Digital investigation in the organisation Essay

digital investigation in the organisation - Essay ExampleDifferent models of operation used depend on the complexity of the situation (Marshall, 2009). Digital investigations arise as a result of an occurrence suspected, attempted or actual in an organization. The occurrences hatful be triggered by internal and external factors and can cause considerable damage or loss to an organization directly or indirectly. For instance a. Abuse of the organizations resources such as internet b. Fraud and spin c. Unauthorized access by employees d. Sexual harassment or display of indecent or pornographic material e. Breach of contracts f. Departmental misuse g. credentials breach A contingency plan should be devised to mitigate such incidences. A framework formulated will prepare for both low oftenness/high impact as well as high frequency/low impact events in the organization. This paper details investigation procedure at Salford university school of computing science and Engineering. Our ca se study will focus on server trespass in the university school department. An incident of server intrusion to the university administration occurred, and a contingency plan formulated to authenticate the suspicion, respond and analyze the incident. Due to the delicate nature of digital evidence improper manipulation may lead to damaged or compromised information. The idea of having to start an investigation in this department can lead to a crisis. Proper procedures need to be laid down to manage the crisis. There are general questions, which the CFA will need to address in order to carry out the investigation successfully. a) Who should the sign suspicions or observations be reported? b) Access of quality evidence? c) Identification and acquisition of relevant digital evidence? d) How the university can operate effectively during the occlusive of investigation without creating a crisis which might be worse than the one investigated? e) The legal obligations of the university needed during the investigation and association with external law enforcement agencies f) The role of management in determining the direction of the investigation and the possible incidence of biasness. A digital investigation divided into different items according to the model adopted. Researchers at the U. S. Air deplume studied various models and came up with common characteristics that characterize these models. They then incorporated them in a single model known as Abstract make Model. It contains different phases this model has 17 phases classified into 5 major groups (Gilbert Peterson, 2009). a. Preparation b. Deployment c. Physical crime scene d. Digital crime scene e. Analysis The data flow diagram above show a simplified process of forensic investigation. The first stage involves a number of activities. First, the computer or the system to be investigated should be on. If the student uses password, then the CFA has to look for a way to open it. There is a universal pass word that opens locked computers without tempering with the files. The second stage involves application of different forensic tools to retrieve data from the computer memory. The tools used should enable the CFA to retrieve deleted data from the recycle bin. During this process, the computer being investigated should be cordoned. The one-third stage involves application of different physical investigation models to the computer. These include taking the finger prints on the keyboard and mouse. Any other information that may help the CFA is taken. before the information is analyzed, the forensic expert should check the accuracy, integrity and