• Internal Code :
  • Subject Code : CSE3CFN
  • University : La Trobe University
  • Subject Name : IT Computer Science

Computer Forensics in Cyber Security

Contents

Question 1

Question 2

Question 3

Question 4

References

Question 1

Digital forensics is essentially a field of study in which defines the overall process that has to be followed in case there is a need of requirement, preservation or documentation of any type of computer evidence from a legal perspective. In the current business world,there is no such thing as an over investment in the cyber security practice. The businesses are ensuring that they are armed up to their teeth with all the right kinds of tools & technology and skilled resources that can safeguard them from breaches and loss of data. The organizations’ feel that data loss and breach is not a factor of “if” but of “when”. Thus, it is critical that IT professionals across the organization have to be aware of forensic computing and digital evidence. And not just knowledge about digital forensics it is also important that the team needs to have a broader cyber security skillset over an above what they have been hired for.

This is because developing these skills in-house is not that expensive, it will require trainings and sessions from third party vendors and a large number of employees will get access to the basics of cyber security skillset and the digital forensics knowledge. However, hiring these skills from outside market pool is going to prove to be a huge cost burden on the company. Since these skills of cyber security and digital forensics are niche in nature and therefore, the people who have these skillsets are also less in number. Therefore, there is a huge demand of these specially skilled resources. Another challenge is that even though the demand is high, but this demand is not of full time roles. This is because not many organizations can afford a cyber security expert and digital forensics specialist on the payroll. Since both these skillsets are very difficult and costly to acquire therefore, the companies in most cases prefer a generalist over a specialist. They, therefore, try and cultivate the in-house team by getting them upskilled and cross skilled on different types of cyber security and digital forensics methodologies. The small investment that goes in upskilling these employees saves a lot of cost in terms of hiring a full time employee on digital forensics and even then not being able to optimally utilize them due to lack of work.

Sean Mason, who is the Director for Security Services at Cisco feels that the organizations who do not feel the need to build an in house team on digital forensics have a misconception. He feels that there based on the current talent pool, there are lesser number of right skilled resources than their need. He also feels that most organizations do not have realized demand of hiring a full time digital forensics specialist and therefore they want someone who is working on other aspects and has knowledge intermediate knowledge if not advanced level of digital forensics as well(Digital Forensics, 2020).

It is agreeable and understandable that managing the other work for which the person is hired for would be the main focus point and managing the cyber security or digital forensics work or the trainings in parallel would be a challenge. A way around for this is that the additional skills can be tied to an individual’s KPIs and KRAs which will generate enough self interest in an individual to learn these new skillsets and work on small to medium level projects with other technically advanced team members.

Question 2

The United Nations as part of the Doha Declaration (Doha Declaration, 2020)have identified some of the key challenges as part of the computer related crimes investigation. These challenges have been captured below:

  1. Challenge of anonymity- leveraging anonymity the cyber criminals can very easily escape from the law. There are several anonymity enabling technologies which is available in the market and that too not at a very high cost. These solutions enable these online perpetrators to mask their identity and conduct the cybercrimes. A possible way of managing the anonymity is by leveraging proxy server. Via a proxy server, the user can access a client system without even revealing his or her identity. This happens by masking the user’s IP address and substituting that with a fake IP address.

  2. Attribution Challenge- this is a process in which for any computer related crime the law tries to map that crime to the right person and / or device which was used to commit the crime. With the popularity of free WIFI and shared network areas like Library, Cafes, etc. it is difficult to understand who perpetrated the attack. It is also difficult to pinpoint the device since leveraging anonymity, the IP addresses can be masked and thus in case of a cybercafé it becomes a challenge to understand who the criminal is.

  3. Traceback process- traceback is a lengthy and a time consuming process with the fact that even after the analysis it is possible that the cybercrime investigator did not reach the right output. As part of this, the perpetrator’s application or event log files are analyzed. As part of the analysis, a lot is dependent on the skill, knowledge and efficiency of the cybercriminal. It is possible that the criminals can ensure that the trace does not lead back to them by leading the event trace back to multiple fake sources instead of a single true source.

  4. Lack of Harmony- there is very little harmony worldwide where it comes to the national cybercrime laws being in sync with the international standards. This provides the criminals of finding loopholes in the system and leverage this to their advantage. The share of information between countries, preservation of the data, global assistance needed on cybercrime matters etc. all are challenges that need to be mitigated while managing the investigations of computer related crimes.

  5. Technical Challenges- even with all the above challenges, there is another trouble that the cybercrime investigators face. This is that of technology. There are many different devices that have their own set of software and technology that is used. And for that there are very specialized tools that are needed to analyze these devices. For the investigator it becomes a challenge to have the skillset on all these different kinds of technologies, There is also a challenge involving the time crunch which will not allow an investigator with enough time to first train themselves on the technology and then use that to conduct computer related crimes.

Question 3

The standard operations that is followed in case of Windows and some of the other leading OS solutions is that the data is marked by pointers. All the files and folders in the system have a pointer which is marked on to them. Whenever a new file is added to the system that means that the pointers which are free and available get the data onboarded. This helps the OS keep a track of which file and folder is present where associating it to the right set of pointers in the system. These are the operations that have been inbuilt in the system and cannot be changed at a user level.In case there is a command of erasing a particular file from the system. In that case, the file in the system is eared and that means that the pointers show that the system can take new data for that particular set of pointers. However, as long as those pointers have not been reloaded with the right set of data these pointers can be used to extract the older data which was stored on it earlier. This is how investigators get access to the data, which is deleted, and they turn the same to digital evidence. Even in case the pointers have new data copied on to them, even then partial recovery of deleted data is possible and again the same can be leveraged as part of the digital evidence. There are many data recovery tools commercially available that can help with this process.

