StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Difference between Forensic and Security Evidence - Literature review Example

Cite this document
Summary
The paper "The Difference between Forensic and Security Evidence" concluded all mechanisms required for designing protection are included in security while forensic prompt after an accident. Due to increasing security incidents, there will be more demand for forensic computing professionals.
 
 …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.6% of users find it useful
The Difference between Forensic and Security Evidence
Read Text Preview

Extract of sample "The Difference between Forensic and Security Evidence"

Full Paper Introduction Computer forensic sets the circumstances to lead the law enforcement agencies and corporate security tosubject computers as catalyst for the physical evidence using some forensic techniques which includes analyzing of DNA traces, biometric identification .i.e., figure prints and dental evidence. Modern technology has advances the storage of user data along with different forensic techniques which help the law enforcement agencies to access these data using the features of a person whose data is to access. Computer forensic also helps in investigation of a crime and keeping an eye out for the transgression of organizational policies. The user data can be extracted from personal storage devices like computer hard disk, flash drive, memory cards etc (Computer forensics – a critical need in computer, n.d ) Whenever a person online on internet he/she leaves behind the logs on performed activities. This provides the digital traceability of the person’s activities which he/she has performed on internet by using these logs of visited websites. Flash templates and videos buffered can also be gathered from temporary file of the computer which the person was using. This accessibility to trace the logs, cookies, files and templates can help in analyzing the crime committed computers and may help in providing the strong evidence against the cyber-criminal or hacker. Many users think that after deleing data from hard drive it cannot be traced but there are many techniques and methods by which the deleted data can be recovered. The computer system does not usually thrash the data completely even if it is removed from recycle bin. These files remain alive until it is replaced or overwritten by new data. These methods of tracing can facilitate in forensic investigation to trace down the criminal by investigating the computer system used by the criminal. For instance, during the execution of search warrant of serial killer John Robinson at the residence, law enforcement agencies seize five computers along with badly decomposed two dead bodies (Computer forensics, n.d ). After investigating the computer used by the serial killer John Robinson, it was discovered that he used the internet to find them and then schedule the meeting, after sexual assault they were killed. These facts cannot be gathered with physical evidence techniques and evidence and without computer forensic technique (Computer forensics, n.d ). There are many computer forensic techniques which can be used to trace the criminal but they are usually categorized as two main types: Graphical User Interface (GUI) based and Command Line based Forensic Tools (Conklin 2005). The command line based tools is small and it can be store in Floppy drive while GUI based forensic tools are heavy and slow and store in drives having more space then floppy drive. Moreover, command line based tools have some drawbacks in terms of its limitation to file types i.e., it is not capable of identifying .zip and .cab files. GUI based forensic tools provides graphical user interface which is more user friendly and uses graphical icons unlike command line tools which require a special command to perform each operation. The GUI based forensic tools as only disadvantage that it cannot be saved in floppy drive because of its heavy size (Conklin 2005). An organization must acquire a proactive approach for the threats that may arise which the intranetworking environment of organization and may extract important and sensitive data and information. There are many methods of forensic data acquisition from a network but we will consider the best practice of them. Network-Based Evidence Acquisition Practices Network management is one of the important management functions. Effective network management is only possible through properly configuring the network. Data acquisition is vital management process and it has to be done expertly and skillfully. Likewise, Wireshark should only provide data which may help in generating the reports for the evidence. For instance, in some cases there is the repetition of data transmission and the Wireshark extract the data imprecisely. Therefore, the results will not draw the correct picture which should be the actual result. The data acquisition tools are instructed to detect and process various types of network traffic, additional transmission of traffic to this tool may overload the process and many important packets can be discarded. Moreover, if the tool is designed to save the initial packet to process further, there is the chance of duplication of packets which may result in degradation of packet capture process. Data transmission in a network forms a many to single relationship i.e., data from different interfaces is received and transmit on a single interface. This concludes that the buffer at every interface can be overflow in a switch which can cause packet drop due to congestion and consequently the forensic tool will face packet loss and will generate an incorrect report and metrics. Hence, the best practice to be adopted is that the replicating