StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cybercrime Investigation and Digital Forensics - Assignment Example

Cite this document
Summary
From the paper "Cybercrime Investigation and Digital Forensics" it is clear that health care industries are on the brink of a prospective cybersecurity nightmare. With the drastic emergence of the internet, criminals are provided with a comfortable platform to perpetrate crimes anonymously…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.9% of users find it useful
Cybercrime Investigation and Digital Forensics
Read Text Preview

Extract of sample "Cybercrime Investigation and Digital Forensics"

Cybercrime Investigation and Digital Forensics An Assignment Submitted by Fall Cybercrime Investigation and Digital Forensics Digital identities of people are being threatened by various cyber threats that are becoming more sophisticated day by day. Healthcare sector is not an exemption to this issue. Healthcare industries are transforming due to the increasing advances in technology with maintenance of electronic health records becoming mandatory for improving patient privacy, reducing cost, providing collaborative care, and ensuring high quality of healthcare services (Trobough, 2014). Internet enabled patient monitoring tactics are being introduced by healthcare providers to facilitate easier and better communication between physicians and patients. At the same time, this provides backdoors for hackers to intrude into the healthcare information systems and get access to highly confidential information like patient medical reports, lab results, and other potentially lucrative information like insurance details. When a healthcare industry’s data is being breached, it not only results in financial and reputation crisis to the industry and the specific organization but also causes dramatic effects to the patients depending on the nature of the disclosed data. When such incidents happen, digital forensics renders a helping hand in investigating the potential crime scene with evidences that can be presented for prosecution. This report provides a detailed description about the investigation procedure from a perspective of a cyber forensic company’s lead forensics investigator which would help in identifying and prosecuting a potential breach incident that happened in a healthcare company. Task A To begin with, it would be more appropriate to explain our company’s approach in providing the overall plan for processing the potential crime incident that has occurred in a healthcare company. Our investigation team comprises of security and digital forensic professionals who work in close coherence with highly experienced corporate investigators and well trained background verification team (“Investigating a data breach,” n. d). Whenever data breach incidents happen, our response team would provide complete guidance regarding the post incident proceedings and provide services highly specific to the requirement of the healthcare industry. Our overall planning process comprises of collecting and securing the digital evidences, visualizing indications for data breach using a triage approach, rigorous analysis of evidences, presenting the investigation results for prosecution, and providing remediation for preventing future reoccurrences (Nelson, Phillips & Steuart, 2009). The instant incidence response launched by our company would comprise of briefing and reviewing the facts reported by the members of the security operations center of the healthcare company. Based on this review, we would conduct an interview with the pertinent staff of the healthcare company in order to identify the potential sources digital evidences for the data breach (Nelson, Phillips & Steuart, 2009). The sources of evidence may be database systems, servers, call logs or mobile devices. Extreme care is taken for the preservation of the evidences complying with international standards. Evidences of data breach is collected by highly expertise forensic professional of our company so that it would minimize the risk of data contamination and reinforce the legal acceptability of the evidences collected (“Investigating a data breach,” n. d). Once the evidences are collected, visualizing tools can help to precede a triage based assessment which could help in rapid identification of suspicious activities (“Investigating a data breach,” n. d). The visualizing tools provide information like quantity of documents sent and their file types, time period of access, nature of websites frequently accessed, details of peripheral and mass storage devices attached to the healthcare information system, and others (“Investigating a data breach,” n. d). This approach helps us to prioritize our investigation procedure by facilitating our investigating team to acquire additional information like identifying devices that have accessed the compromised data source recently or devices that transmitted or copied files with analogous data profile. During the triage phase, the investigation team of our company would develop an analysis strategy which would clearly predefine the tools and techniques that would be employed to reveal the evidences related to the data breach incident of the healthcare company. The digital forensic experts would suggest other complimentary exploratory techniques like data mining, investigative interviewing, and others to enhance the accuracy of the investigation procedure (Yusoff, Ismail & Hassan, 2011). Once the evidences confirm the data breach, the healthcare company would approach the court for prosecution of the accused and our company is committed to render full support during the expert testimony for the court requirements. The end reports generated by our investigation procedure can be utilized to act in response to the secure injunctions (“Investigating a data breach,” n. d). The ultimate aim of any investigation procedure is not only to discover the evidences of the scene of crime but also to prevent its future occurrence. Our investigation procedure would clearly identify the potential loop holes of the