...You Decide Scenario: Week 3 Detecting and preventing insider threats is its own discipline, with its own dynamics. If you put these countermeasures in place, you can reduce the threat dramatically. First, you can use an IP packet-filtering router. This type of router permits or denies the packet to either enter or leave the network through the interface on the basis of the protocol, IP address, and the port number. The protocol may be TCP, UDP, HTTP, SMTP, or FTP. The IP address under consideration would be both the source and the destination addresses of the nodes. The port numbers would correspond to the well-know port numbers (Vacca, 2009). Packet filtering lets you control data transfer based on the address the data is, the address the data is going to, and the session and application protocols being used to transfer data. The main advantage of packet filtering is leverage. It allows you to provide, in a single place, particular protections for an entire network. Consider the Telnet service. If you disallow Telnet by turning off the Telnet server on all your hosts, you still have to worry about someone in your organization installing a new machine (or reinstalling an old one) with the Telnet server turned on. On the other hand if Telnet is not allowed by your filtering router, such a new machine would be protected right from the start, regardless of whether or not its Telnet server was actually running. Another advantage of a packet filtering router is that...
Words: 622 - Pages: 3
...Computer Forensics I (FOR 240-81A) Project #3 Case Background The Suni Munshani v. Signal Lake Venture Fund II, LP, et al suit is about email tampering, perjury, and fraud. On December 18, 2000, Suni Munshani (Plaintiff) filed a suit against Signal Lake Venture Fund. Mr. Munshani claimed that he was entitled to warrants in excess of $25 million dollars from Signal Lake. In February 2001, Signal Lake Venture Fund II, LP, et al. (Defendant) became privy to the court filings in this case. Within the filings there was an email provided by Mr. Munshani from Hemant Trivedi, CEO of one of the portfolio companies, stating he was indeed entitled to the warrants. Mr. Trivedi denied any knowledge of the email, or any such communication with Mr. Munshani. In an effort to prove their innocence, Signal Lake hired a computer forensic group to conduct a private investigation. The investigation did not show any evidence of the supposed email provided to the court by Mr. Munshani. Mr. Trivedi filed an affidavit stating that the email was forged, while Mr. Munshani filed an affidavit stating the email was real. In March 2001, a computer forensics expert, Kenneth R. Shear, was appointed by the court to perform a forensic examination on the questioned message (the message provided by Mr. Munshani) and the comparative message (a second message from Mr. Trivedi found on Mr. Munshani’s computer). Mr. Shear worked for a company called Electronic Evidence Discovery, Inc. (EED). Mr. Shear’s forensic...
Words: 799 - Pages: 4
...1. What was the user account name of the FTP client on the FTP server and which was its IP address? The FTP account name is: Badguy. FTP server’s IP:172.16.177.157 2. How many emails did the alleged offender sent to his partner before downloading the implicated file? Which are the two email addresses involved? The alleged offender sent 3 emails before downloading the file. The email address involved were: badguy11111@gawab.com and b603358@borthew.com 3. As a forensics investigator, would you be able to playback an entire TCP session if it is requested under trial? Yes, Netwitness investigator allows a forensics investigator to playback an entire TCP session previously capture. 4. What time did the alleged offender choose to perform the actions? Why do you think this is particularly important? Where did you get this information from? After reviewing the entire packet capture we notice that download occurred around 4:00am. This is particularly important since directly to “system usage” outside regular hours of operations. 5. What is the name of the “local user” account involved in the alleged actions? Which was the IP address of the alleged offender workstation? The local administrator account was the one involved. The IP address of the client FTP client was: 172.16.177.132 6. How many attempts to access the FTP server did you find during the packet capture analysis? Why is this important for your case? Two attempts to access the FTP server were found...
Words: 498 - Pages: 2
...as real space for business, education and politics. The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in the India. The digital age has dramatically changed the scope of a crime by adding the electronic component and it comes a new form of science ≴Computer Forensic Science≵. Computer Forensic allows for the evidence of cyber crime to be admissible in court when prosecuting the cyber criminal. In most countries, existing laws are likely to be unenforceable against such crime. Cyber laws, as it stand today, gives rise to both positive & negative consequences. The main negative consequences is the digital soup so vague that many refer to it as the dark sides of technology and that cyber criminal currently have upper hand. The applicability and effectiveness of our existing laws need to be constantly reviewed to face the risk coming from the cyber world. In this paper we are going to firstly describe the computer forensic, cyber crimes, cyber laws of nation & technology challenges. Aim of this paper is to act as a catalyst to raise awareness regarding computer forensic which continues to grow as one of the most important branch of science and help in investigation of cyber crime which continues to grow as one of the most potent threats to the Internet and computer users of the cyber society of 21st century in India Introduction The rapid change occurring in the present era of Information Technology...
