...WEEK 4 ASSIGNMENT 2 FORENSIC LAB DESIGN To purchase this visit here: http://www.activitymode.com/product/cis-417-week-4-assignment-2-forensic-lab-design/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 417 WEEK 4 ASSIGNMENT 2 FORENSIC LAB DESIGN Imagine the university that employs you as an information security professional has recently identified the need to design and build a digital forensic laboratory. You have been tasked with designing the lab for the organization. Write a four to five (4-5) page paper in which you: 1. Explicate the steps you would take to plan a budget for the lab, keeping in mind the general business objective to avoid unneeded costs. 2. Recommend the physical requirements and controls that you would consider implementing in order to keep the lab safe and secure. 3. Identify at least three (3) hardware and software tools that you would include in the design of the lab and explain your reasons behind your choices. 4. Identify the high-level criteria that would be considered when selecting the forensic workstations to be utilized. More Details hidden… Activity mode aims to provide quality study notes and tutorials to the students of CIS 417 Week 4 Assignment 2 Forensic Lab Design in order to ace their studies. CIS 417 WEEK 4 ASSIGNMENT 2 FORENSIC LAB DESIGN To purchase this visit here: http://www.activitymode.com/product/cis-417-week-4-assignment-2-forensic-lab-design/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 417 WEEK 4 ASSIGNMENT...
Words: 640 - Pages: 3
...Project Guideline |[pic] | Introduction The intent of this project is for your project group to conduct independent investigation and demonstrate an in-depth knowledge of a specific area related to Computer and Cyber Forensics (or digital forensics). The project can take several forms. Your team may (1) design a hands-on lab, (2) develop a comprehensive WWW portal on a topic related to cyber forensics, or (3) choose your own form and substance. Project Details The following paragraphs are guidelines for some of the project options: 1. Hands-on Lab Development Your team may elect to design a hands-on lab (similar to what you have practiced in this class). Your report should include an instructional guide for the lab and a report that documents your team’s exploration and results of the lab. The hands-on lab should cover the detailed process of conducting a complete forensic analysis (imaging, data recovery, and analysis) on selected digital devices or using criminal tools for attack, defense, and data recovery. Here is a list of possible devices or tools: Digital Devices: |Digital Music Device |Mobile Phone | |Flash Memory Cards |RIM (BlackBerry) Wireless Device | |iPod, iPad, iTouch...
Words: 822 - Pages: 4
...Week 3 Laboratory Week 3 Lab Part 1: Automate Digital Evidence Discovery Using Paraben’s P2 Commander Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Open an existing case file using P2 Commander * Analyze the data in the image and the files saved in the case * Sort and identify evidence file types in a case using Paraben's P2 Commander forensic tool * Use P2 Commander to identify information for potential evidence contained in chat logs such as Skype chat * Analyze the contents of user profiles and data using the P2 Commander browser Week 3 Lab Part 1 - Assessment Worksheet Overview View the Demo Lab available in the Practice section of Learning Space Unit 5 and then answer the questions below. The video will demonstrate the use of Paraben's P2 Commander and outline the different forensics capabilities of the tool. Lab Assessment Questions & Answers 1. When talking about Information Security, what does the 'CIA' stands for? CIA in information security stands for confidentiality, integrity and availability. 2. When would it be a good practice to classify data? It would be a good practice to classify data when you need to extract files from a hard drive or system for investigating in order to accurately organize the findings. 3. What is Security classification? Security classification is the security level assigned to a government document, file...
Words: 635 - Pages: 3
...COMPUTER FORENSICS OPERATIONAL MANUAL 1. Policy Name: Imaging Removable Hard Drives 2. Policy Number/Version: 1.0 3. Subject: Imaging and analysis of removable evidence hard drives. 4. Purpose: Document the procedure for imaging and analyzing different types of evidence hard drives removed from desktop or laptop computers. 5. Document Control:Approved By/Date: Revised Date/Revision Number: 6. Responsible Authority: The Quality Manager (or designee). 7. Related Standards/Statutes/References: A) ASCLD/LAB Legacy standards 1.4.2.5, 1.4.2.6, 1.4.2.7, 1.4.2.8, 1.4.2.11, and 1.4.2.12. B) ASCLD/LAB International Supplemental requirements: 3 (Terms and Definitions), 4.13.2.4, 5.4.1.1, 5.4.1.2, 5.4.2.1. C) ISO/IEC 17025:2005 clauses: 4.1.5 (a, f, g, h, and i), 4.2.1, 4.2.2 (d), 4.2.5, 4.3.1, 4.15.1, 5.3.2, 5.4.1, 5.4.4, 5.4.5.2, 5.4.7.2 (a - c), all of 5.5, all of 5.8, and 5.9.1 (a). 8. Scope: Imaging and examining different types of hard drives (SATA, SCSI, and IDE) removed from desktops and laptops. 9. Policy Statement: A) No analysis will be performed without legal authority (search warrant or consent form). If not submitted, the examiner must contact the investigator to obtain the necessary legal authority. B) Forensic computers are not connected to the Inter-net. C) All forensic archives created and data recovered during examinations are considered evidence. D) Changes to this procedure can be made if approved by the Quality Manager, who will document the changes...
