Coursework Artifact
| evidence_report.pdf |
Reflections
Companies around the world are moving towards digitization of their data at a very fast pace, this marks enlargement of the threat landscape. No matter how much security controls we implement on our systems, there will always be vulnerabilities which will lead to cyber security incidents and for us to ensure we effectively respond and investigate incidents, is to maintain a complete and competent Incident Response Plan (IRP).Having an IRP means the right people with the right skills and experience, know what procedures to follow to contain and remediate a cyber security threat (Fox, 2020).
"Forensic imaging" is the phrase we use to talk about the acquisition process and the word "forensic" in this context means that we are imaging (acquiring) images in a "forensically sound" way - that is to say, using processes that are recognized as best practices and hold up in a court of law. (digitalintelligence.com, n.d.)
The artifact selected for this course represents a forensics image that is analyzed using a forensics imager tool to investigate a data leak case. It illustrates how a professional study of digital evidence is performed.
It is our professional and ethical liability to preserve CoC when it comes to digital evidence. Why is CoC (Chain of Custody) important for evidence integrity?
Preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence. (Rashi, G., 2020).
According to NIST, carefully maintaining the chain of custody not only protects the integrity of evidence, but also makes it difficult for someone to argue that the evidence was tampered with. The documentation should answer the following questions:
a. Who collected it? (i.e., devices, media, associated peripherals, etc.)
b. How and where? (i.e., how was the evidence collected and where it was located)
c. Who took possession of it? (i.e., individual in charge of seizing evidence)
d. How was it stored and protected in storage? (i.e., evidence-custodian procedures)
e. Who took it out of storage and why? (i.e., on-going documentation of individual’s name and purpose for checking-out evidence)
Documentation to all the above questions must be maintained and filed in a secure location for current and future reference. (NIST).
"Forensic imaging" is the phrase we use to talk about the acquisition process and the word "forensic" in this context means that we are imaging (acquiring) images in a "forensically sound" way - that is to say, using processes that are recognized as best practices and hold up in a court of law. (digitalintelligence.com, n.d.)
The artifact selected for this course represents a forensics image that is analyzed using a forensics imager tool to investigate a data leak case. It illustrates how a professional study of digital evidence is performed.
It is our professional and ethical liability to preserve CoC when it comes to digital evidence. Why is CoC (Chain of Custody) important for evidence integrity?
Preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence. (Rashi, G., 2020).
According to NIST, carefully maintaining the chain of custody not only protects the integrity of evidence, but also makes it difficult for someone to argue that the evidence was tampered with. The documentation should answer the following questions:
a. Who collected it? (i.e., devices, media, associated peripherals, etc.)
b. How and where? (i.e., how was the evidence collected and where it was located)
c. Who took possession of it? (i.e., individual in charge of seizing evidence)
d. How was it stored and protected in storage? (i.e., evidence-custodian procedures)
e. Who took it out of storage and why? (i.e., on-going documentation of individual’s name and purpose for checking-out evidence)
Documentation to all the above questions must be maintained and filed in a secure location for current and future reference. (NIST).
References
Digitalintelligence. (n.d.). Digital Intelligence. Digital Intelligence. Retrieved April 3, 2023, from https://digitalintelligence.com/solutions/forensic_imaging
Fox, N. (2020, November 11). What is an Incident Response Plan and How to Create One. Varonis. Retrieved April 3, 2023, from https://www.varonis.com/blog/incident-response-plan/
Rashi, G. (2020, June 2). Chain of Custody - Digital Forensics. GeeksforGeeks. Retrieved April 4, 2023, from https://www.geeksforgeeks.org/chain-of-custody-digital-forensics/
Wayne, J., & Ayers, R. (n.d.). chain of custody - Glossary | CSRC. NIST Computer Security Resource Center. Retrieved April 4, 2023, from https://csrc.nist.gov/glossary/term/chain_of_custody
Digitalintelligence. (n.d.). Digital Intelligence. Digital Intelligence. Retrieved April 3, 2023, from https://digitalintelligence.com/solutions/forensic_imaging
Fox, N. (2020, November 11). What is an Incident Response Plan and How to Create One. Varonis. Retrieved April 3, 2023, from https://www.varonis.com/blog/incident-response-plan/
Rashi, G. (2020, June 2). Chain of Custody - Digital Forensics. GeeksforGeeks. Retrieved April 4, 2023, from https://www.geeksforgeeks.org/chain-of-custody-digital-forensics/
Wayne, J., & Ayers, R. (n.d.). chain of custody - Glossary | CSRC. NIST Computer Security Resource Center. Retrieved April 4, 2023, from https://csrc.nist.gov/glossary/term/chain_of_custody