User Account

All Pages

Justify a need for digital forensics methodology

Assignment Help Other Engineering
Reference no: EM13836105

Assessment-Case study

Word Limit: 2000-2500 words excluding references

Objectives

This assessment item relates to the course learning outcome 1 to 9 as stated on page 1 of the course profile.

Enabling objectives

1. Apply the digital forensics methodologies.

2. Write an analysis of a case study.

3. Prepare an outline of a professional digital forensic plan.

Instructions

The Case - A Digital Forensic Investigation Plan

Summary:

One World Finance (OWF) is a specialist provider of high quality, consumer finance services to a global network of customers. Trading in Australia and New Zealand since 1990, the company employs more than 750 employees and the company serves more than 5 million customers. The company's main office is situated in Brisbane with other branch offices located in Sydney and Melbourne.
OWF has invested heavily in information technology for supporting its global business operations and achieving competitive advantages over its competitors. Major investments were made by the company in 2001 but management has lost focus in updating the networks and application infrastructure that supports the business operation in recent years. The network environment between all of OWF offices is flat and relatively unrestricted. Users from one office can access systems and servers from another office. Workstations and servers are typically Microsoft Windows-based. Firewalls and network segmentation are implemented poorly throughout the environment. Intrusion detection and logging exist on systems but they are not effectively used.

Last night, John Marsh at the Sydney office went in to work early and when he got connected to his computer, he found that someone was already connected to his computer with several windows opened. As he stared at it, his computer system got disconnected. He then tried to get connected again, but he was logged out. He called the IT manager, who followed a plan for such incidents. This includes disabling John's account and examining the server security logs. The IT manager found that the IP address of the computer that was connected to John's computer belongs to a computer used to run a data projector at the Melbourne office. He quickly rang the Melbourne office to check who has used the computer and requested the logs of people who have swiped into the building. He found out that there were five people in the building at the time, but one employee, Andrew Gale has since swiped out and called in sick. An urgent meeting with the management concludes that Andrew Gale has at least violated company policy by accessing a colleague's account, but is unsure if he has violated any other policy or engaged in any criminal activity. As an information security officer, you are asked by the management to investigate to find out the extent of Andrew's activities, if others are involved, who is affected and whether criminal charges need to be laid.

Requirements:

Your task is to prepare digital forensics investigative plan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic and digital data. Assuming all systems are Windows based, this plan should detail following:

• justify why use of the digital forensic methodology and approach is warranted including appropriate procedures for corporate investigation.

• describe the resources required to conduct a digital forensic investigation, including skill sets and required tools of the team members.

• outline an approach for data/evidence identification and acquisition that would occur in order to prepare the auditors for review of the digital evidence.

• outline an approach and steps to be taken during the analysis phase making the assumption the computer system is a Microsoft Windows-based computer.

• make a recommendation on the action that the company needs to take against the offender.

Tips for preparing your digital forensics investigative plan

In writing the digital forensics investigative plan, students need to address following points. Do note that points listed below are not exhaustive and need to be considered as helpful tips.

• Justify a need for digital forensics methodology and consider scope of the case including nature of alleged misconduct leading to consideration of how electronic and digital evidence may support the investigation. The plan should consider how digital forensics differs from other techniques (such as network forensics, data recovery) and detail the overall steps for the systematic digital forensics approach.

• Consider the required resources and include details regarding preparation plan for evidence gathering (such as evidence forms, types, storage media and containers), forensics workstation and peripherals needed, software/tools for analysis depending on the type of evidence to be gathered including rationale for selected tools, and consideration of team member skills in digital analysis (such as OS knowledge, skills for interviewing, consultation, working as per the needs of the auditing team and understanding of law and corporate policies).

• Detail the approach for data acquisition including the different types of evidence that can be gathered and their source depending upon the nature of the case and scope of investigation, develop a plan for data acquisition including rationale for selected plan and contingency planning, detail type of data acquisition tools needed including rationale and an outline for the data validation & verification procedures.

• Provide an outline of the forensic analysis procedures/steps depending upon the nature of evidence to be collected, and detail the validation approach. This can include techniques to counter data hiding, recovering deleted files, procedures for network and e-mail analysis.