Words: 2686 - Pages: 11
...Digital Forensics is an important aspect to computer systems security. I mean we are talking about Identifying, Collecting, Preserving, Analyzing, and Presenting evidence digitally. Therefore, preserving electronic evidence is important. Investigating Data Theft is a malice act towards a company/ organization (Kruse, 2001). Such theft is made by an employee that is either terminated or resigning. Motives for data theft include setting up a competing business, using the information at a new job, sense of ownership of what was created, and revenge against the employer, among other things. Common Theft include, customer information, financial records, software code, email lists, strategic plans, process documents, secret formulas, databases, research and development materials, and employee records. Now, with such theft around, we often wonder how is such theft achieved. Knowing how technology is always advancing each year, the millennium era grows with fascinating knowledge on the know how to working a computer, hard drives, etc. Tools like flash drive, which can hold thousands of documents that can be copied to the flash drive, and taken anywhere. Then you have Dropbox, remote desktop connections, personal email accounts, smart phones, CD’s/DVD’s, and FTP ( File Transfer Protocol ) (Kruse, 2001) There is always this saying, that personnel who steal data often leave a trail of digital evidence that proves invaluable when investigating data theft. We as the forensic specialists...
Words: 1774 - Pages: 8
...Running head: FORENSIC CASES Forensic Cases Stephanie Rudolph Kaplan University IT 550 Computer Forensic and Investigation Prof: Bhanu Kapoor November 26, 2013 Abstract People are the most difficult creatures on earth to understand. Some have the mind set of doing some the off the wall and unacceptable things using technology. In this paper I have discussed location and the type of data you will find in in the case of a financial fraud and a child pornography case. Later in the paper discusses the procedures that and investigator might take to collect data from a suspect system. I will also provide a simple tool that can be used to collect all type of data from different location, making the investigator job much easier and help maintain the integrity of the evidence collected to be presented in court. . Forensic Cases There are many location that and investigator search to obtain data using computer forensic tools in a case on financial fraud and child pornography cases. In the case of a financial fraud emails can provide investigators with information not only the text but also the headers. The email headers can provide investigators with the information of who created the email, what software they used and the IP addressed that sent it. The email header also provide a date and time was sent. Credit card data shows the activity of charges. It show the...
Words: 1093 - Pages: 5
...Computer Forensic Analysis and Report Nathaniel B. Rollins Jr Kaplan University Computer Forensics I/CF101 Prof: Tatyana Zidarov November 19, 2012 Computer Forensic Analysis and Report A. INTODUCTION I Nathaniel B. Rollins a Computer Forensic Specialist (CFS) with the Metro Police Department (MPD) received a file image from Officer X to conduct a search for electronic evidence. Which he stated was copied from the SNEEKIE BADINUF (COMPLAINANT) computer, with consent. This was verified through COMPLAINANT statement, repot, consent to search form, and chain of custody, provided by Officer X, along with the request for analyzing the evidence. Upon reviewing of her statement filed on May 14 2006, the COMPLAINANT stated she had received an email from a correspondent named NFarious that demanded $5000 in ransom, or the animals would be harmed. The COMPLAINANT also stated her pets had been gone for an entire week, and she was worried that the abductor may already have injured the animals. During a subsequent interview the COMPLAINANT stated that she took out a $20,000 insurance policy on her pets in September 2005 that would not be active for 6 month. The purpose of this investigation is to confer or negate the COMPLAINTANTS involvement with the kidnaping of the animals. B. MATERIALS AVAILABLE FOR REVIEW a. 1 Chain of Custody b. Evidence Log c. Complainants Statement d. Officers Report e. Forensic Disk Image of Computer f. Photos (location...
