Plan Of Digital Forensics Essay


1. Justifying the plan for digital forensics?
2. Describing the plan for forensic investigation?
3. Outlining the research for the auditors?



In any organization there has to be an effective means of carrying out the structure of work. In such case it would be important to understand the process of the work of the organization. In this regard it is also crucial that the company or the organization must have an effective centralized system to help in understanding the systems that are useful for the work (Akhgar et al. 2014). In any organization like One World Finance of OWF the system has become loosed and any system old be intrigued with the help of just few proceedings. The network is to be made effective so that information is restricted to particular systems.

However, this study has tried to intervene into the methods by which the hacking or the process of dealing with the unethical intervention of office network is to be analyzed. The method that is carried in the present study is to understand the problem, the nature of the problem and the recommendations or the conclusion that can be drawn from the same. The present study includes the identifying of the issues and the proofs that can be found form the digital forensics. The complex process of digital forensics include the complete understanding of the fundamentals of computers, the aspects of criminal justice, and the general analysis of the entire process. The technology and the complex methods that are carried out to know about digital forensics in used in the current study. The plans those are followed by digital forensics include preservation, validation, collection, identification, interpretation, analysis, presentation and documentation of the facts. However, it might be said in the above case that the methodology could be framed from an abstract model. It includes an approach that may differ from one case to another.

1. Justifying the plan for digital forensics

In case of the digital forensics investigation it is important to note the fact that the methods that are present are such that there is comprehensive method of approach that is applied. In such matters it is important to note that in any case of corporate investigation the method is useful. The techniques that are used these days have been to know about the status with the most modernized methods. Bednar et al. (2014) indicates the methods that are used in any corporate branch are to know about the criminal activity that is part of the offence carried out online. The basic methods that are used in the present cases include the fact of trying to make a planned development based on the incident that has happened. The next stage is to plan the evaluation process of the incident. The third stage is the assessment of the program and the next being the training of the staffs. The development of the team to carry out the work efficiently is the most important concern (Edwards, 2014). The approach that has been used in the present study to deal with the hacking and fraud issues may be the finding of the evidence after analyzing the problem. Then dealing with the acquisition effectively and then finally reporting. The plan that is entailed in digital forensics includes the following:

  • Live forensics
  • Computer forensics
  • Database forensics
  • Mobile forensics
  • Network forensics

The plans that may be followed by digital forensics include preservation, validation, collection, identification, interpretation, analysis, presentation and documentation of the facts. However, it might be said in the above case that the methodology could be framed from an abstract model. It includes an approach that may differ from one case to another. The prime motive of the methodology is that to collect information to the most that is possible. The impact and the problem that is to be faced by the victim are to be minimized. In the present case it may be said that the problem that marsh faced could be improved with the identification of the problem and to finally know whether the culprit was Gale. The preparation of the technique includes preparing tools, the method, search warrants and finally the surveillance.

Figure 1: Network security approach for digital forensics analysis

(Source: Gladyshev et al. 2011)

The warranty that is received from the organization deals with the analysis of the cyber attacks and the threats that may be found even with the most effective and best methods of monitoring. The warranty is that in corporate companies there is an assurance that is to be guaranteed by the companies or the techniques that can monitor cyber crime effectively. Carayannis et al. (2009) refer this is to retain the reputation of the company or the organization efficiently. In order to know about the investigation process it is crucial to have a methodology. The methodology is to assess the situation and to analyzing the objectives that is inclusion of the investigation.

The data that is collected is to secure the evidence and to process them to reach the ultimate means. The next step in the methodology entails the recovery of the data and then to perform the analysis (Holt, 2014). The identification of the attack and the importance of the timeline are to be achieved. Al the findings from the system and the analysis of the memory lead to the interaction of the management in finally making the decision process. Then there has to be a way that must be proficient in reducing future chances of the attacks. Gladyshev et al. (2011) the report that is finally found is used for different purpose like that of staff, management, litigation and law. In this regard it is important to know that there are processes that are effective in dealing with the complexity of the cyber crime. But there has to be prominent means that must be carried out so that there are certain methods that warranty the service to the corporate companies. The companies need to ensure that they have a system that is well channeled to know about the current situation (Kao and Wang, 2009).

