View the step-by-step solution to:

contributed articles doi:1145/ 1666420.1666452 by Fabio Arduini and Vincenzo Morabito Business Continuity and the Banking Industry on the World Trade...

I need some help with the assignment below. I have included all support documents. I'd appreciate it if the assignment is completed by Saturday by noon. 


Case Study 2: Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise

Due Week 7 and worth 100 points

Access the ACM Digital Library by following the steps below:

Students:

 

Login to iCampus.

From iCampus, click STUDENT SERVICES>> Learning Resources Center >> Databases

Scroll down to "Information Systems/Computing".

Select “ACM Digital Library” below the heading.

Enter your library username and password.

 Faculty:

 

Login to Blackboard: bb.strayer.edu.

Click the "Resource Center" tab at top right of page.

From the list on the left, click "Databases"

Scroll down to "Information Systems/Computing".

Select “ACM Digital Library” below the heading.

Enter your library username and password.

Download and read the following articles available in the ACM Digital Library:

Arduini, F., & Morabito, V. (2010, March). Business continuity and the banking industry. Communications of the ACM, 53(3), 121-125

Dahbur, K., & Mohammad, B. (2011). The anti-forensics challenge. Proceedings from ISWSA '11: International Conference on Intelligent Semantic Web-Services and Applications. Amman, Jordan.

Write a five to seven (5-7) page paper in which you:

Consider that Data Security and Policy Assurance methods are important to the overall success of IT and Corporate data security.

Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.

Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response.

Suggest at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented.

Explain the essentials of defining a digital forensics process and provide two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

Provide a step-by-step process that could be used to develop and sustain an enterprise continuity process. 

Describe the role of incident response teams and how these accommodate business continuity.

There are several awareness and training efforts that could be adopted in order to prevent anti-forensic efforts.

Suggest two (2) awareness and training efforts that could assist in preventing anti-forensic efforts.

Determine how having a knowledgeable workforce could provide a greater level of secure behavior. Provide a rationale with your response. 

Outline the steps that could be performed to ensure continuous effectiveness.

  1. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

Describe and apply the 14 areas of common practice in the Department of Homeland Security (DHS) Essential Body of Knowledge.

Describe best practices in cybersecurity.

Explain data security competencies to include turning policy into practice.

Describe digital forensics and process management.

Evaluate the ethical concerns inherent in cybersecurity and how these concerns affect organizational policies.

Create an enterprise continuity plan.

Describe and create an incident management and response plan.

Describe system, application, network, and telecommunications security policies and response.

Use technology and information resources to research issues in cybersecurity.

Write clearly and concisely about topics associated with cybersecurity using proper writing mechanics and technical style conventions.

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 100

Case Study 2: Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise

Criteria

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

Fair

70-79% C

Proficient

80-89% B

Exemplary

90-100% A

1a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

Weight: 10%

Did not submit or incompletely determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

Insufficiently determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

Partially determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

Satisfactorily determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

Thoroughly determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

1b. Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.
Weight: 5%

Did not submit or incompletely explained how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.

Insufficiently explained how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.

Partially explained how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.

Satisfactorily explained how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.

Thoroughly explained how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.

1c. Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response.

Weight: 10%

Did not submit or incompletely determined how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts; did not submit or incompletely gave an example with your response.

Insufficiently determined how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts; insufficiently gave an example with your response.

Partially determined how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts; partially gave an example with your response.

Satisfactorily determined how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts; satisfactorily gave an example with your response.

Thoroughly determined how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts; thoroughly gave an example with your response.

2. Suggest at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented.

Weight: 10%

Did not submit or incompletely suggested at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts; did not submit or incompletely described how these could be implemented.

Insufficiently suggested at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts; insufficiently described how these could be implemented.

Partially suggested at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts; partially described how these could be implemented.

Satisfactorily suggested at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts; satisfactorily described how these could be implemented.

Thoroughly suggested at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts; thoroughly described how these could be implemented.

3. Explain the essentials of defining a digital forensics process and provide two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

Weight: 10%

Did not submit or incompletely explained the essentials of defining a digital forensics process; did not submit or incompletely provided two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

Insufficiently explained the essentials of defining a digital forensics process; insufficiently provided two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

Partially explained the essentials of defining a digital forensics process; partially provided two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

Satisfactorily explained the essentials of defining a digital forensics process; satisfactorily provided two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

Thoroughly explained the essentials of defining a digital forensics process; thoroughly provided two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

4. Provide a step-by-step process that could be used to develop and sustain an enterprise continuity process.

Weight: 10%

Did not submit or incompletely provided a step-by-step process that could be used to develop and sustain an enterprise continuity process.

