Disciplines
- MLA
- APA
- Master's
- Undergraduate
- High School
- PhD
- Harvard
- Biology
- Art
- Drama
- Movies
- Theatre
- Painting
- Music
- Architecture
- Dance
- Design
- History
- American History
- Asian History
- Literature
- Antique Literature
- American Literature
- Asian Literature
- Classic English Literature
- World Literature
- Creative Writing
- English
- Linguistics
- Law
- Criminal Justice
- Legal Issues
- Ethics
- Philosophy
- Religion
- Theology
- Anthropology
- Archaeology
- Economics
- Tourism
- Political Science
- World Affairs
- Psychology
- Sociology
- African-American Studies
- East European Studies
- Latin-American Studies
- Native-American Studies
- West European Studies
- Family and Consumer Science
- Social Issues
- Women and Gender Studies
- Social Work
- Natural Sciences
- Anatomy
- Zoology
- Ecology
- Chemistry
- Pharmacology
- Earth science
- Geography
- Geology
- Astronomy
- Physics
- Agriculture
- Agricultural Studies
- Computer Science
- Internet
- IT Management
- Web Design
- Mathematics
- Business
- Accounting
- Finance
- Investments
- Logistics
- Trade
- Management
- Marketing
- Engineering and Technology
- Engineering
- Technology
- Aeronautics
- Aviation
- Medicine and Health
- Alternative Medicine
- Healthcare
- Nursing
- Nutrition
- Communications and Media
- Advertising
- Communication Strategies
- Journalism
- Public Relations
- Education
- Educational Theories
- Pedagogy
- Teacher's Career
- Statistics
- Chicago/Turabian
- Nature
- Company Analysis
- Sport
- Paintings
- E-commerce
- Holocaust
- Education Theories
- Fashion
- Shakespeare
- Canadian Studies
- Science
- Food Safety
- Relation of Global Warming and Extreme Weather Condition
Paper Types
- Movie Review
- Essay
- Admission Essay
- Annotated Bibliography
- Application Essay
- Article Critique
- Article Review
- Article Writing
- Assessment
- Book Review
- Business Plan
- Business Proposal
- Capstone Project
- Case Study
- Coursework
- Cover Letter
- Creative Essay
- Dissertation
- Dissertation - Abstract
- Dissertation - Conclusion
- Dissertation - Discussion
- Dissertation - Hypothesis
- Dissertation - Introduction
- Dissertation - Literature
- Dissertation - Methodology
- Dissertation - Results
- GCSE Coursework
- Grant Proposal
- Admission Essay
- Annotated Bibliography
- Application Essay
- Article
- Article Critique
- Article Review
- Article Writing
- Assessment
- Book Review
- Business Plan
- Business Proposal
- Capstone Project
- Case Study
- Coursework
- Cover Letter
- Creative Essay
- Dissertation
- Dissertation - Abstract
- Dissertation - Conclusion
- Dissertation - Discussion
- Dissertation - Hypothesis
- Dissertation - Introduction
- Dissertation - Literature
- Dissertation - Methodology
- Dissertation - Results
- Essay
- GCSE Coursework
- Grant Proposal
- Interview
- Lab Report
- Literature Review
- Marketing Plan
- Math Problem
- Movie Analysis
- Movie Review
- Multiple Choice Quiz
- Online Quiz
- Outline
- Personal Statement
- Poem
- Power Point Presentation
- Power Point Presentation With Speaker Notes
- Questionnaire
- Quiz
- Reaction Paper
- Research Paper
- Research Proposal
- Resume
- Speech
- Statistics problem
- SWOT analysis
- Term Paper
- Thesis Paper
- Accounting
- Advertising
- Aeronautics
- African-American Studies
- Agricultural Studies
- Agriculture
- Alternative Medicine
- American History
- American Literature
- Anatomy
- Anthropology
- Antique Literature
- APA
- Archaeology
- Architecture
- Art
- Asian History
- Asian Literature
- Astronomy
- Aviation
- Biology
- Business
- Canadian Studies
- Chemistry
- Chicago/Turabian
- Classic English Literature
- Communication Strategies
- Communications and Media
- Company Analysis
- Computer Science
- Creative Writing
- Criminal Justice
- Dance
- Design
- Drama
- E-commerce
- Earth science
- East European Studies
- Ecology
- Economics
- Education
- Education Theories
- Educational Theories
- Engineering
- Engineering and Technology
- English
- Ethics
- Family and Consumer Science
- Fashion
- Finance
- Food Safety
- Geography
- Geology
- Harvard
- Healthcare
- High School
- History
- Holocaust
- Internet
- Investments
- IT Management
- Journalism
- Latin-American Studies
- Law
- Legal Issues
- Linguistics
- Literature
- Logistics
- Management
- Marketing
- Master's
- Mathematics
- Medicine and Health
- MLA
- Movies
- Music
- Native-American Studies
- Natural Sciences
- Nature
- Nursing
- Nutrition
- Painting
- Paintings
- Pedagogy
- Pharmacology
- PhD
- Philosophy
- Physics
- Political Science
- Psychology
- Public Relations
