Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with log back ups is equivalent of full database back up. Starting the back up from the log transaction is the best practice to perform a full database back-up. The illustration in Fig 2 reveals the strategy to implement a full back up. As being revealed in the Fig 2, the back up starts from the transaction logs and the next step is to schedule the full database back up and file backups at subsequent interval to satisfy our company requirements. From the illustrations in the Fig 2, the backup (a, C, B, a) is the order in which file back-ups are carried out to satisfy the business requirements. The next step is to place the data back up in separate devises to enhance business continuity.
Fig 2: Data Restore and Back-up Strategy for Our Company
1.4. Create a Detailed Checklist
This section provides detailed checklists t to safeguard our data from the hostile IP address.
Steps
Details Description
First Step
Identification of the Hostile IP address. The identification will include the country origin, and the website associated with IP address.
Second Step
The next step is to block the IP address from communicating with our systems. We will need to install IP address management software to achieve this objective. The strategy will assist our systems to stop exporting data to the hostile IP address.
Next Step
The next step is to recover our lost data as well as implementing the full back up strategy. The SQL Server 2008 R2 is effective in restoring our lost data.
Next Step
The next step is to put the recovered data at a separate devices
Next Step
Inspect the recovered data whether all the data are intact.
Next Step
Other step is to install the IPS to prevent unauthorized network into our systems.
Final Step
Final step is to install firewall to block all the unwanted traffic from our systems.
1.5. Determine the Resources Needed
Both financial resources and human resources will be needed to carry out the project. Typically, the company will need to set aside minimum of $30,000 dollars to carry out the task. The company could use an in-house staff or third part providers to carry out the tasks. To safeguard the data integrity, it is critical to use the in-house employees. The following resources will be needed for the project implementation:
Purchase of Forensic tool to recover the lost data exported to the hostile IP address,
Installation of SQL Server 2008 for the data backup,
Installation AutoShun technology or other IP Trace technology to block the hostile IP address getting access to our data,
Set aside skilled manpower in association with a forensic expert to implement the project.
1.6. Establishing the Chain of Custody.
The purpose of this chain of custody is to establish the electronic evidence that leads to the export of data to an identified IP address.
On 25 June 2013, Mr. James Anderson, a forensic expert in our organization collects the evidence that a hostile IP address has corrupted our system leading all our system to export data to the hostile IP address. Our intrusion detection system has notified us that our systems are exporting data to the hostile IP addresses.
The IP address is 58.1456.1246.1 hosted by a company having the major objective to commit criminal activities. The documented evidence reveals the file paths of the data lost from our systems to the hostile IP address.
The evidence of the data theft is from our hard drives and revealed as follows: We have made:
All the image copy of the data restored and data freshly wiped from our system.
Image copy of our operating system logs.
Typically, data are lost from the following systems to the hostile IP:
Data are lost from our server,
Data are lost from our database
Data are lost all from the hard disks of our computer systems,
Data are lost from all software,
Data are lost from all our storage devices, which include tapes, USB, and other storage devices that we use in storing our data.
The type of the data stolen from our system to the hostile IP address is as follows:
Credit card information of our clients,
Sensitive data such as SSN, health information, bank accounts, email, phone number, and addresses of our clients.
The strategy that we use to trace the hostile IP address is as follows:
Using of tracing tools include that include Netscan Pro and Neotrace.
We also Use IDS logs.
With the assistance of our computer forensic expert, the following professionals also assist in the investigation:
Incident team and corporate security,
Security investigator,
Emergency response core team,
Application owner,
Application developer,
Computer Forensic Tools: The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of
Specialized forensic tools will be necessary to retrieve and analyze deleted, renamed and encrypted data that search tools will overlook. Further, forensic tools will help with complex information correlation. For example, to construct a timeline of events it may be necessary to tie network log stamps and data together with database access and usage logs. Reporting is the final phase of forensic investigation. Here, the article is weak, only recommending
Such information is collected using packet sniffers which are programs that can access all information passing through a computer, and not only information particularly sent to the computer. The packet sniffer can either pick all the information, or just selected what is needed, and at the specific time when the information passed through the computer. This is then copied into a given memory. However, for the packet sniffers to
burgeoning field of computer or digital forensics has multiple applications. As Carroll, Brannon & Song (2008a) point out, the two primary functions of computer forensics include data extraction and data analysis. As with other areas of forensics, methodologies in computer forensics include scientific methods of data collection, data preservation, and data analysis with ultimate goals of documentation or presentation in accordance with the needs and demands of the investigative
DIBS Forensic Workstation - Complete solution for problems faced by investigator of computer crimes; FREDDIE - Forensic recovery of evidence deice diminutive interrogation equipment; EnCASE - Fully integrated forensic application for Windows; and ProDiscover DFT - completely integrated Windows ™ application for the collection, analysis, management and reporting of computer disk evidence. Designed specifically to meet NIST (National Institute of Standards and Technology) standards. (Timberline Technologies, 2005) Harris (2005) states that if anti-forensic
It is thus that technologies which work to yield that crucial data from the memory store of any such device have become so valuable to law enforcement in the age of terrorism. According to the Computer Forensics Tool Testing Program (CFTT), "a cellular forensic tool shall have the ability to logically acquire all application supported data elements present in internal memory without modification" (Ayers, 15) This is to indicate that
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now