Computer Forensics Investigation Plan for UniCareer Pty. Ltd

Question: Discuss about theComputer Forensics Investigation Plan for UniCareer Pty. Ltd. Answer: Introduction Company background UniCareer Pty. Ltd is a Company based in United States of America. It is a leading educational provider with ability to provide various study qualifications in education industry. Some of the qualifications offered by the company include; OCPJ, CFA, OCAJ, FRM and CCNP. Within its 5 years of establishment, the company is celebrating a huge margin of success in education industry. The company has a population of 25,000 students and 10 campuses within 5 different areas in various states. It employs more than 50 staff members which are involved in various service delivery from within the organization. UniCareer Pty. Ltd has a well surfaced information technology infrastructure which gives a boost to its service delivery taking into account the amount students served and mode of service delivery used. Though organization relies heavily on technological service delivery, it is pathetic UniCareer Pty. Ltd has not updated its technological infrastructure for quite some time. It makes use of both laptops and mac OS in their daily operation of business. Security features related to network including organizational firewalls segmentation have not been updated for some years and is poorly implemented throughout the organizational network covering several states. Security parameters such as intrusion detection and prevention have been set up in the organizational network but does not provide required services to the organization which corresponds to waste of resources. Due to growing industry market, UniCareer Pty. Ltd is facing severe competition from companies such as ABC Pty Ltd and should address security threats arising from its competitors. Objective of the report Recently, there has emerged some claims which poses security threats to organizational industry success. UniCareer Pty. Ltd students and staff members have complained of receiving an email which convinces them to join ABC Pty Ltd, a competing firm in professional education service delivery. This is very serious cyber security threat since all emails received by students should come from the company. Receiving an email requesting them to join competing firm shows there is an access to organizational students and staff database. It would be possible to raise some speculations on the where about of such emails. Since UniCareer Pty. Ltd allows both staff and students to use their laptops and smartphones within organizational network, it might be possible data captured by such devices was used to gain access to organizational network and database. The second scenario focuses on one of organizational employees watching pornographic material within organizational network premises while usin g organizational MacOS computer. This shows poor network security where firewalls filtering has not been done for security of some site access while using UniCareer Pty. Ltd network. The main goal of this report is to come up with forensic plan which would help UniCareer Pty. Ltd. To solve its cyber security threats. The report focuses on detailed and justifiable components of digital forensic investigation plan. First, it gives an introductory approaches on types of forensics available and their justifications. Resources required and available to carry out digital forensic investigation which involves skills possessed by team members, tools within organizational expert reach to support technological needs and security policies as it will be addressed in security policy plan to guide organization in addressing security lapses. Third part of the report would be addressing acquisition plan in forensic investigation which factors; contingency plan, acquisition plan procedures and verif ication and validation procedures. Forensic analysis investigation would be addressed in the proceeding section which would involve analysis of the emails received by both student and staff members and network analysis techniques on security features available as addressed in firewall configuration regarding site access from within and use of organizational network. The last part of report would address both policy formulation, findings and recommendation as required in information system security measures to curtail UniCareer Pty. Ltd cyber security threats. Scope of the report The report has been set up in context of evaluating UniCareer Pty. Ltd current scenario, network and firewall infrastructure setup, procedures in UniCareer Pty. Ltd business operations and other security procedures. Therefore, UniCareer Pty. Ltd organizational scope would cover the two cases in the company to make sure all security aspects are addressed. The report would focus on information system cyber security threats as addressed from two organizational scenarios. Justification of Current Methodology and Computer Forensic Methodologies Digital Forensic Methodologies To come up with solution to cyber security threats, UniCareer Pty. Ltd would be required to come up with forensic evaluation of its system in a bid to determine its storage of data and evaluate how result of the research would be used to secure organizational data. Results obtained from forensic investigation would