COIT20267 Computer Forensic Group Assignment 2

Executive summary The report will analyse the problem of ABC University and investigate suing the computer forensic tools. The implementation of information security and network design is providing benefit to organiza ...

Executive summary The report will analyse the problem of ABC University and investigate suing the computer forensic tools. The implementation of information security and network design is providing benefit to organization however there are several risks to be considered. The threats and risk involved are lack of protection of vital information of organization, staffs and users from various malicious attacks and spam. Digital forensic tools have been used in this case to find out where the spam mail has been sourced from and inappropriate image has been viewed. The overall process requires a methodology and for this report SANS methodology has been used. Finally the recommendation has been developed in order to protect from such issues in the given case in the future. 2Table of Contents 1.0 Introduction...............................................................................................................................5 1.1 Case background..........................................................................................................................5 1.2 Aim and objective........................................................................................................................5 1.3 Report outline..............................................................................................................................5 2.0 Justification of digital forensic methodology...................................................................................6 2.1 Digital forensic.............................................................................................................................6 2.2 Methodology...............................................................................................................................6 2.3 Systematic computer approach...................................................................................................8 3.0 Resources for the investigation........................................................................................................8 3.1 Planning investigation for evidence gathering.............................................................................8 3.2 Forensic workstation and peripheral needed..............................................................................9 3.3 Forensic tools...............................................................................................................................9 3.4 Skills required by team member..................................................................................................9 4.0 Approach of data Acquisition.........................................................................................................11 4.1 Contingency Planning................................................................................................................11 4.2 Tools of Data Acquisition..........................................................................................................11 4.3 Data validation and verification.................................................................................................11 4.4 Data approaches Acquisition for the investigation of different types of Evidence.........................12 4.4.1 Static Analysis:........................................................................................................................12 4.4.2 Live Analysis approaches:.......................................................................................................12 5.0 Forensics investigation Procedures and steps................................................................................13 5.1 Acquiring the Evidences:............................................................................................................13 5.2 Analysis the result:.....................................................................................................................13 5.3 Reporting...................................................................................................................................14 5.4 Validation and verification of Computer Forensics approaches:................................................14 6.1 Forensics Investigation Techniques:...........................................................................................15 6.1.1 Header Analysis:.................................................................................................................15 6.1.2 Bait Tactics:.........................................................................................................................15 6.1.3 Network device investigation:.............................................................................................15 6.1.4 Server Investigation:...........................................................................................................15 6.2 Email and video Forensics tools:................................................................................................16 36.2.1 Email Tracker Pro:...............................................................................................................16 6.2.2 EnCase Forensic:.................................................................................................................16 7.0 Information Security Policies for ABC University............................................................................17 8.0 Recommendations:........................................................................................................................19 9.0 References.....................................................................................................................................20 41.0 Introduction 1.1 Case background The case scenario is about ABC University that is one reputed university in USA all together having 10 campuses located in 5 different states. The university has RFID technology in ID card to access the building. However, university has no deigned firewall system that makes university network unsecured and university also using old version of OS. Now the university has planned to open its branch in India and China. The university has two cases that involved email spam and inappropriate view of image. The case is handed over to professional computer forensic investigator as ABC University has only two members of IT staff. 1.2 Aim and objective: The main aim of the report is to carry out various investigating forensic tools to solve the given case. The investigation uses tools like Encase software and Access data FTK tools. 1.3 Report outline: The report will first discuss about the methodology of computer forensic and how it varies from other techniques. Secondly, the report will discuss about resources and investigation plan as well as workstation and tools to be used in this case. Then the report will describe about the data acquisition followed forensic analysis procedure depending upon the case evidence. Finally, policy for university is developed and recommendation is made for ABC University