¶ … computer used by the employee has either been compromised physically with a password cracking software (EC-Council,2010;Beaver & McClure,2010) or it has bee compromised remotely with the help of a keylogging software.A keylogger is noted by APWG (2006) as a special crimeware code that is designed with the sole intention of collecting information from the end-user terminal. The stolen information includes every strike of the keyboard which it captures.The most sensitive of the captured information are the user's credentials. Keylogger may also be used to refer to the hardware used for this purpose. The employee's password could also have been shoulder-surfed by his immediate neighbor at the workplace. This could be his coworker who manages to peek and see over his shoulder as he types in sensitive authentication information (password)
Strategy to address the issue as well as the necessary steps for resolving the issue
The strategy for addressing this threat is the adoption of a physical and software-based security system for the computer network. This is to say that the software must be secured using a very strong and effective anti-virus software. Anti-spyware must also be installed and updated frequently in order to detect any keyloggers. Physically, the computer must be checked for any physical keyloggers that may be attached to any of the USB ports, mouse and keyboard ports as well as under the keyboard. It is worth noting that keyloggers may be hidden in virtually any part of the computer system so long as there is a data bus. The issue can be resolved by instituting an appropriate information Technology policy at the workplace that discourages the installation of unapproved software and hardware (Can be disabled by the use of appropriate policies that govern administrative rights).
Case Project...
These features include;
Data/Information Acquisition.
Acquisition granularity
This feature allows the specification of the total numbers of sectors that have to be zeroed upon when an error is found. The acquisition bloc functionality defines the size of block to be acquired. The files are acquired with evidence of files, folders via boot disk and RAM evidence.
Automation tools that helps in the speeding up of the process of investigation. The automation process performs filters with conditions, hardware analysis, partition recovery as well as recovery of deleted files.
Analysis feature
This feature employs Windows even log parser, Link file parser (for finding space which is unallocated), performs an analysis of the file system, hash analysis as well as file finder function for finding files in the space which is unallocated.
Viewers
This feature has a native viewer function which can handle more than four hundred file formats, has a built-in Registry viewer, integrated viewer for pictures. External file viewer as well as a timeline calendar viewer.
A feature for searching Unicode index
Reporting feature which is automated
This feature reports on all the files found in a case, log report, registry, incidence report as well as a data exportation feature into HTML or RTF formats.
The other features are internet and e-mail investigation feature as well as support by most operating systems.
Access Data FTK
Access Data's Forensic Toolkit (FTK) is effective in computer forensics worldwide…
