Forensic analysis of defaced web content

As a forensic graduate looking forward to meeting the institutions standards in performing my duties and gaining experience for my future career, I would take the opportunity and critically investigate the matter without having to be influenced by the unethical comments from some of the authorities. I would follow the procedures within my knowledge to the best in analysis and report without favor. By doing so, I believe I would be carrying out my duties with dignity and avoiding a future reoccurrence of the situation.

Since the web-content was accessed and added onto, I would have to perform analysis at all levels starting with network infiltration. I would require of various tools for the purpose of analysis at every stage. This would be necessary to narrow down the source and identify the person who committed the act. Steps and tools in categories of analysis: * Network vulnerability scanning * OS vulnerability scanning * Application vulnerability scanning * Digital Forensics Network vulnerability scanning Vulnerability scanning can help to secure the company’s network.

It can be used to identify areas of weaknesses on the network in order to fix them before someone from the outside utilizes these opportunities to attack. In this case though, a network vulnerability scanner will be helpful in determining if it was possible for the incidence to have resulted from an external attack or internal employee misconduct. There are a number of highly rated commercial vulnerability scanning packages including Foundstone Professional, eEye Retina and SAINT. Such tools will enable to find out the loopholes in the network.

This would be just the initial stage of the investigation because if there are no network vulnerabilities, then it would be necessaryto jump to the next step. Operating System vulnerability scanning Operating systems interact with the applications during the use of computers by the employees; I would have to check for specific cases of flaws in the interaction of applications with the operating systems using tools such as Nessus Premier Vulnerability assessment tool. Application vulnerability scanning A web application was most likely used to upload the files onto the server and add them onto the website content.

It will be therefore necessary to conduct a web application vulnerability scanning. This will actually simulate the possible attacks as it does not involve source code scanning but dynamic interaction with the website codes. It will be hard to find vulnerabilities in cryptographic issues but important in finding out if a web application attack on the system was possible. This will help look for two specific areas of attacks; input/output validation (as in cross site scripting and SQL injections), and server configuration mistakes. It may also help in general application scanning for unexpected response errors. Digital Forensics

This includes the retrieval of files from the computer and analyzing it to get information on its source among other attributes. It will be very important to try and figure out from which computer the files uploaded onto the website originated and when they were put there. An essential toolkit will be needed to collect the data from the hosting machine. It should be able to provide for back up authentication, decryption, disk editing, log file auditing, IP tracking, data recovery, and file examination. Special tools for copying the data will be essential in order to enable data copying bit by bit in a beat-stream-copy method.

Regular back up copy all data from the hard drive but leave swap files. For the evidence to be retained as original, the first consideration will be back up. Once data is captured, some tools like MD5 mathematical calculations will be required to verify that the copied data is a true copy of the original. If any part of the data is encrypted, decrypting tools will be required too. The process for carrying out the whole investigation would take the following steps: • Collecting the data • Checking for errors-if it is original • Analyzing the information • Reporting on findings-recommendations Unethical actions of a Forensics professional

Legal issues When a forensic professional act with misconduct, the results he/she presents may be wrong or biased. In a criminal case which involves litigation, it might lead to conviction of a falsely accused person and unnecessary jail sentence. This might mean the termination of the employee’s career and waste of productive life in jail. Institutional issues If the professional entrusted with the job of finding out where the unethical act originated from in order to avoid it contributes towards further damage by being himself corrupt and unethical, it might lead to lack of hope and despair to the whole institution.

The confidence built on such professionals is usually on the need of their services in times of trouble in the organization. With the kind of sensitivity that might be associated with the case, the organization may loose lots of resources in terms of contracts and clients if the professional set to end the problem contributes to worsening it. This misconduct by the professional can jeopardize the use of the institutions set up to deal with the misconducts and breaking of organizations policies as well as the law in general.

It usually takes a long time to establish such regulations and training schemes for the professional to be available on duty. If they don’t perform their duties with good conduct, they fail the whole institution. Motives that drove the decisions My motive for carrying out the investigation without having to favor anybody would be to uphold integrity and good conduct. The process of identifying the problem and avoiding any future reoccurrence will be very important to the firm and the employees in general.

If the firm is compromised through the media, even the employees would suffer as the administration suffer too. By doing all the security checks, I would be avoiding any other unseen risk situation and raising the level of understanding of the administration of the status of the ICT system in the company. In the whole process, I will also gain skills in proper forensic methods applications and prove their applicability hence encouraging their use and upholding the institution o justice and integrity in the organizations workforce.

References Craiger J. Philip, Computer Forensics Procedures and Methods, National Center for Forensic Science & Department of Engineering Technology, University of Central Florida Brett Pladna, Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them, East Carolina University, [Online], Available: http://www. infosecwriters. com/text_resources/pdf/BPladna_Computer_Forensic_Procedures. pdf