Get a Free E-Book! ($50 Value)
HIRE A WRITER!
Paper Types
Disciplines
Get a Free E-Book! ($50 Value)

Advanced Digital Forensic Investigations Unit 2, Essay Example

Pages: 1

Words: 1497

Essay

The internet is a powerful medium which over time it has become cyber warfare environment. It is able to accommodate a wide community of users and provide a variety of services. With the presence of numerous users, the internet is transforming into a medium where hackers attack unsuspecting users. These hackers fraudulently obtain the users’ identity, commit compromise a host, and launch malicious attacks on the system. With the launching of attacks of different types, it is important to protect the internet from attacks and generate an appropriate response that can handle the attacks reducing their impact. Network forensics is the science that deals with the capture, recording, and analysis of network traffic for the purposes of carrying out investigations and responding to the incidence. To capture data transferred over the networks there are several tools that one may use. These tools also assist in investigating the presence of an attack or a malicious intent of the intrusions. Network forensics analyses the data logged through the firewalls or intrusion detection systems or network devices like routers. The target of this investigation is to trace back to the source of the attack so that there is prosecution of the cyber criminals.

According to Palmer (2001), network forensics refers to the use of scientifically proven techniques to collect, fuse, examine, identify, analyze and document digital evidence from various digital sources, both transmitting and processing sources. The aim of this process is to uncover facts related to the planned intent of unauthorized activities meant to disrupt, corrupt, or compromise the system. In the course of the actions, there is information provided to assist in the recovery process from the malicious actions.

A generic framework of network forensic analysis is essential. This method deals with network based digital investigation. With the growth of network forensics as an independent discipline, and the fact that it is slowly moving out of digital forensics, it is vital to have a structure for network based digital investigation. A computer forensic investigator is different from a network investigator in terms of the skill level with the attacker. A computer forensic investigator poses expertise tools making him/her at a higher level with the attacker. On the other hand, the network investigator is at the same skill level with the attacker (Berghel, 2003). Therefore, the hacker community highly contributes to the evolving of network forensics. This is with the aim of curbing security attacks and obtaining their source. This is thus the reason behind developing a network forensic analysis framework, which is a different model to computer forensics.

The procedure used in conducting investigations falls in different phases. In each phase there are different tasks performed. The first phase involves preparation and authorization. During this phase, staffs handling all the network tools receive training to ensure maximum and quality work done. This involves collection of adequate evidence that facilitates attribution of the crime. They also obtain authorization to monitor the network traffic and ensure the presence of a well-defined security policy in place. This safeguards the privacy of individuals and the organization. Incorporation of honeynets and network telescopes may also be important to lure attackers, study their behavior, and learn their strategies (Raynal, Berthier, Biondi, & Kaminsky, 2004).

The second phase is the detection of crime. In this phase, there is an observation of alerts generated by security tools indicating the areas of policy violation and security breaching. In case of any unauthorized events noted, they are analyzed. Validation then takes place to assess and confirm the nature of the attack or intrusion. This enables the network investigator make a decision concerning the threat on whether to continue with the investigation or ignore the alert for the case of a false alarm. Collection of evidence and storage takes place at this point.

The next is the incidence response. Initiation of response to the crime occurs basing on the collected facts. The response depends on the type of attack in relation to the legal and organization policies. There is also initiation of a plan of containing future attacks and recovering from the damage. During this phase, investigations on the threat continue to obtain detailed data (Mandia, & Procise, 2003).

The next stage involves the collection of network traces. Collection of traffic data acquired from the sensors occurs. There also has to be reliable tools and procedures set in place to ensure one gathers maximum evidence that causes minimum impact on the victim. There also has to be close monitoring of the network to identify future attacks and to safeguard the integrity of logged data and network events. The system also needs to be very efficient, with a huge memory space. This makes it to be able to hold the huge data traffic that keeps changing with time, and come in different formats.

Backing up of information collected is the next stage. This is the protection and preservation stage. Protection of the data occurs with taking the hash of all the trace data. To prevent tampering of the data, there has to be safety measures kept ensuring accuracy and reliability of the preserved data. It also safeguards the information from unauthorized access and tampering ensuring accurate evidence stored (Perry, 2006).

In the examination stage, integration of the traces collected from the security sensors takes place to facilitate analysis of these data. There is also mapping and time lining of these data carried out to prevent mixing up or lose of the data. There is a classification of the collected information to simplify analyzing and eliminate unnecessary and redundant information. There is also sorting out of the minimal represented attributes so that the least information with the highest probable evidence analyzed.

Analysis of the information is the next stage. Here, searching of evidence in the collected information takes place to extract indications for the crime. The indications are then put in classifications for observations on the attack patterns. The method used in searching and matching the attack patterns is statistical and data mining approach. Collection of the attack patterns takes place, and the attack reconstructed to comprehend the intension and methods used by the attacker. After completing everything, performing validation of the suspicious activity crowns the whole stage.

The evidence collected for the traces identify the attacker and proceedings of the incidence. The difficult task comes in obtaining the actual identity of the attacker as most attackers hide themselves using IP spoofing and stepping stone attack. Stepping-stones are used to compromise systems before the attacker launches an attack. The investigation depends on the type of attack.

