Information and Communication Technology, Essay Example

Incident Response Plan

This is an information age that is driven by technology. Likewise, organizations are reliant on information that is converted into 0s and 1s and is stored and maintained on information systems. As information is residing everywhere in the organization, there is a requirement to evaluate vulnerabilities that are used by threats to compromise systems and networks. Likewise, risk environment for the business is constantly changing, there is a requirement of conducting risk analysis on periodic basis and if there is a major business change. However, incident response plan is essential for any organization, in order to combat threats or incidents. The incident response plan provides incident response phases and documentation associated with information channels for incident that occur within the organization. Channels, roles and responsibilities that  will identify the reporting procedure to authorized personnel along with assessment of an incident, damage and eradication strategy and protecting information that may be an evidence for forensic cases (Incident response plan, n.d ).

Acquisition and Examination (Wireless)

Information and communication technology (ICT) is revolutionizing to provide enhanced communication services to the customers. Personal data assistants are the prime example. Businesses can now benefit from these devices regardless of location of employees. As risk environment is always changing by the leverage of new technologies, there is a requirement of re assessing and re-evaluating procedures that were in the current practices of organizations. In the context of investigating data that is dealing with wireless communication interfaces, authentication and acquisition is essential due to their role in forensic methods and procedures. In case of a PDA, there are two areas that require significant importance i.e. data acquisition and data authentication. Likewise, the rationale for considering them is because they are dependent on transitional storage, which is embedded in every PDA (Computer forensics. n.d).  The transitional storage contains both volatile and non-volatile memories i.e. Random Access Memory (RAM) and Read Only Memory (ROM) and the data associated with acquisition and analysis for processing purposes. Moreover, the operating system and data processing of the PDA do not stop functioning even the PDA is switched off (Computer forensics. n.d). The reason for this is the fact that battery is still connected with the PDA that facilitates PDA to perform these data processing functions. Hence, collecting data for evidence from a wireless device is comparatively difficult to acquire because data contents are continuously changing that may over write data files that may lead to a discovery.

Recommended Practices

As mentioned earlier, PDA do not stops data processing, even it is turned off, it can be called as a ‘push message’ device. The source of getting data is from the antenna that interacts with the base station. Likewise, after getting updates from the station, it over-writes the currently available data with the new one. For example, investigators require emails for any possible clues, they are modified with the new ones and consequently, making life difficult (Computer forensics. n.d). However, there are practices available to counter these issues. Steps are mentioned below:

• The first step will be to turn of the radio from the PDA
• When the acquisition of data starts, PDA should be moved in an isolated location to perform some steps. Investigators will turn on the PDA and in parallel turn the radio off.
• Cross checks on battery should be made for it to be completely charged.
• Via SDK tool, logs will be acquired for possible evidence searching.

• Investigators will than make a replication of the OS image from the PDA
• Acquired data is than examined by the investigation team
• Last step is to dump all the data to the SDK simulator.

Acquisition and Examination (Wired)

For attaining acquisition and examination of data on wired network, recommended practices are mentioned below:

Recommended Practices

For detection and root cause analysis, investigators will execute two processes:

• For targeting the server and client, ‘pcap’ trace analysis
• And for monitoring data, ‘netflow’

HTTP server will be used to perform vulnerability testing, as the web server will execute a separate threat for all queries related to ‘POST’ request on port ‘12345’. Moreover, the web server will process the shell code identical to the original shell code. ‘Wireshark’ will examine and monitor the traffic on the LAN interface. Furthermore, two more tools will be added to the simulation i.e. ‘tftp server’ and ‘tftp client’ (Cert Exercises Handbook – Scribd, n.d.). As the web server is configured on Apache, compatible tools known as ‘exploit’ will also be used (Cert Exercises Handbook – Scribd, n.d.). After incorporating these tools, the steps are mentioned below:

• Stop Apache services
• Initialize web server on Apache
• Initialize modified Scripts
• ‘Pcap’ will generate log files containing IP addresses

Wired and Wireless device Procedures (Conclusion)

Wired and wireless devices do not vary significantly, as the investigation techniques and methods are dependent on technology and they must be trained periodically to cope up with new technologies in the future. The complexity cannot be differentiated between these two different carriers. However, tools make the job easy.

References

Cert Exercises Handbook – Scribd. n.d. Retrieved from http://www.scribd.com/doc/35011748/Cert-Exercises-Handbook

Wireshark Network Analysis. n.d. Retrieved from http://wiresharkbook.com/articlewireshark101.html

Incident response plan, n.d Retrieved 10/8/2011, 2011, from http://www.comptechdoc.org/independent/security/policies/incident-response-plan.html

Computer forensics, n.d Retrieved 10/8/2011, 2011, from http://www.mandarino70.it/