Another way in which the retrieval process happens is by accessing the logs and history files. These provide a great deal of information. This is especially beneficial in cases when the cyber criminal has not deleted the data from his system but has renamed it and stored it in some other folders. This is especially common in case of application folders. Criminals store sensitive information with dubious file names like .txt, .dll, etc. to ensure that they will not be caught by the cybercrime investigator. However, a log analysis will help understand the steps that were followed and that provides a chance to turn these dubious files into digital evidence.

Once the data delete processes happens, the relevant files and folders are first stored in the Recycle Bin of the Windows OS. It is also possible that in many numbers of cases the Recycle Bin has not been cleared and the data is thus, just temporarily deleted. Since Recycle Bin is a temporary folder any information which is residing in the Recycle Bin can be easily accessed and converted into digital evidences(Hoffman, 2020).

Question 4

Magnet Axiom is a tool which enables examination and investigation of the digital forensics data and enable reporting. Magnet Axiom provides 3 tier training to train and certify different corporates on their platform. Their training structure includes classroom led trainings, virtual instructor led, and an online-videos based which the employees can leverage to train themselves based on their need and requirement. This platform essentially helps in a seamless analysis and examination of the captured data.

According to Magnet Axiom’s website the processes in place that Magnet Axiom leverages to ensure that the trained employees are able to find robust digital evidence for a court or some other kind of investigate. These processes allow for acquisition of the images and the right set of evidence from different type of end user devices like smartphones, laptops, computers, etc. Magnet Axiom also uses SSP or Single Stage Processing(Magnet Forensics, 2020). This allows for Magnet Axiom to quickly and easily acquire the right data from an analysis and examination perspective. The goal is to ensure that the investigators reach their goal in a faster duration and the turnaround time is low. Magnet Axiom essentially examines the users’ devices from the file system point of view. This includes examination of the registry, artifact information and other filters, searches, links etc. All the analysis that is done at the tool’s end can be represented in easily customizable reports and that can eb shared at different stakeholders’ level. This allows for a simple yet robust methodology that the team can deploy to ensure that they have court ready digital evidence(Magnet Forensics, 2020).

References

Digital Forensics. (2020). What is Digital Forensics? History, Process, Types, Challenges. Guru99.com. Retrieved 5 May 2020, from https://www.guru99.com/digital-forensics.html.

Doha Declaration. (2020). Cybercrime Module 5 Key Issues: Obstacles to Cybercrime Investigations. Unodc.org. Retrieved 5 May 2020, from https://www.unodc.org/e4j/en/cybercrime/module-5/key-issues/obstacles-to-cybercrime-investigations.html.

Hoffman, C. (2020). Why Deleted Files Can Be Recovered, and How You Can Prevent It. How-To Geek. Retrieved 5 May 2020, from https://www.howtogeek.com/125521/htg-explains-why-deleted-files-can-be-recovered-and-how-you-can-prevent-it/.

Hoffman, K. (2019). Why you need a digital forensics team (and the skills to look for). CSO Online. Retrieved 5 May 2020, from https://www.csoonline.com/article/3332020/why-you-need-a-digital-forensics-team-and-the-skills-to-look-for.html.

Introduction to Magnet AXIOM - Magnet Forensics. Magnet Forensics. (2020). Retrieved 5 May 2020, from https://www.magnetforensics.com/resources/introduction-magnet-axiom/.

Magnet Forensics Training - Build your Expertise | Magnet Forensics. Magnet Forensics. (2020). Retrieved 5 May 2020, from https://www.magnetforensics.com/training-overview/.

Retrieving Digital Evidence: Methods, Techniques and Issues. Forensic Focus - Articles. (2020). Retrieved 5 May 2020, from https://articles.forensicfocus.com/2012/07/11/retrieving-digital-evidence-methods-techniques-and-issues/.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Get It Done! Today

Applicable Time Zone is AEST [Sydney, NSW] (GMT+11)
Not Specific >5000
  • 1,212,718Orders

  • 4.9/5Rating

  • 5,063Experts

"

5 Stars to their Experts for my Assignment Assistance.

There experts have good understanding and knowledge of university guidelines. So, its better if you take their Assistance rather than doing the assignments on your own.

What you will benefit from their service -

I saved my Time (which I utilized for my exam studies) & Money, and my grades were HD (better than my last assignments done by me)

What you will lose using this service -

Absolutely nothing.

Unfortunately, i had only 36 hours to complete my assignment when I realized that it's better to focus on exams and pass this to some experts, and then I came across this website.

Kudos Guys!

Jacob

"

Highlights

  • 21 Step Quality Check
  • 2000+ Ph.D Experts
  • Live Expert Sessions
  • Dedicated App
  • Earn while you Learn with us
  • Confidentiality Agreement
  • Money Back Guarantee
  • Customer Feedback

Just Pay for your Assignment

  • Turnitin Report

    $10.00
  • Proofreading and Editing

    $9.00Per Page
  • Consultation with Expert

    $35.00Per Hour
  • Live Session 1-on-1

    $40.00Per 30 min.
  • Quality Check

    $25.00
  • Total

    Free
  • Let's Start

Get
500 Words Free
on your assignment today

Browse across 1 Million Assignment Samples for Free

Explore MASS
Order Now

Request Callback

Tap to ChatGet instant assignment help

Get 500 Words FREE
Ask your Question
Need Assistance on your
existing assignment order?