Develop a Plan for Famous Financial Corporation Computer Investigatio

Question: Describe about the Develop a Plan for Famous Financial Corporation? Answer: Introduction Computer forensics is known as the branch of science which deals with the investigation of digital devices which is very much related to the computer crime. The digital forensics is also known as the computer forensics that has now become to extension of all devices that are capable of pile up the data (Bauchner, 2006). With amount of rise in the cyber crimes in US and European nations, most of the nations has build a special task force called the digital forensic investigations team that take part in the investigating the criminal law against those who are violates their civil rights of using the computer. The study will focus on the famous financial corporation whose has been failing to track the unauthorized the money transfer to recipients. Apart from that, the study also focuses on the specific digital forensic investigations (Clarke, 2010). Here, the famous financial company is being unauthorized funds is being shifted in the sales department who is not informed any of the department. This problem is caused by computer hacking and breaching firewall system of financial company (Easttom Taylor, 2011). However, lack of the information about the unknown recipient is one of the major problems for the company. Since, as an head of information protection department of famous corporation, the duty to find the department where the fund has been transferred (Hoog McCash, 2011). It is one of the major responsibility which is given by the senior VP HR manager of the company. Digital forensic investigations In order to catch a unwanted recipient who is doing the unauthorized cash transaction from the one department another, in this case sales department. Therefore as the head of information protection department (IPD), with use of several tools and techniques from the various sources would help the investigation more in depth which will give an insight of the cyber thief who is creating problem for the company (Prosise Mandia, 2003). As a head of the company, using the existing personnel to engage in the process of finding the actual recipient who has been breaching the secured robust firewall system of the company is initial step. Digital forensic technician: One of the major works of the digital forensic technician is to gather the information and proof from the area of crime scene. The technician will take every code or breaching code used by the unauthorized recipient along with other samples (Shinder Tittel, 2002). Technician will be carrying out live investigation of the data with help of various tool such as Microsoft COFEE. Apart from that, the technician will also use the various hard drive and also track down the IP address in order to check where the exact location of cyber thief. Besides that, digital media instrument will help the technician to collect the data of crime which will help in further investigations (Vacca, 2005). Digital verification inspector: Digital forensic investigator is very much has expertise in the field of collecting the digital evidence. In the broader sense the evidence officer will be using his computer forensic to find out the exact breach of password for the company (Vacca Rudolph, 2011). Apart from that, the evidence examiner wil also be taking finger prints of the employees and managers along with DNA evidence in order to check the last server user. One of the major principles of the digital verification is that every information is written in binary units 1and 0 that can be saved to break the code or softwares. In order to finding this type of saved instruction, mainframe computer will be needed to be investigate as an evidence (Hatch, 2008). There has been several computer fraudulent has been happened since 1970s for instance, Flagler dog track in Florida, USA has innovated the print fake winning tickets. This has created a new law called the computer crime act which is based on the unauthorized used of the computer crime. Digital evidence as per the examiner will be identified in the computer hard drive and other apparatus of computer. This will also includes the thumb drives and the other removable drives like pen drive or the CD ROM etc (Sarkar, 2013). Strategy for conducting the investigation The digital investigation would be conducted on the digital forensic investigations irrespective of the internal manpower fraudulent case or inspecting the access to server who is stealing the money their own department. Some of the major strategy used by the IPD during the time of their investigation are given below: Data collection strategy Taking charge of full evidence: One of the major first step is to taking the charge of the entire crime scene by seizing all of the evidence. With the help of consulting with technician ask him/her to take the required peripheral from the scene. Take permission from the manager before seizing the evidence (Thakkar, 2010). Entire suspect and witness must be removed near evidences. Entire