healthcare company’s network security infrastructure. Though it may not be possible to provide absolute assurance for data security, our security professionals would render expert advice to minimize the future risk of such data breach incidents to the maximum possible extent. Our team’s overall concentration will be on the network flow information, geological locations of IP addresses, user entitlements, and their access levels (Wojno, n. d). This would help us to investigate how the breach incident happened, what systems were involved in the breach process, who are the affected users, what sensitive data was compromised by the breach process, and how to preserve the forensic purity of the evidences collected (Wojno, n. d). Task B In this case of the healthcare company, we were informed that the database administrator of the healthcare company received a strange e-mail from the HR containing a benefits attachment. She reported strange behavior of her system after opening the attachment which was actually blank. So, it is evident that she has received a phishing email with a motive of infecting her system. She has been operating on a Microsoft Windows XP workstation so we can begin the investigation process by imaging her drive which would provide valuable evidences that would help our investigation team to correlate the event data and network flow data. Before beginning the imaging process it is very important to make sure that important files are being backed up because the imaging process should not result in loss of valuable data (Dowler, 2014). In the imaging process, we have to install the new drive into which the database administrator’s drive has to be imaged. We have exclusive software available for the imaging process and it is necessary to install this imaging software to perform the imaging process. We have to carefully select the source drive which has to be imaged and the destination drive to which the source drive information has to be copied (Dowler, 2014). Before the imaging process starts, we can ensure whether all selections are accurately done by verifying the summary report generated by the imaging software (Dowler, 2014). Once the check is over, we can start the run process which would reboot the system enabling the imaging software to run in the disk operating system. Depending on the amount of data to be imaged, the imaging process would take a variable amount of time (Dowler, 2014). After performing repair install of Windows XP, the new drive containing the image of the old drive can be processed for further investigation. Several graphic user interface (GUI) tools like ‘Rootkit Revealer’, ’Tcpview’,’ Process Explorer’, and others can help in further investigation process as they provide information regarding the date and time of system access, stored information in the system memory, users log in details, processes running in the system, open port information, and network connections (Gurjar, 2014). We are using windows based GUI tools because the healthcare company works on windows platform. These tools would greatly help to analyze for potential evidence of infection and modification in the database administrator’s system. We use New Technology File System (NTFS) that consists of the Master File Table (MFT) which maintains records called metadata (Yusoff, Ismail & Hassan, 2011). Metadata provides details about the data. The details about the suspicious attachment file opened from mail by the database administrator can be collected using NTFS. Our investigation team performs windows registry examination to retrieve information about the “Lastwrite” time that provides information about the file modification time in the database administrator’s system (Gurjar, 2014). Next, we examine the ‘autostart’ location which is a location in the windows registry, using which applications can be launched automatically without any authentication process initiated by the user. With the help of the ‘autostart’ function malwares can modify and breach information stored in the system without the knowledge of the system user (Gurjar, 2014). So investigating the windows registry can provide vital source of evidences like redirected web pages, IP addresses of the devices connected to the database administrator’s system, and others which would be very much significant for forensic investigators. Task C Our next phase of investigation includes analysis for potential evidence of infection or modification in the database server of the healthcare company. The database server is the actual location where all the patient related information is stored and maintained. Investigating the database server requires knowledge of database forensics combined network forensics, which is the area of expertise of our company. Network forensics helps to monitor for suspicious traffic and intrusion into the database server (Gurjar, 2014). It is always possible for an intruder to delete all the log related files from the database administrator’s system. So, network based evidence is very essential for forensic analysis. Network analysis also helps to gather information related to data transfer across the network, email communication details, and others (Yusoff, Ismail & Hassan, 2011). Database forensics helps to precede investigations related to the database of the healthcare company because they are the target for the intruders from where they could breach the sensitive data and personal information regarding the patients. We concentrate our investigation on identifying, preserving, and analyzing the data retrieved from the server. Any data retrieval from the database server demands authentication and authorization from the server (Gurjar, 2014). We investigators verify the database’s audit logs that would contain details of the users who were granted permission to access the server earlier. This process would reveal the IP address of the remotely connected systems which have got chances for breaching the data from the server (Gurjar, 2014). Database forensic investigation is the most crucial part of the entire investigation procedure because it