practice
Words: 2031 Length: 6 Document Type: Term Paper

roles of forensic accountants in preventing and detecting fraud within a business community. The paper highlights the requisites and basic responsibilities of a forensic accountant. The paper also makes references on the special cases where forensic accountants have assisted in fraud detection and prevention. Overview of Forensic Accounting Forensic accounting is the specialty area of accounting used to train an individual to develop the special accounting skills to detect and prevent

Read More
Essay
Forensic Accounting Goldman Sachs Securities Fraud Case
Words: 1655 Length: 5 Document Type: Research Paper

Goldman Sachs Forensic accounting Fraud at Goldman Sachs The recent recession and financial scandal brought to light many unethical, illegal, and quasi-legal practices of the major investment firms. One example of this was the Goldman Sachs securities fraud case, in which the firm was accused of creating and selling bundled mortgage investments in an instrument that was intended to fail and which the company' bet against' with a desire to make a profit

Read More
Essay
Forensic Accounting Concept In India
Words: 2127 Length: 8 Document Type: Essay

Essay Topic Examples 1. The Evolution of Forensic Accounting in India:     This topic could explore the historical development of forensic accounting in India. It would cover early accounting fraud cases, the emergence and refinement of forensic accounting techniques, and the eventual establishment of professional bodies and standards in India. The essay could also examine the catalysts for growth in this field within the Indian economic and legal landscape. 2. Role of Forensic

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now