information regarding the LAN including the passwords, operating system email address must be gather as the information required for further investigations. Handling of the evidence: While reaching at the scene seek as the evidence is it is for instance of the computer is in the turn on then dont turn off the computer. If the computer is being turn off then while turning it on then read the and save the encryptions software installed on the mainframe of the computer (Tipton Krause, 2012). While doing the forensic methods to collect the encrypted data before shutting down the PC then analyses the power needed for the device with its existing memory system and follow the protocols or norms while handling these devices as an evidence. After that, taking photo graph of the computer and its area and make the videos of the computer connections environment. Note down the pre loss of the damage of the any kind of evidence. Cut the Computer network: Make the computer standalone by disconnecting the entire power sources and along with that if there is laptop then remove the battery. Fixing of the power plug connector on the flipside of the device will help analyse the last used IP address (Al Ameen et al. 2013). Apart from that, remove every kind of wire from the computer and place the tape of evidence over the power plug in the reverse side of the computer in order to identify the file sharing process during the 4 days by the computers or by any of the network. Network server of the computer must be taken into consideration to capture the volatile data for the company. As given most of the TV services, the forensic evidence must be taken consideration before going for the final check. Every set of evidence must be protected as set of evidence in future. With the help of appropriate way of packaging of evidence via practice bags, or paper bag, sealed the computer peripherals from connected rot the power (Antoniou et al. 2008). Peripheral with volatile memory must be kept packaged appropriately to maintain with safety and precautions. Lastly, quintessentially logistics of the digital evidence must be kept safely in order to prevent it from any kind of damages or the from the magnetic products or from the fire etc in order secure the required the data safely. Equipment arrangements: Coming at this phase, devices are used to collect the data from the hardware and softwares for the forensic imaging or analysis based on the evidence collected. Devices must be reviewed and documented to make sure that proper performance is maintained (Ballou Gilliland, 2011). Only those devices will be employed that are helpful for operating at the crime scene. With the help of various software system the investigation can be completed some of the major devices for investigations are given below : SANS SIFT: It is one of the major forensic technology kit which based on the live streaming of CD that includes entire tools and is necessary at the time of conducting the investigations. The software is very much compromises of the Witness format and advanced forensic format and RAW verifications format (Brueckner et al. 2008). This help to use the documentations on the desktop to help to become accustomed to what are those tools that are used on behalf of them. Volatility: It is one of the major forensics memory structure for the incident response of the unauthorized the hacking of the codes which helps to identify the codes which is majorly dump by RAM. Volatility helps to execute the version of windows and check the folder to malware of the password hacking to know the exact place of from where the code is coming from. Forensic imaging strategies: Here the team would be using the document is used based on the present condition of evidence. While doing the prevention must be taken to less exposure of the proof because of the problem of the contaminations from the hazardous chemical or the fire. Some of the ethical code of conduct must be maintained while examining the forensic evidence which is to following the honesty and integrity while investigations of the evidence within their packaging (Casey, 2013). Lack proper packaging of the any kind of evidence can creates problem for the examiner in future. Moreover, some of the peripheral like hardware and software write blockers are being used to prevent the evidence from being destroyed or being modified. Apart from that, forensic images must be captured of hard ware and softwares which is capable of bit stream images of original media (Guo Slay, 2010). The digital form of the evidence must be examined or maintained via data is preserved. Forensic images must be kept in the archive to maintain the future reference in case of another un-authorization for the hacking the firewall system of the famous, financial company. Build extractor: It is one of the major device which scan the disc image, file and or dig out the information such as the email address of the unauthorized person, IP address and URL of the hacker which will help the department to understand the actual series of information that has been used by