data should be configured on a port with large buffer size. By adopting this practice will decrease the probability of packet loss that is residing on a switch port and that packet will be appropriately counted. Moreover, this technique is best practice for data acquisition from switch and by integrating required effective method for filtering and customization of data packets. As a result of deploying the best practice and methodologies, it will facilitate the accurate network traffic and perfect metrics, will minimize the required processing power and maximize the data storage capability. Switch Port Analyzer (SPAN) Network dictionary defines Switch Port Analyzer as: “Switched Port Analyzer (SPAN) is a feature of many managed switches that extends the monitoring capabilities of existing network analyzers into a switched Ethernet environment. SPAN mirrors the traffic at one switched segment onto a pre-defined SPAN port. A network analyzer attached to the SPAN port can monitor traffic from any of the other switched ports”. This feature of SPAN port is available in Cisco network devices that provide option to network administrator to copy data traffic from one port (physical layer) of the switch to another. The SPAN ports are configured using source and destination session. The monitor session performs two tasks i.e., monitors destination’s session and source’s session. The monitor source session identifies the present physically on SPAN to copy data and also identifies the direction traffic i.e., TX and RX. The monitor session destination identifies the ports that the SPAN will use for copying data. The Monitor session’s source has three attributes as defined by Expert Data Acquisition Best Practice, these are: Monitor session number: Differentiates the monitor session from any others on the switch. Monitor session source: Specifies the ports or VLANs from which the SPAN will copy data. Monitor session direction: Specifies the monitor session direction: RX, TX, or both (both by default). (Expert data acquisition best practice, n.d) Monitor session source defines the association of Layer 2 (L2) and Layer 3 (L3) ports with the replication of data to the destination. However, at a time both the ports can be used. There are constraints which limits the WAN interface to represent a source port. For example, a good example is ATM interface. Furthermore, best practice says that Ethernet channel ports should not represent as source port and ports cannot be merged with VLAN to be a representative of monitor session source; instead it should be configured as physical port or VLAN. When VLAN is configured as source information, this is called VLAN SPAN. VLAN SPAN includes all the interfaces of the VLAN that can be monitored effectively and efficiently. Destination port caveats: Expert Data Acquisition Best Practice says: A destination port can be any physical port, with release 12.1(13) E and later of Cisco IOS, you can configure the destination port to be a trunk port. This allows you to forward VLAN tags to the data collection device for monitoring purposes. This technique can also be used to filter data leaving the destination port with the “switch port trunk allowed VLAN” command. A destination port can only service a single SPAN session and cannot be an Ether Channel port. A monitor session can have up to 64 destination interfaces (Expert data acquisition best practice, n.d) Port SPAN The environment where access layer switches are installed, Port SPAN allows separate interfaces to b represented as similar sources. The monitoring of session mainly focuses on the connected interfaces of production servers and business critical application servers. The redirecting data to other server is not visible to analyzer and saves bandwidth on SPAN destination by following this best practice. Future of Digital Forensic Investigation The difference between forensic and security was given by Dr. Roy Nutter, during a presentation at Carnegie Mellon University’s CyLab Capacity Building Program. He concluded that all the theories and mechanism required for designing protection and resources are included in security while forensic prompt after an accident. Due to increasing security incidents there will be more demand of forensic computing professionals in future (, Computer forensics). Moreover, there is also a conclusion by Peterson that professional those are related to forensic computing have to deal with highly technical subjects and must have patience like a wildlife photographer with literary skills equivalent to Mark Twain (Computer forensics, n.d ). Reference Switched port analyzer. (2007). Network Dictionary, , 469-470. Expert data acquisition best practice, n.d Retrieved 10/23/2011, 2011, from http://www.scribd.com/doc/53797426/Expert-Data-Acquisition-Best-Practice Computer forensics – a critical need in computer Retrieved 10/23/2011, 2011, from http://www.scribd.com/doc/131838/Computer-Forensics-a-Critical-Need-in-Computer Computer forensics, n.d Retrieved 10/23/2011, 2011, from http://dl.acm.org/citation.cfm?id=1047894 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Computer Forensics 2015 Research Paper Example | Topics and Well Written Essays - 1500 words”, n.d.)
Retrieved de https://studentshare.org/information-technology/1689808-computer-forensics-2015
(Computer Forensics 2015 Research Paper Example | Topics and Well Written Essays - 1500 Words)
https://studentshare.org/information-technology/1689808-computer-forensics-2015.
“Computer Forensics 2015 Research Paper Example | Topics and Well Written Essays - 1500 Words”, n.d. https://studentshare.org/information-technology/1689808-computer-forensics-2015.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Difference between Forensic and Security Evidence

