Digital investigation in the organisation Essay

Digital investigation in the organisation - Essay Example Different models of operation used depend on the complexity of the situation (Marshall, 2009). Digital investigations arise as a result of an occurrence suspected, attempted or actual in an organization. The occurrences can be triggered by internal and external factors and can cause considerable damage or loss to an organization directly or indirectly. For instance a. Abuse of the organizations resources such as internet b. Fraud and distortion c. Unauthorized access by employees d. Sexual harassment or display of indecent or pornographic material e. Breach of contracts f. Departmental misuse g. Security breach A contingency plan should be devised to mitigate such incidences. A framework formulated will prepare for both low frequency/high impact as well as high frequency/low impact events in the organization. This paper details investigation procedure at Salford university school of computing science and Engineering. Our case study will focus on server intrusion in the university sch ool department. An incident of server intrusion to the university system occurred, and a contingency plan formulated to authenticate the suspicion, respond and analyze the incident. Due to the delicate nature of digital evidence improper handling may lead to damaged or compromised data. The idea of having to start an investigation in this department can lead to a crisis. Proper procedures need to be laid down to manage the crisis. There are general questions, which the CFA will need to address in order to carry out the investigation successfully. a) Who should the initial suspicions or observations be reported? b) Access of quality evidence? c) Identification and acquisition of relevant digital evidence? d) How the university can operate effectively during the period of investigation without creating a crisis which might be worse than the one investigated? e) The legal obligations of the university needed during the investigation and association with external law enforcement agencie s f) The role of management in determining the direction of the investigation and the possible incidence of biasness. A digital investigation divided into different stages according to the model adopted. Researchers at the U. S. Air Force studied various models and came up with common characteristics that characterize these models. They then incorporated them in a single model known as Abstract Process Model. It contains different phases; this model has 17 phases classified into 5 major groups (Gilbert Peterson, 2009). a. Preparation b. Deployment c. Physical crime scene d. Digital crime scene e. Analysis The data flow diagram above show a simplified process of forensic investigation. The first stage involves a number of activities. First, the computer or the system to be investigated should be on. If the student uses password, then the CFA has to look for a way to open it. There is a universal password that opens locked computers without tempering with the files. The second stage i nvolves application of different forensic tools to retrieve data from the computer memory. The tools used should enable the CFA to retrieve deleted data from the recycle bin. During this process, the computer being investigated should be cordoned. The third stage involves application of different physical investigation models to the computer. These include taking the finger prints on the keyboard and mouse. Any other information that may help the CFA is taken. Before the information is analyzed, the forensic expert should check the accuracy, integrity and