the companies (Kenneally, 2005). The extracted information will be in the high encryption code which will be in the form of binary numbers. Forensic analysis strategy: It is one of the major methods of the documentation that is provided to determine the actual method of procedure that is needed to finish the part of the investigations and determine legal authority that includes examinations. Some of the major examples for the authority been consent are taken by the manager of the company, or the directive given by the board of the directors or by the third party by warrant (Lim et al. 2012). Consideration must be taken before commencing the investigation in order make them understand the need of the of information. An investigation most be based on the examiner and the requestor along with that investigation also must be conducted on the basis of the original proof and investigations to image files (Nogueira Celestino Jnior, 2009). With the help of appropriate form of control and standard during the time of investigations would help the IPD to solve the problem and submits the report on the basis of logical and systematically. Figure 1: Framework of digital forensic investigations (Source: Schmitknecht, 2004, pp-178) Documentations: After doing all of the above strategy, a document is formed that will includes: -Print copy of permission gained by the manager and owner of the company -Sequence of detention and seizing of peripherals (Sealey, 2004). -Total evidence must be counted -Information about the packaging and receipt and the total returning materials (Spruill Pavan, 2007). -description of evidence and -Communication about the culprit and case history The dements must be able to answer the question regarding the original theft , the culprit and expertise in the areas of making the security firewall system more strong softwares etc. the document must have contained the. Reports submissions: While submitting the reports some of the major examination of the reporters must be take care in order to maintain the protocol of the company information. The report must be comprises of various information regarding the reason of failure of the security system and the unauthorized people who has breaching the code or the password of the company to conduct burglary (Thompson, 2005).. -The report must contain the reason for the breaching the current firewall system . -The report must be continued or issued to address the requestor needs. -The report will give insight information in a very much clear and concise manner (V.Kayarkar, Ricchariaya Motwani, 2014). Forensic investigating steps for collecting the data NYPD (New York police department) forensic team will be handling the process of the collecting the information in order to catch the real culprit who has been transferring the money from one department to another without consent of the manager (Yusoff, Ismail Hassan, 2011). Since, the famous financial corporations is been facing the loss of the fund from one department to another , therefore the company I has hired the IPD and NYPD to collect the data for professional purpose. The data will be collected from the computer and its network will be based on the internal drives the accept media such as CD or pen drive along with USB along with memory card (airccse.org,. 2015). These external storage system is been used to hack the funding process without un-authorizing from the company. Apart from that, there has been other possible data which can be gained via various sources of data that is attached to the devices. One of the major sources of informations would be coming from the network programming like LAN and, WAN or WiFi etc. The data collected must be aware of the organizational policy and as well legal authority of their power while collecting the data (Yusoff, Ismail Hassan, 2011). Besides that, the situation of collecting the data can be even more complicated if the company location of the network is outside the organizations but since the incident is been take place within the departments (Finance to sales) shows that , collecting the data from one PC to another is one of the most difficult task. As per argument against the fourth amendment , computer can be used by various person even though it is an organization. Computer files and the fourth amendment does not specifically is been used in the cyber caf or the any other IP address . Since, the crime has occurred with the organizations, it will very easy for the examiner and the NYPD forensic department to collect the data (Ballou Gilliland, 2011). However, for NYPD entrance a warrant will be required in order to seize the computer. In spite of that, collection of data will be possible because the increase of emergency the fourth amendment gives the exceptions. Under the fourth amendment, forensic of NYPD will get free reign at looking of the computers files without the warrant from the court (Brueckner et al. 2008). Some of the major steps in the data collection are given below: The data can be acquired from the sources via three step process. Developing a plan to