might be in various form for purpose of coming up with diverse range of evidence which could be used in criminal case proceedings (Maghaireh, 2009). There are three distinct steps which are involved in the process of digital search of evidence. They include; acquisition of data, validation of evidence collected and analysis to ensure it is authentic for use in criminal case proceedings. It is important to make sure forensic research is quite flexible so that it facilitates more ways of collecting required evidence. Methodologies involved in forensic research are; facts restoration technique which is used by researchers to restore data into its original state after informat ion system has been compromised by attackers. To restore data, various restoration procedures are required in order to make process more authentic and acceptable. The process of data restoration take place if organizational information system has been compromised by an incident of cyber attacker such as one evidenced in UniCareer Pty. Ltd. Data recovery procedures makes sure system is brought back into operations once organizational information system has been compromised and its secure operations cannot be guaranteed (Nelson, Phillips Steuart, 2010). Next, organizational network forensics has been used and continue to be one of the major parameters which organizations use for forensic investigations. It serves as one of the best tools to use when organizational network need to be analyzed for forensic evidence. Information data such as network and server logs are used by forensic experts to come up with reports which would be used to mitigate security threats to organization infor mation systems (Kleiman, 2007). Additionally, in cases of events such as UniCareer Pty. Ltd, E mail forensic evaluation would be required since one of the scenarios that led to forensic research is unrecognized email received by both staff and students. Some of the email analysis that should be done include; emails header which can be used to explain the destination of the email, email IP address with intent of collecting computer used to send it, date and time when such an email was sent (Carbone, 2014). Situations where network forensics is useful are spam emails, phishing emails or different malicious emails. Lastly, Digital forensic research can be used as an ideal methodology to carry out forensic research in this case. Altheide Carvey (2011) argues that, both email and analysis of network is very essential because it can be used to dig the proof if any system compromise took place. Steps involved in digital forensic investigations In order to come up with valuable and recognized approach in digital forensic procedures, UniCareer Pty. Ltd may adopt following steps; UniCareer Pty. Ltd may evaluate these two cases through use of forensic investigators so that suitable approach may be taken to solve security lapses. Next, it might require UniCareer Pty. Ltd to develop a demand tick check of list which would be used to facilitate digital forensic research. In addition to that, it can be used to come up with organizational list of resources which would be used in forensics. This resources include personnel, equipment and money. Similarly, UniCareer Pty. Ltd should take risk prevention and elimination procedures which would make it easy for organization to solve its cyber security problems. Lastly, UniCareer Pty. Ltd should make sure organizational data integrity is maintained with all validation procedures being put in to practice. Resources used in collecting Forensic evidence Preparation plan in digital forensic investigation While preparing digital forensic plan for UniCareer Pty. Ltd, subject parties should follow clearly formulated steps which guarantees non-disruption of current business activities and all forensic procedures are done in accordance with the law. Violating any operational procedure in forensic research renders the whole process useless since evidence collected cannot be used in criminal case proceeding. Next, data verification and validation should be involved in the process of forensic research to make sure that, evidence collected conforms to standard set of rules and procedures. Lastly, there is need to come up proper storage mechanisms of storing any forensic evidence so that it can be verifiable and accurate when needed for use. Tools in digital forensic research Meyer (2014) stipulates that, in forensic research, involved parties should be able to choose most suitable and available tools which renders involved parties accuracy and cognizance of the process. It has been proved that, it is forensic research tools which determines the outcome of the research because without relevant tools, it may not be possible for investigators to come dig deeper into analysis of the affected information system. It is upon subject organization to avail required tools, devices and finances because failure to provide such resources would render forensic process ineffective. Important to note is that, tools and devices required range from software and hardware which investigators would use in their process (Jones Valli, 2009). The choice of tools used by forensic researchers determines the kind of results obtained and the nature of attacker to the information system. Skills required by forensic