SEC 6060 Week 5 Case Study
docx
keyboard_arrow_up
School
Wilmington University *
*We aren’t endorsed by this school
Course
6060
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
4
Uploaded by Admys
Running head: Week 5 Case Study
1
Week-5 Case Study: Anti-Forensic Trace Detection
Wilmington University
SEC 6060: Incident Handling and Response
September 28, 2022
2
Week 5 Case Study
Anti-Forensic Trace Detection
One thing South Korea should focus on
In South Korea, Digital Investigators face a problem with anti-forensic tools and techniques used by cyber-criminals to vanish the identity evidence. Detection of usage of anti-
forensic tools can narrow down the investigation process shortlisting the used system for the attack. The article discusses the need to design software tools with good quality unique signatures to Indicate anti-forensics attempts. Furthermore, the report says that investigators should use the digital forensic triage workflow to study the attack. Finally, it talked positively about learning the rules and regulations for anti-forensics detection outside South Korea.
Recent cyber-attack
The International Hotel chains of Marriott were under cyber-attack for over four years, from 2014 to 2018. The attackers targeted the hotel reservation system database using malicious software. They acquired sensitive information like names, addresses, credit card numbers, and phone numbers as passport numbers, travel locations, and arrival and departure dates. Security Information and Event Management tool indicated illegal action. In the incident identification and addressing process, the hotel has learned that the attacker used cryptography to mask the information with a secret key baring the hotel management from accessing it. As a result, it took more time to decrypt the data to the hotel security team (WashingtonPost, n.d.). The statistics show the increased number of cyber-attacks and the usage of advanced technologies by cyber-
criminals; that there is a dire need to enhance the ways to approach an incident. In an attack, fast movement to affected systems and networks will cancel out the avoidable losses. With the advancement of cyber-attack trends, DFIR should use software tools to detected False positives. It should take advantage of Machine learning and Automation to automate security and IT
3
Week 5 Case Study
operations. DFIR team should gain access to the required information and services at the time of crisis. By implementing the latest technology into work, DFIR should reconstruct the incident (Securityboulevard, n.d.)
. To calculate power cycles and hard drive worked can be discovered using an Anti-Forensic tool. In addition, to save investigation time, the DFIR team can use Anti-
Digital forensic tools to reduce the number of systems to investigate the origin of the cyber-
attack
(PDFs, n.d.)
. The investigator can use a digital forensic triage tool to analyze what works as a clue to take the digital investigation further. Effect of the cyber-attack on the business
The cyber-attack on hotel group Marriott International has cost it three percent of its total
annual revenue. The fine imposed was around 123 million dollars as the breach affected up to 339 million guests. In addition, the hotel is facing a lawsuit in court from its customers, who knew of the consequences of the violation. This breach has resulted in mistrust among new customers.
(CPOmagazine, n.d.)
.
Recommendations to Wilmington University Digital Forensics incidence response includes inspecting the systems, finding attack marks, exploring the web's movements, comprehending attackers' offensive process, and illustrating network activity. The rate of response and accuracy to incidents of the DFIR team is high. They proceed with a rational approach to an incident. They diminish the loss, toughen the protocols, reclaim the network access, and document the attack methods and techniques to alert remaining organizations (Crowdstrike, n.d.).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Week 5 Case Study
References
Anti-forensics: Techniques, detection, and countermeasures
. (n.d.). Retrieved October 8, 2021, https://pdfs.semanticscholar.org/b0c0/275024deb3660928d57c2220ab643993db11.pdf.
DFLabs, Yesterday, M. F. |, 22, K. N. | S., 21, D. S. | S., Yesterday, A. S. |, Richi Jennings | 1 day
ago, & Michael Vizard | 1 day ago. (2021, January 20). 5 ways soar improves the role of DFIR in Cyber Security
. Security Boulevard. Retrieved October 8, 2021, from https://securityboulevard.com/2021/01/5-ways-soar-improves-the-role-of-dfir-in-cyber-
security/.
Park, K. J., Park, J. M., Kim, E. J., Cheon, C. G., & James, J. I. (2017). Anti-forensic trace detection in digital forensic triage investigations.
Journal of Digital Forensics, Security and Law
,
12
(1), 8.
Read, D. P. N. min, & Nicole Lindsey·July 23, 2019. (2020, April 13). Marriott faces massive $123 million GDPR fine for 2018 security breach
. CPO Magazine. Retrieved October 8, 2021, from https://www.cpomagazine.com/data-protection/marriott-faces-massive-123-
million-gdpr-fine-for-2018-security-breach/.
Telford, T., & Timberg, C. (2018, December 1). Marriott discloses massive data breach affecting up to 500 million guests
. The Washington Post. Retrieved October 8, 2021, from https://www.washingtonpost.com/business/2018/11/30/marriott-discloses-massive-
data-breach-impacting-million-guests/.
What is digital forensics and incident response (DFIR)? CrowdStrike
. crowdstrike.com. (2021, July 1). Retrieved October 8, 2021, from https://www.crowdstrike.com/cybersecurity-
101/digital-forensics-and-incident-response-dfir/.