acquire data, acquire data and verification of the reliability of data a.Planning to collect the data: While making the plan, it is very much important to identify the sources of data information. The examiner can identify the data as per their priority and need for the investigations. Some of the major important factors are given below: Likely value: It is based on the understanding of the current situation of the problems and also based on the previous department (Casey, 2013). The examiner of the data must collect the data which relatively likely data sources. Volatility: Volatility of data here is based on the live system which is has been damage during the time of computer power off. Acquiring of the volatile data must be given major priority that the non volatile data (Guo Slay, 2010). Non volatile data of famous financial corporation would be helpful to analyses exact happenings. Efficiency needed : One of the major efficacy is been required to acquire of the data is time and at this stage time is money for the company. The time spent in equipment to take out the volatile and non volatile information along with new router takes longer time to capture the information (Kenneally, 2005). b.Data acquiring: The NYPD and IPD must look to acquire the data via various security tools like DRS or other forms of securing the data. Forensics can use their power of fourth amendment to use the forensic tool to collect the volatile and non volatile data by various sources. Data can be acquired via local method or over network (Lim et al. 2012). While acquisition of data over network , the judgment must be made as per the necessity of data and the attempt given on finding that. c.Verifying the reliability of the data: After the acquisition of data , it relevancy of the data is must be analysed. This is because the examiner and forensic analyst must confirm or sure that data is not been tampered (Nogueira Celestino Jnior, 2009). Data integrity very much suggest that, it consist of the several tools and copy the data from original digest data with the copied data. While doing so, several other steps must be taken into account to go detail investigations of the data which will show the information about the each tool discussed. The collected evidence must be well photographed and to show the visa evidence and monitor the entire information which will give direct access to the informations (Schmitknecht, 2004). For instance, if the computer on then it must be password protected in order to assess the actual information which will help the investigator for future reference. Formulation of plan for improving the weak security measures Make connection to secure network: One of the major step that should be taken by the famous financial company is to connect the serve in the most secured network. While connect with the LAN or the router, company should look to consult with company to access the best sure network. The configuration of the wireless network must be WPA 2-AES encryptions in order to maintain the data confidentiality (Sealey, 2004). Apart from that, company also should look to change their default username and password to manage the publications. Moreover, conduct MAC to filter the address while engaging the wireless SSID for instance, Small office /Home Office Router security. Build a strong firewall system: Building the strong and robust firewall system in order to manage and control the malware. Besides that, in order to build the strong firewall system ,company should look to use the high configuring firewall system like AsK5 , Cisco and Windows firewall system are some of the most secured firewall network within the system (Spruill Pavan, 2007). Moreover, building the firewall system and conducting the strong password arrangement which is only known by the managers of the company is one of the major way to stop the funds transfer without consent of the organizations. Training the existing employees: Check the employees background and train them enough to work as per company objectives. In order to improve reduce the theft and burglary from one department to another, company need to make strict policy and procedure. The strict policy and procedure of caught for guilty then as per the fourth amendment norms, employee will fired and sentenced for more than 15 years. With the help of setting of ethical code of conduct for personal use of internet will be punished by the company. The procedure will helps the company preserve from the misuses of the internet access (Thompson, 2005). Limited use of the professional access to the employee will give the company enough scope to create the fear in the employee of misusing of the internet within the organsiations (V.Kayarkar, Ricchariaya Motwani, 2014). In fact impact of fourth amendment will give the NYPD and other forensic department to search the computer without any kind of warrant. Conclusion From the above, informations, it has been found that, Famous financial company is been facing illegal transfer of money from one department to another without any kind of consent is been one of