100%(5)5 out of 5 people found this document helpful
This preview shows page 18 - 20 out of 25 pages.
RecoveryThe purpose of this phase is to bring affected systems back into the production environment in a manner that ensures there will be no further incidents (Kral, 2012). This phase includes the coordination of several departments and individuals who were vital to advancing this far into the response cycle. Decisions are made that involve time and date to re-establish activities, the technique used to test and confirm that frameworks are entirely usable, the length of monitoring, and the apparatuses that will be utilized to direct these activities (Kral, 2012).Lessons Learned The purpose of this phase is to complete any documentation that was not done during the incident, as well as any additional documentation that may be beneficial in future events (Kral, 2012).Evidence CollectionDigital evidence is defined as information and data of significant value to an investigation thatis transmitted on, received, or stored by an electronic device (Kral, 2012). This evidence is usually captured when electronic devices are seized and secured for examination. Digital evidence, unlike its physical counterpart, is vulnerable to a more significant number of risk factors and challenges. These attributes of digital proof are composed of the following:• it is hidden, like fingerprints or DNA evidence;• it crosses jurisdictional fringes rapidly and effectively; • it very well may be modified, harmed or decimated with little exertion; 18
• it tends to be time touchy (Kral, 2012). Usually gathered in the "Regulation Stage" of the reaction cycle, it is essential to abide by strict guidelines when retrieving cybercrime related proof. The following rules are stated below:1. Guarantee legal duplicates of influenced frameworks been made for further investigation. 2. Guarantee that all directions and other documentation since the incident has happened have been kept up to date until this point. 3. If not, report all activities are taken as soon as possible to ensure all evidence items are retained for either prosecution and learned lessons.4. Ensure that forensic copies are stored in a safe location.5. If it is not, forensic images should be placed in a safe area to prevent accidental damageand tampering (Kral, 2012).Internet-Based EvidenceAs a result of the universal access to data and different PCs, cyber criminals can utilize this entrance to hack into communications and financial systems, government systems and major corporations to steal money, identities, and data, or to disrupt frameworks (National Forensic Science Technology Center, 2012). Probably the most significant test in Internet crime is for specialists, research facility, and technical faculty to see how the procedure functions and to remain firmly connected with advances in programming and following advances.