Skip to Content (press Enter/Return)
preview

Security Compromise Assessment

explanatory Essay
181 words
Open Document
181 words
  • Small
  • Normal
  • Large
  • Huge
bookmark

I want to give everyone a heads up on a Security Compromise assessment we are working on with Optiv Security. This type of assessment is not a vulnerability discovery (which we conduct yearly), but instead an effort to determine if we have been compromised, and if so, what type of data loss we might have experienced. As a part of this engagement we will be installing a forensics agent on all servers and workstations. Since there is always a risk when new software is installed, we have been testing small groups of non-critical systems to make sure any issues are dealt with beforehand. So far testing has went well, all of our issues have been communication problems with the agent and we have not seen any negative impact to the systems

In this essay, the author

  • Explains that they are working on a security compromise assessment with optiv security to determine if we have been compromised and what type of data loss we might have experienced.
  • Explains that they will be installing a forensics agent on all servers and workstations, and testing small groups of non-critical systems to make sure any issues are dealt with beforehand.
  • Explains that they are ready to push this out to more critical systems, taking it slow, and will have a back-out plan ready in case an issue does come up.
Get Access
Check Writing Quality
Related
  • explanatory
  • TrueCrypt and Spybot: A Forensic Exploration
    explanatory essay
    Throughout this course many software packages have been discussed as far as their usefulness and application in a computer forensics environment. I have chosen to write about encryption, as well as anti-spyware software. Specifically I will discuss TrueCrypt and Spybot – Search and Destroy.

    In this essay, the author

    • Explains that they have chosen to write about encryption, as well as anti-spyware software, such as truecrypt and spybot – search and destroy.
    • Explains that truecrypt is a free-available disk encryption package and open-source, which allows independent developers to legally change/modify and/or expand upon the software at their discretion.
    • Explains how truecrypt can be used to provide encryption for sensitive files, as well as provide a layer of privacy.
    • Explains truecrypt has a semi-portable mode, which requires administrative privileges in windows due to driver requirements, and allows the end-user to create hidden operating systems and hidden volumes.
    • Explains that hidden volumes in truecrypt allow the end-user to nest a volume, referred to as the hidden volume inside of the standard volume. a similar concept is used when creating hidden operating-systems.
    • Explains that truecrypt provides support for several encryption algorithms, as well as several hash algorithms in order for the end-user to choose his/her algorithm.
    • Explains that truecrypt provides fast access to encrypted volumes and operating-systems by utilizing parallelization injunction with pipelining.
    • Explains that truecrypt, when implemented properly, can potentially stifle a forensic examiner's investigation completely due to effective encryption techniques.
    • Explains that while truecrypt is an effective encryption package, it does not keep your system safe from spyware that might be accessing encrypted files when you decrypt them. spybot – search and destroy is developed by safer networking ltd.
    • Explains that spybot provides a scanner that will search writable storage media for known spyware and remove all unwanted spyware after scanning. it also adds known malicious websites to the windows hosts file.
    • Explains spybot's advanced mode allows an end-user to specify what types of files that should be scanned for. it provides customization settings for the user interface, as well as language support changes.
    • Explains that spybot also provides advanced users with a shredding tool that can securely shred specified files.
    • Explains that spybot – search and destroy is also available in a portable fashion via the free portable-apps platform.
    • Explains that spybot – search and destroy and truecrypt are effective software packages that are both provided free of charge. however, none are without bugs and quirks, and they cannot be expected to perform properly in all environments.
    1247 words
    Read More
  • The discourse community of Computer Forensic
    explanatory essay
    It is the computer forensics job to look through all of the computer files, even the deleted ones, to see if there are any incriminating files that would prove them guilty. Even reporting them to the jury is one of the jobs that a computer forensic person might have. Not only does this community work closely with eh police force, they can also work within the FBI or a company that uses computers in their business like Apple. Th...