investigators According to (Casey Altheide, 2010), forensic investigation requires a range of skills which are both professional and self-acquired. Forensic investigators should have skills such as interpersonal which helps investigators in solving problems without enduring so many challenges, enable them to work under immense pressure and be creative enough to use locally available tools in maximizing the process of investigation in order to achieve the best outcome. Similarly, there are aspects of technical skills which are acquired professionally and forensic researchers should have them. These skills should be approved through certifications such as network certification which are acquired from various institutions (Ziccardi, 2012). Forensic investigation tools and other peripherals In order to carryout authentic and efficient forensic analysis, researchers should have arrange of tools. There is need for researchers have acquired high speed computers which have more powerful software power to evaluate the nature of system compromise (Davis, Cowen Philipp, 2005). These machines should be provided so that all possible data analysis can be done to unearth any incidence that might have taken place without knowledge of organizational cyber security experts. Forensic Acquisition of evidence Plan for forensic evidence acquisition Forensic evidence acquisition is used as a means of gathering information which could be used to determine the nature of system compromise and extend to which such compromise might have taken place. There are range of tools which could be used to produce information for digital forensic research such a hard disks, servers and network logs. All these media can be mirrored to provide a copy of data which can be analyzed later after incident (Prosise, Mandia McGraw-Hill, 2003). UniCareer Pty. Ltd can make various forms of data acquisition provided they are relevant and can give possible solution in relation to subject scenario. Contingency plan Generally, there are some measures which should be put in place in advance by organization to make sure data can be recovered when organization has been hit by disaster or an attacker. Organizational potential risks that have been reported so far are; watching of pornographic materials while in organizations and while using organizational computers. Possibility of solving such problem is through use of formulation of filtering features from firewalls and implementing strong security measures in the network (Caloyannides, 2001). Given the sort and scope of UniCareer Pty. Ltd cyber security cases, back up plans would surface effectively. Tools used in data Acquisition Set of tools to be used in data acquisition process are dependent on scenario present. In case of UniCareer Pty. Ltd, tools required would majorly be based on network analysis and email evaluation. Network analyzers would be used since the main focus would be on how organizational network was used to watch prohibited and filtered materials. Similarly, email analysis would be done to ascertain staff and students received emails advertising latters competitor. Therefore, one scenario tools cannot be used in another related scenario tools because their nature varies in intensity and mode of occurrence (Cyber Defense Training Systems. Lewis, 2007). Validation and verification of forensic data According to Ec-Council Press (2010), data validation and verification is an important aspect as it guarantees organizational data integrity and consistency is up to date. Compromising UniCareer Pty. Ltd data leaves it in inconsistent state which is against principles of data security. Therefore, validation of data collected as a forensic evidence need to be validate for accuracy and relevant to the event (Newman, 2007). Phase of Forensic Investigation Analyzing hidden data and files Intruders uses different methods to interfere with the system. They may decide to hide data delete data or change it to unreadable form. According to forensic principles, all hidden files need to be analyzed to uncover any proof in it. To uncover the truth in hidden files, vaious equipements need to be made available for analysis (Volonino, Anzaldua Godwin, 2006). According to (Blitz, 2011), all relevant documents should be analyzed in order to make sure required evidence has been solicited. Analysis can be done by evaluating how the file was achieved, manipulation made on data, configuration made on the network and IP address used in accessing a given set of data (Bunting, 2012). Time frame, network and email analysis According to International Council of E-Commerce Consultants (2017), time of event occurrence is very important as it helps in determining who accessed which data and from where. It may also help in determining the number of times organizational system was accessed illegally. To achieve time analysis, data stamps and time frame analysis are the most important aspects to be evaluated (Mohay, 2006). Similarly, both network and email analysis is very important in this case because these are the main aspects through which UniCareer Pty. Ltd was compromised through (Sheetz, 2007). It is only through network that organization can be able to acquire all forensic information relating to its system compromise. Information Security Policies for UniCareer Pty. Ltd