Digital Forensics is a branch of computer security and recovery services that deal with the recovering and investigating data in digital devices. This generally occurs when security issues have arisen in an organization or with an individual with the mishandling of intricate or confidential data (Edwards et al. 2017). When a compromise of security, any illegal action or an unauthorized intervention is suspected on the cyberworld, it becomes increasingly essential that the data be protected more intricately. It materializes the level of security compromising and also the location of the position the cybercrime has been committed.
An incident has a life cycle, which follows a particular motion that drives the incident towards attaining a solution (Scott 2015). The system begins with detection of the incident followed by its reporting, initial diagnosis, management actions based on the initial diagnosis, collection of evidence based on the diagnosis, next level of matured diagnosis, actions taken on the matured diagnosis, recovery of business or assets, remedial and civil activities, law enforcement agency activity and criminal and regulatory proceedings based on the incident.
Two cases of risk scenarios would be discussed based on this incident management about acknowledging these cases as incidents and it would then be followed by suggestions regarding anticipatory, incident management and long-term incident response measures.
Risk Scenario 1:
In an organization, if there are numerous computers, which are interconnected to each other and one of the systems goes down, that is if an essential computer system goes down, it has a capability to generate risk from various aspects in the organization. This scenario mainly starts on the initial level as a triggering event that has the potential to harm the data and information system of the organization. The case study would qualify as a scenario with the likely consequences it would bear and the possible reactions it would attain. When a computer system breaks down, it has the potential to harm several other systems that has connections to it. Other than that it has the ability to make the business to become inattentive to responding to queries (Butler 2015). When a computer system breaks down, the revenue systems would easily be affected since there would be no chance that the business organization could respond to the customer and client’s queries, therefore this would hamper the revenue systems as well. The sooner the computer systems make the business unable to respond to queries, the greater chances would be there that the revenue systems would be affected. It depends on the organization structure to make sure how soon the company can recover the losses it has incurred due to the breakdown of the system and in the meantime, what data recovery has been performed.
Anticipatory measures: As an anticipatory measure, it could be suggested that the anticipatory measures could be the various likely triggers for situations, including the times of occurrences of an incident with a potential to incur revenue blockage in the organization. Therefore, in this case scenario, it is essential that regular checking is to be done of all the systems in the organization holding intricate information. The times the system falters needs reporting of the same to the concerned authorities. In addition, it should be monitored if the faults in the system are creating any sort of monetary blockage of incoming revenues in the organization. It is suggested that the incident be checked thoroughly for any analysis of the desirable evidences (Banach et al. 2017). The analysis should then be compared with the current situation of the incident and what are the deficiencies in the incidents that have been identified. Any kind of documentation or further monitoring of the system problems are highly recommended in this incident since it has a potential to make out the point that might have been missed in the first analyzing factor. It is then advised that there should be a proper backup taken of the entire archiving procedures with the facilities providing proper evidences about the incident. The evidenIN3033 Digital forensics: Incidents and Incident Response Measuresces that are collected in this process should be collected and preserved in a specific manner affiliated by a policy written as a part of the organization incident management structure. Therefore, it can also be said that incident management of this incident requires that a company should have a procedure or policy describing in which way evidences for an incident be collected and preserved. This should be maintained by an incident management team predefined and specialized for handling these incidents.
Incident Management: In this case scenario, incident management measures should follow a specific working structure to be effective as a measure taken to find solution for events. This would be done firstly by immediate reporting of the first occurrence of any suspicious faults noticed in the system, for instance, flickering of the screen, random shutting down of system, and others (Ngampornsukswadi et al. 2018). Initial diagnosis is to be maintained by an individual, however, every employee in the organization should have a clear discretion of whom to report if they happen to witness any sort of gaffe in the computers. The situation should then be handled by an expert with sound knowledge of his or her diagnostic skills. Not just this, but an IT expert should also check thoroughly through the matter to find out if the problems in the systems are being exaggerated or not.
Long-term Incident Response Measures: As a matter of long-term incident response measure it could be implemented that after the analysis of the systems in the organization the sole strategy to respond to the incidents could be by documenting the entire event for further incident occurrences like this. The proper documentation and incident analysis leads to having reference for similar occurrences. The IT expert, who would be responsible to analyze the entire issue, can use this reference further for all the incidences like this that occurs in the business timeline (Montasari, Peltola and Carpenter 2016). Any inconveniences noticed are suggested to be documented in the same way so that these could also be treated as a reference to the upcoming incidents similar to the incidents that have been faced by the organization before. There is no chance that any detailed and documented issue cannot be treated as an incident management program for the long run.
