Incident Response and Computer Network Forensics
The landscape for law enforcement and security professionals when responding to a Cyber Attack continues to change and a rapid pace. Attackers know how forensics investigators work and as such are able to carry out more sophisticated attacks while knowing how to cover their tracks. Maintaining knowledge of new attacks and updated forensics capabilities are paramount in keeping pace with adversaries. Below is an example Incident Response Report from my CSOL 590 course that includes a fictitious case, interview questions, target evidence, tools used, and more.
CSOL 590 Course Reflections
Having worked in law enforcement earlier in my lifetime I am very familiar with Chain of Custody and how important it can be. I’ve seen an entire case thrown out due to somebody in the chain of custody not documenting it properly. As such, chain of custody and integrity of digital evidence play a very important role in the digital process of forensic investigation, due to the fact that in every phase forensic investigator must know where, when and how the digital evidence was discovered, collected, handled with, when and who came in contact with the evidence, etc. Proper chain of custody must include documentation with answers to all these questions. If one of these questions remains unanswered, the chain of custody is compromised and disrupted. In this case, when presenting evidence in court, if one link was missing in the chain of evidence, the court would not accept the evidence as relevant. The whole investigation process would be futile.
Being able to work hands on with some of the digital forensic tools throughout the CSOL 590 course opened my eyes to how complex locating digital footprints can be. The capabilities of such tools also make it easy to be used for nefarious purposes. As such it's important that a digital forensics professionals conduct and demonstrate a commitment to being diligent and abide by high moral and ethical standards. It's best to obtain and present facts only.
Being able to work hands on with some of the digital forensic tools throughout the CSOL 590 course opened my eyes to how complex locating digital footprints can be. The capabilities of such tools also make it easy to be used for nefarious purposes. As such it's important that a digital forensics professionals conduct and demonstrate a commitment to being diligent and abide by high moral and ethical standards. It's best to obtain and present facts only.
Incident Response and Computer Network Forensics References
Forensic Toolkit User Guide
Forensic Tool Comparison
Autopsy
FTK Imager
Forensic Toolkit User Guide
Forensic Tool Comparison
Autopsy
FTK Imager