Digital Forensics and Cyber Crime Investigation
HCC Partner is the top healthcare company in the United States, and the management has noticed an intrusion in the systems based on the alerts from their IDS (Intrusion Detection System) logs that causes the management to question the reliability of the system. Analysis of their systems reveals that HCC uses the Snort IDS that is running in Linux system. Moreover, the HCC database administrator has received and downloaded the strange email from the Human Resources Department, which makes the system behaving strangely after they open the attachment. Essentially, all the emails communication and attachment will be stored in the database server. The next step is to the check the hard disk of the human resources computer to verify whether the email is sent from the HR department. The method to verify whether the email comes HR department is to search the company database server for all the emails sent to the database administrator the day the email is received. While email searching carried out manually can be time-consuming, however, we suggest using the X-Ways Forensics software for the automatic searching for the email.
The objective of this project is to analyze the HCC database server, the network system and other workstations suspected leading to data leakage. The project will investigate whether there is a possibility of evidence of data breach.
A: Plan for Processing the Incident Scene and Potential Crime
The study uses the staircase model for the investigation processing because the model assists in enhancing a practical method for forensic investigation. Typically, digital forensic investigators work from the bottom in a systematic way.
Fig 1: Staircase Model
Source: Casey, (2011).
A
1. Method to Identify Potential Digital Evidence
If the email in the hard disk r database is deleted, the next process is to use the forensic software to recover the email deleted on this data. The study suggests using the Encase software to assist in retrieving the deleted emails. The tool has the ability to collect data from various devices, and assist in unearthing the evidence. If the file is sent from HR department, the next step is to scan the file to detect the presence of malicious software. The study suggests using one of the premium antivirus software to identify whether the file contains the malware and if the…
Digital forensic can be described as a branch of forensic science surrounding the recovery as well as investigation of materials which are found within digital devices, in many occasion regarding computer crime. Originally the term was always used as a synonym for computer forensics; however it has spread out to be used in investigations of the entire devices with capability of storing digital data. Having its grounds in the personal
Digital Forensics to Capture Data Sources Network Intrusion Prioritizing Data Sources Account Auditing Live System Data Intrusion Detection System Event Log Analysis Malware Installation Prioritizing data sources Activity Monitoring Integrity Checking Data Mining Insider File Deletion Prioritizing data sources Use of Uneraser program Recovers the Deleted Data Network Storage A recent advance in information technology has brought about both benefits and threats to business organizations. While businesses have been able to achieve competitive market advantages through the internet technology, the hackers are also using the opportunities
This phase is described by Carrier as the phase where we "...use the evidence that we found and determine what events occurred in the system" (Carrier, 2005). 2.2. The United States Department of Justice's (USDOJ) digital forensic analysis methodology The second methodology under review in this paper has been put forward by the United States Department of Justice. This consists of four basic phases: collection, examination, analysis and reporting (Shin, 2011).
Cyber Crime Malicious activities like identity theft, harassment and phishing activities are conducted by the cyber criminals by making use of the anonymous context of the cyber world to their advantage. Phishing scams are conducted in such a manner by the scammers that websites are created by them and emails are sent out in order to trick the account holders into revealing sensitive information like passwords and account numbers. These crimes
DIBS Forensic Workstation - Complete solution for problems faced by investigator of computer crimes; FREDDIE - Forensic recovery of evidence deice diminutive interrogation equipment; EnCASE - Fully integrated forensic application for Windows; and ProDiscover DFT - completely integrated Windows ™ application for the collection, analysis, management and reporting of computer disk evidence. Designed specifically to meet NIST (National Institute of Standards and Technology) standards. (Timberline Technologies, 2005) Harris (2005) states that if anti-forensic
Cybercrime has become a serious problem in the world we live in. The abundance of personal computers that are readily available at relatively low prices has spawned the growth in Cybercrime all over the globe. As a result, law enforcement agencies have developed cybercrime forensics which is designed to track down those that are responsible for cyber crimes. The purpose of this discussion is to analyze this subject and discuss