Scribd
Upload
5 views

Cyber Unit 4

Uploaded by

Agrup Singa
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Cyber Unit 4

Uploaded by

Agrup Singa
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

1.

Introduction to Cyber Forensics

Cyber forensics is the practice of collecting, analyzing, and preserving electronic


evidence in a way that is admissible in a court of law. It helps investigate cybercrimes,
identify perpetrators, and ensure digital evidence remains tamper-free.

Objectives of Cyber Forensics:

1. To investigate cyber crimes like hacking, identity theft, and fraud.


2. To collect and preserve evidence for legal proceedings.
3. To analyze data to understand attack methods and prevent future breaches.

Applications of Cyber Forensics:

1. Investigating cybercrimes like phishing and malware attacks.


2. Recovering deleted or encrypted data.
3. Tracking digital footprints and identifying attackers.

2. Computer Equipment and Associated Storage Media

This refers to all hardware and digital media that can store electronic data, which may
serve as evidence in forensic investigations.

Types of Equipment and Media:

1. Computers and Laptops: Store user files, system logs, and sensitive data.
2. Storage Devices: Includes hard drives, SSDs, USB drives, and memory cards.
3. Mobile Devices: Smartphones and tablets store personal data, messages, and
app logs.
4. Network Devices: Routers, switches, and servers store configuration and traffic
data.
5. Cloud Storage: Online platforms like Google Drive or Dropbox hold user files.

Role of Equipment in Forensics:

1. Serve as sources of digital evidence.


2. Contain logs and traces of cyber activities.
3. Help identify unauthorized access or file manipulation.
3. Role of Forensics Investigator

A forensics investigator is a professional responsible for identifying, preserving,


analyzing, and presenting digital evidence to solve cybercrimes. He identifies, collects,
preserves, and analyzes digital evidence to solve cybercrimes.

Key Roles and Responsibilities:

1. Evidence Collection: Gather data from devices like computers, phones, and
networks.
2. Preservation: Ensure evidence is not tampered with or corrupted.
3. Analysis: Use tools to extract relevant information (e.g., logs, files).
4. Reporting: Create reports that detail findings in a way understandable to
non-technical audiences.
5. Legal Support: Present evidence in court and testify as an expert witness.

Key Notes for Memorization:

● Definition: Professional solving cyber crimes through evidence.


● Responsibilities: Collect evidence, preserve, analyze, report, legal support.

4. Forensics Investigation Process

The forensics investigation process is a systematic approach to examining digital


evidence. It ensures the evidence is collected and analyzed in a legally admissible
manner.

Steps in the Investigation Process:

1. Identification: Identify potential sources of evidence (devices, logs).


2. Collection: Gather evidence while maintaining a proper chain of custody.
3. Preservation: Store evidence securely to prevent tampering or data loss.
4. Analysis: Examine data using tools to find clues or patterns.
5. Documentation: Record findings with proper documentation.
6. Reporting: Create a report detailing the investigation's findings.
5. Collecting Network-Based Evidence
Network-based evidence refers to data captured from networks that may be used to
investigate cybercrimes. This evidence includes traffic logs, communication data, and
other information transmitted over a network.

Steps to Collect Network-Based Evidence:

1. Identify Sources: Look for routers, firewalls, and intrusion detection systems
(IDS).
2. Packet Capturing: Use tools like Wireshark to capture live network traffic.
3. Log Analysis: Analyze logs from servers, firewalls, and network devices.
4. Extract Metadata: Metadata such as timestamps and IP addresses help trace
activities.
5. Preserve Evidence: Ensure network data is stored securely and is not altered.

Tools Used for Collection:

● Wireshark (packet capture)


● NetFlow (traffic monitoring)
● Tcpdump (command-line packet capture)

Key Notes for Memorization:

● Definition: Data from networks used for cyber investigations.


● Examples: Logs, traffic data, timestamps.
● Steps: Identify, capture, analyze, extract, preserve.
● Tools: Wireshark, NetFlow, Tcpdump.

6. Writing Computer Forensics Reports

A computer forensics report documents the findings of a digital investigation. It must be


clear, concise, and structured to be understandable by non-technical stakeholders,
including courts.

Structure of a Forensics Report:

1. Introduction: Brief overview of the case and investigation scope.


2. Details of Evidence: Information about the devices and data analyzed.
3. Investigation Steps: Explain how the evidence was collected, preserved, and
analyzed.
4. Findings: Summarize the main results, including patterns or anomalies.
5. Conclusion: Provide insights or recommendations based on findings.
Best Practices for Writing Reports:

● Use simple, clear language.


● Avoid technical jargon unless necessary.
● Include visuals (screenshots, charts) to explain evidence.
● Ensure the report is accurate and unbiased.

7. Auditing

Auditing in cybersecurity is the process of examining and evaluating an organization's IT


systems, controls, and processes to ensure compliance with security policies and
standards.

Types of Audits:

1. Compliance Audit: Checks if systems meet regulatory requirements.


2. Operational Audit: Reviews the effectiveness of IT operations.
3. Technical Audit: Examines technical controls, such as firewalls and encryption.

Steps in Auditing Process:

1. Planning: Define audit objectives and scope.


2. Data Collection: Gather data from logs, devices, and systems.
3. Analysis: Evaluate data against set criteria or standards.
4. Reporting: Document findings and provide recommendations.
5. Follow-Up: Ensure that recommendations are implemented.
8. Information Security Management System (ISMS)

An Information Security Management System (ISMS) is a structured approach to


managing sensitive company information, ensuring its confidentiality, integrity, and
availability. It involves policies, procedures, and controls designed to mitigate risks to
information assets.

Key Components of ISMS:

1. Risk Assessment: Identifying potential threats and vulnerabilities.


2. Control Framework: Setting up safeguards to mitigate risks.
3. Policies and Procedures: Documented guidelines to handle information securely.
4. Monitoring and Review: Continuously monitoring and reviewing systems for
effectiveness.
5. Incident Management: Preparing to respond to security breaches.

Key Notes for Memorization:

● Definition: Structured approach to protect sensitive information.


● Components: Risk assessment, control framework, policies, monitoring, incident
management.
● ISO 27001: International standard for ISMS.

9. Introduction to ISO 27001:2013

ISO 27001:2013 is an international standard that specifies the requirements for an


Information Security Management System (ISMS). It helps organizations manage the
security of assets, intellectual property, and information entrusted to them by customers,
partners, or other stakeholders.

Key Elements of ISO 27001:2013:

1. Context of the Organization: Understanding the internal and external factors


affecting information security.
2. Leadership: Top management must demonstrate commitment to information
security.
3. Planning: Risk management, setting objectives, and planning the controls.
4. Support: Resources, awareness, and communication.
5. Operation: Managing and executing information security controls.
6. Performance Evaluation: Monitoring, measuring, and reviewing the effectiveness
of ISMS.
7. Improvement: Continuous improvement to ensure security standards are met.

You might also like