- Relation of Global Warming and Extreme Weather Condition
- Religion
- Science
- Shakespeare
- Social Issues
- Social Work
- Sociology
- Sport
- Statistics
- Teacher's Career
- Technology
- Theatre
- Theology
- Tourism
- Trade
- Undergraduate
- Web Design
- West European Studies
- Women and Gender Studies
- World Affairs
- World Literature
- Zoology
Advanced Digital Forensic Investigations Unit 2, Essay Example
Hire a Writer for Custom Essay
Use 10% Off Discount: "custom10" in 1 Click 👇
You are free to use it as an inspiration or a source for your own work.
The internet is a powerful medium which over time it has become cyber warfare environment. It is able to accommodate a wide community of users and provide a variety of services. With the presence of numerous users, the internet is transforming into a medium where hackers attack unsuspecting users. These hackers fraudulently obtain the users’ identity, commit compromise a host, and launch malicious attacks on the system. With the launching of attacks of different types, it is important to protect the internet from attacks and generate an appropriate response that can handle the attacks reducing their impact. Network forensics is the science that deals with the capture, recording, and analysis of network traffic for the purposes of carrying out investigations and responding to the incidence. To capture data transferred over the networks there are several tools that one may use. These tools also assist in investigating the presence of an attack or a malicious intent of the intrusions. Network forensics analyses the data logged through the firewalls or intrusion detection systems or network devices like routers. The target of this investigation is to trace back to the source of the attack so that there is prosecution of the cyber criminals.
According to Palmer (2001), network forensics refers to the use of scientifically proven techniques to collect, fuse, examine, identify, analyze and document digital evidence from various digital sources, both transmitting and processing sources. The aim of this process is to uncover facts related to the planned intent of unauthorized activities meant to disrupt, corrupt, or compromise the system. In the course of the actions, there is information provided to assist in the recovery process from the malicious actions.
A generic framework of network forensic analysis is essential. This method deals with network based digital investigation. With the growth of network forensics as an independent discipline, and the fact that it is slowly moving out of digital forensics, it is vital to have a structure for network based digital investigation. A computer forensic investigator is different from a network investigator in terms of the skill level with the attacker. A computer forensic investigator poses expertise tools making him/her at a higher level with the attacker. On the other hand, the network investigator is at the same skill level with the attacker (Berghel, 2003). Therefore, the hacker community highly contributes to the evolving of network forensics. This is with the aim of curbing security attacks and obtaining their source. This is thus the reason behind developing a network forensic analysis framework, which is a different model to computer forensics.
The procedure used in conducting investigations falls in different phases. In each phase there are different tasks performed. The first phase involves preparation and authorization. During this phase, staffs handling all the network tools receive training to ensure maximum and quality work done. This involves collection of adequate evidence that facilitates attribution of the crime. They also obtain authorization to monitor the network traffic and ensure the presence of a well-defined security policy in place. This safeguards the privacy of individuals and the organization. Incorporation of honeynets and network telescopes may also be important to lure attackers, study their behavior, and learn their strategies (Raynal, Berthier, Biondi, & Kaminsky, 2004).
The second phase is the detection of crime. In this phase, there is an observation of alerts generated by security tools indicating the areas of policy violation and security breaching. In case of any unauthorized events noted, they are analyzed. Validation then takes place to assess and confirm the nature of the attack or intrusion. This enables the network investigator make a decision concerning the threat on whether to continue with the investigation or ignore the alert for the case of a false alarm. Collection of evidence and storage takes place at this point.