the major issue for the company. With the help of the help of forensic investigation of computer and network the company will be able to know the exact place the amount has been transferred. With the help of various process like seizing of data , handling of evidence of the data and standalone data helps the company analyze the actual process of the infestations. The process of investigation has given enough evidence that the amount has been gone to the sales department of the FFC. Apart from that, another major method collection of data like identifying of the possible sources of data , acquiring the data and relevancy of data is required to understand the actual data process. Most of all the investigation would be completed with NYPD with legal actions via fourth amendment policy. The fourth amendment is one of the major legal activities which suggest that, in case of emergency the NYPD forensic can check the computer or file or another other things without any kind of warrant. In order to improve the security system of the company, secure network system is implemented. Reference List Books Bauchner, E. (2006). Computer investigation. Philadelphia: Mason Crest Publishers. Clarke, N. (2010). Computer forensics. Ely: IT Governance Pub. Easttom, C., Taylor, J. (2011). Computer crime, investigation, and the law. Boston, Mass.: Course Technology PTR/Cengage Learning. Hoog, A., McCash, J. (2011). Android forensics. Waltham, MA: Syngress. Prosise, C., Mandia, K. (2003). Incident response computer forensics. New York: McGraw-Hill/Osborne. Shinder, D., Tittel, E. (2002). Scene of the cybercrime. Rockland, MA: Syngress Pub. Vacca, J. (2005). Computer forensics. Hingham, Mass.: Charles River Media. Vacca, J., Rudolph, K. (2011). System forensics, investigation, and response. Sudbury, MA: Jones Bartlett Learning. Hatch, B. (2008). Hacking exposed Linux. New York, NY: McGraw-Hill. Sarkar, P. (2013). VMware vCloud Security. Birmingham: Packt Publishing. Thakkar, J. (2010). Securing cognitive radios with a policy enforcer and secure inter-component transport mechanisms. [Blacksburg, Va.: University Libraries, Virginia Polytechnic Institute and State University. Tipton, H., Krause, M. (2012). Information Security Management Handbook, Fifth Edition. Hoboken: Taylor and Francis. Journals Al Ameen, Z., Bin Sulong, G., Md. Johar, M. (2013). Computer Forensics and Image Deblurring: An Inclusive Investigation. IJMECS, 5(11), 42-48. doi:10.5815/ijmecs.2013.11.06 Antoniou, G., Sterling, L., Gritzalis, S., Udaya, P. (2008). Privacy and forensics investigation process: The ERPINA protocol. Computer Standards Interfaces, 30(4), 229-236. doi:10.1016/j.csi.2007.10.008 Ballou, S., Gilliland, R. (2011). Emerging paper standards in computer forensics. Digital Investigation, 8(2), 96-97. doi:10.1016/j.diin.2011.05.017 Brueckner, S., Guaspari, D., Adelstein, F., Weeks, J. (2008). Automated computer forensics training in a virtualized environment. Digital Investigation, 5, S105-S111. doi:10.1016/j.diin.2008.05.009 Casey, E. (2013). Triage in digital forensics. Digital Investigation, 10(2), 85-86. doi:10.1016/j.diin.2013.08.001 Guo, Y., Slay, J. (2010). Testing Forensic Copy Function of Computer Forensics Investigation Tools. Journal Of Digital Forensic Practice, 3(1), 46-61. doi:10.1080/15567280903521392 Kenneally, E. (2005). The Internet is the computer: The role of forensics in bridging the digital and physical divide. Digital Investigation, 2(1), 41-44. doi:10.1016/j.diin.2005.01.011 Lim, S., Yoo, B., Park, J., Byun, K., Lee, S. (2012). A research on the investigation method of digital forensics for a VMware Workstations virtual machine. Mathematical And Computer Modelling, 55(1-2), 151-160. doi:10.1016/j.mcm.2011.02.011 Nogueira, J., Celestino Jnior, J. (2009). Autonomic Forensics a New Frontier to Computer Crime Investigation Management. The International Journal Of Forensic Computer Science, 29-41. doi:10.5769/j200901003 Schmitknecht, D. (2004). Building FBI computer forensics capacity: one lab at a time. Digital Investigation, 1(3), 177-182. doi:10.1016/j.diin.2004.07.007 Sealey, P. (2004). Remote forensics. Digital Investigation, 1(4), 261-265. doi:10.1016/j.diin.2004.11.002 Spruill, A., Pavan, C. (2007). Tackling the U3 trend with computer forensics. Digital Investigation, 4(1), 7-12. doi:10.1016/j.diin.2006.12.001 Thompson, E. (2005). MD5 collisions and the impact on computer forensics. Digital Investigation, 2(1), 36-40. doi:10.1016/j.diin.2005.01.004 V.Kayarkar, P., Ricchariaya, P., Motwani, A. (2014). Mining Frequent Sequences for Emails in Cyber Forensics Investigation. International Journal Of Computer Applications, 85(17), 1-6. doi:10.5120/14930-3332 Yusoff, Y., Ismail, R., Hassan, Z. (2011). Common Phases of Computer Forensics Investigation Models. International Journal Of Computer Science And Information Technology, 3(3), 17-31. doi:10.5121/ijcsit.2011.3302 Websites https://airccse.org,. (2015). COMMON PHASES OF COMPUTER FORENSICS INVESTIGATION MODELS. Retrieved 20 March 2015, from https://www.oas.org/juridico/spanish/cyb_best_pract.pdf