Incident Management and Response
Student Name:
Student Number:
Table of Contents
Question 1.1
Timestamps play a critically important role in the forensic data analysis of any digital investigation. Timestamp maintains or keeps a record of the last activity of the user modification. There are mainly three types of timestamps present: creation, modification, and access timestamp. Thus, analyzing timestamp for any analysis means one has information to create, read, or modify depending upon the user activity. With this information, the forensic team knows when and how a specific action is being performed and can prove that transfer or creating a specific file happens from the suspected system (Khalid et al., 2021). Some victims always try to delete or make changes in the log files to hide their track. But due to the lack of awareness and skill, some information is still available, which can be analyzed by timestamp. Although it can be modified by using tools like a cat and grep, even if the victims are clever enough to use those tools to modify the timestamp of the system files, victims have to use the same tools. Which means it does not have a valid timestamp of the modified file. The original valid timestamp is somewhere on the system as the file found in the system is in the read-only medium mode, which was clearly shown in the system. There are many system files such as FAT, NTFS, and EXT, which keep timestamps within the system to maintain a record and be updated by the operating system from time to time. So by proper analysis of timestamp, we can track the victim operation in any system (Zhou et al., 2021).
Question 1.2
Bit Torrent is a peer-to-peer file-sharing protocol that makes any person anywhere can download or upload a specific file. When a specific file is uploaded into that system, the file breaks into small pieces of the fragment. These fragments are in the form of torrent files, stored in a different system of the trackers. When a user tries to download a file, the user downloads a torrent file which gathers information from the tracker’s systems and connects to the user systems. With this system, the speed increases, and different small files are downloaded simultaneously. The file may contain software, songs, books, new movies, web series, or illegal content. It has no restrictions for the user, making it easier to download and upload files in the web world. Although it can be used for better purposes, several files from the examples may contain legal copyright, and access to it without prior information to the owner may cause legal issues due to that copyright protection.
In some cases, it makes enormous losses to the owner of that file, for example, if a new movie was stolen from any cinema hall and uploaded on the bit torrent. This makes easy access to the web world, and user downloads it quickly. With this download, the audience of that movie gets reduced drastically, making a substantial economic loss to the director of the film. So if anyhow the access to that specific file found from any IT system of anybody, the owner takes legal action upon the user of that specific IT system, which causes a real legal mess of the entire system. (Söderberg and Råhlén, 2021)
Question 2.1
The APCO good practice guide for digital evidence clearly states that no modification of data should be done with the system which is being a evidence to prove victims. By doing and follow the rules forensic team have to face a lot of challenges. This may be technical, legal or resource challenges. In technical portion some time victim use encryption which make the victim to hide his route of access and make him invisible to found so to break the encryption the team need some modification which is against the law. Some time, using system command and program victims often make file invisible. Using of covert channel are increasing now days where the victims use bypass intrusion detection techniques to hide data over network and for all this team have to modified data for investigation and that makes challenges for them. In legal cases due to lack of proper investigation model and standard operation process make the system messy. For accessing special files lot of tampering, alteration and transportation is needed for this no standard process of it access make system often tough. As technology are exponentially increase with time there is no proper issue regarding the preference and case study of digital evidence so lack of resource make team to follow guidance properly. Forensically sound means a complete data collections process where data is collected from the victim with proper imaging and steps, that in the process of step there is no alteration involved and no change in its metadata system. Every evidence is collected in such a way that if any audit or investigation is done with the process, the team can give sufficient evidence in every step. In short, all data which are collected in terms of electronic medium are stored in its original form without any modifications. so the best way to preserve that data is by imaging and a bitstream copy of the entire data including hidden and modified files of the victim.( Pattanaik et al., 2021)
Question 2.2
While communication over internet each user has unique protocol address what we call IP address. It contains numbers and letters and which connected to any data which are moving through the internet. This data are stored in the server of the internet service provider so for analysis any crime situation this plays an important role in digital forensic investigation. With this information’s the forensic team can find out. (MET et al., 2021)
- Timestamps
- Images
- Text documents
- GPS location
- Encrypted data
With timestamps the team can get an access of the time of incident and proof the timing of victims, it also helps to trace the data when and how it modified in the system. By this, a route or map will be found during the entire procedure, and tracing that map of operation, the team can find when and where the file has been moved or accessed.
Images can become a key evidence of investigation it’s provide evidence to prove which data are missing or added in the victims system.
From the text documents we can analyze the encrypted message or any instruction which are followed by the victims during the operation
It is the most important piece of information’s by which we can locate the victim place and know the exact geographical region from where the victims operate. By that they can easily locate that place and cease all that activity with immediate actions. Traceability will become more easily with these functions.( Mirza and Karabiyik, 2021)
Encrypted data is always used while doing a crime by those victims makes hidden his all activities during the entire process. So by breaking the encryption, the forensic team can get curial data which they want to find.
References:
Ahmed, S., Zehra, N., Noordin, S., Sadruddin, A. and Khan, A.H., 2021. Bridging the gaps in secondary fracture prevention at a single center in Pakistan—compliance with the IOF best practice framework. Archives of Osteoporosis, 16(1), pp.1-5.
Iosup, A., Tribler Protocol Specification.
Khalid, Z., Iqbal, F., Kamoun, F., Hussain, M. and Khan, L.A., 2021, October. Forensic Analysis of the Cisco WebEx Application. In 2021 5th Cyber Security in Networking Conference (CSNet) (pp. 90-97). IEEE.
Khan, A.A., Uddin, M., Shaikh, A.A., Laghari, A.A. and Rajput, A.E., 2021. MF-ledger: blockchain hyperledger sawtooth-enabled novel and secure multimedia chain of custody forensic investigation architecture. IEEE Access, 9, pp.103637-103650.
MET, L. and DEL INDIVIDUO, A.F.Í.S.I.C.A., y IP address 192.168. 10.17 on 2021/11/30. y IP address 192.168. 10.17 on 2021/11/30.
Mirza, M.M. and Karabiyik, U., 2021, May. Enhancing IP Address Geocoding, Geolocating and Visualization for Digital Forensics. In 2021 International Symposium on Networks, Computers and Communications (ISNCC) (pp. 1-7). IEEE.
Moric, Z., Redzepagic, J. and Gatti, F., 2021. ENTERPRISE TOOLS FOR DATA FORENSICS. Annals of DAAAM & Proceedings, 10(2).
Pattanaik, P., Himanshu, U., Bhushan, B., Thakur, M. and Pani, A.K., 2021. A study of the adoption behaviour of an Electronic Health Information Exchange System for a Green economy. International Journal of Logistics Research and Applications, pp.1-26.
Söderberg, E. and Råhlén, J., 2021. An analysis of decentralized peer-to-peer file sharing performance: An overview of how different parameters affect the average download time in a BitTorrent-like network.
Yadav, M., Bhadola, M.S., Bhatia, M.K. and Sharma, R., 2021. Torrent Poisoning: Antipiracy and Anonymity. International Journal of Innovative Analyses and Emerging Technology, 1(3), pp.60-63.
Zhou, L., Fujita, H., Ding, H. and Ma, R., 2021. Credit risk modeling on data with two timestamps in peer-to-peer lending by gradient boosting. Applied Soft Computing, 110, p.107672.