Forensics with UNIX. Prepaid Cell Phones

One of the most common predicaments is the destruction, compromising and ignoring of digital evidence.... Lastly, the evidence must also satisfy the conditions that are set up by the legal tests of acceptability performed on the systems.... om/blog/security/unix-vs-microsoft-windows-how-system-designs-reflect-security-philosophy/4627 Sommer, P 2012, Digital evidence, digital investigations and E-disclosure: A guide to forensic readiness for organizations, security advisers and lawyers, viewed 4 Oct 2012, http://www....
3 Pages (750 words) Essay

Forensic Accounting Case Question (easy)

With the understanding that on Fridays, George, Gwen, Andy and Bob go out for lunch together is enough evidence that there is a close relationship among these individuals.... When conducting such an investigation, it is important to gather enough evidence to give her a good background on the issue.... forensic Accounting Case Study a.... hellip; Although she could use this as an opportunity to prove her expertise in forensic accounting, the manner in which she approaches the situation significantly would determine her success....
4 Pages (1000 words) Essay

Blood Spatter Analysis in Forensic Science

If the analysis is done according to the guidelines, it provides a tremendous amount of information for any forensic evidence.... "Blood is perhaps the most valuable evidence in the world of forensic science because its presence always links the suspect and victim to one another and the crime scene It can provide information such as who struck whom first, in what manner, and how many times.... The recent unprecedented interest in forensic science techniques has increased with media coverage of real scenes and cinema and TV coverage of fictional crime dramas....
6 Pages (1500 words) Essay

Criminal Justice and American Jutice ystem

The American jutice ytem i convoluted and broken, making it almot impoible to prove innocence in the face of circumtantial evidence.... The character of the accued i put on trial to convict a peron rather than direct evidence.... Direct evidence i often lacking; o, in it tead proecutor ue theorie and uppoition to help convict the accued....
8 Pages (2000 words) Essay

Staffs Values and Attitudes towards Patients with Learning Disabilities

Only less than 10% of the learning disabled work and are highly dependent on social security benefits.... Forensic nursing is a specialty of mental health nursing, and has a specific group of skills and interventions developing around patient offending and antisocial behavior in a range of settings from high security to community care (Kettles et al, 2002).... If a person with a learning disability is convicted of a violent crime, he may be considered a forensic patient while the caring for this type of patient has been termed as forensic nursing....
10 Pages (2500 words) Essay

Major Questions in Medicine

The main intent of establishing this laboratory is to investigate on explosive related ANSWER QUE ANSWER QUE What is the difference between a fire and flame?... They help to identify controlled substances, pharmaceuticals, ignitable liquids in debris, thereby providing supporting evidence to ascertain crime.... They include conducting a preliminary evaluation at the scene, exercising scene safety, administering lifesaving efforts and establishing security and control....
2 Pages (500 words) Assignment

Types of Domestic Violence

According to McCue (2008), domestic violence is aggressive behavior at home and psychological mistreatment practices utilized by one individual towards the other partner in a relationship in order to control them.... This can apply to individuals who are either wedded or un-wedded,… Domestic violence can either be criminal or no-criminal....
4 Pages (1000 words) Essay

Advanced Hunting and Content Development

Defenders must then have indicators of compromise (IOC) such that their content identifies methods or numerous pieces of evidence (Orlando 23).... In their attack, offenders use different platforms and phishing techniques while defenders are forced to use such as exploit kit servers such as RSA security Analytics to monitor phishing and other attacks.... RSA security analytics work toward protecting phishing, and suspicious objects, patterns or events using notifications such as warnings, provision of information, and curbing suspicions....
2 Pages (500 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us