Words: 1176 - Pages: 5
...Assignment 1: Computer Forensics Overview CIS 417 Computer Forensics Computer forensics is the process of investigating and analyzing techniques to gather and preserve information and evidence from a particular computing device in a way it can be presented in a court of law. The main role of computer analyst is to recover data including photos, files/documents, and e-mails from computer storage devices that were deleted, damaged and otherwise manipulated. The forensics expert’s work on cases involving crimes associated with internet based concerns and the investigations of other potential possibilities on other computer systems that may have been related or involved in the crime to find enough evidence of illegal activities. Computer experts can also use their professional knowledge to protect corporate computers/servers from infiltration, determine how the computer was broken into, and recover lost files in the company. Processes are used to obtain this information and some of the processes are as follows; * Investigation process: Computer forensics investigations will typically be done as part of a crime that allegedly occurred. The first step of the investigation should be to verify that a crime took place. Understand what occurred of the incident, assess the case, and see if the crime leads back to the individual. * System Description: Next step, once you verified the crime did occur, you then begin gathering as much information and data about the specific...
Words: 1397 - Pages: 6
...– COMPUTER FORENSIC OVERVIEW Suppose you were recently hired for a new position as the computer forensics specialist at a mediumsized communications company. You have been asked to prepare a presentation to the Board of Directors on your main duties for the company and how your position could help achieve business goals based on security and confidentiality. You are also aware that the company has just had some issues with employee complaints of ongoing sexual harassment over email and instant messaging systems but has been unable to obtain adequate evidence of any kind. Write a two to three (2-3) page paper in which you: 1. Explain the basic primary tasks, high-level investigation processes, and challenges of a computer forensics specialist. 2. Provide an overview of how computing devices are used in crimes of today and how these crimes can affect a company’s data and information. 3. Discuss how computer forensics investigations pertain to the law and trying of cases. More Details hidden… Activity mode aims to provide quality study notes and tutorials to the students of CIS 417 Week 2 Assignment 1 – Computer Forensic Overview in order to ace their studies. CIS 417 WEEK 2 ASSIGNMENT 1 To purchase this visit here: http://www.activitymode.com/product/cis-417-week-2-assignment-1/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 417 WEEK 2 ASSIGNMENT 1 – COMPUTER FORENSIC OVERVIEW Suppose you were recently hired for a new position as the computer forensics specialist...
Words: 679 - Pages: 3
...Introduction With the recent increase in financial crimes and business fraud, forensic accountants are in great demand. Forensic accounting is the practice of utilizing accounting, investigative, organizational, analytical and communicational skills to conduct examination into a company’s financial statements in legal matters (Crumbley, 2007). Forensic accountants can own their own accounting firms or be employed by lawyers, insurance companies, banks, or large corporations. The use of accountants has played an important role in assisting the government as well as the public. Forensic Accountants participate in detecting scandals and financial crimes caused by individuals, companies and organized crime networks. This profession consists of three main areas litigation support, investigation and dispute resolution (Harris, 200). Litigation support involves the factual arrangement of financial issues, investigation comes in when criminal matters have occurred, and the dispute resolution is the process of bringing justice and fairness. To work effectively within these three core components, forensic accounts must have a set of skills to perform their job efficiently. Important Skills Forensic Accountants must posses more than the fundamental knowledge of financial accounting and auditing. Each project requires analysis, interpretation, summarization and presentation of complex financial- and business-related issues (Matson, 2012). There are several core skills that are...
Words: 2124 - Pages: 9
...Ec-council.Braindumps.312-49.v2014-03-11.by.ANGELA.180q Number: 312-49 v8 Passing Score: 700 Time Limit: 240 min File Version: 16.5 http://www.gratisexam.com/ Exam Code: 312-49 Exam Name: Computer Hacking Forensic Investigator Practice Testw CHFI-1-105 QUESTION 1 When a file or folder Is deleted, the complete path, including the original file name, Is stored In a special hidden file called "INF02" In the Recycled folder. If the INF02flle Is deleted, It Is re-created when you _______ A. B. C. D. Restarting Windows Kill the running processes In Windows task manager Run the antivirus tool on the system Run the anti-spy ware tool on the system Correct Answer: A Section: (none) Explanation Explanation/Reference: A QUESTION 2 Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame. A. B. C. D. 8-bit 16-bit 24-bit 32-bit Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 3 The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time,service and instance, server name and IP address, request type, target of operation, etc. Identify theservice status code from the following IIS log. 192.168.100.150, -, 03/6/11, 8:45:30, W3SVC2,SERVER, 172.15.10.30, 4210, 125, 3524, 100, 0, GET, / dollerlogo.gif, A. B. C. D. W3SVC2 4210 3524 100 Correct Answer: D Section: (none) Explanation...