Risk Scenario 2:
This scenario states that a company website had been hacked for a company providing service to its clients by taking their personal information, such as credit reports, and helping them in checking their credit report as well as the credit grantors to decide the offering range of products and services to the customers. The hacking had resulted in breaching the data of millions of customers and leaking out their personal information over a website causing the publication of intricate and private data of common mass (Chawki et al. 2015). This scenario is identified as an incident. This incident had made the company lose its evaluation revenue and also make the clients grow disregard for the organization as well.
Anticipatory measures: As an anticipatory measure, it could be suggested that in an organization, the team required to check for the security of the data reported any trivial issue about the data scanning being held from somewhere other than the organization itself. This could be acquired by the proper checking of the data being accessed from various sources by checking their IPs (Taylor 2016). This would easily analyze that there is a chance that the data could be breached or has been breached.
Incident Management: It is suggested that the incident regarding the data breach in this scenario be managed by a team responsible in handling the security of the data and information produced by the company that scanned over the entire customer data. The incident is then managed over the security system handling by making sure that all permeable aspects of data security system be handled well making the security system impermeable to the hackers. This is because making the data and security system vulnerable to the hackers would demand the authenticity of the organization to the clients (Karagiannopoulos 2016). This would eventually result in the clients to lose the trust it has on the organization. In addition, the organization should also adapt to documenting the entire incident into a proper and systematic manner. This would enable the IT experts responsible to handle the issue in referring the documents for any further reoccurrence of the incident.
Long-term Incident Response Measures: As a long-term Incident Response, it is advised that the company arranged for security systems much reliable than the traditional version if the old version did not justify the needs in securing data of the organization (Watson and Dehghantanha 2016). In addition, the documentation for the previous incidences would work as the references for these issues that have been in vogue in the previous cases as well.
Background of the case: The case study that has been presented in this regard is the scenario including two people Alice and Bob. Alice and Bob are friends and therefore, as a favor, Alice had asked Bob to access her personal Gmail account from an open browser on her laptop and send a quick email. It is to be further clarified if the act has been an offense or an academic misconduct and if it qualifies as an offense then if anyone amongst Alice or Bob should be held as the primary offender. In addition to that, the following would include information about the law the offence and the conditions that make it belong under UK legislation (Feng, Dawam and Amin 2017). The entire scenario with these explanations would contain the acknowledgement of the event and the probable solution of lawfully preventing the matter.
Reasons behind the situation being an offense or an academic misconduct: The following situation describes a scenario where two friends Alice and Bob had been in a situation where Alice, being a friend of Bob, had asked him to access her personal Gmail account with the help of an open browser to check and send an email quickly. Analyzing the situation, it could be said that the entire incident is regarded as an offense. The incident is not just an academic misconduct but also it is a legal offense (Holt, Bossler and Seigfried-Spellar 2015). This is because, emailing through someone else’s profile implies that the person is impersonating another person, which is ethically incorrect due to unauthorized access. On Alice’s part as well, there have been several misconducts. These are, keeping the browser open on her computer, which is ethically incorrect since anybody could barge into her personal details through this with or without her permission. Again, there could be other obligations as well in this regard. The matter is not clear if her Gmail account has never been logged off of or the account username or passwords may have been transferred to Bob over the phone since there is evidence that she has contacted Bob over the phone to instruct sending the mail. In both the cases, her conduct is lawfully illegal as per ICT and UK legislations (Conti et al. 2018). Bob has impersonated as Alice to send the mail. Alice had also made mistakes by keeping her browser open and instructing Bob to send the mail posing as her. In both the cases the misconducts have been severe. Therefore, the actions can be regarded as committing an offense.
Finding the actual offender: After analyzing the entire case, it could be said that the misconducts that Bob has done is wrong but comparatively high on the scale of offense that Alice has committed. She has, although unintentionally, left open her computer with her browser being on and took the advantage of Bob being her friend to make him log into her Gmail account to send a quick email. This obviously made Bob be an offender as he impersonated or pretended to be Alice while sending the mail, but also it can be taken into account that Alice had made him conduct the same (Garfinkel 2015). Alice had conducted a series of mistake in this regard. Firstly, she left for the university keeping her browser open. Secondly, she had asked her friend to log into her personal account in an unethical way and also quickly reply to a mail after checking it. He was compelled by his friend to impersonate as her while sending an email which is a legal offense. However, agreeing to the task and conducting the mistake was completely on own discretion. He could have declined to offer Alice the help with conducting this unethical act. Therefore, it can be said that Bob is an offender in this regard.
