Cybersecurity Investigation & Forensic Methodology
In September of 2016: 2024 – Do my homework – Help write my assignment online Yahoo, one of the Internet giants was hit with the report of the most significant data breach in history. The company claimed that a state-sponsored entity orchestrated the attack. During the attack names, dates of birth and emails of over 500 million customers were compromised. During the offense, most of the user passwords had been hashed with the use of robust crypts algorithm. Just in the same year, the company revealed that an earlier attack had compromised over 1 Billion accounts. By October of 2017, the company announced that over the billion users on its platform suffered from the attack (Esteves et al. 2017)
1.) Investigate the crime or the scene of the incident
In conducting an investigation, the typical steps are still taken into account. The questions that one would ask would include:-
Who are potentially the suspects?
What are the crimes that were committed?
When was the time that these crimes occurred?
Are the crimes limited to the US jurisdiction?
What evidence is there to collect?
Where can the digital of physical evidence be collected?
What are the types of physical evidence were involved in the crime?
What are the ways that the evidence can be protected?
2.) Reconstruct the scene or incident
The event might be reconstructed using the evidence that was discovered from the circumstances and the alert logs. From the collected information, it becomes possible to find out the time when the firmware updates took place and then when the ECU was used to the car you the attacks. The process also makes it possible to identify the origin of issued diagnostic requests. In this case, the focus is on the attack code and in the infected firmware since they can provide an important clue on the behavior of the attacker.
3.) Collect the digital evidence, and make a copy of the original data
The most difficult step in the investigation of digital crime is the collection of the evidence. During, after and even before the selection of the data, there is always need for extensive documentation. There is need to have a detailed record and preservation of details including the hardware and software specification and any system used during the process of investigation. It is also important to record the details of the system under study. It is at this stage that there is a close focus on the application of policies that relate to the preservation of the integrity of the data that could potentially become evidence. The known approaches for the conservation of evidence include: the retrieval of the storage devices physically, using boot disks that are controlled; the discs would ensure the successful recovery of the data without damaging other data and ensure functionality, and lastly taking the required steps to acquire the information and ensure that it could be used as evidence (Rajendran & Gopalan, 2016: 2024 – Do my homework – Help write my assignment online).
4.) Analyse the evidence using inductive and deductive forensic tools
For proper examination of the evidence, there is a need to have procedures for retrieving, copying and strong the evidence in the right database should be in place. Investors would often analyze information in specific achieves using a variety of methods. In this case, the analysis would seek to use particular software to search extensive data for keywords. There is also the need to have procedures in place that can be used to retrieve recently deleted information. Data that is tagged with dates is more important since it would help more in the analysis.
An important step in the data analysis would involve the analysis of the file names since, and this could help in knowing when the file was created, uploaded or downloaded. This could play an important role in connecting files to storage devices to online data transfers. The same approach could be used in the reverse since files usually indicate the directory that they are housed. The files in the online databases would often indicate the specific server and computer that they were downloaded from. In this way, the investigators can be able to piece together the various pieces that could help in understanding how the data bridge occurred (Rajendran & Gopalan, 2016: 2024 – Do my homework – Help write my assignment online).
5.) Establish linkages, associations, and reconstructions
Once the information has been collected and , the next step is to establish the association. At this stage, the investigators would work closely with the lawyers and criminal investigators to get a better understating of the nuances of the cases. The focus at this stage is to find out the investigative actions and the types of information that can serve as evidence. This stage would involve the documenting of the information in related hardware and software to be able to find out how the information was accessed. The focus of the investigator is to search for linkages in the access of the system and find out the methods that were used to access the system (Do, et al. 2015 – Research Paper Writing Help Service)
6.) Use the evidence for the prosecution of the perpetrators
Once the information has been well documented, and the linkages found, the investigator would need to work with authorities to find out the culprits and bring them to book. Investigators would need to know the evidence that they could use to pin the suspect and find blame. Digital crimes are often hard to prosecute since it is not often easy to find the relationship between the perpetrators and the crimes. Therefore, there is often a need to work with professionals that understand how crimes such as these take place. There is a need to have an expert in the field of IT that would be able to explain the tiny details of the case and how it happened. Besides, there is a need to work with prosecutors that have a good understanding of causes related to hacking so that they could easily prosecute the case.
The process of collecting information, analyzing the data and finding the linkages in such a case maybe be quite rigorous (Hsiao & Kao, 2017). The biggest challenge comes from the fact there are over 3 billion accounts that were involved in this case. To understand the case, the investigation team would need to go through each of the accounts that might have several files. Therefore, analyzing a single statement might take so much time. However, with the advanced technology the investigators might opt to use the various tools that can help in interpreting the data and finding out the anomalies that happened to each of them the advantages with the devices is that they have the ability of finding out the relationships between the files and thus helping in quickly finding out the capabilities. As the society moves into the future the threats of cyber-attacks are becoming more advanced. Therefore there is the need for investigative agencies to come up with better ways to detect these cases and analyze them.
References
Do, Q., Martini, B., & Choo, K. K. R. (2015 – Research Paper Writing Help Service). A cloud-focused mobile forensics methodology. IEEE Cloud Computing, 2(4), 60-65.
Esteves, J., Ramalho, E., & De Haro, G. (2017). To improve cybersecurity, think like a hacker. MIT Sloan Get research paper samples and course-specific study resources under homework for you course hero writing service – Manage ment Review, 58(3), 71.
Hsiao, S. C., & Kao, D. Y. (2017, May). Differentiating the Investigation Response Process of Cyber Security Incident for LEAs. In Pacific-Asia Workshop on Intelligence and Security Informatics (pp. 34-48). Springer, Cham.
Rajendran, S., & Gopalan, N. P. (2016: 2024 – Do my homework – Help write my assignment online). Mobile Forensic Investigation (MFI) life cycle process for digital data discovery (DDD). In Proceedings of the International Conference on Soft Computing Systems (pp. 393-403). Springer, New Delhi.
