Post Mortem Forensic Analysis Research Paper Example | Topics and Well Written Essays - 1000 words

Post Mortem Forensic Analysis - Research news report ExampleIn parliamentary procedure to initialize a forensic compend, the first step is to determine the menstruum of the breach to the network. Likewise, after identifying the point of the breach, a forensic examiner can evaluate its exploitation. Moreover, the examiners can as well as identify the source of the threat i.e. the Internet. As per the scenario, a large computer network is compromised by a threat that may have also exploited classified documents. The report impart demonstrate the forensic analysis with the aid of FTK tools in order to identify the root cause of the threat. Overview If an organization is affected by a security breach, in some cases, it is complex to calculate risks related to information assets present on the network. Likewise, it depends on the severity of the threat that may have caused large disruptions in network-based services. This is the point where the digital forensic expert is incorporat ed for identifying the threat, impact and network incidents caused by it. Organizations experience new techniques and methods from an ongoing investigation by a digital forensic expert. Likewise, the point of interception, methodology, and protection etc. are considered to be critical. Moreover, financial institutions are keener to adopt forensic analysis, as this domain including duty model and nature of the data, cannot compromise on security (Network postmortem Forensic analysis after a compromise, n.d.). For instance, master card, visa, American express demonstrates a inviolable online security framework. In the current scenario, where a network is already breached by a threat, these forensic experts center on three core factors i.e. (Network postmortem Forensic analysis after a compromise, n.d.) A breakthrough process focused on understanding the application and network infrastructure, as well as the business information flow of the organization Interviews with key personn el to understand the facts of the case from the customers perspective and identify adequate sources of forensics data Data collection to gather critical sources of evidence to support the investigation, followed by analysis methodology Assuming that the threat has initially breached the application emcee that was serving as an intranet for the organization, forensic investigators construct a methodology that will monitor attacks from inbound and outbound networks. These three processes will be executed, in order to detect the cause and the source pcap trace analysis that is initialized for server-side attack pcap trace analysis that is initialized for client-side attack Netflow analysis initialized for network flow monitoring In order to capture attacks, forensic investigators implemented a insecure HTTP server. The server will acts as an original server and address every query related to HTTP. However, for affect a POST request the server will initiate a separate thread that w ill encapsulate a shell incorporated by a port 12345. The replicated fake web server will process the shellcode similarly to the original one. The tool that will be used for exploiting and capturing network concern is WireShark(Cert Exercises Handbook Scribd, n.d.). It is an open-source tool that is meant for capturing data packets and network traffic examination on wired and wireless networks (Wireshark Network Analysis n.d.).