Computer Forensics Investigation

The investigation will entail the Association of chief Police Officers guidelines as well as the principles that relate to computer based electronic evidence such as the need not to alter a data stored into a computer and the competency of whoever handles the original data (Casey, 2011). In addition, computer investigation model and the Four Step Forensic Process which include collection, examination, analysis and reporting will be applied in this case (Singer & Friedman, 2014). While carrying out the investigations, there will be a need to identify the malicious activities, security lapse in the network, the impact in case it is compromised, the legal procedures and provision of the remedial action.

Legal Aspects

Some of the legal issues that must be taken care of are determining the need to use law enforcement, acquiring written permission to conduct the investigation and understanding, through a discussion with the legal advisors, any issue that may come up in case the case cannot be handled properly (Singer & Friedman, 2014). There is also need to take into account the confidentiality and privacy issues of the client.

Data Collection

Volatile data should be collected after setting a workstation where Windows 8 server is located and Cryptcat tools applied in listening to the port while opening a trusted console cmd.exe (Venter, 2006). The necessary commands will then be applied to obtain necessary data and all the running machines can as well be used. Next, the content of entire target system will be copied in order to preserve the original data through the use of tools such as EnCase and FTK (Singer & Friedman, 2014). After collecting all the necessary data, examination should follow especially the file system, network and windows registry through the use of forensic investigation tools (Casey, 2011). While carrying out the investigations, there is need to identify autostart location and file execution option to find out if the problem is caused by a user or malware.

Also, user activity will be carried out by mapping user information to identify activities and actions that may have been taken by the users (Venter, 2006). Some of the findings may include knowing the attacker’s persistent remote access, if the systems were compromised or the OS patches were not installed in certain systems or perhaps the existence of a suspected malware.

References

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.

Singer, P. W., & Friedman, A. (2014). Cybersecurity: What everyone needs to know. Oxford University Press.

Venter, J. P. (2006). Process flows for cyber forensic training and operations.