StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Digital Forensic Tools - Essay Example

Cite this document
Summary
The purpose of the present essay "Digital Forensic Tools" is to discuss the value of information technology contribution in forensics practice. The study will talk about some general network forensic for capturing and examining data that is traveled within the network…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.9% of users find it useful
Digital Forensic Tools
Read Text Preview

Extract of sample "Digital Forensic Tools"

?Digital Forensic Tools Information is lifeblood for any organization. This is an information age where information is digitized and stored on information systems and travels to the inbound and outbound network. To ensure that the data is secure in storage and transmission, organizations deploy tools and hire security professionals. However, there are many challenges that organizations have to overcome for securing the information on the network as well as in the servers. Certified skilled professionals, incident response management teams and other relevant staff plays a significant role for protecting and responding to threats that may or have compromise the network to gain access to business critical information of the organization. However, detecting live attack or analyzing systems for a possible malicious file requires a number of tools that may support many techniques and methods such as data acquisition, network forensics, database forensics and many more. Encase on the other hand provides lot of features but cannot be considered as a complete forensic tool. Some of the features of Encase are to analyze files that are targeted to files stored on systems. Likewise, Encase utilizes keywords, hashing, and hex strings extracted from headers. Moreover, Encase s also bundled with a scripting language EnScript similar to Perl/Java (Info World, 2004). It also monitors defined systems on a network for detecting file alterations and probes. Furthermore, Encase can also be integrated with Intrusion Detection and Systems (IDS). It can also capture snapshots during an attack in progress (Info World, 2004). For detecting threats on distributed networks, a methodology was presented by (Zonglin, Guangmin et al. 2009). This method consists of pattern detection for distributed network environment and also provides a network wide correlation analysis associated with instant parameters along with anomalous space extraction, instant amplitude and instant frequency. Moreover, this model will also facilitate to categorize data packets in to time and frequency domains distinctly. Furthermore, network administrators can also implement a methodology, subset of the current methodology, which is called as anomalous space extraction based on predictions of network traffic or transmission of data packets. Likewise, anomalous space extraction will enhance capabilities of network administrators for PCA based methods. Moreover, network wide correlation analysis of amplitude and frequency that is also a subset of this methodology will determine overall transmission of data packets initiating from these distributed networks. After the identification of the root cause or source of the worm, the next step is to identify the infected nodes as well. Network administrator will use a specialized tool capable of all the mentioned technological methods, as manual work will consume a lot of time and in some cases it becomes impossible to detect unknown patterns that are located deep down the network layers. The name of the tool is ‘Wireshark’, as it has advanced facilities and features that will analyze network traffic packet by packet and will provide in-depth analysis (Scalisi 2010). By using this ‘Wireshark’ tool, the first step a network administrator will take is the identification of traffic type or port types that will be the focus area. Likewise, the second step will be associated with capturing data packets on all ports that are available on the network (Scalisi 2010). However, the Network Forensic Analysis Tool (NFAT) provides playback actions for investigations an electronic crime or hacking activity. NFAT targets users, hosts and protocols along with content analysis as well. In spite of all these features, NFAT does not support overall detection of live network traffic. Consequently, ‘Wireshark’ will differentiate unknown network patters by analyzing each port so that statistics related to each data packet can be identified. The third task will be to trace the source from where the attack has been initiated. Likewise, network administrators have to focus on two areas i.e. record routes and time stamps. Moreover, these two fields are also considered by network administrators to address routing issues that may occur. Furthermore, one more challenge that needs to be addresses is the time synchronization that is conducted by a track backing process. Time synchronization is important because data packets are travelled from one time zone to another. In order to address this challenge, a methodology named as packet marking will be implemented. Likewise, this methodology will integrate fractional information with data for conducting a successful trace back. Digital forensic investigators utilize network forensic analysis tools (NFAT) for capturing and examining data that is travelled within the network. For overviewing functionality of a typical NFAT tool, Xplico is recommended as it provides decoding on the Internet traffic (Andrea De Franceschi, Gianluca Costa & 2012). Likewise, these tools provide real time monitoring and capturing of data along with real time packet capturing, network content analysis and report generation that will facilitate investigators to identify anomalies. Moreover, by the facilitates of the (NFAT) tool, investigators can playback traffic and drill down the network traffic for examination, as data packets are filtered to ease the process of detecting information leakage incident. However, investigators must keep in mind the dissimilarities between wired and wireless network characteristics associated with playback analysis data. Moreover, for playing back the recorded network communications, NFAT will be utilized and the playback will facilitate node to node communication analysis. However, there is one condition i.e. archiving data securely after data capturing from a real time network. Time sequencing analysis techniques, patterns and content techniques are persuade, while analyzing data capturing from Intrusion detections system (IDS) and NFAT. Likewise, Infini stream also uses time sequencing techniques to replay network activities (World 2003). Moreover, pattern analysis provides the minimum requirements for network security and content analysis provides a deep inspection of packets. NFAT will provide data from wired and wireless interfaces for constructing simulated environment of the current situation within the network. Investigators will then review the time line that will demonstrate events and activities related to threats, which is presentable in the course system. References ANDREA DE FRANCESCHI, GIANLUCA COSTA &, 27/02/2012, 2012-last update, Xplico - Internet Traffic Decoder. Network Forensic Analysis Tool (NFAT) . Available: http://www.xplico.org/ [3/18/2012, 2012]. INFOR WORLD, 2004-last update, InfoWorld - Google Books [Homepage of Info World Media Group Inc.], [Online]. Available: http://books.google.com.pk/books?id=9TcEAAAAMBAJ&pg=PA32&dq=Encase+features&hl=en&sa=X&ei=detlT6TnBYjTrQeN1pi9Bw&ved=0CDkQ6AEwAg#v=onepage&q=Encase features&f=false [3/18/2012, 2012]. SCALISI, M., 2010. Analyze Network Problems With Wireshark. PC World, 28(4), pp. 30. WORLD, N., 10/02/2003, 2003-last update, Network World - Google Books . Available: http://books.google.com.pk/books?id=DxkEAAAAMBAJ&pg=PT20&dq=Time+sequencing+analysis+network+forensics&hl=en&ei=DijATqa-K8_IrQem4fC5AQ&sa=X&oi=book_result&ct=result&resnum=6&ved=0CFMQ6AEwBQ#v=onepage&q&f=false [3/18/2012, 2012]. ZONGLIN, L., GUANGMIN, H., XINGMIAO, Y. and DAN, Y., 2009. Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis. EURASIP Journal on Advances in Signal Processing, , pp. 1-11. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Digital Forensic Tools Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Digital Forensic Tools Essay Example | Topics and Well Written Essays - 1000 words. Retrieved from https://studentshare.org/information-technology/1444765-encase
(Digital Forensic Tools Essay Example | Topics and Well Written Essays - 1000 Words)
Digital Forensic Tools Essay Example | Topics and Well Written Essays - 1000 Words. https://studentshare.org/information-technology/1444765-encase.
“Digital Forensic Tools Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1444765-encase.
  • Cited: 0 times

