Cse5Cfn Computer Forensics Assignment Sample Answers

Internal Code :
Subject Code : CSE5CFN
University : La Trobe University
Subject Name : IT Computer Science

Forensic Computing in Cyber Security Consultancy

Contents

Question 1.

Question 2.

Question 3.

Question 4.

References.

Question 1

Yes, general computer security professionals should become familiar with forensic computing and digital evidence management. More than that, they should also acquire cybersecurity skillset covering a broad spectrum. It is important in the modern-day business world for general professionals to become experts in specific areas. This is to ensure that businesses can protect themselves from cybercrime with low-cost investments (Casey, 2018). Moreover, there are several reasons for the same:

Cost factor- the digital forensics specialist is a costly resource. For the organizations to hire them and have them on their payroll is a costly affair. Moreover, not all organizations have a continued need for these types of cybersecurity professionals. Many large organizations that are spread across the globe and into multiple different businesses at the same time can afford a full-time digital forensics expert on their payroll. However, other small and medium level organizations prefer to consult with a specialist from time to time on projects. They do this to ensure they do not have to pay a month on month salaries to these specialists.
Demand-Supply Challenge- even though there is less dedicated demand for digital forensics specialists there is still quite a lot of demand for them. at the same time, there are not a lot many of these specialists available in the market. This makes the one currently available niche resource and that leads to companies paying more to acquire their skillset.

Thus, it is not financially viable for companies to hire these resources. Instead, there is an alternate that the companies prefer which is a low-cost solution as well. The companies engage with these specialists and get them to train their current cybersecurity architects or subject matter experts. In this way, the digital forensics specialists are not bound to one specific company, which manages the demand and supply challenge. They can consult for multiple companies on several different projects and that solves the company's challenge of cost element as well.

Similarly, acquiring some broad cybersecurity skills than just a specific skill is beneficial for the employees as well. They can cross skill and upskill themselves on several technologies and grow up in their career. For the companies investing in training will always remain a cheaper alternative to investing in individual skillset resources. In this way, they can have a pool of undergraduate engineers and then cross skill them towards their technology roadmap. In this way which the company is implementing changes in their landscape, a team grown from in house resources can lead and manage the technology stack, without the need to hire outside resources.

The current team who has limited knowledge based on their limited exposure in undergraduate schooling in specific areas of cybersecurity of computer science will find it difficult to manage the cross-skilling and doing regular business unit work at the same time. In this way, the companies can ensure that they are providing enough time for these resources to train themselves and create a plan which is not hampering with their day to day business activities. Some of the employees would need to be guided and motivated as well, to help them understand the benefits that lie for them once they get the right set of skillset and training. The company should invest in employee motivation because inherently this will be beneficial for the organization in the long run.

Question 2

There are several challenges associated with investigations of crimes that are computer-related. The criminals who commit these crimes have a sound technological advantage that works in their favor. As a result, they can perpetuate some of the most technologically advanced levels of crimes without leaving a lot of digital footprints that can be traced back to them. it is the job of the investigators at the cybercrime unit to ensure that they do a deep and thorough analysis of the overall crime to separate the right set of information that can help them catch the cybercriminals. Tracking and finding the right set of evidence, thus, becomes not just critical but also necessary. However, to do so there are several challenges that they need to overcome. These can be on the lines of jurisdiction over the area, expertise in the technology, investigation workflow and processes, etc. (Cohen, 2017). Some of the key challenges have been described in the section below:

Cybercrime investigation kit- most of the cybercrimes require specialized equipment that most law agencies do not have or have but not in the right quantity. This creates a challenge for the investigators. They may not have the right labs, devices, etc. to catch sophisticated criminals and that puts them at a disadvantage.
Technological aspect- in most traditional crimes there are low technological requirements. However, the same is not the case in case of cybercrimes. Cybercrimes are often sophisticated and have some amount of technology involved in it. As a result, the law enforcement agencies have to prioritize which crimes they have to focus on based on the seriousness of it since they lack the required technologically skilled workforce. As a result, many criminals go scout free since they do not get the required focus from the investigators.
Cost Factor: most companies and law enforcement agencies do not have sophisticated digital forensics experts in their payroll. These are costly individuals whose skillsets may be needed on certain specific occasions. As a result, having them on a regular payroll may not be an advisable solution. Therefore, the specialists are consulted by investigators from time to time on a variety of different projects. This is done to ensure that their services are put to best use when there is a need for that.
Time Factor- for a normal investigator in most normal scenarios the time investment that happens with any crime is low. This can be in the duration of days to weeks to a maximum of a few months. They usually end up catching the criminals. However, in the case of cyber investigators, the same is not true. They have to invest a lot of time, from several weeks to months to sometimes years to investigate the cybercrime end to end and look at all possible evidence that is left behind. Most of the evidence is anyways left behind by the criminal so that the investigators are led astray in their search for him. Thus, depending on the nature of the crime, the investment of time required from an investigator's end may be huge.
Process management- in a normal or traditional crime there is a pre-defined set of processes that are followed by the investigators. They usually move tangentially up to the point they feel they have collected all the right sets of evidence and then they present their case to the superiors which are moving in the vertical direction and eventually the case moves to court to manage it from a legal perspective. In the case of cybercrimes, however, there are no predefined processes. Essentially, it is difficult to follow those predefined processes, because everything is dependent on the nature and severity of the crime (Vassilaki, 1995).
Involvement of victims- the law enforcement investigators have to end up working in close collaboration with people whose systems have been hacked, personal data shared, data breach and loss has happened, malware attack happened, etc. Whenever there is an attack at the enterprise level, there are chances that the cybercriminals used the employees of the company to perpetuate the attacks. It becomes challenging for the investigators since most of these employees do not want to involve themselves in these activities.