    In this essay, the author

    • Explains that they chose the forensic computer community because of the way it intertwines with the culture and technology of today.
    • Opines that one of the most important parts about this job is that it helps people, probably not in the way most people would like it, but it can help certain people.
    • Explains that the computer forensics job is to look through all computer files, even deleted ones, to see if there are any incriminating files that would prove them guilty.
    • Explains that the community communicates via emails, reports, and meetings. the emails inform the members of the same department of what needs to happen or what is going on if they cannot make it.
    • Explains that computer forensic specialists use a special language that involves computer references and programs that are used with encoding the computer.
    • Explains that there are some conflicts with this community, like if the computer crashes, there might be a chance that you cannot recover after it crashes.
    • Explains that some people have to pay to have files retrieved, which can be difficult when there could be more wrong than just a deleted file. a computer forensics specialist looks at all of your personal files.
    • Explains that ity in this community is the department head, the lead computer forensic specialist, and the years of training required to become a department leader.
    560 words
    Read More
  • Computer Forensics
    explanatory essay
    “Computer forensics is the specialized practice of investigating computer media for the purpose of discovering and analyzing available, deleted, or "hidden" information that may serve as useful evidence in a legal matter. “ (Steen, Hassell 2004)

    In this essay, the author

    • Explains computer forensics is the specialized practice of investigating computer media for the purpose of discovering and analyzing available, deleted, or 'quot;hidden' information that may serve as useful evidence in a legal matter.
    • Explains that computer forensics has become a very important factor of criminal investigations.
    • Describes the various types of espionage, including theft of intellectual property, illegal access to confidential information, and blackmail.
    • Explains the importance of a clone image, which prevents inadvertent damage to the system.
    • Explains that computer forensics is a scientific and reputable form of evidence gathering.
    322 words
    Read More
  • Alternative Arguments For Traditional Prosecution
    explanatory essay
    Britz, Marjie. 2009. Computer forensics and cybercrime: an introduction. Upper Saddle River, N.J.: Pearson Prentice Hall.

    In this essay, the author

    • Explains that the prosecutors have other duties in a court of law besides filing the charges. these duties and strategies include the diversion, deferred sentencing, and pending prosecution.
    • Explains that diversion is a court program that provides with an alternative to the prosecution.
    • Explains that the justice system may set diversion programs in an attempt to achieve its goals, such as the avoidance of negative labeling and stigmatization from the community to the suspects.
    • Describes buzawa, eva schlesinger, evan stark, and friman, hakan and darryl robinson's introduction to international criminal law and procedure.
    1220 words
    Read More
  • What is Digital Forensic?
    explanatory essay
    In our modern society, computers and other digital devices are becoming ubiquitous. In the late 1970’s the number of crimes that involved digital devices and computers has been increasing rapidly. As a result of that, computer experts specified the need for permanently improving digital forensic tools and practices.

    In this essay, the author

    • Explains that criminals leave behind digital evidence that can be recovered by digital forensic experts and tools.
    • Opines that the first responder should follow the appropriate steps to secure the physical evidence from being compromised throughout the documentation.
    • Explains that the computer forensic expert should prevent static electricity from damaging the digital evidence by using antistatic bags and pads with wrist straps. data should be captured and saved from contents of ram, present network connections, logon sessions, network traffic and logs, and open files.
    • Explains that there are many different methods to copy digital evidence, but the two main methods are:
    • Explains that sector copy is a bit-by-bit copy of the original digital evidence and is an accurate duplicate.
    • Explains the purpose of analyzing digital evidence is to recover the data that the suspect has deleted or overwritten files on a disk.
    • Explains that the weakest phase of any digital investigation is the integrity of the data that a computer expert has collected.
    • Explains that as a computer forensic expert, it is important to understand the rules governing chain of custody.
    • Explains that forensic experts should use a chain of evidence form, which is also called evidence custody form. the forms should be simple to read and use.
    • Explains that forensic examiners should be trained when they are conducting an examination on a digital evidence.
    • Recommends paraben company's comprehensive forensic tool kit, which offers affordable and reliable digital analysis for digital investigations.
    • Explains the purpose of the report: to cover data preservation, examination of digital evidence, tools and techniques for data capture, preservation and examination with a list of recommendations.
    • Explains that criminals today have higher levels of computer skills to prevent computer forensics experts to retrieve the evidence. organizations and courts now know the significant need for a convenient digital crime process.
    • Explains that protecting the crime scene is the most significant aspect of evidence collection and preservation. the first responder should document, photograph and obtain digital evidence at the scene.
    • Explains that preservation of evidence means deliberate and specific action taken or caused to be taken with the intention of preventing contamination to, damage, loss, or destruction of, any evidence.
    • Explains how the method creates an accurate image of digital evidence, copying the image to a target disk, which should be the same manufacturer and model as the original.
    • Explains that the computer forensic should only analyze the copy of the digital evidence. prodiscover basic is used to acquire and analyze data from various file systems.
    • Explains that data acquisition is categorized into static and live acquisition. there are three storage formats that a computer forensic acquisition tool can collect data from, which have pros and cons along with some unique features.
    • Describes coffee as a forensic tool kit designed by anthony fung to assist computer experts to extract significant evidence from computers using windows platform.
    2655 words
    Read More
  • Methods in the Coud Computing Environment
    explanatory essay
    As ISO/IEC 27037 addresses the process of how the digital evidences are to be handled but all these processes addresses the traditional digital environment. But as with the development of cloud the scenario has changed a lot. Cloud computing brings new challenges in front of investigators. These challenges may include various issues like virtualization of servers to multiple locations, dependence on CSP for access to logs etc.