CHECK THESE SAMPLES OF Digital Forensic Tools

Quiz in Computer Technique

Forensic suite The general phrase used to describe collections of Digital Forensic Tools or single tools that enable multiple analyses of digital evidence; examples include Guidance Software's Encase Forensic and Technology Pathway's ProDiscover Basic. Evidence custody (or… Many agencies also use this form to provide a physical description of evidence for later identification. Tool belt approach a concept used to describe a varied CCJS421 – Quiz Match each of the following terms with the picture it best matches (use each term and picture only once):a....
2 Pages (500 words) Essay

Skype Forensics

But with the aid of apt Digital Forensic Tools, valuable evidence can be retrieved and it can reveal the defendant's activities.... This case study "Skype Forensics" discusses digital forensic in this high-tech world that is inevitable.... So, digital forensic has become very essential and in fact a part of the overall security perspective of any computer-based industry, in spite of various challenges associated with the digital forensic investigation process....
6 Pages (1500 words) Case Study

Digital Forensic: Skype

But with the aid of apt Digital Forensic Tools, valuable evidence can be retrieved and it can reveal the defendant's activities.... This case study "digital forensic: Skype" discusses various available tools that will aid the digital forensic investigation process, document the steps involved in the investigation process along with the challenges that have to be faced during the course of the investigation process.... hellip; The need for digital forensic in this high-tech world is inevitable....
5 Pages (1250 words) Case Study

Easy Retrieval of Data from Hard Disk Drives

Moreover, for any forensic investigator to obtain any sort of digital evidence, they must first look for the details from the computer hard disk.... Moreover this project of computer forensic works in conjunction with the software of data recovery program.... he main reason for the development of this computer forensic project is to assist in the quick and effective investigation procedures required during a forensic investigation....
7 Pages (1750 words) Term Paper

Software Engineering Principles in Ensuring the Forensic Integrity of Digital Forensics

Outcomes of the study will be recommendations and suggestions of the best approaches for the development of software for digital forensic without compromising the system's forensic integrity.... This paper "Software Engineering Principles in Ensuring the forensic Integrity of Digital Forensics" discusses a software engineers that have a task of ensuring that software is secure.... In order to develop secure software that ensures the forensic integrity of digital forensics, it is essential for developers to incorporate systematic approaches that support security methodologies....
20 Pages (5000 words) Research Paper

Popular Forensic Tools

he following section compares to popular forensic tools- the commercially available FTK and its open-source counterpart, Autopsy.... There are a number of tools available in the market that can used to perform computer forensics.... These tools are mostly created using a closed-source approach or commercially marketed application and because these tools can prove innocence or guild, it can people's lives significantly.... TK or Forensic ToolkitForensic toolkits are commonly known to provide tools for performing many activities of a computer forensic investigation....
10 Pages (2500 words) Essay

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers by Carrier

nbsp; Introduction Carrier's (2003) paper addresses a number of problems in the research; for instance, they utilize abstraction layers to identify where Digital Forensic Tools can bring in errors and offer requirements that the tools have to follow.... According to the author, the results generated by the existing Digital Forensic Tools can be utilized successfully in prosecutions; however, they do not have designs that were formed with the needs of forensic science....
8 Pages (2000 words) Literature review

Principles of Cyber Forensic

nbsp;The techniques involved in investigating basic cyber forensic using forensic tools are discussed.... The paper "Principles of Cyber forensic" discusses what digital evidence entails, the principles of cyber forensic, and computer data threats....  The processes of investigation used to preserve, locate, select analyze, validate as well as present digital evidence are discussed.... hellip; This paper discusses cyber forensics which is a process of investigating the cyber or digital crime, collecting the data, as well as analyzing them to come up with enough tangible digital or physical evidence that can be presented into a court of law to and ensure that the suspect is justifiably judged....
14 Pages (3500 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us