INVESTIGATION PLAN

The Case

A Digital Forensic Investigation Plan

Table of Contents

Executive Summary3

Introduction4

Background4

Discussion4

Methodology5

Analysis System6

ProDiscover Tool6

Company Tools to be Used7

Data Acquisition7

Data Recovery8

Major Components of the Investigation8

Evidence Analysis9

Network Analysis9

Live Data Acquisition10

E-mail Investigation10

Conclusion13

References14

Executive Summary

Southern Stars Capital (SSC) is a global group of companies with over 12,000 employees worldwide. As an international player in the financial markets, SSC has many specific sector interests. A manager of a regional branch has contacted the Information Security Office at SSC head office with some concerns regarding his computer system. He suspects that someone has compromised his computer Organizations in 12 countries. It therefore has to deal with a wide variety of multicultural, multilingual, and multi-time-zone issues.

Management has lacked its concentration to update the network and application infrastructure that holds the operation in recent years. The network environment among all of SSC child organization is flat and relatively not restricted. Users from one organization can access systems and servers from another child organization. Workstations and servers are typically Microsoft Windows-based. Firewalls and network segmentation are implemented poorly, at best, throughout the environment. Intrusion detection and logging are present on the systems, although seldom used.Head office in Melbourne and Information Security Office at SSC is the head office that compromised the regional office. Digital forensic analysis of the computer systems at the regional office. This involves gathering digital evidence from relevant desktop PC's and e-mail accounts include MS - Word documents, spread sheets, MS-Outlook and deleted files.

The Case

A Digital Forensic Investigation Plan

Introduction

This investigation will be performed with the technology of digital forensics that is considered to be a revolutionary technique. This investigation will be based on various practices including achievement, revival, documentation, and analysis of information enclosed within and developed by means of computer devices and computing systems in order to find out what has happened, how it happened, when it happened, and who the main culprit was. All the evidence that is gathered must be deal in such a manner that makes sure the acceptability in a court of law or other administrative procedures. Furthermore, the investigator must have the talent to present and document evidence in a logical way, clear to the layperson.

Background

The company needed a digital forensic investigation to get aware of the criminal. The successful analysis is always dependent on the correct interpretation of the available evidence. The purpose of the analysis is the visualization and analysis of the evidence, the assessment of the causes of the incident and of the way the incident occurred. The analysis is typically not on the original system, and instead requires a more secure documentation for the investigation.

Discussion

The computer forensics is the discipline that deals with the identification, preservation, analysis and documentation of the information in order to present valid digital evidence in civil and criminal proceedings. It is the approval of the Convention in the Law introduced the regulatory landscape national methodologies of Computer Forensics, with the aim of creating a common policy. Today the doctrine and case law dealing with sensitive issues such as money laundering and tax ...