Essay Doctorate 1,061 words

Computer Used by the Employee Has Either

Last reviewed: February 1, 2012 ~6 min read

Abstract

This discussion is based on an analysis of two case studies.The questions are: Case Project 6-2: An employee suspects that his password has been compromised. He changed it two days ago, yet it seems that someone has used it again. •Discuss what you think may be going on. •Develop a strategy to address the issue and provide the steps you would take to resolve the problem. •Use at least one outside research source including academic journals to support your view. Case Project 7-2: 1.Research two popular GUI tools: •Guidance Software EnCase •Access Data FTK 2.Compare their features to other products, such as: •ProDiscover www.techpathways.com •Ontracks EasyRecover Professional www.ontrack.com/easyrecoveryprofessional 3.Create a bar chart outlining each tool's current capabilities. •The chart should clearly indicate which software product you would recommend. 4.Discuss the features you would find most beneficial in creating your own lab. 5.Use at least one outside research source including academic journals to support your view

¶ … computer used by the employee has either been compromised physically with a password cracking software (EC-Council,2010;Beaver & McClure,2010) or it has bee compromised remotely with the help of a keylogging software.A keylogger is noted by APWG (2006) as a special crimeware code that is designed with the sole intention of collecting information from the end-user terminal. The stolen information includes every strike of the keyboard which it captures.The most sensitive of the captured information are the user's credentials. Keylogger may also be used to refer to the hardware used for this purpose. The employee's password could also have been shoulder-surfed by his immediate neighbor at the workplace. This could be his coworker who manages to peek and see over his shoulder as he types in sensitive authentication information (password)

Strategy to address the issue as well as the necessary steps for resolving the issue

The strategy for addressing this threat is the adoption of a physical and software-based security system for the computer network. This is to say that the software must be secured using a very strong and effective anti-virus software. Anti-spyware must also be installed and updated frequently in order to detect any keyloggers. Physically, the computer must be checked for any physical keyloggers that may be attached to any of the USB ports, mouse and keyboard ports as well as under the keyboard. It is worth noting that keyloggers may be hidden in virtually any part of the computer system so long as there is a data bus. The issue can be resolved by instituting an appropriate information Technology policy at the workplace that discourages the installation of unapproved software and hardware (Can be disabled by the use of appropriate policies that govern administrative rights).

Case Project 7-2:

The features of Guidance Software EnCase

According to Guidance Software (2008), the digital forensics software Guidance Software EnCase has several features. These features include;

Data/Information Acquisition.

Acquisition granularity

This feature allows the specification of the total numbers of sectors that have to be zeroed upon when an error is found. The acquisition bloc functionality defines the size of block to be acquired. The files are acquired with evidence of files, folders via boot disk and RAM evidence.

Automation tools that helps in the speeding up of the process of investigation. The automation process performs filters with conditions, hardware analysis, partition recovery as well as recovery of deleted files.

Analysis feature

This feature employs Windows even log parser, Link file parser (for finding space which is unallocated), performs an analysis of the file system, hash analysis as well as file finder function for finding files in the space which is unallocated.

Viewers

This feature has a native viewer function which can handle more than four hundred file formats, has a built-in Registry viewer, integrated viewer for pictures. External file viewer as well as a timeline calendar viewer.

A feature for searching Unicode index

Reporting feature which is automated

This feature reports on all the files found in a case, log report, registry, incidence report as well as a data exportation feature into HTML or RTF formats.

The other features are internet and e-mail investigation feature as well as support by most operating systems.

Access Data FTK

Access Data's Forensic Toolkit (FTK) is effective in computer forensics worldwide since it helps several organizations to analyze as well as search for any sorts of electronic evidence in various types of computer crimes that includes intellectual property violations, terrorism, corporate fraud, identity theft, child pornography, company policy violation as well as engagement in illegal commerce.

The features of this software are:

The ability to create filters via its improved File Filter Manager (FFM).This include filtering by attributes and many more

Configurable GUI modes with features like docking panes, using TABS as well as thumbnail resizing

Use of the new Content View pane

Implementation of new and improved case searches (pattern, text and hex)

A new report wizard

Decrypting of files as well as file system encryptions from within the software

The software also has multiple user access, use of relational Database by Oracle, multi-threaded data processing to allow for immediate data access, the ability to exploit a distributed client/server architecture for use in case analysis.

Comparing the features of Guidance Software EnCase and Access Data FTK with ProDiscover and Ontrack EasyRecorder.

Features of ProDiscover

1. Compliance with the NIST (National Institute of Science and Technology) Disk Imaging Tool Specification 3.1.6