2. Describing the plan for forensic investigation

The resources that are required in case of dealing an effective forensic plan is to entail the fact, that there has to be effective monitoring through different tolls. They are effective in dealing with the system. In the ancient days there were means like that of live analysis that was used. This used to be the case in the 1980s. But with the advent of different other technologies there have been used in the computer forensics. The computer forensic tools include EnCase which is a toll that can be used or the multipurpose. Wireshark is the open source that is used to analyze the packet data. SANS investigative forensics is a system that is useful for a number of purpose. Internet evidence finder is the tool that is useful in dealing with communicative problem and in retrieving the data that are there in the hard drives (Jaswal and Thakur, 2014). Registry recon is the one that is useful in analyzing the hard drive with the registry. The information that is there in the system is used for rebuilding the case and then passing the information for analysis. EPRB is the password recovery tool that is useful in dealing with the encryption and decryption of data. Digital forensics framework is another important tools that can be used for the framework if the interfaces (Zuba, 2014).

Most important tools are FTK, COFEE, MailXaminer, Categoriser 4 Pictures, Shell Control Box, X-Ways forensics. FTK is the one that that is necessary in dealing with the index that is related to the acquired data. This is a tool that can be used for a variety of purposes. COFEE is a tool that has been used to know about the Microsoft and the tools that are required in Windows. Similarly the other tools that have been mentioned above have been effective in dealing with the problems that are there in windows and the issues that may be there. The resources that are required in order to channel the monitoring and the methodology of analyzing and finding the crime include few grounds (Wykes, 2007). There has to be effective team that is well versed with the use of the techniques and to tailor the methodology efficiently. After this the team needs to know about the tolls and use them in finding the fault zone of the crime that has been committed in the present analysis. The skill is to be channeled and used in the most effective means. In such case it is important to note that there has to be the case like that of John Marsh where in order to understand the problem of Gale there may be use of the tools. This can make the case of Gale evident to other people that they have the problem of fraud. In case of software resources there are software that can understand the hacking and the fraud identification. In such case it is important to install the software in the system that can analyze the same. In case of the hardware there can be retrieval of information from the system. The history of the system can be accessed in dealing with the same.

Resources for digital forensics (Hardware and software):

In order to investigate the case of John, some effective tools as well as resources are required for the process of digital forensic investigation. However, the resources are as follows:

Study tools of email: It can be utilized to access the different emails of the officers as well as employees of the company. Email study tool also can be utilized for accessing other mails those are related with server of One World Finance.

File viewers: Information Manager uses this technique of file viewers in order to view different files of John’s computer. IT manager also uses this file viewer for accessing the files from the computer of Andrew.

Study tool of file: It can be utilized to study some files those have become the proof of investigation. File study tools can be utilized to gather some of the hidden files of the computer. On the other hand, Edwards (2014) argued that, file study tools help to get an effective design of the mentality of the hacker.

Forensic tools of server: The investigation officer to track the server of OWF uses these tools. Server forensic tools help to hide some information that can be helpful for increasing as well as decreasing the status of the company. This tool can also be helpful for catching the criminal of digital activities.

Forensic investigation of database: This tool is very much helpful for accessing the database of company. However, the hacker in accordance with their intention or objective can also access the database. The hacker in the market can also sell the information of database. This can lead to the destruction of the company. Therefore, the company to see what types of information are stored there should always investigate the database. Is the information safe or unsafe?

Windows tools: However, different types of tools of windows can be utilized for the process of digital forensics. Shell control box, Mail Xaminer, COFEE, X-Way forensics, FTX etc are used for the process of digital forensics. There are different tools those can be used for gathering information of Windows and the operating system of the company.

