Tuesday, July 23, 2019
Post Mortem Forensic Analysis Research Paper Example | Topics and Well Written Essays - 1000 words
Post Mortem Forensic Analysis - Research Paper Example In order to initialize a forensic analysis, the first step is to determine the point of the breach to the network. Likewise, after identifying the point of the breach, a forensic examiner can evaluate its exploitation. Moreover, the examiners can also identify the source of the threat i.e. the Internet. As per the scenario, a large computer network is compromised by a threat that may have also exploited classified documents. The report will demonstrate the forensic analysis with the aid of FTK tools in order to identify the root cause of the threat. Overview If an organization is affected by a security breach, in some cases, it is complex to calculate risks related to information assets present on the network. Likewise, it depends on the severity of the threat that may have caused large disruptions in network-based services. This is the point where the digital forensic expert is incorporated for identifying the threat, impact and network incidents caused by it. Organizations experien ce new techniques and methods from an ongoing investigation by a digital forensic expert. Likewise, the point of interception, methodology, and protection etc. are considered to be critical. Moreover, financial institutions are keener to adopt forensic analysis, as this domain including business model and nature of the data, cannot compromise on security (Network postmortem: Forensic analysis after a compromise, n.d.). For instance, master card, visa, American express demonstrates a solid online security framework. In the current scenario, where a network is already breached by a threat, these forensic experts focus on three core factors i.e. (Network postmortem: Forensic analysis after a compromise, n.d.): A discovery process focused on understanding the application and network infrastructure, as well as the business information flow of the organization Interviews with key personnel to understand the facts of the case from the customer's perspective and identify suitable sources of forensics data Data collection to gather critical sources of evidence to support the investigation, followed by analysis Methodology Assuming that the threat has initially breached the application server that was serving as an intranet for the organization, forensic investigators construct a methodology that will monitor attacks from inbound and outbound networks. These three processes will be executed, in order to detect the cause and the source: pcap trace analysis that is initialized for server-side attack pcap trace analysis that is initialized for client-side attack Netflow analysis initialized for network flow monitoring In order to capture attacks, forensic investigators implemented a vulnerable HTTP server. The server will acts as an original server and address every query related to HTTP. However, for processing a ââ¬ËPOSTââ¬â¢ request the server will initiate a separate thread that will encapsulate a shell incorporated by a port 12345. The replicated fake web server will process the shellcode similarly to the original one. The tool that will be used for exploiting and capturing network traffic is ââ¬ËWireSharkââ¬â¢(Cert Exercises Handbook ââ¬â Scribd, n.d.). It is an open-source tool that is meant for capturing data packets and network traffic examination on wired and wireless networks (Wireshark Network Analysis n.d.).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.