Digital Forensic Investigation Assignment Sample

• Subject Name : Digital Forensics

Investigation Plan:

Introduction:

Computer-related technology has become one of an integral part of everyday human life. Moreover, it has been seen that in the present time it is growing rapidly apart from that due to the rise of computer technologies there are various crimes which have been evolved with this kind of Technologies such as financial fraud unauthorised intrusion, there are multiple causes related to identity theft as well as intellectual theft. It is necessary to counteract those computer-related crimes, and for that computer forensics plays an essential role as it involves various kind of Data Collection as well as analysing Digital information use it as evidence in those cases.

Model of Computer Investigation:

It has been seen that there is no single digital forensic investigation model which has been accepted universally; every model has focused on a particular on which the law enforcement works appropriately. It has been seen that there is a basic Digital forensic investigation model, which is known as the fourth step forensic process. this kind of model provides better flexibility than another model so that any organisation can able to adapt any of the suitable models if any situation occurred in the future.

Figure: Forensic Investigation Model

Scope of Investigation:

There is the various scope of investigation which is being followed:

• Identifying malicious activities with respect to 5Ws

• To identify any security lapse in their network

• To evaluate the impact if any of the computer or network system was compromised

• To identify any of the legal procedures if it’s required

• to provide various activities in order to improve their system

Investigation: Legal Challenges

There are numerous legal challenges, which may be faced by the forensic team, which are as follows:

• Required and written permission to conduct the forensic investigation unless there is other response authorisation procedure has been implemented

• To identify the potential issues that can be raised during the improper handling of the investigations which need to be discussed with the legal advisor

• Determining if there is any law enforcement assistant is required and it should be available if there is any case of assistance

Starting Preparation

• Gather all the information required to evaluate the incident

• Identify the impact of the investigation on the business

• Gathering information related to network or computers for any kind of data breach

• Finding an external storage device such as a pen drive or flash drive

• Identifying various forensics tools that can be used in the investigation

• Documenting all the activities of investigation

• Imaging the target device for Data integrity

Collection of Data

Collection phase is one of the first phases of the in which the investigator will identify label record as well as required data from relevant sources by following proper guidelines and procedures. Two Types of data will be collected that will be e volatile data and non-volatile data.

Examination of Data:

If the investigator is able to gather all the evidence, it is required to conduct and proper analysis with the help of Digital forensic investigation tool. Apart from that, there will be an examination of file system Windows registry as well as various database forensic examination.

File System Examination

MFT, which is known as the master file table, also contains various information related to the files and disk. Moreover, the data which records in MFT, also known as metadata. if any users try to delete the data stream and user can retrieve the file by providing a specific command

Windows Registry Examination

Windows registry contains various information related to volatile and non-volatile. This means an investigator must be familiar with each of the functionalities of Windows registry before undergoing any investigation. while investigating any USB removable storage it is required to have proper knowledge related to Windows registry. It has been seen that all the devices which have been connected to the computer will maintain in a computer registry under a specific key “HKEY_LOCAL_MACHINE\System\ControlSet00x\Enum\USBSTOR”. Moreover, by using the highest in the mounted drive, the investigator will get a clue after analysing the device ID content which has been maintained by the registry to know which device has been mounted in the organisation.

Analysis:

It is required to analyse all the evidence which has been gathered and examine. Will look into the data to see any hidden files or an unusual file which has been presented or not. If there is a necessary process which has been run by the suspected employee, the investigator will look if any application has made a request which is unusual. Investigative later will create a for the strategy for Digital forensic investigation like complete analysis of memory, analysis of file system as well as timeline analysis.

Findings:

After the investigation will do them in will provide a summary of the results. In which the investigator will provide information related to the identification of the attacker, persistent remote access to any of the company's computer. Forensic analysis will help the investigator to provide better evidence related to the system which has been compromised. If the attacker compromises some of the arrangements with the help of removable storage, then any of the suspected Malware will be found. moreover, the investigator will be determined that the attacker had proper access to the client system with the help off USB storage or any Malware by providing any kind of appropriate website link for or and payment gateway

Remedial Actions

The investigator will suggest various measures that could be used to reduce the attacks made by the people in order to gain an advantage. Moreover, the investigator will suggest providing better training that will help to increase network security.

Reporting:

At last, the investigator will provide and Digital forensic report that will highlight various evidence to the company moreover it will help for gathering more evidence that can be used in the time of company hearings or it can be used in court hearings.

Conclusion:

Based on the above section, it can be concluded that a proper investigation plan should be conducted with appropriate Digital forensic investigation and Manual investigation by various methods as well as by multiple tools. Moreover, with the help of forensic investigation model, the investigator will conduct the research. Apart from that, it is necessary to prepare the initial steps before starting the investigation

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Digital Forensics Assignment Help