Reply needed 1 The purpose of computer forensics is to identify, preserve, recover, analyze and present facts and opinions about the digital information. (“Computer Forensics”, n.d.)
“Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.” (“Computer Forensics”, n.d.)
EnCase is an example of Digital Forensics software. EnCase is known for its digital forensics use in recovering evidence from hard drives. EnCase can be used to look at evidence such as documents, pictures, internet history and Windows Registry information. (“EnCase”, n.d.)
EnCase has been used in several high profile cases such as with Casey Anthony and the BTK Killer. (If someone needs an idea for this week’s discussion, those are two examples.)
References:
· Computer Forensics. (n.d.). In Wikipedia. Retrieved November 11, 2019, from https://en.wikipedia.org/wiki/Computer_forensics
· EnCase. (n.d.). In Wikipedia. Retrieved November 11, 2019, from https://en.wikipedia.org/wiki/EnCase
Reply needed 2 As datasets become larger, threat detection tools have struggled to keep up. However, the same big data tools used to handle large datasets can be leveraged by cybersecurity professionals in order to more quickly search, identify, and understand threats. These tools include new graph search tools combined with symmetric multiprocessor systems (SMP) can provide the speed and scale that organizations with large datasets need in order to maintain vigilance against intruders and to understand their modus operandi once detected.
With conventional search tools and large data sets, performance drops, as edge traversals must generally be sent cross-network and to another node while edge traversal may also lead to memory overuse and thrashing. New graph search tools such as Trovares, developed with the support of the Department of Defense, however, can readily manage big datasets. They do so by adopting supercomputing techniques, to include extreme multithreading, fine-grain locks, and large in-memory graphs for queries. These advances lead to increases in both speed and scalability. The new graph search tools also allow for direct ingest of data into the system rather than dealing with databases and associated performance issues.
Additionally, server clusters do not work well for graph search computation. Instead, SMP provides memory and processing capacity for new, scalable graph searches and high performance ingest of data. According to James Rottsolk (2019), president and CEO of Trovares, the using both the new graph search tool and SMP can reduce the amount of time needed for queries from 179 hours to 12 minutes.
The ability to ingest more data and do faster and more complex searches will allow cybersecurity professionals to find long-standing intrusions and to ensure all data is scanned, without need for a lengthy scanning process. It will allow for queries and searches to detect network evidence of malfeasance. Using new graph search tools and SMP on big data increases the likelihood of catching intrusions in progress, identifying compromises, assessing damage, and determining what was stolen. It is important that cybersecurity analysts keep up with the trends in related disciplines, such as big data, to ensure we can leverage new technologies and apply them for network protection.
Reference:
Rottsolk, J. (2019, November 8). Using Graph Search Engines and High Performance Servers to Find Malware Patterns. Retrieved from https://www.infosecurity-magazine.com/opinions/graph-search-engines-patterns/.
Reply needed 3 Computer forensics is ability to search and analyze a mountain of data quickly and efficiently. They can search keywords in a hard drive in different languages which is beneficial since cyber crimes can easily cross borders through the internet.
Network Forensic is a method of capturing, storing and analyzing data network usage to find the source of a security breach or system of information security issues. The main focus of network forensics is to identify all the possible causes of security breaches and make detection and prevention mechanisms to minimize losses.
One of the disadvantages of computer forensic is that when retrieving data, analyst may inadvertently disclose privilege documents.
Reference:
Michael G. Noblett; Mark M. Pollitt; Lawrence A. Presley (October 2000). “Recovering and examining computer forensic evidence”. Retrieved 26 July 2010.
Reply needed 4 Network Forensic is a method of capturing, storing and analyzing data network usage to find the source of a security breach or system of information security issues. The main focus of network forensics is to identify all the possible causes of security breaches and make detection and prevention mechanisms to minimize losses.
The network administrator can not entirely rely on IDS to maintain its network. Administrators also need a process of investigation and audit tool to investigate the incident fully and restore the network from threats or attacks. The forensic network can reconstruct the scene in a system that stores all data traffic activity on the network so that investigations can be done by looking back over the events that have occurred and analyze events that occurred in the past. Based on the above requirements, then a system of network forensics at least there are some processes, such as:
· Monitoring and data collection: Network forensics is an audit of network usage, such as traffic, bandwidth, and data content. Therefore any network forensic system required monitoring and data storage systems that can be used as digital evidence.
· Analysis of the data content: of all the stored data, not all of them are a threat to the security of the system, so that the necessary data analysis can detect which data are disturbing the security of the system. It also deals with issues of privacy, because the data are analyzed may constitute personal data, necessitating policy regarding this issue.
· Source trace back: for the prevention of the possibility of attacks against network security system that will come the necessary methods to determine the source of the attack, so as to minimize similar occurrences in the future.
B. Ruchandani, M. Kumar, A. Kumar, K. Kumari dan A. Sinha, (January, 2006) “Experimentation In Network Forensics Analysis,” dalam Proceedings of the Term Paper Series under CDACCNIE,Bangalore, India.
A. Lubis dan A. P. U. Siahaan, (November, 2016) “WLAN Penetration Examination of The University of Pembangunan Panca Budi,” International Journal of Engineering Trends and Technology, vol. 37, no. 3, pp. 165 – 168.