Digital Forensics Processing And Procedures -Myassignmenthelp.Com

Question: Discuss About The Digital Forensics Processing And Procedures? Answer: Introduction At present the organizational networks are often under constant security threats. Digital forensic is all about interpreting and detecting the malicious electronic data in any organizations digital network. The main objective of this process is to protect any kind of evidence in the most possible original form [4]. In addition to that the, it also helps in applying structured investigation of the network through the collection, identification as well as validating the available information in order to reconstructing any security breach or intrusion event. Following sections of this report consist of discussion about the real-time forensic analysis, its impact on the performance of the organizations network. In addition to that, the report contributes to the recommendations that will improve this technology in protecting the network. Real Time forensic analysis In case of the security breaches inside an organizational network, most of these attacks goes undetected due to the lack of reporting of that incident. In the network forensic the initial phase to capture the data packets that are transmitted inside an organizational network. After this stage the captured data packets or the data streams are preserved that are being ordered according to the order of transmission between the connection of two hosts at the transportation layer [3]. This process is called Sessionizing". The connection of system stream cleaning the captured data stream applying filters to remove the unessential information from the transmission channel. The integrality of data requesting information streams persistently observed rather than retransmitted depending upon the deployed forensic tools [1]. There are some basic methods that are used for network forensics This is used by numerous organizations in order to collects electronic evidence and detect intrusion inside an organization. Even though there are debates on the performance of this technology in digital forensics but it is accepted by the researchers that, Intrusion detection systems are one of the best tools to collect real time data from the cyber-attacks on any organizational network. Agent Technique The agent in the has been generally utilized as a part of the network security mechanisms. Particularly in case of the multiple agents based intrusion there are huge amount of research has been done till date. Distributed real-time and dynamic system network framework based on Agent is able shape a total network forensic framework by combining the forensic database, forensic server and forensic agents [2]. This total framework can analyze and investigate network intrusion effectively as well as timely. With the ability of adaptive data packet acquisition system and in addition the capacity of information combination of log framework, arrange activity and scanning of the data packets and so forth. Nonetheless, this framework is flawed in system of synchronous accumulation of host information and system information; what's more, it needs to address the access control in the network, authentication process and encryption of the data. Virtual honey pots inside the organizational network virtual Honeypot acts as a counterfeit system whose behavior can be modelled or changed as required by the network administrator. A system is able to simulate multiple different kind honeypots that are executing on several machines running inside a network. These virtual Honeypots inside the network can be organized in order to imitate specific services in order to detect the attackers so that the attackers try to exploit those systems. In this way the investigation can find out the patterns and techniques to exploit those honey traps. Email Forensics With the increase of use of the emails in the organizations, intruders are attempting to utilize it for malevolent activities and intrusion in to the organizational network. Spam emails with malicious attachments are the most defenseless for assaulting and are the most significant tools that are main security concern [5]. Due to its vulnerabilities, emails can be utilized by attackers for communication and connecting through the servers inside the network. Email forensics inside an organizational network indicates to concentrate to the source also, the content of electronic mail as confirmation [1]. It likewise examines the procedure of distinguishing proof of the genuine sender and beneficiary of a message, date/time it was sent and other data as well. The greater part of the Emails may contain vindictive infections, dangers and tricks. It might bring about the loss of information, private data and even wholesale fraud. In order to distinguish the purpose of cause of the message, th e spammers and furthermore to distinguish the phishing messages that attempt to acquire classified data from the receiver. Impact With the developing technologies there are different sophisticated and advanced tools are available for analysing the data traffic in order to track the different attacks and exploits. Some of them are described below; Network Based Intrusion Detection System (NIDS)- It sends sensors at key areas of the network and examines activity by looking for convention infringement and irregular connection designs and malicious content [1]. It's ability to distinguish strange behaviour of a specific section of a network. Signature Based Intrusion Detection System(SIDS)- It utilizes known attacking examples or marks against a stream of occasions for location. It has low false caution rates and furthermore has exact diagnostics. Host Based Intrusion Detection System(HIDS)- It employments OS observing system to discover malware in the framework. It screens shell charges and framework calls executed by client applications and framework programs [3]. It has the most far reaching program data for discovery and subsequently it is precise. Recommendations With all the above mentioned tools other important tools in the network forensics include the strategies of IDS, Malicious Code, Honey trap, Intrusion Resistance, Network Monitoring and Sensor, Agent, SVM, Convention Analysis and Network Tomography, and so on. The necessities of forensic analysis even can be considered to hold data for potential cyber-attack investigation activity during the time spent conventions outline with the improvement of system legal sciences method. Conclusion From the technical aspect or point of view, network forensics investigation too does not have any standard framework. Therefore, it is important to investigate for a standard structure, it is hard to address the issues of the reaction to the developing cybercrimes and breaches inside the organizational network. For network forensic this activity speaks to an imperative wellspring of autonomous proof in a domain where hostile to crime scene investigation is progressively testing the legitimacy of PC based criminology. Performing system crime scene investigation today to a great extent centres upon an examination in view of the Internet Protocol (IP) address as this is the main trademark accessible. All the more regularly, in any case, agents are not really keen on the IP address yet rather the related client with the increasing research and tests it can be assumed that the network forensic will get better consideration, and will in dealing with the cybercrimes and other exploits carr ied out by the attackers. References [1]B. Bikash and S. Priya, "Survey on Real Time Security Mechanisms in Network Forensics",International Journal of Computer Applications, vol. 151, no. 2, pp. 1-4, 2016. [2]H. Jingfang, "The Application Research on Network Forensics",The Open Automation and Control Systems Journal, vol. 5, no. 1, pp. 167-173, 2013. [3]N. Clarke, F. Li and S. Furnell, "A novel privacy preserving user identification approach for network traffic",Computers Security, vol. 70, pp. 335-350, 2017. [4]J. Hu and B. Li, "Research the Computer Forensics Based on Network",Advanced Materials Research, vol. 694-697, pp. 2282-2285, 2013. [5]"Digital Forensics Processing and Procedures",Network Security, vol. 2014, no. 5, p. 4, 2014.