Reasons for appropriate UK legislation applicable in the scenario: These actions fall under the Computer Misuse Act 1990: S1 Unauthorized Access to Computer Material (Alharbi, Weber-Jahnke and Traore 2015). This legislation clears that it is regarded an offence if a computer is used by a person to perform any function that result into impersonating someone else or trying to gain unauthorized access over someone else’s personal account information and private data. This can be also considered or referred to as hacking. However, this would provide the need of proof to justify the fact that the person accessing someone else’s profile is an unauthorized access. If found and proven guilty, this legislation would even make a person summon to imprisonment of 6 months or as per the English decisions of law, is eligible for a Level V fine. In this case, Bob had conducted the crime on account of helping his friend Alice to send a mail (Yusoff, Ismail and Hassan 2017). However, as per general discretion, he should have declined the request knowing the fact that accessing someone else’s profile is legally unethical. The only condition to summon Bob as guilty in this scenario is by proving the fact that he has trespassed Alice’s private information system in an unethical and illegal manner. A phone call from her friend Alice would not qualify as a permission to barge into her computer to access her account as unauthorized personnel.
Legislation and Regulations that affects development of penetration testing tools: There is confusion in the clarifications between scanning of vulnerability and testing penetration. Penetration testing is about checking whether a computer system is vulnerable to impending security attacks in the long run of the system. This is generally done by organizations to check if the security systems used by the organizations are permeable by hackers or not (Casey 2015). On the other hand, penetration tools provide unauthorized access that typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (Lillard 2014). However, the entire issue is only applicable when there is enough evidence that the penetration is being an authorized testing of the entire event. This is because sometimes penetration testing is done to see how many loopholes does an organization possess with its organization structure to prevent a potential threat of hacking.
Relevance with digital forensics: Penetration testing cannot be regarded as a branch of digital forensics. This is because penetration testing is mostly done to look for any loopholes in an information security system, whereas digital forensics is all about looking for evidences about any incident that have been proven malicious with the use of any kind of devices (Baryamureeba and Tushabe 2014). Where penetration testing finds any sort of lacking in the security system to prevent it from hacking, digital forensics is the process that helps in finding a malicious hacker with the digital evidences present after the hacking has been performed (Jang and Kwak 2015). Therefore, it is a confusing fact that penetration testing might be related to digital forensics, but in reality penetration testing is done before an incident has happened and digital forensics is performed after the incident.
Impending controversies and its nature: There have been enough controversies with penetrating techniques, penetration testing and the digital forensics. This controversy has led into the invention of terms like white hat hacking and black hat hacking (Perumal, Norwawi and Raman 2015). In legal terms, white hat hacking is ethical but black hat hacking is an illegal set of hacking. White hat hacking is mostly done by authorized personnel or mostly what is known as ethical hackers, whereas black hat hackers are the people who unethically barge into people’s personal digital data by exploiting their security system. What brews in the controversy is the other kind of hacker which are the amalgamation of white and black hat hackers. These are the grey hat hackers, one of the most controversial aspect of digital forensics and penetration system. Gray hat hackers pose a danger because of the uninformed opinions they use to justify their actions (Lillis et al. 2016). This paper shows similar negative judgments of gray hat hacking from a variety of viewpoints by surveying three prominent normative ethical theories. The target audience is security and computing personnel, managers, supervisors, and others working with computers who may have little to no experience with philosophy and ethics.
Resolving the issues and comparison of the analysis: The only way grey hat hacking can be resolved is by implementing more and more legislative measures. A Grey Hat in the computer security community refers to a skilled hacker who sometimes acts for offensive purpose, sometimes in good will, and sometimes for defensive purpose (Gupta and Anand 2017). Therefore, it would also be useful if the hackers are made to realize the degree of illegal act they impose upon so that their ways can be mended (Regalado et al. 2015). Consequently, grey hat penetrations of systems tend to be for far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval. In that account the issues can be resolved if digital forensics are implied in details during or after a computer hacking has been performed.
References
Edwards, D., LISA, T.W.A., Plans, H.F., Training, R.H., Day, D.S. and Plan, E.F., 2017. Failure Happens: Improving Incident Response in Large-Scale Organizations.