    In this essay, the author

    • Explains that application logs will store information about what activity has been performed by these applications, who has used those applications etc. session and ip addresses can be used as evidences.
    • Explains that the service layer provides more interaction level, so it generates more logs such as firewalls, anti-malware, operating systems errors, protocol errors etc.
    • Explains that cloud offers multi-tenancy due to virtualization so it is difficult for investigators to directly collect evidences from the identified objects. acquisition is preferred over collection.
    • Explains the document "mapping the forensic standard iso/iec 27037 to cloud computing" which addresses the issues relating to how to handle evidence in cloud environment.
    • Explains that identification of objects which can be used as potential evidences is the initial stage of investigation, but in case of cloud, this is not so easy.
    • Explains that the cloud provides maximum control to the users upto so probability of gaining exact evidences increases in this service.
    • Explains that preservation will involve steps similar to normal digital environment as evidence is being acquired and processed, but it requires chain of custody to be maintained as the investigation may be performed in multi jurisdictions.
    758 words
    Read More
  • Linux Forensics Tools
    explanatory essay
    Nowadays, most of the web, email, database and fileservers are Linux servers. Linux is a UNIX system which implies that it has solid compatibility, stability and security features. Linux is used for the mentioned environments because these services require high security. Further, an increase of attacks on these servers can be observed. Additionally, the methods to prevent intrusions on Linux machines are insufficient. Further, the analysis of incidents on Linux systems are not considered appropriately (Choi, Savoldi, Gubian, Lee, & Lee, 2008). It can also be observed that a lot of investigators do not have experience with Linux forensics (Altheide, 2004).

