COIT20267 Computer Forensics

Digital Forensics – Case Project Assignment #1

Consider this real-world scenario and show how computer forensics plays into it. It’s a security person’s worst nightmare. You’ve just inherited a large, diverse enterprise with relatively few security controls when something happens. You try to detect malicious activity at the perimeter of the network by monitoring your intrusion detection systems and watching attackers bang futilely on your firewall. Even those attackers tricky enough to slip through the firewall bounce harmlessly off your highly secured servers and trip alarms throughout the network as they attempt to compromise it. Reality is usually somewhat different: most people simply don’t have the tools, or at least do not have expensive, dedicated tools. You do have ways to stop the pain. Although the past seems to have been relatively quiet for network compromises, there have been quite a few new attacks released and a fairly significant number of incidents as a result.

For the purposes of this discussion, a number of these incidents have been blended together to create a hypothetical company, ForensicFire.com, to demonstrate some of the techniques used in combating intrusions. This case project discusses forensics in a Windows environment. It will offer a brief overview of the detection and analysis of an attack incident. How would you, as a computer forensics specialist, go about detecting potential incidents, identifying the attack(s), and conducting host-based forensics?