Scott, S.L., 2015. Recommendations to implement a cyber incident response plan in Oneida County, New York (Doctoral dissertation, Utica College). Chroust, G. and Finlayson, D., 2017, August. ANTICIPATION AND SYSTEMS THINKING: A KEY TO RESILIENT SYSTEMS. In Proceedings of the 60th Annual Meeting of the ISSS-2016 Boulder, CO, USA (Vol. 1, No. 1).
Butler, R., 2015. Computer Incident Response.
Banach, D.B., Johnston, B.L., Al-Zubeidi, D., Bartlett, A.H., Bleasdale, S.C., Deloney, V.M., Enfield, K.B., Guzman-Cottrill, J.A., Lowe, C., Ostrosky-Zeichner, L. and Popovich, K.J., 2017. Outbreak Response and Incident Management: SHEA Guidance and Resources for Healthcare Epidemiologists in United States Acute-Care Hospitals. Infection Control & Hospital Epidemiology, 38(12), pp.1393-1419.
Ngampornsukswadi, P., Amirsalami, S.S.R., Mallender, J.L., Schembri, M.E., Hanrath, O.G. and Elson, C.S., Royal Bank of Canada, 2018. System for network incident management. U.S. Patent Application 15/679,086.
Montasari, R., Peltola, P. and Carpenter, V., 2016, June. Gauging the effectiveness of computer misuse act in dealing with cybercrimes. In Cyber Security And Protection Of Digital Services (Cyber Security), 2016 International Conference On(pp. 1-5). IEEE.
Chawki, M., Darwish, A., Khan, M.A. and Tyagi, S., 2015. Unauthorized Access Offences in Cyberworld. In Cybercrime, Digital Forensics and Jurisdiction (pp. 27-37). Springer, Cham.
Taylor, L., 2016. Investigation Into The Current Use Of Computer Forensic Tools In The Area Police Force And Their Effects On Finding Police Evidence (Doctoral dissertation, Cardiff Metropolitan University).
Karagiannopoulos, V., 2016. Insider unauthorised use of authorised access: What are the alternatives to the Computer Misuse Act 1990?. International Journal of Law, Crime and Justice, 47, pp.85-96.
Watson, S. and Dehghantanha, A., 2016. Digital forensics: the missing piece of the Internet of Things promise. Computer Fraud & Security, 2016(6), pp.5-8.
Feng, X., Dawam, E.S. and Amin, S., 2017. Digital forensics model of smart city automated vehicles challenges.
Holt, T.J., Bossler, A.M. and Seigfried-Spellar, K.C., 2015. Cybercrime and digital forensics: An introduction. Routledge.
Conti, M., Dehghantanha, A., Franke, K. and Watson, S., 2018. Internet of Things security and forensics: Challenges and opportunities.
Garfinkel, S.L., 2015. Digital forensics research: The next 10 years. digital investigation, 7, pp.S64-S73.
Alharbi, S., Weber-Jahnke, J. and Traore, I., 2015, August. The proactive and reactive digital forensics investigation process: A systematic literature review. In International Conference on Information Security and Assurance (pp. 87-100). Springer, Berlin, Heidelberg.
Yusoff, Y., Ismail, R. and Hassan, Z., 2017. Common phases of computer forensics investigation models. International Journal of Computer Science & Information Technology, 3(3), pp.17-31.
Casey, E., 2015. Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.
Baryamureeba, V. and Tushabe, F., 2014, August. The enhanced digital investigation process model. In Proceedings of the Fourth Digital Forensic Research Workshop (pp. 1-9).
Lillard, T.V., 2014. Digital forensics for network, Internet, and cloud computing: a forensic evidence guide for moving targets and data. Syngress Publishing.
Jang, Y.J. and Kwak, J., 2015. Digital forensics investigation methodology applicable for social network services. Multimedia Tools and Applications, 74(14), pp.5029-5040.
Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT) digital forensic investigation model: Top-down forensic approach methodology. In Digital Information Processing and Communications (ICDIPC), 2015 Fifth International Conference on (pp. 19-23). IEEE.
Lillis, D., Becker, B., O’Sullivan, T. and Scanlon, M., 2016. Current challenges and future research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Regalado, D., Harris, S., Harper, A., Eagle, C., Ness, J., Spasojevic, B., Linn, R. and Sims, S., 2015. Gray Hat Hacking The Ethical Hacker’s Handbook. McGraw-Hill Education Group.
Gupta, A. and Anand, A., 2017. Ethical Hacking and Hacking Attacks. International Journal Of Engineering And Computer Science, 6(4).
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download