Assignment task: Read case study and answer the questions accordingly.
Case Study:
A new start-up SME (small-medium enterprise) based in Luton with an E-government model has recently begun to notice anomalies in its accounting and product records. It has undertaken an initial check of system log files, and there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. They have also recently received a number of customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate. The company makes use of a general purpose eBusiness package (OSCommerce) and has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full-scale malware/forensic investigation. As there is increased competition in the hi-tech domain, the company is anxious to ensure that their systems are not being compromised, and they have employed a digital forensic investigator to determine whether any malicious activity has taken place, and to ensure that there is no malware within their systems. The company uses Windows Server NT for its servers. Patches are applied by the IT support team on a monthly basis, but the team has noticed that a number of machines do not seem to have been patched.
Your task is to investigate the team's suspicions and to suggest to the team how they may be able to disinfect any machines affected with malware, and to ensure that no other machines in their premises or across the network have been infected.
Instructions:
In the capacity of a computer forensics specialist, create computer forensics investigation plan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic and digital data. Briefly, you should discuss a general overview of the methodology that you will use and provide a reasoned argument as to why the particular chosen methodology is relevant. You should also discuss the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence.
This plan should detail the following:
Q1. Justify why the use of the digital forensic methodology and approach is warranted including appropriate procedures for the Company's investigation.
Q2. Describe the resources required to conduct a digital forensic investigation, including skill sets and the required software and hardware for the forensics team members.
Q3. Outline an approach for data/evidence identification and acquisition that should occur in order to be able to identify and review the digital evidence.
Q4. Outline an approach and steps to be taken during the analysis phase. In particular, explain what would be involved in the network, servers, PCs, e-mail, cloud and social media investigations.
Q5. Develop relevant security policies for the Company.
Q6. Provide recommendations to the Company for dealing with similar future problems.