Learning Goal: I’m working on a cyber security report and need a sample draft to help me learn.
Module Name: Computer Forensics Individual assignment
Task 1: ========================================================================
A new start-up SME (small-medium enterprise) based in Sohar with an E-government model has recently noticed anomalies in its accounting and product records. It has undertaken an initial check of system log files, and there are several suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. They have also recently received several customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate.
The company makes use of a general-purpose eBusiness package (Oscommerce) and has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full-scale malware/forensic investigation. As there is increased competition in the hi-tech domain, the company is anxious to ensure that their systems are not being compromised, and they have employed a digital forensic investigator to determine whether any malicious activity has taken place, and to ensure that there is no malware within their systems.
Your task is to investigate the teams suspicions and to suggest to the team how they may be able to disinfect any machines affected with malware, and to ensure that no other machines in their premises or across the network have been infected. The team also wants you to carry out a digital forensics investigation to see whether you can trace the cause of the problems, and if necessary, to prepare a case against the perpetrators.
The company uses Windows Server 16 for its servers. Patches are applied by the IT support team monthly, but the team has noticed that several machines do not seem to have been patched.
Your deliverable in this task is a 2000-word report discussing how you would approach the following Digital Forensic Investigation.
(a)You should discuss a general overview of the methodology that you will use and provide a reasoned argument as to why the particular methodology chosen is relevant. Answer the question in detail then Summarize the answers by the end of the task in a table and add figures. (20 Marks)
(b)You should also discuss the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence. Answer the question in detail then Summarize the answers by the end of the task in a table and add figures. (20 Marks)
(c)As a discussion contained within your report, you should also provide a critical evaluation of the existing tools and techniques that are used for digital forensics or malware investigations and evaluate their effectiveness, discussing such issues as consistency of the approaches adopted, the skills needed by the forensic investigators, and the problems related with existing methodologies. (Especially with respect to the absence of any single common global approach to performing such investigations and the problems that can result when there is a need to perform an investigation that crosses international boundaries). Answer the question in detail then Summarize the answers by the end of the task in a table and add figures. (30 Marks)
Carefully read the provided research paper Soltani, S., & Seno, S. (2017). A survey on digital evidence collection and analysis. 2017 7Th International Conference on Computer and Knowledge Engineering (ICCKE).
Critically evaluate the challenges during the collection and analysis of low-level data from the compromised system. Answer the question in detail then Summarize the answers by the end of the task in a table and add figures. (30 Mark)