Securing the Scene
Imagine you are a digital forensic
investigator for a healthcare organization. You learn from your internal
information security department that an employee has been using
password-cracking software to access confidential customer insurance
information. The account information extracted is unknown at this time, though
it appears as though multiple computers were being used for the crime and it
isn’t clear whether an attack is currently in progress. The employee has been
detained but his computers remain online.
Write a two to three (2-3) page
paper in which you:
1. Develop a detailed plan to approach and secure the incident scene based on the information you have from the scenario.
2. Discuss the initial steps you would take for the investigation, depending on whether or not the attack is still in progress. Include how your actions would differ based on the current status of the incident.
3. Explicate the importance of creating an order of volatility by identifying the potential evidence that is the most volatile. Explain, in detail, how you would extract this evidence.
4. Identify the high-level steps that would be performed in collecting and analyzing the evidence. Include steps that are required, as well as what should not be done, in order to maintain the potential admissibility of evidence.
5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
1. Develop a detailed plan to approach and secure the incident scene based on the information you have from the scenario.
2. Discuss the initial steps you would take for the investigation, depending on whether or not the attack is still in progress. Include how your actions would differ based on the current status of the incident.
3. Explicate the importance of creating an order of volatility by identifying the potential evidence that is the most volatile. Explain, in detail, how you would extract this evidence.
4. Identify the high-level steps that would be performed in collecting and analyzing the evidence. Include steps that are required, as well as what should not be done, in order to maintain the potential admissibility of evidence.
5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
No comments:
Post a Comment