This assessment item relates to the course learning outcome

This paper circulates around the core theme of This assessment item relates to the course learning outcome together with its essential aspects. It has been reviewed and purchased by the majority of students thus, this paper is rated 4.8 out of 5 points by the students. In addition to this, the price of this paper commences from £ 99. To get this paper written from the scratch, order this assignment now. 100% confidential, 100% plagiarism-free.

Objectives

This assessment item relates to the course
learning outcome 1 to 9 as stated on page 1 of the course profile.

Enabling
objectives

1.
Apply the digital forensics methodologies.

2.
Write an analysis of a case study.

3.
Prepare an outline of a professional digital forensic
plan.

Instructions

The
Case – A Digital Forensic Investigation Plan

Summary:

One World
Finance (OWF) is a specialist provider of high quality, consumer finance
services to a global network of customers. Trading in Australia and New Zealand
since 1990, the company employs more than 750 employees and the company serves
more than 5 million customers. The company’s main office is situated in Brisbane
with other branch offices located in Sydney and Melbourne.

OWF
has invested heavily in information technology for supporting its global
business operations and achieving competitive advantages over its competitors.
Major investments were made by the company in 2001 but management has lost
focus in updating the networks and application infrastructure that supports the
business operation in recent years. The network environment between all of OWF
offices is flat and relatively unrestricted. Users from one office can access
systems and servers from another office. Workstations and servers are typically
Microsoft Windows-based. Firewalls and network segmentation are implemented
poorly throughout the environment. Intrusion detection and logging exist on
systems but they are not effectively used.

Last
night, John Marsh at the Sydney office went in to work early and when he got connected
to his computer, he found that someone was already connected to his computer with
several windows opened. As he stared at it, his computer system got disconnected.
He then tried to get connected again, but he was logged out. He called the IT
manager, who followed a plan for such incidents. This includes disabling John’s
account and examining the server security logs. The IT manager found that the
IP address of the computer that was connected to John’s computer belongs to a
computer used to run a data projector at the Melbourne office. He quickly rang
the Melbourne office to check who has used the computer and requested the logs
of people who have swiped into the building. He found out that there were five
people in the building at the time, but one employee, Andrew Gale has since
swiped out and called in sick. An urgent meeting with the management concludes
that Andrew Gale has at least violated company policy by accessing a
colleague’s account, but is unsure if he has violated any other policy or
engaged in any criminal activity. As an information security officer, you are
asked by the management to investigate to find out the extent of Andrew’s
activities, if others are involved, who is affected and whether criminal
charges need to be laid.

Requirements:

Your task
is to prepare digital forensics
investigative planto enable a systematic collection of evidence and subsequent
forensic analysis of the electronic and digital data. Assuming all systems are
Windows based, this plan should detail following:

·
justify why use of the digital forensic
methodology and approach is warranted including appropriate procedures for
corporate investigation.

·
describe the resources required to conduct a
digital forensic investigation, including skill sets and required tools of the
team members.

·
outline an approach for data/evidence
identification and acquisition that would occur in order to prepare the auditors
for review of the digital evidence.

·
outline an approach and steps to be taken during
the analysis phase making the assumption the computer system is a Microsoft
Windows-based computer.

·
make a recommendation on the action that the
company needs to take against the offender.

Tips for preparing your digital forensics
investigative plan

In
writing the digital forensics investigative plan, students need to address
following points. Do note that points listed below are not exhaustive and need
to be considered as helpful tips.

·
Justify a need for digital forensics methodology
and consider scope of the case including nature of alleged misconduct leading
to consideration of how electronic and digital evidence may support the investigation.
The plan should consider how digital forensics differs from other techniques
(such as network forensics, data recovery) and detail the overall steps for the
systematic digital forensics approach.

·
Consider the required resources and include
details regarding preparation plan for evidence gathering (such as evidence
forms, types, storage media and containers), forensics workstation and
peripherals needed, software/tools for analysis depending on the type of
evidence to be gathered including rationale for selected tools, and
consideration of team member skills in digital analysis (such as OS knowledge, skills
for interviewing, consultation, working as per the needs of the auditing team
and understanding of law and corporate policies).

·
Detail the approach for data acquisition including
the different types of evidence that can be gathered and their source depending
upon the nature of the case and scope of investigation, develop a plan for data
acquisition including rationale for selected plan and contingency planning, detail
type of data acquisition tools needed including rationale and an outline for
the data validation & verification procedures.

·
Provide an outline of the forensic analysis
procedures/steps depending upon the nature of evidence to be collected, and detail
the validation approach. This can include techniques to counter data hiding,
recovering deleted files, procedures for network and e-mail analysis.

·
Prepare a recommendation on the action that the
company needs to take against the offender

·
Table of contents for the investigative plan
should consider what to include in report, structure of report, focus or scope
of the report including supporting material to be provided and references. This
table of contents should include headings and sub-headings pertaining to the
aspects addressed in the above dot points.

·
Prepare a professional report with an Executive Summary,
a Word generated table of contents, an Introduction, a body of report with
proper headings and sub-headings, and a Conclusion.

Assessment
criteria