In order to make sure organizational information is safe, it is important to formulate additional rules and regulations which might help UniCareer Pty. Ltd to secure its information system. According to Ec-Council Press (2017) UniCareer Pty. Ltd has to set some rules that would help in governing organizational data security. These rules should include; UniCareer Pty. Ltd should implement strong and rapidly updated paswords. Maras (2015) argues that, organizational security parameters should not be exposed to unauthorized parties in order to makes sure operational procedures are availed to relevant users only. Similarly, organizational information system should be designed in such a way that, there is automatic log off after a given period of idle time. Additionally, UniCareer Pty. Ltd should implement strong security features such as firewalls and authentication procedures required to access the system (Clarke IT Governance Publishing, 2010). Lastly, devices such as network servers and network routers should be safely stored in well fenced houses and in secured cabinets to prevent them from unauthorized access. Conclusion and Recommendations Data security has been a major challenge in todays business and there is need to come up measures which would help UniCareer Pty. Ltd to keep its data secure and free from authorize by third party. The main focus has been on implementing digital forensic plan for UniCareer Pty. Ltd which will help in securing its information system from being compromised. A range of activities including data hiding techniques and data recovery procedures has been recommended for secure and accurate retrieval of forensic evidence. Upon evaluation of data security threats that faced UniCareer Pty. Ltd, possible solutions to problems have been suggested to help in determining security lapses that have faced UniCareer Pty. Ltd information system. Besides rules and regulations, various data analysis tools and resources including personnel have been discussed in to detail and relevant skills required by various groups of digital forensic investigators. Having analyzed all various aspects of digital forensi c, it would be worthy to note that, if all aspects are put in place as required, digital forensic would be a success to any subject organization. References Altheide, C., Carvey, H. A. (2011). Digital forensics with open source tools: Using open source platform tools for performing computer forensics on target systems: Windows, Mac, Linux, UNIX, etc. Burlington, MA: Syngress. Blitz, A. (2011). Lab manual for guide to computer forensics and investigations, fourth edition. Boston, MA: Course Technology, Cengage Learning. Bunting, S. (2012). EnCase computer forensics: The official EnCE : EnCase certified examiner s tudy guide. Hoboken, N.J: Wiley. Caloyannides, M. A. (2001). Computer forensics and privacy. Boston: Artech House. Carbone, F. (2014). Computer forensics with FTK. Birmingham, U.K: Packt Pub. Casey, E., Altheide, C. (2010). Handbook of digital forensics and investigation. Burlington, Mass: Academic Press. Clarke, N., It Governance Publishing. (2010). Computer forensics: A pocket guide. Ely, Cambridgeshire: IT Governance Publishing. Cyber Defense Training Systems. Lewis, J. A. (2007). Corporate computer forensics training system text manual. Volume I. Leslie, Mich: Cyber Defense and Research Initiative. Davis, C., Cowen, D., Philipp, A. (2005). Hacking exposed: Computer forensics secrets s olutions. Emeryville: McGraw-Hill/Osborne. Ec-Council Press. (2010). Computer forensics: Investigating data and image files. Clifton Park, NY: Course Technology Cengage Learning. Ec-Council Press. (2017). Computer forensics: Investigating network intrusions and cybercrime. International Council of E-Commerce Consultants. (2017). Investigation Procedures and Response. Jones, A., Valli, C. (2009). Building a digital forensic laboratory: Establishing and managing a successful facility. Burlington, Mass: Butterworth-Heinemann/Syngress Pub. Maghaireh, A. (2009). Jordanian cybercrime investigation: a comparative analysis of search for and seizure of digital evidence, Research Online, pp. 1-36. Maras, M.-H. (2015). Computer forensics: Cybercriminals, laws, and evidence, second edition. Burlington, MA: Jones Bartlett Learning Meyer, T. T. (2014). Careers in computer forensics. New York: Rosen Publishing. Mohay, G. M. (2006). Computer And Intrusion Forensics. Norwood: Artech House. Nelson, B, Phillips, A Steuart, C. (2010). Guide to Computer Forensics and Investigation, Course Technology. Cengage Learning, Boston, MA Newman, R. C. (2007). Computer forensics: Evidence collection and management. Boca Raton, FL: Auerbach Publications. Prosise, C., Mandia, K., McGraw-Hill. (2003). Incident response computer forensics. New York: McGraw-Hill/Osborne. Sheetz, M. (2007). Computer forensics: An essential guide for accountants, lawyers, and managers. New Jersey: John Wiley Sons. The official CHFI study guide (Exam 312-49): For computer hacking forensic investigator. Place of publication not identified: Syngress Volonino, L., Anzaldua, R., Godwin, J. (2006). Computer forensics: Principles and practices. Upper Saddle River, N.J: Pearson Education. Ziccardi, G. (2012). Privacy, sicurezza informatica, computer forensics e investigazioni digitali. Milano: Giuffre?.