    In this essay, the author

    • Explains that linux forensic software includes single tools like file carvers, or comprehensive collections of tools. the sleuth kit is organized according to the different filesystem layers.
    • Explains that tsk does not include tools that operate on the disk layer because it is a filesystem forensic analysis framework.
    • Explains that the volume layer tools (prefix “mm”) analyse the disk partition and its structures. they can find hidden data between partitions.
    • Explains that the data unit layer (prefix "blk") deals with data units where the actual file content is located.
    • Describes how blkls lists all details about the specified data unit and can extract unallocated space of the filesystem.
    • Explains how blkcalc calculates where data from the unallocated space image can be retrieved in the original space.
    • Explains that the metadata layer tools (prefix “i”) are used to work with metadata structures. metadata structures contain information about a file.
    • Explains that journaling is important for forensics because it may contain data that cannot be found in the active filesystem.
    • Explains that the autopsy browser is a graphical frontend for tsk.
    • Explains how scalpel is an open source file carver, designed to use minimal resources and perform file carving as quickly as possible.
    • Describes caine as a linux live distribution with open source tools that support the investigator in four phases of the forensic process.
    • Explains how ling (2013) identified an approach to linux forensics that relies on the default system logs and commands.
    • Explains that process audit logging contains information about the executed commands, used system resources and the user who ran the command.
    • Explains that the linux forensic software's limitations are outlined and the limitations of this research are discussed.
    • Explains that linux is a unix system that has solid compatibility, stability, and security features. however, the methods to prevent intrusions on linux machines are insufficient.
    • Explains that the sleuth kit (tsk) is an improved and extended development of the coroner’s toolkit (tct).
    • Explains that the filesystem tools (prefix "fs") process file system data like layout, allocation structures, and boot blocks. this layer contains only one tool.
    • Explains the tools at the file name layer (prefix "f") are used to process file names.
    • Explains that scalpel is an efficient file carver for linux with high performance and low disk activity.
    • Explains that deft is a free computer forensics linux distribution that is maintained by non-profit organizations. it runs live in the system without interfering with attached devices like hard drives.
    • Explains that ling (2013) identifies different groups of commands that can help in the forensic process. basic system commands like grep and find can do keyword searching in log files.
    • Explains that the results of some tools highly depend on the target filesystem. this is a drawback for forensics because the investigator might not know which file system he is going to investigate.
    • Explains that the research aims to provide a general overview of linux forensic software, but lacks details about the tools. a common evaluation scheme can be applied to compare the different tools
    • Explains that there are many different linux forensic tools available, such as tsk, scalpel, deft, and caine.
    • Cites altheide, carvey, and stephens for their book, "a cognitive walkthrough of autopsy forensic browser".
    2638 words
    Read More
  • Tools in Wide Distribution Computer Forensics in Taiwan
    explanatory essay
    However, what of the inter world? That is where computer forensics comes in, to treat/fix the hole and bring the culprit to justice. Therefore, where software security bring forth prevention, computer forensics, incidence response, calls for treatment. What exactly is computer forensics? It is a toolbox of science, which contains tools and methodologies to recover both passwords and deleted data, to analyze network traffic and logon/logoff times, to snoop and sniff out, as undercover agents do, rotten apples in the barrel. Due to the nature of each incident, the nature of the case may be legal, political, business, or technical oriented. Consequently, one could gather how much a computer means in people's lifestyles nowadays. Nevertheless, computer forensics team (aka: incident response team) are popping up around the world, due to the global nature of the internet, which makes it a lot harder for local law authorities to oversea and prosecute local crimes executed remotely outside the country.

    In this essay, the author

    • Explains how the internet is now available to all computer users around the world, allowing disgruntled groups to pool resources and recruit an army to overthrow the foreign government.
    • Explains that computer forensics is a toolbox of science that contains tools and methodologies to recover both passwords and deleted data, analyze network traffic and logon/logoff times, and snoop and sniff out rotten apples in the barrel.
    • Explains incident response methodology consists of seven components: pre-incident preparation, detection of incidents, initial response, formulate response strategy, investigate the incident, report, and finally, resolution.
    • Explains that pre-incident preparation involves taking actions to prepare the organization and the cert (computer emergency response team) before an incident occurs.
    • Explains that investigators will collect evidences from pertinent hosts, networks, and social environment via traditional and non-traditional means.
    • Argues that people's privacy rights are being violated without their knowledge. ity can trump individual rights when a violation is "suspected."
    • Opines that reporting is an ongoing process, since investigators are humans and tend to forget things. reports have to accurately describe the details of the investigation and be in a language that the decision makers can understand and withstand legal scrutiny.
    • Explains that there are two types of hard drive duplication mechanisms: hardware and software. safeback is a dos driven program that executes upon computer startup.
    • Explains that checksum tools can be used to validate the data collected when transporting from one site to another, and enforce the validity and integrity of the collected data.
    • Explains that the hex editor/reader is a tool that forensic personnel cannot leave home without.
    • Explains that windump5 and snort4 are tools that will upset the wife. they can keep a tab on the sites that the husband goes on late at night.
    • Explains that the smarter husband clears the cache on the browser before logging off, but his wife has a set of tools: galleta4 and pasco4. these tools can open and view the details of all the cookies.
    • Explains that ftk4 is a massive storage and organizing program that was made just for this purpose.
    • Opines that the tools are available for downloads both paid and non-paid on the internet for educational purposes, but it is available to everyone, including the not-so-good people in this country and out of the country.
    • Explains that the internet belongs to no one country, person, or thing, so computer forensics becomes a global issue. twcert is responsible for incident responses, vulnerability analysis, security assessment, and security auditing.
    • Explains that a software package called littlebrother allows employers to monitor their workers' internet use based on their browsing habits.
    • Analyzes how the company's alleged excuses for letting the employee go seem to be a lost battle due to the statistics of how court favors the employer.
    • Opines that people who are higher up tend to have more power and they are not subject to the same scrutiny/monitoring because the materials involved may be too sensitive.
    • Opines that computer forensics is something that every country's cert should adapt as a defense measure because they are part of the network-the internet.
    • Opines that it is for the common good that this type of technology continues to develop and mature.
    • Introduces mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains that schulman, miriam, "littlebrother is watching you." issues in ethics - v. 9, n.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    • Explains mandia, kevin, prosise, chris, and pepe, matt. incident response & computer forensics, 2nd.
    4420 words
    Read More
  • Disadvantages Of Digital Forensics
    explanatory essay
    Now let’s look at few tools that are used in the field of digital forensics [1] like disk and data capturing tools, Internet analysis tools, hidden file viewers, deleted email recovery and analysis tools and network traffic analysis tools.