Storage media: There are different types of storage media those can be utilized for storing the evidence of investigation. Different files of video, image, audio can be stored in the storage media.

The software that may be used includes SANS SIFT, ProDiscover basic, voltality and so on. There are other software like that of the Sleuth kit, FTK imager, Linux dd, Caine, Oxygen Forensic suite and many more. This software could be installed to know about the intrusion and to know about the unauthorized server access. Memory forensic analysis could be made from the same with even forensic exploration of images.

The tools that are available from the software is to be understood in order to access the system and the usability of the software. The hardware that could be used includes FREDC forensic network, forensic write blockers, forensic devices, signal and power cables and so on. The hardware could be effective with the integration of the processing along with the handling of the computer cases.

3. Outlining the research for the auditors

In case of the auditors there has to be a comprehensive method that is to be taken by them in order to channel the same. However, it is crucial to note that there has to be certain measures that have to be used in order to have the necessary poof against the guilty. There has to be hardcore evidence that must act as a proof for the evidence that is required for identification (Panwar, 2009). The approach that is effective in dealing with the problem and then channeling the measure deals that the information that is obtained has to be authorized and must be liable for the use of investigation. Apart from this the locations that is important to know about the present case dominant to have the evidence regarding the location. There has to be a comprehensive and effective method that must be used for validating the methods and to know about the interpretation of the data that has been collected. Based on the data collected from the technique there has to be conclusions that may be drawn that is particularly at par with the data that has been collected. There could be use of certain phases by the auditors that may be effective like that of the IDIP that is Integrated Digital Investigation Process Summers et al. (2014). This method is the identification of the problem, preservation of the information that is important for the system, examining the data that has been collected and then analyzing the same. The presentation that is used in the conclusion is the fact that has been gathered from the information that has been collected.

Olusi et al. (2009) points out the digital evidence in this regard can be done with the help of the detail information that is important. The tools that have which the mentioned above could be used so that there are different means by which the team that is efficient can be used. In such case it is dominant for the team to use the tools that the information that has been used unethically can be understood and retrieved. The team needs to ensure the fact that there has to be an effective structure that is to be tailored so that there may be other means. The fraud cases are to be understood in the present case and then there has to be analysis that may be done based on the cases (Nilssonand Larson, 2009). The auditors need to be aware of the allegation of the conclusion that they finally draw. This is to note the fact that there may be different forms of fraud cases but the proof that is to be delivered against the guilty needs to be appropriate and as per the ethical means.

In the case of john marsh it has been found that Andrew Gal has been made responsible for the case of fraud. In this particular regard it is the duty of the IT manager to look in o the method and then to analyze the system. The proof that is to be presented against Gale has to be true and effective only to make the parson actually guilty for the work that he has done. This comes under the legal issue and so there has to be actions taken only with the necessary proof. The policies that have been used deals with the fact that there cannot be any unethical or baseless claims that can be brought about against anyone (McIntyre, 2014). The policy that is used in US is that there is Foreign policy that deals with the fact that anyone found guilty with the information and the use of the cyber crime in punishable under law. However, it also states the fact that there has to be an effective means by which there can be fake information that may be brought against someone in such case it is punishable offence for the person who brought the unethical claim (Mansfield, 2009).

Steps of Microsoft Windows-based computer:

Final implementation is very much essential for suspecting the guilty. The final steps are very important for this particular scenario of the present case. The detail information is required in order to get detail information about the crime. It also helps in finding the suspected person.

It can be found that centralized server can be utilized for spreading the information from John’s system to another system or emails and network of other persons. In this case, the java script can be utilized to validate the data in the operating system of the windows. In this purpose, Z-test, regression T-test can be done. On the other hand, SPSS software can be utilized to complete the purpose.


The following may be recommended for OWF can be as follows:

The company needs to install few of the software that is effective in dealing with the system and there cannot be any intrusion in the information. A centralized system is t be made with the software to deal with the fact that there are no unethical means that is used to carry out the work. Every employee is to be assigned a system which must have a password that may be the fingerprint of the employee. This can ensure that there is no intrusion that is there in any other system. In case of the fingerprint password it may be said that there has to be no means by which one can enter into any other’s system.

