Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Capella University
Abstract
From retrieved network system digital contents by an investigator who have done digital
forensics on the network system by identification and investigation of cyber attacks. Since the
abundance of devices which are connected to the Internet of Things and connected network system
devices have attracted an increased volume of cyber attacks. Which requires the immediate
incident response to cyber attack case to get the understanding of attackers cyberattacks actions
This paper evaluates the “differences within the incident response and digital or network
forensics. Deliberating the paper is the effect of the prevailing network system security controls
on digital or network forensics. This paper will review the tools used for quality network forensics
investigations and its basic methodologies used in network forensics” (Capella, 2019, 20-22).
Table of Content
Cover Page,
Abstract.
Table of Content.
Introduction/ Body
Conclusion
References
INCIDENT RESPONSE AND DIGITAL FORENSICS 4
Beginning
Introduction
Digital forensic investigations capture, document and examine the network system traffic
activities in good plan for discovery of evidence of data about the identification of cyber attacks
for prosecution by law. Using a quality digital or network forensic tools such as eMailTrackerPro
SANS (2015) to find the source of the cyber attacker physical location for malicious sending. By
network forensic, we oversee and examine the network system traffic for the aim of a collection
of any legal evidence and data from cyberattack activities, or network system intrusion detection.
With network forensic, it deals with volatile and dynamic data for the proactive network system
investigation. The digital forensic is the regaining and investigation of digital media devices for
legal evidence which was done by computer cybercrime. Which is also the same as computer
forensics. Looking at cyber forensic which relates a certain aspect of the network and computer
INCIDENT RESPONSE AND DIGITAL FORENSICS 8
forensics, also, when it comes to eDiscovery it relates to the method of collection, gathering of
legal evidence of electronic data capture of audio data, calendar data, images, emails or database
SANS (2013) Incident responding procedure states what in the organization information
security governance of what happens, or the actions of organization employees take for network
system security events as define information security policy consist of what are the contacts access
point for reporting any network system security incident. What is the employee’s responsibility
for security incident course of action? What is the asset importance when an organization network
system should be taken offline at the time of security incident? Which outsider parties such as law
enforcement, network system security experts, is our point of contact in case of a security incident?
What the organization permanent or virtual or hybrid incident response team. Since organization
incident response is the CSIRT which is the computer security incident response team with the
inclusion of the information security officer or IT system analyst. The variation of incident
response team and network forensic team which are defined by their organizational goals, IR goal
is the quick response to security incident in real time, for the network forensic is the gathering and
understanding of the security incidents, risk, and network system impacts. Their information
requirements of IR is short term data foundations is needed and network forensic needs the long
term system logs and data files for investigation (Khan, Shiraz, Wahab, Gani, Han, & Rahman,
With network controls effects on the network forensic we look at the network system traffic
packets behavior to investigate the network and transport layer of network system attacks SANS
(2015). Since the network forensic evaluate the data and physical layer for intrusion of network
system for eavesdropping, also they used tools and network system protocols such as Wireshark
INCIDENT RESPONSE AND DIGITAL FORENSICS 9
or tcpdump, ARP to discovery and sniffing of the network packets data on NIC, also filtering the
network system packet traffic or malicious reconstruction of packet data transmitted over the
organization network system. Network forensic also investigate the reverse routing and data
tracking, network system devices logs reconstruct security attack incident (SANS, 2015 para 7-
`13).
There are also tools and protocols used by network forensic for the quality of network
security control such as extracting system files- nex, dsniff, Firesheep, ssldump, snort. For any
intrusion detection of transport and network layer, matching regular session of the network system
activities audits, the extraction of SSL, emails and the reconstructions of network system packets
The basic methodologies of the network forensic are how to gather the best possible
evidence bee it the original, minimal disruption, intrusion or force, transparency and chain of
Since the methodologic consist of identification of the source of a security incident, by persevering
the evidence not to be destroyed. The collection, evaluation and examination/ presentation of the
legal evidence (Khan, Shiraz, Wahab, Gani, Han, & Rahman, 2014, para 32-38).
INCIDENT RESPONSE AND DIGITAL FORENSICS 10
References
Capella University, 2019, Course room, unit 7, Incident Response and Digital Forensics, Date
retrieved 02/21/2019,
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_
162482_1&content_id=_7268977_1&mode=reset
SANS, (2015), Advanced Network Forensics and Analysis Date retrieved 02/21/2019,
https://www.sans.org/vlive/details/38357
INCIDENT RESPONSE AND DIGITAL FORENSICS 11
Khan, S., Shiraz, M., Wahab, A. W., Gani, A., Han, Q., & Rahman, Z. B. (2014). A
Zawoad S, Hasan R. I have the proof: providing proofs of past data possession in cloud
Kim AC, Park WH, Lee DH. A study on the live forensic techniques for anomaly detection in