Question 3

There are several reasons why the staff would need to access data in the Windows environment and turn that into digital evidence. The most common reason is when disgruntled employees leave the organization they are suspected to carry company proprietary data that they feel they have the right or ownership of. This may include documents, source codes, files, presentations, financial information, etc. From a company point of view, this data loss is a breach of their policy and to ensure that the employees or anyone else have taken the data away from the company assets in the company network with the possibility of it getting misused they have to ensure that they have mechanisms in which they can turn this into digital evidence. This can be done using dedicated and sophisticated software that can help the companies in tracking these cybercriminals effectively (Cybercrime Investigations, 2020). The following ways can be leveraged to find digital evidence against the perpetrators:

USB Activity Analysis- it is a very effective way to track the activities of different employees and individuals in general. And USB is also one of the most common ways in which data can be stolen. However, the problem for these people is that a USB leaves a trail of evidence as well. The image below gives indicative information about the type of evidence that can be collected from the USB logs. These logs along with the data transfer markers are enough digital evidence to prove that a theft has happened (Kessler, 2008).
Recent Files Activity- in the Windows OS environment it is very easy to track the last opened files. And this analysis can lead to a possible evidence point in which the investigators can understand the type of files the cybercriminals have opened. In case these files have damaging content, it is easy for the investigators to turn this into digital evidence. This can be clubbed with the USB activity as well. A combination of this can guide the investigators with a high probability of the possibility of them copying what type of files in their USBs.
Cloud Storage- it is possible that there was no USB activity in the system and no critical files were opened as well. However, it is important to investigate the cloud storage as well. The employees may have access to Dropbox, Google Drive, One Drive, etc. on both their work computers and personal computers. As a result, they can simply sync their work devices with the right set of files that they want to download. The staff should also look for cloud activity. It can be easily done; these cloud storage providers keep a log of all the files that have been stored on their systems and there are database tables as well which keep an entry of which file goes where. As w result, the staff has to investigate these logs to find and convert that to digital evidence (TCDI, 2020).
Personal Email- a simple way in which the employees can have access to critical company documents is by uploading them to their email addresses. They can send attachment files, from their work email addresses to their email addresses. The company can take 2 step action of this. First, they have to set a backend policy that the employees would be able to open their emails, but they will not be able to attach anything on it, to avoid the share of information. Also, the other possibility is tracking their emails send activity on a corporate level. Some tools prevent the email to be sent to anyone outside the corporate email addresses. This will prevent people from haring files and information with people outside the system and if they do their email sent activity can be easily tracked and that can be converted to digital evidence (Larson, 2016).
Search History- the company can also put restrictions on a certain type of page that an employee can visit. By doing so they can ensure that the employees in the system do not look at pages that can provide them with information to access data or do data breach. Even if an employee is still able to access that, a simple internet history search can provide that information and that can be turned into digital evidence against him.

Question 4

There are several ways in which Magnet Axiom can be leverage by the staff to process the evidence and convert it to digital evidence for the investigation (Magnet Axiom, 2020). The following ways can be leveraged by using Magnet Axiom:

Processing of evidence- Magnet Axiom helps in acquiring the right kind of evidence. The software can process and analyze information from computer devices, mobile devices, cloud storage, and other types of artifacts. This can be used to process the information which is needed and that can be easily converted to digital evidence on the Magnet Axiom’s platform and that can be generated in various report formats for view.
Examining of evidence- Magnet Axiom also has an advanced and sophisticated algorithm which processes the evidence. This includes processing and analyzing different types of artifacts like search history, browser activity, chat, social networking, email, documents, etc. The tool also has the capability and modules which can help it to navigate the registry of the system by using the built-in SQLite and Plist viewers. The tool also allows for easy and quick filters that can be applied to the data set to focus on the right type of evidence which can be converted into digital evidence.

References

Casey, E. (2018). Experimental design challenges in digital forensics. Digital Investigation, 9(3-4), 167-169. https://doi.org/10.1016/j.diin.2013.02.002

Cohen, F. (2017). Putting the Science in Digital Forensics. Journal of Digital Forensics, Security and Law. Doi: https://doi.org/10.15394/jdfsl.2011.1085

Cybercrime Investigations. (2020). The Challenges of Cybercrime Investigations and Prosecution. Institute of ICT Professionals, Ghana. Retrieved 6 May 2020, from https://iipgh.org/the-challenges-of-cybercrime-investigations-and-prosecution/.

Kessler, G. (2008). Book Review: Challenges to Digital Forensic Evidence. Journal of Digital Forensics, Security and Law. Doi: https://doi.org/10.15394/jdfsl.2008.1037

Larson, S. (2016). The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Journal of Digital Forensics, Security and Law. Doi: https://doi.org/10.15394/jdfsl.2014.1165

Magnet Axiom. (2020). Getting Started With Magnet AXIOM - Magnet Forensics. Magnet Forensics. Retrieved 6 May 2020, from https://www.magnetforensics.com/resources/getting-started-magnet-axiom/.

TCDI. (2020). Using Computer Forensics to Investigate Employee Data Theft. TCDI | Computer Forensics | Cybersecurity | Litigation Technology. Retrieved 6 May 2020, from https://www.tcdi.com/computer-forensics-whitepaper-trevor-tucker-joe-anguilano-tim-opsitnick/.

Vassilaki, I. E. (1995). Computer Related Crime-Report on the Activities of the ''European Committee of Experts on Criminal Procedural Law Problems Connected with Information Technology'' of the Council of Europe. Computer Law & Security Review: The International Journal of Technology Law and Practice, 4(11), 210-211.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help