facilitates forensic investigators like us to evidently prove or disapprove instances of data breach. The Data Definition Language and Data Managing Language are used for data management within the server (Gurjar, 2014). With the help of specialized tools like Windows forensic tool v1.0.03, we can retrace the operations of the above mentioned languages by customizing the configuration files through implementation of the Database Consistency Checker and Distributed Management View commands (Gurjar, 2014). These commands will gather evidences to prove the data breach of medical records that has happened in the database server of the healthcare company. Task D Our investigation procedure would obviously reveal the intruder’s persistent access to the healthcare company’s database server. Our forensic analysis would explore the weaknesses in the healthcare company’s digital security infrastructure. It also identifies the systems that have been compromised by the intruders attack, identifies details of the sensitive data that has been breached, and identifies the malware that was responsible for the data breach. Once all the details of the crime scene are revealed, one may consider that the role of forensic investigations is over. This does not hold true for our company. We are committed to support all expert testimony court requirements of the healthcare company. We also provide documentation support to record the remediation activities undertaken by the healthcare company in the event of legal proceedings. The forensic report generated by our company’s professionals will answer the following questions. ‘What is the purpose of the report?’, ‘who prepared the report?’, ‘what is the incident summary?’, ‘what are the evidences?’, ‘What analysis methods were used?’, ‘What conclusions were derived?’ and ‘what are the supporting documents?’ (Gurjar, 2014). This report would highlight the evidences in the court and facilitate to collect more relevant and admissible evidences that can be produced in the court during hearings. The report clearly explains the scope of investigation. Our company’s forensic investigators are very well aware of the various types of forensic reporting like verbal report, formal report, written report, and examination plan as per the requirement of jurisdiction needed by the healthcare company (Laykin, 2013). Our investigation reports presented in the court would contain the evidences and facts indicating the data breach that has occurred in the healthcare company and a declaration that would ensure the ethical responsibility of our company. In addition to the evidences presented, our investigators would provide additional documentation that would support the notions of the investigators when we are expected to justify our evidences (Laykin, 2013). So, we can prepare our team to be expert witnesses for the data breach occurred in the healthcare company and thereby rendering support and cooperation in the process of prosecution. Conclusion Health care industries are on the brink of a prospective cyber security nightmare. With the drastic emergence of internet, criminals are provided with a comfortable platform to perpetrate crimes anonymously. Healthcare industries and their security teams face huge vulnerabilities owing to the large number of users, devices, and applications connected to their network. Despite various regulations and network security features incorporated, healthcare industries are struggling hard to protect the integrity of their systems and intellectual properties. So, healthcare industries must embrace a holistic approach towards cyber security, which in way would help them to bridge the gaps in their security infrastructure. This would help them to acquire a contextual insight of various activities that are prevailing on their networks in real time so that they could act swiftly in identifying and preventing threats of data breach thereby building a reliable, cost effectual, and secure healthcare organization. References Dowler, M. (2008, December 23). Beginners guides: cloning WindowsXP. Retrieved from: http://www.pcstats.com/articleview.cfm?articleid=418&page=7 Gurjar, C. (2014). Computer forensics investigation – a case study. Retrieved from: http://resources.infosecinstitute.com/computer-forensics-investigation- case-study/ “Investigating a data breach – IT forensic services.” (n. d). In EY. Retrieved from: http://www.ey.com/Publication/vwLUAssets/EY-Investigating-a-data- breach/$FILE/EY-Investigating-a-data-breach.pdf Laykin, E. (2013). Investigative Computer Forensics: The Practical Guide for Lawyers, Accountants, Investigators, and Business Executives. John Wiley & Sons. Nelson, B., Phillips, A & Steuart, C. (2009). Guide to Computer Forensics and Investigations. Cengage Learning Trobough, J. (2014, November 4). Why cyber security breaches are on rise for Healthcare. Retrieved from: http://healthitsecurity.com/2014/11/04/cybersecurity-breaches-rise-healthcare/ Wojno, J. (n. d). Investigate data breaches. In McAfee. Retrieved from: http://www.mcafee.com/in/resources/technology-blueprints/tb-investigate- data-breaches.pdf Yusoff, Y., Ismail, R & Hassan, Z. (2011). Common Phases of Computer Forensics Investigation Models. International Journal of Computer Science & Information Technology (IJCSIT), 3 (3), 17-31. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Cybercrime Investigation and Digital Forensics Assignment”, n.d.)
Cybercrime Investigation and Digital Forensics Assignment. Retrieved from https://studentshare.org/information-technology/1668461-cybercrime-investigation-and-digital-forensics
(Cybercrime Investigation and Digital Forensics Assignment)
Cybercrime Investigation and Digital Forensics Assignment. https://studentshare.org/information-technology/1668461-cybercrime-investigation-and-digital-forensics.
“Cybercrime Investigation and Digital Forensics Assignment”, n.d. https://studentshare.org/information-technology/1668461-cybercrime-investigation-and-digital-forensics.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cybercrime Investigation and Digital Forensics