Words: 11383 - Pages: 46
...SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS To purchase this visit here: http://www.activitymode.com/product/sec-402-wk-7-case-study-2-developing-the-forensics/ Contact us at: SUPPORT@ACTIVITYMODE.COM SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS SEC 402 WK 7 Case Study 2 - Developing the Forensics, Continuity, Incident Management, and Security Training Write a five to seven (5-7) page paper in which you: 1. Consider that Data Security and Policy Assurance methods are important to the overall success of IT and Corporate data security. a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. b. Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved. c. Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response. 2. Suggest at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented. 3. Explain the essentials of defining a digital forensics process and provide two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article. 4. Provide a step-by-step process that could...
Words: 1406 - Pages: 6
...custody when gathering evidence? It important to follow the chain of custody when gathering evidence the chain of custody because it is the Standard Operating Procedure (SOP) on how to handle evidence when it enters your possession. It also establishes that the findings at the crime seen are exactly the same findings being presented in court. There was no tampering or mishandling of the evidence from the crime scene to the courtroom. Failure to follow the chain of custody procedure may cause a mistrial, allow criminals to get away with a crime, or losing a case. 3. For the computer forensics case, identify what evidence the forensics experts were able to gather. • Data showing Million of dollars of diverted drugs • DaRepackaging equipment • Computers containing emails and encrypted data • Electronic equipment 4. Name two things the United States attorney was able to prove in the computer forensics case. • The distributor purchased drugs from foreign source with the intent of selling it in the United States. • The distributor have been involved in drug diversion for over 10 years. 5. What important questions should the security incident response form answer? • What is the evidence? • How did you get it? • When was it collected? • Who has handled it? • Why did the person handle it? • Where has it traveled, and where was it ultimately stored? 6. Why is it important to include a time/date stamp in the security incident response form? Stamping the time and date on the security...
Words: 461 - Pages: 2
...computer forensics Background of Computer forensics: What is most worth to remember is that computer forensic is only one more from many forensic subdivisions. It’s not new, it’s not revolution.. Computer forensics use the same scientific methods like others forensics subdivisions. So computer forensics is not revolution in forensic science! It’s simple evolution of crime techniques and ideas. Forensic origins: Forensic roots from a Latin word, “forensic” which generally means forum or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. It is important to realize that computer forensics is only one subdivision of forensic science. It is digital, it includes most advanced computer science but still it is only branch of forensic science, an its main goal is submission of the proven claims of scientific methods and strategies to recover any significant digital traces. Computer Forensic Timeline: 1970s • First crimes cases involving computers, mainly financial fraud 1980’s • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified Fraud...
Words: 4790 - Pages: 20
...Forensic Accounting in Practice Twana Bethea BUS 508 May 21, 2013 Dr. Phyllis Praise Abstract Forensic Accounting is the application of the skills and training of a chartered accountant to disputes and investigations. Fraud is usually hidden in the accounting systems of organizations and that’s where forensic accountants play a critical role. Forensic accountants are contacted by companies when they need to figure out where a fraud was committed in their company. The accountants interview witnesses, analyze evidence such as email traffic between all parties involved. They will also freeze bank accounts if needed. They are hired to find out what happen and who was involved. If the case goes to trial they can be called to testify. The key skill of the forensic accountant is communicating complex financial transaction or data in a concise manner using images, graphs and languages that can be easily understood by non-accountants, the judiciary, and juries. With the growing complexity of business related investigations, Forensic Accounting professionals are increasing and the need is as well for investigations of business and financial issues. Forensic Accounting Practices Forensic Accounting has been in exist for many years, today there have been an increase in the need for this type of profession. Forensic accounting is the practice of integration of accounting, auditing and investigative skills. The accountings provide a court with an accounting analysis on the basis...
Words: 1442 - Pages: 6