A Digital Forensic And Malware Investigation

975 Words4 Pages
A Digital Forensic and Malware Investigation The business SME is having breaches in security and computer operations, which is causing large amounts of sensitive data to be transferred to unknown sources outside of the company. A team of digital forensic investigators has been hired to locate and correct the cause of the incident. The investigation includes a discussion of appropriate digital forensic procedure, collection, analysis, reporting, and resolution. A detailed discussion of digital, malware, and network investigations along with recommended tools will provide SME with a solution to improve operations. To investigate SME’s incident one needs to determine what exactly has occurred and narrow down the cause. The company may wish…show more content…
To begin this digital forensic investigation interviews with the Information Technology personnel should be conducted to gather details about the computer systems, components, and network. Interviewing staff will aid in determining the impact the incident has caused to the company such as loss of information and/or profits. During evidence collection SME’s business could suffer major financial losses if computers are moved to a crime lab for an extended period. If possible, an on-site investigation would be most efficient for the company. The investigator will need to collect volatile data related to RAM, log files, caches, and network. To collect nonvolatile data clones of the hard drives may be the best option to prevent interruptions to business operations. Since SME is using Windows Server NT an assessment of the contents of the windows registry can reveal an operators actions, including programs accessed, external tools used, and unfamiliar IP address. After collection of data, an analysis in a forensic lab should be conducted. Using timeline analysis the crime can be reconstructed by examining alterations of files. Throughout this entire process it is essential that proper documentation and chain of custody are maintained. Without this documentation digital evidence may be found irrelevant if court proceedings are necessary. When a timeline is established the investigator may begin sorting through data relevant to the incident. The forensic investigation
Get Access