Project 1 – Investigation Considerations UMGC - CST 640 Overview ◦ Focus is on performing some of the steps for setting up an investigation ◦ Establishing the needs of the case ◦ Focusing...

Running Head: COMPUTER NETWORK SECURITY                    1
COMPUTER NETWORK SECURITY                            9
COMPUTER NETWORK SECURITY
THE INVESTIGATION PROJECT PLAN
Table of Contents
Abstract    3
Overview of the scenario    3
Evolution of Digital Forensic Investigation    3
Purpose    3
Governing Laws    4
Review of Industry compliance    6
Meetings and Agendas    6
Forensic Readiness    7
Resources 
    8
Investigative Process    11
Potential delays    13
Circumstances    15
References    19
Appendix    23
1. Investigation Checklist    23
3. Preliminary Investigation    25
4. Details of Investigation Team    25
5. Interview Questions for Investigation    26
Abstract
The report covers the various investigation tools, which were used for the purpose of the forensic investigation. They helped to retrieve information stored in computer and thumb drive and would help in further investigation process that need to be conduct by legal authorities. It consists of various other documents like interview forms, checklist and budget estimates so that all relevant information is documented and handled. This will be helpful in estimating then resources required so that investigation can be completed effectively and efficiently. It will also be helpful in highlighting the activities that required to be reported and can be potentially researched.
Overview of the scenario
    Digital Forensic Investigator as per legal requirement will conduct investigation which will be involving examination of two computers and thumb drive as an evidence. In order to begin with the investigation it is required to chalk out the plan so that right direction can be followed. During investigation interviews will be conducted and response will be documented for which forms and checklist will be created. The resources like forensic investigation team, tools like software and technologies like RAID, disks, deployment kits and imaging programs will be collected. The investigation plan will consists of detailed description of the process which will be followed, requirements like governing laws which will be guiding force to maintain the reliability of the investigation will be mentioned. It will suggest ways by which analysis of the evidence will be done by the investigator. It will also include budgets, contingency plan, reporting guidelines and communications like meetings and their minutes.
Evolution of Digital Forensic Investigation
Purpose
The investigation plan will help to identify the objectives, procedures, processes and policies which will be guiding in measuring the alleged conduct. It will also include the key people who will be interviewed, investigation timeline and investigation budget and the allocation of resources along with calculation of the risks involved. According to Soltani and Seno (2019) the investigation undertaken will be detailed to create investigation plan regarding the raised concern. It will also be helpful in assisting the investigators to plan, record and navigate through the completion of the same. The investigation will be engaging and will direct the investigators to move in a relevant direction by avoiding the activities which are not useful.
Governing Laws
· Chain of Custody: This law will help in making evidence legally defensible. In order to do this three conditions need to be satisfied:
(i) The evidence should be properly identified by the collector
(ii) The collector should be neutral towards case and has no personal interest involved in the case (Joseph & Norman, 2019) and
(iii) The collectors has tampered the proofs and sealed the site from where the evidence were collected.
· Search Warrants: It is a permission given by law authorities which states that there is probable cause to believe that there can be evidence of crime in computer and thumb drive. It describes particularity of the things, which will be searched and seized by the digital forensic investigator (Amato, Cozzolino, Moscato & Moscato, 2019).
Devising a search strategy
A computer and its hard drive can be a source to different types of evidence. Before scripting a search strategy it is required to understand the possible roles of computer in the crime (Montasari, 2018):
Contraband: The computer is considered as contraband due to reasons like: it might be a repository of data or it is a stolen property.
Evidence of Crime: When it is a repository of data it might contains log books, spreadsheet detailing transactions which are suspicious, other documents etc.
Instrumentality of crime: The computer might have used for hacking, distributing videos, audios or other criminal activities.
· Subpoenas: They are referred as legal document which directs a person to attend the court and provide evidence as a witness. Before issuing subpoenas it is required to fulfill certain requirements which are listed by jurisdiction like valid legal cause and presence of evidence.
· Jurisdiction: It is referred to federal and state jurisdiction under which the crime is reported and will be discussed.
· Forensic Laws and Regulations
The three aspects of law which need to be taken care of, to ensure computer security are:
(i) The Fourth Amendment in United States Constitution
which provides protection against unreasonable search and seizure and the Fifth Amendment against self-incrimination (Kao, Wu & Tsai, 2019).
(ii) The awareness about three US statutory laws:
· Wiretap Act (18 U.S.C. 2510-22)
· Pen Registers and Trap and Trace Devices Statute (18 U.S.C. 3121-27)
· Stored Wired and Electronic Communication Act (18 U.S.C. 2701-120)
This laws cannot be violated during computer forensics as it will attract punishable penalty.
(iii) The last but not least says that evidence should be authentic, reliable and can be treated as evidence. Apart from this there are two laws which affects the Forensic laws namely: Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley, California Act 1798.
Review of Industry compliance
As per Raychaudhuri (2019) the industry standards guide the forensic team that they should include memebrs from all speheres of corportae world who have varied expereinces. It will be helpful in combating the investigation challneges at forensic site. The strict guodelines need to be followed loke chain of custody, managing issues of jurisdictional access and data transport.
The monitoring devices should be independent and free from any kind of biasness so that all statutory complainces are fulfilled with diligence. The team should have substantial experience in managing cases, monitoring capacity of every size form government to private, from contractual to temporary etc. There are several other concerns like corruption, bribery, favouritism should be detected and prevented at due course of time so that outcome of the investigation is free and fair. It should be helpful to the company and the stakeholders so that necessary assistance can be provided to them by designing security policies and consulting them on the same.
Meetings and Agendas
Initial Meeting
The organizational framework will be studied. It will be found out how many employees are working, who all have access to computer and they will be asked questions on individual basis along with IT department. The questionnaire is attached in Appendix 5 for the reference. the acquired information will be summarized and documented so that further investigations can be planned on its behalf.
At team level
Before beginning with the initial meeting with the organization them team will meet and brief about the new project. They will discuss about the organization , the problem which is at surface and discuss the questions which will help them to move forward with the preliminary investigation.
Second Meeting
The second meeting will be conducted to gather more in depth information about the evidences and the suspects. It will help in analysing the usage patterns and verbal explanation of employees at the crime site. The available evidence two computer and the thumb drive will be taken into custody by showing search warrants. The key personnels will be interviewed to get more information and he same questionnaire will be used again as mentioned in Appendix 5.
At team Level
    The team will review the progress under the guidance of the Senior and examine the evidences as per checklist and the mentioned tools. It will also start examining the policies framed by the organization so to find the loops available for the breach.
Forensic Readiness
The aim of forensic readiness is to create incident preparedness which includes actions which are technical and non-technical in nature (Munkhondya, Ikuesan & Venter, 2019). The ten-step process of achieving forensic readiness is:
1. The business scenarios should be defined so that digital eveidence can be created a sper their requirement.
2. The...