    In this essay, the author

    • Explains that digital forensics is a widespread technique used in accessing and monitoring remote or local devices and recovering data from the source.
    • Describes the dutch police's digital forensic platform, which uses postgresql to store the data extracted.
    • Explains that these tools can join existing software tools as software modules to help investigators.
    • Explains that x-ways forensics is used for advanced digital investigations. it can read file structure in the systems, detect which files have been deleted, extract mails from various client machines, and authenticate the data.
    • Explains that this technique is used to extract all the registry information and reconstruct data from previous or new versions of the data.
    • Explains that the bulk extractor tool is used to scan images and the files present on the disk. this technique doesn't care about the system structure.
    • Describes the p2 explorer as a useful technique for image mounting. it can be used to process any format of an image.
    • Explains that when a case is being investigated, there are issues to be taken care of. the evidence has to remain unaltered through the course of investigation.
    • Explains that the basic rule states that evidence collected must be able to be produced in courts or elsewhere or it’s a waste of time and money.
    • Opines that the evidence collected must be related to the incident or we cannot prove anything. the investigator must find evidence that can help solve the case.
    • Opines that we should collect evidence that shows that the suspect is responsible for the crime in all ways.
    • Opines that the evidence presented should be clear, easy to understand and believable by a jury. there's no point presenting binary dumps of process memory if the jury has no idea what it all means.
    • Explains that normal file systems allow for data to be hidden from a normal user, but they become visible only when specialized tools are used.
    • Explains that many properties are not documented or poorly documented and some can be used to hide the data present.
    • Explains that attempting to access data stored on a cloud could be difficult. few private organizations offer free storage, data encryption and users confidentiality.
    • Opines that cybercrime has to be taken care of in a few states.
    • Explains that computer forensics techniques are evolving due to technology and trying to overcome the drawbacks it has. there are few models or variations of the models that already exist.
    • Explains the use of write blocking hardware and software for on-site previewing.
    • Describes techniques and tools to examine small devices with embedded computers and memory, such as cellular phones, wrist watches, personal digital assistants, digital cameras, and hybrid devices.
    • Explains that digital forensics is mainly used in investigating the data found on electronic devices.
    • Explains how the field of digital forensics grew from the ad-hoc tools and hobbyist practitioners.
    • Explains that this is used for memory analysis. it can extract information from network sockets and dlls.
    • Describes the five rules that are defined in the evidence's act and must be followed by digital forensic investigators.
    • Explains that digital forensics has been helpful in solving a lot of cases. cybercrimes are fast-moving and the number is increasing day by day.
    1978 words
    Read More
  • Computer Crime Investigations
    explanatory essay
    Carrier, B. D. (2006). Risks of live digital forensic analysis. Communications of the ACM, 49 (2), 56-61.

    In this essay, the author

    • Explains carrier, b. d., risks of live digital forensic analysis, communications of the acm, 49 (2), 56-61.
    • Explains the impact of full disk encryption on digital forensics.
    • Explains that computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device.
    • Explains how the f-response and encryption of hard disks make data collection effective and applicable in a court of law.
    737 words
    Read More
Get Access