Words: 731 - Pages: 3
...In this case the computer should also be checked for DNA so investigators can match the suspects DNA to the arson crime scenes. Also TimeFrame Analysis can be used to link any files of interest to the timeframes of the investigation. All these things can help link the suspect to the crimes, and in doing so can help tell the insurance company whether the claims are valid. 2. Case 4-4 (bomb threat) A list of what items should be included in an initial response field kit to ensure preservation if digital evidence. The initial response field kit should be lightweight and easy to transport. With this kit, you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible. * Small computer toolkit * Large-capacity drive * IDE ribbon cable * SATA cables * Forensic boot media containing an acquisition utility * Laptop IDE 40 to 44-pin adapter, other adapter cables * Laptop or tablet computer * FireWire or USB dual write-protect external bay * Flashlight * Digital Camera with extra batteries * Evidence log forms * Notebook or digital dictation recorder * Computer evidence bags...
Words: 1243 - Pages: 5
...Computer Forensics Tools Strayer University E-Support Undelete Plus is powerful software that can quickly scan a computer or storage medium for deleted files and restore them on command. It works with computers, flash drives, cameras, and other forms of data storage. Deleting a file from your computer, flash disk, camera, or the like does not mean it is lost forever. Software doesn’t destroy files when it deletes, it simply marks the space the file was using as being available for re-use. If nothing has needed that space since the deletion, the data is still there and the file can be recovered. Simply scan the device, select the files you want to recover, and click a button to restore the information (Softpedia, 2013). The interface Undelete PLUS is geared up with is very nice and easy to handle. In the right panel, there is the Drives tree. The user can change the view to file types (MP3, PDF, RTF, RAR, ZIP, XML, PNG, etc.) or to folders. In the left, there will be displayed all the files Undelete PLUS was able to detect. The software will inform you of the state of the files it has detected. This way, you will know that if the status reads "very good" then there still is a chance of recovering that file. "Overwritten" status means that the respective file is either corrupted or cannot be recovered. Additional information tell you about the size of the file, format, path, date of its creation and modification. The software is capable of recovering entire...
Words: 1755 - Pages: 8
...SCHOOL OF COMPUTING Bachelor of Computer Science / Bachelor of Software Engineering Forensic Computing Practice Assignment 2 Student declaration: I declare that: I understand what is meant by plagiarism The implication of plagiarism have been explained to me by our lecturer This assignment is my own work. Name ID 1)Nicholas Tan Tian Shen 0307878 Forensic Computing Practice Assignment 2 Due Date : Soft-copy submission on 10/11/14. Individual Assignment Question 1 a. What can a cloud provider do in terms of providing digital forensics data in the event of any legal dispute, civil or criminal case, cyber-attack, or data breach? Cloud provider need to provide the evidence by being forensically ready. To...
Words: 3104 - Pages: 13
...Guide to Computer Forensics and Investigations Fourth Edition Chapter 7 Current Computer Forensics Tools Objectives • Explain how to evaluate needs for computer forensics tools • Describe available computer forensics software tools • List some considerations for computer forensics hardware tools • Describe methods for validating and testing computer forensics tools Guide to Computer Forensics and Investigations 2 Evaluating Computer Forensics Tool Needs • Look for versatility, flexibility, and robustness – – – – – OS File system Script capabilities Automated features Vendor’s reputation • Keep in mind what application files you will be analyzing Guide to Computer Forensics and Investigations 3 Types of Computer Forensics Tools • Hardware forensic tools – Range from single-purpose components to complete computer systems and servers • Software forensic tools – Types • Command-line applications • GUI applications – Commonly used to copy data from a suspect’s disk drive to an image file Guide to Computer Forensics and Investigations 4 Tasks Performed by Computer Forensics Tools • Five major categories: – – – – – Acquisition Validation and discrimination Extraction Reconstruction Reporting Guide to Computer Forensics and Investigations 5 Tasks Performed by Computer Forensics Tools (continued) • Acquisition – Making a copy of the original drive • Acquisition subfunctions: – – – – – – – Physical data copy Logical data copy...
Words: 2076 - Pages: 9
...Digital Forensics: Uganda’s Preparedness Dennis Tusiime Rwatooro 2014-M142-2002 Dept of Computer Science Abstract — The more our lives continue to depend on digital communication networks and media to perform daily activities such as communication, access to information and critical services such as health, financial transactions, entertainment, and public utilities like electricity, the more we get exposed to security risks. These security risks include breach of confidentiality of communication and transactions, violation of personal privacy, crime and fraud, disruption of services, and distribution of inappropriate content, among others. The goal of digital security is to research into and develop mechanisms to address these security risks. In this paper we briefly survey some of the emerging issues in digital security. The literature shows that while some domains in digital security have remained unchanged over a long time, for example cryptography, new areas have emerged including steganography. Keywords – digital forensic techniques, volatitle data extraction, digital image forensics, malware investigations, email security, symmetric key cryptography, asymmetric key cryptography, public key cryptography. Introduction Forensic science is defined as the application of the sciences as it pertains to legal matters or problems (Gialamas, 2000). One of the branches/fields of forensic science, namely criminalistics, is the profession and scientific discipline oriented...
