Advanced Digital Forensic Investigations Unit 1 IP, Essay Example

The digital world has expanded to new horizons, enabling business to be more dependent on technologies. Today, every medium size or corporate organizations acquire information systems for delivering business automation and business value. Moreover, digitals channels are now a part of organization’s marketing strategy and services. Every organization is curious to make a presence on the web. Financial institutions have now introduced new ways of doing banking online. For instance, banks have introduced online or Internet banking that is considered being value added services for the customers due to its convenience. On the other hand, these value added services that are operational on the web, have many risks associated with them. For instance, hacker or cyber-criminal can retrieve anyone’s user credentials, in order to transfer funds. Moreover, large online transactions can also be interrupted resulting in a major financial loss. Similarly, Internet Service Providers (ISP) provides Internet services to organizations and home users. If the ISP security controls are not adequate, this may result in a system compromise that may affect the home users, as well as the organization. Consequently, organizations need to eliminate or mitigate business risks, as well as technological risks that may affect business value.  In order to prevent or mitigate these risks, organizations may implement forensic tools that may monitor and review semantics related to any incident within the organization. However, the key aspect is to protect organization’s critical assets. If the organization fails to protect them, business value cannot be delivered and hence organization cannot achieve its goals and objectives. There are many tools and methodologies for mitigating risks, threats and vulnerabilities.

IDS is abbreviated as Intrusion Detection System. Network Dictionary defines it as “Intrusion detection system (IDS) is a type of security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and misuse”. However, IDS is now available in several flavors. Two of them are Signature based IDS and Anomaly based IDS. Organizations may choose the best option as per requirements, as the key objective is to protect critical assets. Signature based IDS is not considered to protect the organization’s information assets from any new threat, as it operates on the provided signatures. Whereas, anomaly based IDS monitors the network and reports when an unknown or irrelevant activity is found within the network. Snort was previously a tool that is now converted as IDS. What is Snort? It is defined as “An open source network intrusion detection system (NIDS) that is noted for its effectiveness. Developed by Martin Roesch, Snort can also be used just as a packet logger or packet sniffer” (Snort.2011).

Previously, forensics may not involve computing devices for investigation processes. Today, the involvement of computing devices is stretched to a great extent. People are now dependent on technology and so are organizations. Likewise, today the new term known as digital forensics is on the rise, as it encompasses new tools and methodologies utilizing computing power. Moreover, law enforcement agencies also facilitate investigators by granting access to systems of service providers, in order to detect victim footsteps.  Similarly, in organizations, if any personnel are involved in an internal crime executed from a computer, logs, audit trails and storage devices can provide sufficient data for detecting the source (Computer Forensics – a Critical Need in Computer. (n.d.))

One of the methods of conducting digital forensics is data dictionary extraction via Log miner tool. For instance, if a forensic investigator is examining a log file named as ‘redo’ that is located within similar database, this method can be deployed for sparing ‘redo’ log file or a file named as ‘flat’. However, data extraction of isolated data within the data dictionary is executed by the following command DBMS_LOGMNR_D package. This command is used because it provides several benefits listed below:

• Isolating file extraction of flat files within the data dictionary
• Isolating file extraction of ‘redo’ log files within the data dictionary

Moreover, the command file containing package also provides outcomes related to procedures via a command ‘DBMS_LOGMNR_D’ package. Likewise, the result of the procedure is named as ‘PROCEDURE BUILD’  ‘PROCEDURE SET_TABLESPACE’ and ‘IDENTIFYING REDO LOG FILES’. The Log miner tools will read the files that are located in the ‘redo’ log files, as the information in these log files is a result of extraction of data dictionary (TOO CLEVER FOR WORDS: ORACLE9I LOG MINER – ORACLE, n.d).

Another effective tool that is used by digital forensic practitioners is ‘Windump’. It is a “freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire” (Windump.2007). The objective of this tool is to examine the network activity and generate alerts based on the criteria set. Moreover, the tools is specifically designed for forensic investigation, as it can also examine live broadcasting from any network node that may be infected by malware or virus.

Conclusion and Future Works

We have illustrated the prime importance of digital forensic tools that may enhance network forensic investigation. As these tools and devices have the intelligence to compete with potential threats, they are considered as mandatory for investigating cases and collecting evidences related to crimes executed from computing devices. We have illustrated the methodology of investigating database forensics by a digital forensic tool known as log miner, Snort and Windump. As organizations are curious to make their business process automated, risks related to security incident are also increasing. Therefore, mandate for forensic investigators is increasing (Computer Forensics – a Critical Need in Computer. (n.d.)). .

References

Intrusion detection system. (2007). Network Dictionary, , 258-258.

Snort.(2011). Computer Desktop Encyclopedia, , 1.

Computer Forensics – a Critical Need in Computer. (n.d.). Retrieved from http://www.scribd.com/doc/131838/Computer-Forensics-a-Critical-Need-in-Computer

Too Clever for Words: Oracle9i Log Miner – Oracle. (n.d.). Retrieved from http://blogold.chinaunix.net/u/3787/showart_26417.htm

Windump.(2007). Network Dictionary, , 528-528.