Daniel Nkansah D431 TASK 1
docx
keyboard_arrow_up
School
Western Governors University *
*We aren’t endorsed by this school
Course
D431
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by MegaFox4009
1
Nkansah Daniel Nkansah
Digital Forensics in Cybersecurity - D431
Professor Jackie Jakes
November 21, 2023
A. Investigative Plan
1. The foremost consideration in our strategy is to strike a delicate balance between maximizing evidence collection and minimizing the impact on organizational operations. To achieve this, non-disruptive methods will be prioritized. For non-disruptive methods, we will employ Magnet AXIOM for live forensics analysis. This tool allows us to investigate active systems without interrupting day-to-day operations, ensuring minimal impact on organizational activities. Collaboration with IT and security teams will be facilitated through secure communication channels such as Slack or Microsoft Teams.
When required, we will collaborate with your IT department to generate backups or duplicates of crucial systems before commencing our inquiry. This precaution ensures that, in the event we need to temporarily deactivate a system, a duplicate can be utilized to maintain the seamless operation of your activities. Each phase of our inquiry will be thoroughly recorded, fostering transparency, assisting in upholding the chain of custody for gathered evidence, and proving crucial in potential legal proceedings. Our commitment to transparency, coupled with a deep respect for privacy, means that we will keep pertinent personnel abreast of the overall progress of the investigation while safeguarding sensitive details. This approach aims to mitigate potential concerns among your staff and uphold a sense of trust.
2
Nkansah 2. EnCase will be employed to perform disk imaging and analysis. This involves creating forensic copies of storage media, a crucial step to ensure the fidelity of the original data. Through EnCase, the investigation team can meticulously capture the entire content of storage devices while maintaining a forensically sound chain of custody.
To trace potential data transfers and unveil communication patterns, NetworkMiner will be used to scrutinize network activities, NetworkMiner provides invaluable insights into the movement of sensitive information across the network. This will aid in understanding the flow of data, identifying communication channels, and pinpointing any irregularities that may indicate unauthorized access or data transfers.
For delving into the active processes and volatile data within the system, Volatility, an open-source memory forensics framework, takes center stage. This tool will allow investigators to extract and analyze information residing in the volatile memory of a system. By doing so, Volatility becomes an essential component in uncovering transient
artifacts, providing a dynamic perspective that complements traditional disk-based analysis.
In the pursuit of maintaining the integrity of stored data, OSSEC (Open Source Security) will be used. OSSEC will be deployed to detect any unauthorized modifications to files, offering a vigilant eye on the integrity of the digital assets under investigation. This
3
Nkansah proactive approach ensures that any tampering or alterations to critical files are promptly identified, contributing to the overall credibility of the collected evidence.
Each of these tools plays a distinctive role in the multifaceted process of evidence gathering, preparation, and analysis. Their collective implementation ensures a comprehensive and methodical approach to digital forensics, aligning with industry best practices and standards.
3. We will conduct a comprehensive digital forensic imaging procedure to replicate the exact data from John Smith's computer systems, mobile devices, and other pertinent digital sources. This involves generating precise bit-by-bit copies of the data. Subsequently, the original devices will be securely stored to preserve their current state, ensuring their availability for future reference if necessary.
During the entire process of data collection and handling, we will adhere strictly to chain of custody procedures. Every action performed will be meticulously logged and documented, including details about who accessed the evidence, the timing of access, and
the specific actions undertaken. This rigorous documentation serves to uphold the credibility of our investigation and becomes particularly significant in the event of legal proceedings.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Nkansah The careful preservation of this documentation is crucial to maintaining the integrity of our investigation. It ensures that the actions taken are transparent, accountable, and in accordance with established protocols. In the event that the case progresses to a legal forum, this detailed documentation becomes instrumental in supporting the validity of our
procedures and findings. Throughout this entire process, our commitment is unwavering: to ensure that the collected data remains unaltered, preserving its integrity and authenticating the credibility of our investigation.
4. After successful evidence collection and preservation using EnCase and FTK Imager, the examination phase becomes pivotal. Autopsy, a versatile open-source digital forensics tool, plays a central role in this process. Known for its prowess in analyzing disk images, files, and directories, Autopsy ensures a comprehensive exploration of the seized evidence. Autopsy's capabilities extend to identifying and analyzing various document types, including text documents (e.g., .txt, .doc, .pdf), spreadsheets (e.g., .xls, .xlsx), and presentations (e.g., .ppt, .pptx). The tool is equally adept at scrutinizing emails, extracting
valuable data from both messages and attachments. This proves invaluable in investigations centered around communication and information exchange. The tool's versatility further encompasses the analysis of image files, databases, web browser artifacts, system logs, registry entries, and file metadata. By leveraging Autopsy, investigators gain a holistic view of the digital landscape, extracting relevant information crucial to the investigation. Autopsy's user-friendly interface, coupled with its forensically sound analysis, aligns seamlessly with established chain of custody and preservation protocols. Its ability to conduct keyword searches, timeline analysis, and
5
Nkansah visualization enhances the extraction of pertinent information, ensuring a thorough and effective digital forensics investigation.
5. In attempt to remain neutral, the forensics team will be working alongside an Oxygen Forensic Detective analyze communication patterns and data transfers. This comprehensive approach ensures that conclusions drawn are well-supported and align with the terms and conditions set forth by the organization.
6. In our report, we will summarize the key findings, detail the investigation procedures undertaken, and present our conclusive results in a clear and comprehensible manner. We
will include appropriate and sufficient technical details to support our conclusions, simplicity and brevity will be our primary focus. Any technical jargon will be elaborated, complex procedures will be simplified or visually represented. Furthermore, we will emphasize the implications of our findings and propose potential actions, if deemed necessary. This approach guarantees that senior management is well-informed to make an
informed decision