The next is the incidence response. Initiation of response to the crime occurs basing on the collected facts. The response depends on the type of attack in relation to the legal and organization policies. There is also initiation of a plan of containing future attacks and recovering from the damage. During this phase, investigations on the threat continue to obtain detailed data (Mandia, & Procise, 2003).
The next stage involves the collection of network traces. Collection of traffic data acquired from the sensors occurs. There also has to be reliable tools and procedures set in place to ensure one gathers maximum evidence that causes minimum impact on the victim. There also has to be close monitoring of the network to identify future attacks and to safeguard the integrity of logged data and network events. The system also needs to be very efficient, with a huge memory space. This makes it to be able to hold the huge data traffic that keeps changing with time, and come in different formats.
Backing up of information collected is the next stage. This is the protection and preservation stage. Protection of the data occurs with taking the hash of all the trace data. To prevent tampering of the data, there has to be safety measures kept ensuring accuracy and reliability of the preserved data. It also safeguards the information from unauthorized access and tampering ensuring accurate evidence stored (Perry, 2006).
In the examination stage, integration of the traces collected from the security sensors takes place to facilitate analysis of these data. There is also mapping and time lining of these data carried out to prevent mixing up or lose of the data. There is a classification of the collected information to simplify analyzing and eliminate unnecessary and redundant information. There is also sorting out of the minimal represented attributes so that the least information with the highest probable evidence analyzed.
Analysis of the information is the next stage. Here, searching of evidence in the collected information takes place to extract indications for the crime. The indications are then put in classifications for observations on the attack patterns. The method used in searching and matching the attack patterns is statistical and data mining approach. Collection of the attack patterns takes place, and the attack reconstructed to comprehend the intension and methods used by the attacker. After completing everything, performing validation of the suspicious activity crowns the whole stage.
The evidence collected for the traces identify the attacker and proceedings of the incidence. The difficult task comes in obtaining the actual identity of the attacker as most attackers hide themselves using IP spoofing and stepping stone attack. Stepping-stones are used to compromise systems before the attacker launches an attack. The investigation depends on the type of attack.
Presentation of the collected information to the management then takes place. There is also a systematic documentation provided to support the evidence and explanations made. Conclusions may also be used by the management to grasp easily the findings with interpretation of the statistical data provided. There is a thorough review of the incident with measures laid to prevent future occurrence of the incidence. Digital investigations can then begin with the identification of the attacks. Collection of network races follows preservation of data, as the network data is volatile. Preservation of the physical media is essential with collection of logs done according to an individual’s convenience. There has also to be a thorough investigation for trace back and network based digital evidence. Carrying out analysis of the problem provides direction and the results ought to be correlated to have evidence. The phases in a network forensic exercise are similar to those in digital investigation. The difference comes in the execution of the tasks. Creating an incidence report is not necessary in a digital investigation, as there is nothing done after the completion of an attack.
In conclusion, network based detection systems have the ability to detect symptoms of an attack, and the propagation of malicious software from one system to another. It can also determine the infected systems within the network but it cannot heal the systems or internet traffic. Therefore, there are a number of issues that require addressing. The system needs to carry out fusion of the data collected from various security products in the network. It is also necessary to build up techniques to scrutinize large amount of data and understand the relationship. Identification of useful network events that match attack patterns for investigative requirements is crucial. Analyzing logs and network traces should enable attribution of the attack to a destined source. Lastly, the attacks on new protocols also need investigations. In summary, these shortfalls need argent addressing to bring down network crime rates and trace back perpetuators.
References
Palmer, G. (2001). “A Road Map for Digital Forensic Research,” 1st Digital Forensic Research Workshop, (New York, 2001), 15-30.
Berghel, H. (2003). “The discipline of Internet forensics.” Communications of the ACM. 46 (8). 2003, 15-20.
Raynal, F., Berthier, Y., Biondi, P., & Kaminsky, D. (2004). “Honeypot Forensics Part I: Analyzing the Network, IEEE Security & Privacy.” 2 (4). (Jul – Aug 2004), 72-78.
Perry, S. (2006). “Network forensics and the inside job. Network Security.” 2006, 11-13.
Mandia, K. & Procise, C. (2003). “Incident Response and Computer Forensics.” (Osborne McGraw-Hill, New York, 2003).
Stuck with your Essay?
Get in touch with one of our experts for instant help!
Time is precious
don’t waste it!
writing help!
Plagiarism-free
guarantee
Privacy
guarantee
Secure
checkout
Money back
guarantee