Words: 7291 - Pages: 30
...maintain chain of custody for digital evidence. • Identification • Preservation • Collection • Examination • Presentation 2. Why is it important to follow the chain of custody when gathering evidence? It important to follow the chain of custody when gathering evidence the chain of custody because it is the Standard Operating Procedure (SOP) on how to handle evidence when it enters your possession. It also establishes that the findings at the crime seen are exactly the same findings being presented in court. There was no tampering or mishandling of the evidence from the crime scene to the courtroom. Failure to follow the chain of custody procedure may cause a mistrial, allow criminals to get away with a crime, or losing...
Words: 461 - Pages: 2
...using technologies. The growth of computer forensic has taken as huge success to control those crimes which are committed using computers. The main task of computer forensic is to examining and collecting electronic data as evidence from a crime scene. The work of computer forensic is to recover the data which has been hacked or lost by the criminals using different system. The growing dependency on computer forensic has decreased the cybercrime and professionals have to understand the computer technology that is used in computer forensic. Introduction Forensic roots from a Latin word, “forensic” which...
Words: 870 - Pages: 4
...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides...
Words: 3209 - Pages: 13
...computer forensics Background of Computer forensics: What is most worth to remember is that computer forensic is only one more from many forensic subdivisions. It’s not new, it’s not revolution.. Computer forensics use the same scientific methods like others forensics subdivisions. So computer forensics is not revolution in forensic science! It’s simple evolution of crime techniques and ideas. Forensic origins: Forensic roots from a Latin word, “forensic” which generally means forum or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. It is important to realize that computer forensics is only one subdivision of forensic science. It is digital, it includes most advanced computer science but still it is only branch of forensic science, an its main goal is submission of the proven claims of scientific methods and strategies to recover any significant digital traces. Computer Forensic Timeline: 1970s • First crimes cases involving computers, mainly financial fraud 1980’s • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified Fraud...
Words: 4790 - Pages: 20
...U.S. Department of Justice Office of Justice Programs National Institute of Justice APR. 04 Special REPORT Forensic Examination of Digital Evidence: A Guide for Law Enforcement U.S. Department of Justice Office of Justice Programs 810 Seventh Street N.W. Washington, DC 20531 John Ashcroft Attorney General Deborah J. Daniels Assistant Attorney General Sarah V. Hart Director, National Institute of Justice This and other publications and products of the U.S. Department of Justice, Office of Justice Programs, National Institute of Justice can be found on the World Wide Web at the following site: Office of Justice Programs National Institute of Justice http://www.ojp.usdoj.gov/nij APR. 04 Forensic Examination of Digital Evidence: A Guide for Law Enforcement NCJ 199408 Sarah V. Hart Director This document is not intended to create, does not create, and may not be relied upon to create any rights, substantive or procedural, enforceable at law by any party in any matter civil or criminal. Opinions or points of view expressed in this document represent a consensus of the authors and do not represent the official position or policies of the U.S. Department of Justice. The products, manufacturers, and organizations discussed in this document are presented for informational purposes only and do not constitute product approval or endorsement by the U.S. Department of Justice. This document was prepared under Interagency Agreement #1999–IJ–R–094 between...
Words: 22743 - Pages: 91
...1. The objective of digital forensics is to provide evidence in a court of law by utilizing the following actions, except: Discovery Recovery Analysis Presentation 2. Forensics evidence must undergo the following broad tests, except: Authenticity Reliability Completeness Fairness 3. Spoliation covers all the areas, except: Withholding Authenticating Alteration Destruction 4. Searching memory in real time is an example of what type of forensics? Network Live Software Operating System 5. Which of the following is a type of intellectual property theft? Piracy Extortion Identity Theft Phishing 6. Which of the following is a form of fraud? Spamming Hacking Phishing Money Laundering 7. Key factors provide good opportunities to commit cybercrimes, except: Acceptable risk Attractiveness Authorization Availability 8. The following laws address cybercrimes, except: Computer Fraud and Abuse Act Spyware Security Act CAN-SPAM Act UIGEA Act 9. Courts deal with four types of evidence. Which is not a type of evidence? Real Testimonial Actual Demonstrative 10. Which is not an anti-forensic activity? Data hiding Data fabrication Data transformation Data redundancy 11. Three types of forces act on evidence. Which type does not? Human Mechanical Natural Incidental 12. A search warrant allows collection of equipment. Prior notice is a requirement...
Words: 948 - Pages: 4