There may be the process of e-discovery that could be used so that any time any person tries to interfere in the system from outside or not from the assigned one there is an automatic system stoppage. This will also help in the litigation support. The support can even act as a proof so that there are means like that of the problem that is related to the one or the group who tried to intervene in the most unethical means. The recommendation that has been given can be effective to know about the basic problem and to tailor the means so that the negative and the unethical means are not used by the company or the employees in any way.


It may be concluded in this respect that there has to be a effective channeling and monitoring process that can be done in order to know about the present cyber crime problems. Forensic digital may have a number of issues that is relating to the problem that is faced by the people or organization in these days. It may be said in this regard that there may be a number of means that could be used so that there is the proper analysis of the problem. The problem needs to be understood from the grass root level and then there has to be efficient means by which there may be use of the tools. The tools need to be used as per the specific issue that has been faced. The present study has helped in understanding the policies and the methodology that can be used before using the tools finally.


Akhgar, B., Staniforth, A. and Bosco, F. (2014). Cyber crime and cyber terrorism investigator's handbook. Waltham, MA: Syngress.

Bednar, P., Katos, V. and Hennell, C. (2014). On the complexity of collaborative cyber crime investigations. DEESLR, 6(0).

Carayannis, E., Campbell, D. and Efthymiopoulos, M. (2009). Cyber-development, cyber-democracy and cyber defense.

Dhanjani, N., Rios, B. and Hardin, B. (2009). Hacking. Beijing: O'Reilly.

Edwards, C. (2014). Ending identity theft and cyber crime. Biometric Technology Today, 2014(2), pp.9-11.

Gladyshev, P., Marrington, A. and Baggili, I. (2011.). Digital forensics and cyber crime.

Holt, T. (2014). Cyber war will not take place, by Thomas Rid. Global Crime, 15(1-2), pp.206-208.

Jaswal, V. and Thakur, S. (2014). Cyber Crime and Information Technology Act, 2000. New Delhi: Regal Publications.

Kao, D. and Wang, S. (2009). The IP address and time in cyber?€?ђcrime investigation. Policing: An International Journal of Police Strategies & Management, 32(2), pp.194-208.

Mansfield-Devine, S. (2009). Google hacking 101. Network Security, 2009(3), pp.4-6.

Mansfield-Devine, S. (2009). Hacking the hackers. Computer Fraud & Security, 2009(6), pp.10-13.

McIntyre, L. (2014). Cyber-Takings: The War on Crime Moves into the Cloud. Pittsburgh Journal of Technology Law and Policy, 14(2).

Ndubueze, P. and Igbo, E. (2013). Third Parties and Cyber-Crime Policing in Nigeria: Some Reflections. Policing, 8(1), pp.59-68.

Nilsson, D. and Larson, U. (2009). Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks. International Journal of Digital Crime and Forensics, 1(2), pp.28-41.

Nuredini, A. (2014). CHALLENGES IN COMBATING THE CYBER CRIME. Mediterranean Journal of Social Sciences.

Olusi, F., Aguele, L., Ihumuaibvi, P. and Edobor, R. (2009). Students Perception of Cyber Crime in Edo State: Implications for Teaching and Learning. Lwati: A Journal of Contemporary Research, 6(1).

Panwar, A. (2009). Cyber Crime Through Social Engineering. SSRN Journal.

Summers, S., Schwarzenegger, C., Ege, G. and Young, F. (2014). The Emergence of EU Criminal Law. London: Bloomsbury Publishing.

Wykes, M. (2007). Constructing crime: Culture, stalking, celebrity and cyber. Crime, Media, Culture, 3(2), pp.158-174.

Zuba, M. (2014). Defending students from cyber crime. XRDS: Crossroads, The ACM Magazine for Students, 20(3), pp.11-11.

How to cite this essay: