08-09-2014, 04:13 PM
Forensic policy and risk assessment for IT and Database organizations
policy and risk.docx (Size: 36.09 KB / Downloads: 9)
Introduction
The vast field of cyber forensics has grown over the past few decades. Much advancement has been made in this field both practically and research based. As a part of this course we are getting this opportunity to learn different colors of this diverse field. I’m working in networking department of our country’s top IT and Database organization. I would like to implement a forensic policy for all such institutions which own very important data and assets and cannot risk being hacked. These companies have to adopt some specific policies, rules and regulations to keep their data safe and protected from all external attacks. This domain will be discussed in the papers define the true picture of research in the field of cyber forensics and both suggest innovative algorithms for the research methodology that can be used to facilitate the cyber forensic experts and professionals. Another part of my topic, where I will mention the methodology of protecting the data from being hacked and the rules and regulations for every department, allowing them limited access over the internet and over other domains so that we can make any network secure. Forensic policy will define the methods adopted to extract data and implementation of techniques after an incident has occurred.
This will also define how to collect the evidence perfectly in its true shape. The rules of accessing someone’s computer in a IT based institution and also will show the existing approach according to the research papers which have been implemented and are being implemented all over the world and what are the drawbacks and miss outs of these forensic techniques and the improvements and other new techniques will be mentioned in this method. These can also help to facilitate the Information Security teams of large IT institutions around the world. They also give the reference about many other researches and historical events that have taken place according to Information Security issues.
With the wide application of computer Internet, computer crime incidents also occur frequentlyHealth . Computer crime has become a new direction in criminal cases. Combating crime the key is to obtain sufficient, reliable and strong evidence. Therefore, computer forensics gradually become the focus of research attention.Computer evidence refers to the computer and used as evidence in the form of a
Cut material and its derivatives. Computer forensicsis the use of computers and related sciences technical principles, methods, and computer access to relevant evidence to prove that a certain objective the fact that the presence of the process. Forensics initiative's goal is to establish an appropriate system automatically found that collect, filter suspicious data, and to achieve efficient, safe and reliable way to store data, when necessary to provide for the automatic analysis query or report. Person who summarizes the support the establishment of such a system in the enterprise internal users against the basic principles.Intrusion Detection System (IDS) due to its inherent advantages have become the network security full solution of an important part of, and access to a wide range of applications.
IDS mesh before will produce a large independent, original alarm information. In addition to these alarms massive features, a higher rate of false positives and false negatives. From a legal perspective, it reported police logs as evidence is not strong. Network data to obtain evidence of belonging to something real the evidence, that the commission of the offense or evidence of transmission interception. As the network with width increases, the data transmitted over the network more and more, forming a mass of data. This paper presents a computer -based evidence of intrusion detection method for acquiring the existing based on network intrusion detection, forensics initiative closely integrated with IDS, the real
Literature Review
Determine
This is the process of determining such things there is little evidence exists , the where and how it is saved, & which OS is being used. From this information investigators can identify the identity of the corresponding recovery methodologies, as well as tools to be used
Storage
This is to preserve the integrity of digital evidence in the process, to ensure that chain of custody is not broken . The data needs to be stored in stable media : as CD-ROM, use reusable methodologies. All records must take steps to capture data. Any changes to the evidence must also be documented , including what kind of change is reasons for the changes . You may need to prove the integrity of the data court of law.
Exhibition
This is the evidence presented in the legal process can be accepted ,Understandable manner . If the problem is presented in court the jury, who may There is little or no computer experience , must be able to understand what is how do you propose to its original, otherwise all efforts may be Futile.
Computer Forensics Rules
The original minimum processing
This can be seen as the most important rules of computer forensics . Where to make a copy of the evidence and may repeat the examination. In this process, the copy is an exact copy of the original , and you must also verify that the problem can copy , otherwise improve the integrity of the evidence
Any change in the account
Some evidence of the changing situation of the United Nations may be inevitable . As for example , to open or close the machine may cause changes memory and / or temporary files. Where changes, the nature, extent as for the reason for the change must be documented
Comparative analysis and Conclusion
These discussed policies are every effective for the analysis of forensic analysis of an IT based Institution. Each has its own benefits and drawbacks. These can be overcome by suggesting a well-defined forensic policy which has the traits of all three of these strategies used along with the solutions to meet the future requirements. None of these methodologies show the true essence of forensics and a solution for a solid approach towards a crime scene. They also do not discuss the scenarios which a analysis can face on the crime scene, the hindrances in the way of collecting evidence. More over none of these methods define the parameters, boundaries or restrictions according to any specific country, As the legal framework for forensic analysis is not universal and it varies from country to country. These are some of the major parameters which are missing in these research works and shall be included in my proposal.
In an academic institution in a nutshell, the program could achieve forensic ready to assist actively in favor of identifying and collecting potential evidence for the prosecution assessment of any party in violation of the regulations. The ten steps with more detail applied to shed more light on the computer forensic preparations examination of evidence. Several steps have been discussed: the case, the available sources
Evidence, how to deal with evidence, surveillance and privacy issues, legal issues, and environmental policy Assessed before the start of the scene.