• Prepare a recommendation on the action that the company needs to take against the offender

• Table of contents for the investigative plan should consider what to include in report, structure of report, focus or scope of the report including supporting material to be provided and references. This table of contents should include headings and sub-headings pertaining to the aspects addressed in the above dot points.

• Prepare a professional report with an Executive Summary, a Word generated table of contents, an Introduction, a body of report with proper headings and sub-headings, and a Conclusion.

Assessment criteria

Criteria Performance levels

Beginning

1 Developing

2 Improving

3 Accomplished

4 Exemplary

5 Score

Justification - Is the justification of "why use of the digital forensic methodology and approach is warranted" sound?

Resources - Are the resources required to conduct a digital forensic investigation completely listed?

Approach - Is the approach for evidence identification and acquisition reasonable?

Steps - Are steps to be taken during the analysis phase reasonable?

Recommendation - Is the recommendation made appropriate?

Formatting and readability - Is the paper consistently formatted with balanced structure? Are the references correctly cited?

Reference no: EM13836105

Questions Cloud

Differentiate between classification of data and clustering : Give two examples, apart from those given in the slides, for each of the following: a) Data mining from the commercial viewpoint b) Data mining from the scientific viewpoint. Differentiate between classification of data and clustering of data with th..
Food in spain vs usa : Food in Spain vs USA
Find the volume v of the solid : Find the volume V of the solid whose base is the circle x2 + y2 = 9 and whose cross sections perpendicular to the x-axis are triangles whose height and base are equal.
Conduct fundamental analyses to estimate intrinsic value : As a part of the valuation process, you need to analyze the companies' financial statements and examine other sources of information, such as articles, books, accounting pronouncements, and industry literature to gain an understanding of the signi..
Justify a need for digital forensics methodology : Justify a need for digital forensics methodology and consider scope of the case including nature of alleged misconduct leading to consideration of how electronic and digital evidence may support the investigation.
Identify key personnel within emergency management : As an experienced emergency manager, you have been asked to meet with and provide literature regarding governmental and non-governmental emergency management organizations to new emergency managers that have been hired in the surrounding communiti..
Actions for critiquing a bad-news letter : Actions for critiquing a bad-news letter
Prepare a one-page memo on california choppers : Prepare a one-page memo on California Choppers - It is a one-page memo, I want it in a very basic language. No plagiarism.
Discuss us intelligence oversight : Discuss U.S. intelligence oversight. Is the process sufficient? If not, how should it be changed

Reviews

Write a Review

Other Engineering Questions & Answers

  Problems based on digital technology in music recording

Explain how text messaging works.Perform research and discuss how an audio CD and an audio DVD compare.

  Enter the logic gate symbols representing the gates

Enter the logic gate symbols representing the gates - Connect and label input and output pins.Label the inputs as A, B, C.

  Takeoff and landing performance

What is the rule of thumb increase in takeoff distance and rotation speed in percentage and what is the climb gradient (%) and climb angle (deg)?

  Draw the corresponding ladder logic diagram

Draw the corresponding ladder logic diagram - Provide a detailed description of the program functions, rung by rung.

  Evaluate the stability using rouths hurwartz criterion

Evaluate the stability using Rouths Hurwartz criterion and obtain the range of K value for the stability under various controllers and evaluate the relative stability of the system with P and I controllers.

  Adopt a condensing power plant

Adopt a condensing power plant with a feedwater tank (MV) with the wiring diagram and information - High-pressure turbines are isentropic efficiency of 0.88.

  Write procedures to manipulate queues

Write a procedure (make-queue) that produces independent first-in-first-out queue objects, using a message-passing style.

  Estimate for the standard deviation issues

If the probability of Caesarean birth is 0.30, and 140 in a sample of 500 births are Caesarean, which of these numbers is n?

  Why the bernoulli process assumptions might not hold here

What is the largest value of n so that P(Y > 0) = 0.02 and briefly explain why the Bernoulli process assumptions might not hold here.

  What are the benefits of digital manipulation

What are the benefits of digital manipulation (don't just think about photography)? What are the dangers of digital manipulation?

  Write an assembly language program to load register

Write an assembly language program to load Register A with number 7, and Register B with number 8. Add these two registers

  Mechanical behavior of materials celebration of learning 02

mechanical behavior of materials celebration of learning 02 20 june 2014this is a take-home celebration of

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd