Cybersecurity Investigation and Forensic Methodology

In an attempt to counter this ever-dynamic crime wave, law enforcement officers, financial companies, and industrial firms are employing and adapting modern computer forensics into their infrastructure. Ranging from network cyber-attack on organizations to child pornographic investigations, the similar intention is to demonstrate that a specific electronic media has the incriminating evidence. Reliable analysis methods and procedures must be available in order to demonstrate that the electronic media has the evidence that can allow prosecution to take place. To ensure law enforcements and assist prosecutors, a clear process for handling with digital evidence should be followed to address the full investigation process. In the wake of these emerging Cyber-attacks, European law enforcement agencies are improving their safety by engaging with industries and other vulnerable institutions on cyber security.

e. the up to 11 million customers who could be exposed to the attack. These rapid dynamics of cyberattacks pose threats to organizations and national security. The possible means to terminate cyberattack is to equip skilled computer forensics experts that will assist to investigate and prosecution of the cybercrimes and cybercriminals altogether. The main aim of undertaking a forensic audit is to gain a deeper knowledge of an occurrence of interest by collecting and analysing the data related to that event. In the reporting stage, the results of the analysis, which involves describing the actions taken, stating the other actions that need to be accomplished, and stating recommendations on how to improve policies, guidelines, procedures, tools, and other aspects that can help to curb cyber-attack.

We observe that the forensic methodology transforms digital media into evidence, the obtained evidence may be required for lawful endeavours or for a company’s internal assessment. Investigating the crime or the crime scene of the incident of the company The ever-rising enormous use of digital devices for both organizational and personal use has resulted to the increase of data sources. The main sources of digital data are computers, servers, network storage sites, and portable laptops. These devices possess hard drives that allows media, for example CDs and DVDs, and also possess many types of ports such as USB, Firewire, Personal Computer Memory Card International Association PCMCIA) for inserting external data storage media and install several software’s. The Forensics is required to come up with a plan that arranges the sources in order of priority.

The main determinants for prioritizing include: the estimation of the likely value of every potential information source, the more volatile evidence needs to be prioritized over non-volatile evidence and the effort required obtaining different data sources. Data can be obtained either locally or over a network. In as much as, it is preferable to obtain data locally since there is higher control over the device and data, local data collection may not actually be feasible such as a device locked inside a room or system located in a far place. In the case of acquiring data over a network, care needs to be considered on the nature of data to be collected and the effort that it will demand. Furthermore, data files of interest could have massive information that needs to be filtered.

Fortunately, there exists many tools and approaches can be maximised to reduce the amount of data that has to be filtered via text and pattern searches can be employed to identify relevant data, e. g. finding documents that contains a particular field or person or searching for e-mail logs for a specific e-mail address. Another proven approach is to use a tool that can identify the nature of contents of every data folder, e. Use the evidence for the prosecution of the perpetrators The final stage is reporting, which is defined as the process of preparing and presenting the resulting information from the analysis stage. Reporting involves determining information with reliable evidence obtained from data that could allow a Forensic to collect new sources of data.

For instance, a list of users that were obtained from the data that may provide further evidence about the cyber-attack or crime on the other hand, data might be acquired that may help in preventing future similar events, such as a dubious logging on the system that could be a route for future attacks, a planned crime, a worm that could spread in the near future, or a vulnerability of an organization that may be exploited. It is notable that this stage clearly outlines the findings and methodologies. The acquired exhibits may include the contributions of individuals, chat logs, images, texts and emails; a detailed login/ logoff times; entry into company logs and any other event that places the suspect at the system at the same period and locality of an event.