Presentation of the collected information to the management then takes place. There is also a systematic documentation provided to support the evidence and explanations made. Conclusions may also be used by the management to grasp easily the findings with interpretation of the statistical data provided. There is a thorough review of the incident with measures laid to prevent future occurrence of the incidence. Digital investigations can then begin with the identification of the attacks. Collection of network races follows preservation of data, as the network data is volatile. Preservation of the physical media is essential with collection of logs done according to an individual’s convenience. There has also to be a thorough investigation for trace back and network based digital evidence. Carrying out analysis of the problem provides direction and the results ought to be correlated to have evidence. The phases in a network forensic exercise are similar to those in digital investigation. The difference comes in the execution of the tasks. Creating an incidence report is not necessary in a digital investigation, as there is nothing done after the completion of an attack.

In conclusion, network based detection systems have the ability to detect symptoms of an attack, and the propagation of malicious software from one system to another. It can also determine the infected systems within the network but it cannot heal the systems or internet traffic. Therefore, there are a number of issues that require addressing. The system needs to carry out fusion of the data collected from various security products in the network. It is also necessary to build up techniques to scrutinize large amount of data and understand the relationship. Identification of useful network events that match attack patterns for investigative requirements is crucial. Analyzing logs and network traces should enable attribution of the attack to a destined source. Lastly, the attacks on new protocols also need investigations. In summary, these shortfalls need argent addressing to bring down network crime rates and trace back perpetuators.

References

Palmer, G. (2001). “A Road Map for Digital Forensic Research,” 1st Digital Forensic Research Workshop, (New York, 2001), 15-30.

Berghel, H. (2003). “The discipline of Internet forensics.” Communications of the ACM. 46 (8). 2003, 15-20.

Raynal, F., Berthier, Y., Biondi, P., & Kaminsky, D. (2004). “Honeypot Forensics Part I:  Analyzing the Network, IEEE Security & Privacy.” 2 (4). (Jul – Aug 2004), 72-78.

Perry, S. (2006). “Network forensics and the inside job. Network Security.” 2006, 11-13.

Mandia, K. & Procise, C. (2003). “Incident Response and Computer Forensics.” (Osborne McGraw-Hill, New York, 2003).

Time is precious

Time is precious

don’t waste it!

Get instant essay
writing help!
Get instant essay writing help!
Plagiarism-free guarantee

Plagiarism-free
guarantee

Privacy guarantee

Privacy
guarantee

Secure checkout

Secure
checkout

Money back guarantee

Money back
guarantee

Related Essay Samples & Examples

Research Methodology, Essay Example

Sharing and exchange information is a relatively new phenomenon in the field of information science. Which the best methods could be applied for data collection [...]

Pages: 1

Words: 3371

Essay

Facilitation and Counseling Techniques, Essay Example

In the field of psychology, it is common for people to want and need counselling, and this can be for various reasons, depending on the [...]

Pages: 1

Words: 1142

Essay

Stock Holder Valuation, Essay Example

Business managements could develop stock holder campaign among employees through giving them good choices of programs which they could enroll to. Allowing them to see [...]

Pages: 1

Words: 351

Essay

Information Theory and Design, Essay Example

Individuals’ behavior for information sharing and exchanging will be guided by personal characteristics and the environment they are in. and there are many information behavior [...]

Pages: 1

Words: 2429

Essay

Information and Behavior, Essay Example

Summarize collaborative information behavior (CIB) studies conducted in different disciplines, such as health science, technology, and business. Discuss the differences and similarities among them? What [...]

Pages: 1

Words: 3230

Essay

Elisenda and the Angel, Essay Example

One of the most important measures of human beings can be found in their values. People behave according to what is important to them and [...]

Pages: 1

Words: 816

Essay

Research Methodology, Essay Example

Sharing and exchange information is a relatively new phenomenon in the field of information science. Which the best methods could be applied for data collection [...]

Pages: 1

Words: 3371

Essay

Facilitation and Counseling Techniques, Essay Example

In the field of psychology, it is common for people to want and need counselling, and this can be for various reasons, depending on the [...]

Pages: 1

Words: 1142

Essay

Stock Holder Valuation, Essay Example

Business managements could develop stock holder campaign among employees through giving them good choices of programs which they could enroll to. Allowing them to see [...]

Pages: 1

Words: 351

Essay

Information Theory and Design, Essay Example

Individuals’ behavior for information sharing and exchanging will be guided by personal characteristics and the environment they are in. and there are many information behavior [...]

Pages: 1

Words: 2429

Essay

Information and Behavior, Essay Example

Summarize collaborative information behavior (CIB) studies conducted in different disciplines, such as health science, technology, and business. Discuss the differences and similarities among them? What [...]

Pages: 1

Words: 3230

Essay

Elisenda and the Angel, Essay Example

One of the most important measures of human beings can be found in their values. People behave according to what is important to them and [...]

Pages: 1

Words: 816

Essay

Get a Free E-Book ($50 in value)

Get a Free E-Book

How To Write The Best Essay Ever!

How To Write The Best Essay Ever!