National Initiative for Cybersecurity Careers and Studies

Finally, through expanding social collaborations, use of mobile devices and adoption of cloud computing, leaders unknowingly increase their vulnerabilities to digital attacks.... It seeks to bring forth a secure digital nation that would advance the economic prosperity of America and its national security... The framework also provides for the ‘investigation' of breaches, crimes and incidents.... The NICE initiative is an important component of organizations based on the key findings on cybercrime survey in the US by Price Waterhouse Coopers, PWC (2013)....
3 Pages (750 words) Essay

Developing a Partial Risk and Mitigation Plan

Develop a Partial Risk and Mitigation Plan Name: Institution: Develop a Partial Risk and Mitigation Plan The table below shows the risks associated with construction and installation of an ICT center in a college; Risk Rank Risk Title Risk description Probability of occurrence Impact if it occurs First/latest impact 3 Funds mismanagement Failure of the ICT center construction committee to use the allocated funds well may lead to delay in construction of the center....
3 Pages (750 words) Assignment

Computer Science-Information System

1.... There is an obvious contradiction between an employee's right to privacy at work and efforts of a company to protect its information and business.... Sometimes an employee needs to be withdrawn from public (corporate) view; and almost always an employee needs to be sure that personal data collected by a company will be protected and distributed with his/her consent only....
3 Pages (750 words) Essay

Messaging Apps Accusation Via Wireless Connection

This essay "Messaging Apps Accusation Via Wireless Connection" describes a network forensics experiment in which messaging application app behavior is monitored between two devices on the same network; with something that experts call a “sniffer” placed in the network to capture the traffic.... Network forensics can help to discover vulnerabilities, monitor the network traffic, and investigate the sources of these attacks.... Network forensics does not stop the network crime from happening; rather, it helps the law enforcement entity to collocate the required information....
5 Pages (1250 words) Essay

Electronic Crime in the US

"The impact of full disk encryption on digital forensics.... Apart from the basics of computer protection like passwords and firewalls, computer forensics can detect any sound and digital information that may have been routed out or into the computer system.... Cybercrime: digital Cops in a Networked Environment....
1 Pages (250 words) Essay

Cyber Security, Cyber Crime and Cyber Forensic

The author of this assignment "Cyber Security, Cyber Crime and Cyber Forensic" comments on the role of federal agencies in fighting digital crime.... hellip; The safety of the nation on a digital basis entirely depends on the competence and devotion of the Federal agencies in the country.... The Role of Federal Agencies in Fighting digital CrimesQuestion 1 TheUnited States of America among other developed countries are facing escalating war against cybercrimes....
2 Pages (500 words) Assignment

Policing and the Force Control Room

Response and recovery processes should be used by police to conduct an effective initial investigation in an emergency or incident.... Response process includes reaction, rescue and retrieval and investigation phases while recovery process includes relief and remediation phases....
6 Pages (1500 words) Essay

Cybercrime Security Threat

This review is about the cybercrime known as computer crime involves misuse of the internet through a computer on the network.... Due to loss accrued in cybercrime, companies must use hi-tech means to combat the crime.... The crime is commissioned in different ways like; hacking, identity theft, and confidential information theft....
5 Pages (1250 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us