Insufficiently provided a step-by-step process that could be used to develop and sustain an enterprise continuity process.

Partially provided a step-by-step process that could be used to develop and sustain an enterprise continuity process.

Satisfactorily provided a step-by-step process that could be used to develop and sustain an enterprise continuity process.

Thoroughly provided a step-by-step process that could be used to develop and sustain an enterprise continuity process.

5. Describe the role of incident response teams and how these accommodate business continuity.

Weight: 5%

Did not submit or incompletely described the role of incident response teams and how these accommodate business continuity.

Insufficiently described the role of incident response teams and how these accommodate business continuity.

Partially described the role of incident response teams and how these accommodate business continuity.

Satisfactorily described the role of incident response teams and how these accommodate business continuity.

Thoroughly described the role of incident response teams and how these accommodate business continuity.

6a. Suggest two (2) awareness and training efforts that could assist in preventing anti-forensic efforts.

Weight: 10%

Did not submit or incompletely suggested two (2) awareness and training efforts that could assist in preventing anti-forensic efforts.

Insufficiently suggested two (2) awareness and training efforts that could assist in preventing anti-forensic efforts.

Partially suggested two (2) awareness and training efforts that could assist in preventing anti-forensic efforts.

Satisfactorily suggested two (2) awareness and training efforts that could assist in preventing anti-forensic efforts.

Thoroughly suggested two (2) awareness and training efforts that could assist in preventing anti-forensic efforts.

6b. Determine how having a knowledgeable workforce could provide a greater level of secure behavior. Provide a rationale with your response.

Weight: 10%

Did not submit or incompletely determined how having a knowledgeable workforce could provide a greater level of secure behavior; did not submit or incompletely provided a rationale with your response.

Insufficiently determined how having a knowledgeable workforce could provide a greater level of secure behavior; insufficiently provided a rationale with your response.

Partially determined how having a knowledgeable workforce could provide a greater level of secure behavior; partially provided a rationale with your response.

Satisfactorily determined how having a knowledgeable workforce could provide a greater level of secure behavior; satisfactorily provided a rationale with your response.

Thoroughly determined how having a knowledgeable workforce could provide a greater level of secure behavior; thoroughly provided a rationale with your response.

6c. Outline the steps that could be performed to ensure continuous effectiveness.

Weight: 5%

Did not submit or incompletely outlined the steps that could be performed to ensure continuous effectiveness.

Insufficiently outlined the steps that could be performed to ensure continuous effectiveness.

Partially outlined the steps that could be performed to ensure continuous effectiveness.

Satisfactorily outlined the steps that could be performed to ensure continuous effectiveness.

Thoroughly outlined the steps that could be performed to ensure continuous effectiveness.

7. 3 references

Weight: 5%

No references provided

Does not meet the required number of references; all references poor quality choices.

Does not meet the required number of references; some references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

8. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than 8 errors present

7-8 errors present

5-6 errors present

3-4 errors present

0-2 errors present

contributed articles MARCH 2010 | VOL. 53 | NO. 3 | COMMUNICATIONS OF THE ACM 121 DOI: 10.1145/1666420.1666452 BY FABIO ARDUINI AND VINCENZO MORABITO SINCE THE SEPTEMBER 11 TH ATTACKS on the World Trade Center, 8 tsunami disaster, and hurricane Katrina, there has been renewed interest in emergency planning in both the private and public sectors. In particular, as managers realize the size of potential exposure to unmanaged risk, insuring “business continuity” (BC) is becoming a key task within all industrial and financial sectors (Figure 1). Aside from terrorism and natural disasters, two main reasons for developing the BC approach in the finance sector have been identified as unique to it: regulations and business specificities. Regulatory norms are key factors for all financial sectors in every country. Every organization is required to comply with federal/national law in addition to national and international governing bodies. Referring to business decisions, more and more organizations recognize that Business Continuity could be and should be strategic for the good of the business. The finance sector is, as a matter of fact, a sector in which the development of information technology (IT) and information systems (IS) have had a dramatic effect upon competitiveness. In this sector, organizations have become dependent upon tech- nologies that they do not fully compre- hend. In fact, banking industry IT and IS are considered production not sup- port technologies. As such, IT and IS have supported massive changes in the ways in which business is conducted with consumers at the retail level. In- novations in direct banking would have been unthinkable without appropriate IS. As a consequence business continu- ity planning at banks is essential as the industry develops in order to safeguard consumers and to comply with interna- tional regulatory norms. Furthermore, in the banking industry, BC planning is important and at the same time dif- ferent from other industries, for three other specific reasons as highlighted by the Bank of Japan in 2003: Maintaining the economic activity of ˲ residents in disaster areas 2 by enabling the continuation of financial services during and after disasters, thereby sus- taining business activities in the dam- aged area; Preventing widespread payment and ˲ settlement disorder 2 or preventing sys- temic risks, by bounding the inability of financial institutions in a disaster area to execute payment transactions; Reduce managerial risks ˲ 2 for example, by limiting the difficulties for banks to take profit opportunities and lower their customer reputation. Business specificities, rather than regulatory considerations, should be the primary drivers of all processes. Even if European (EU) and US markets differ, BC is closing the gap. Progres- sive EU market consolidation neces- sitates common rules and is forcing major institutions to share common knowledge both on organizational and technological issues. The financial sector sees business continuity not only as a technical or risk management issue, but as a driver towards any discussion on mergers and acquisitions; the ability to manage BC should also be considered a strate- gic weapon to reduce the acquisition timeframe and shorten the data center Business Continuity and the Banking Industry
Background image of page 1
122 COMMUNICATIONS OF THE ACM | MARCH 2010 | VOL. 53 | NO. 3 contributed articles differences in preparing and imple- menting strategies that enhance busi- ness process security. Two approaches seem to be prevalent. Firstly, there are those disaster recovery (DR) strate- gies that are internally and hardware- focused 9 and secondly, there are those strategies that treat the issues of IT and IS security within a wider internal-ex- ternal, hardware-software framework. The latter deals with IS as an integrat- ing business function rather than as a stand-alone operation. We have labeled this second type of business continuity approach (BCA). As a consequence, we define BCA as a framework of disciplines, processes, and techniques aiming to provide continuous operation for “essential business functions” under all circum- stances. More specifically, business continu- ity planning (BCP) can be defined as “a collection of procedures and informa- tion” that have been “developed, com- piled and maintained” and are “ready to use - in the event of an emergency or disaster.” 6 BCP has been addressed by different contributions to the litera- ture. Noteworthy studies include Julia Allen’s contribution on Cert’s Octave method a1 the activities of the Business Continuity Institute (BCI) in defining certification standards and practice guidelines, the EDS white paper on Business Continuity Management 4 and merge, often considered one of the top issues in quick wins and information and communication technology (ICT) budget savings. Business Continuity Concepts The evolution of IT and IS have chal- lenged the traditional ways of conduct- ing business within the finance sector. These changes have largely represented improvements to business processes and efficiency but are not without their flaws, in as much as business disrup- tion can occur due to IT and IS sources. The greater complexity of new IT and IS operating environments requires that organizations continually reassess how best they may keep abreast of changes and exploit those for organizational ad- vantage. In particular, this paper seeks to investigate how companies in the fi- nancial sector understand and manage their business continuity problems. BC has become one of the most im- portant issues in the banking industry. Furthermore, there still appears to be some discrepancy as to the formal defi- nitions of what precisely constitutes a disaster and there are difficulties in as- sessing the size of claims in the crises and disaster areas. One definition of what constitutes a disaster is an incident that leads to the formal invocation of contingency/ continuity plans or any incident which leads to a loss of revenue; in other words it is any accidental, natural or malicious event which threatens or dis- rupts normal operations or services, for as long a time as to significantly cause the failure of the enterprise. It follows then that when referring to the size of claims in the area of organizational cri- ses and disasters, the degree to which a company has been affected by such interruptions is the defining factor. The definition of these concepts is important because 80% of those orga- nizations which face a significant crisis without either a contingency/recovery or a business continuity plan, fail to survive a further year (Business Con- tinuity Institute estimate). Moreover, the BCI believes that only a small num- ber of organizations have disaster and recovery plans and, of those, few have been renewed to reflect the changing nature of the organization. In observing Italian banking indus- try practices, there seems to be major finally, referring to banking, Business Continuity Planning at Financial Insti- tutions by the Bank of Japan. 2 This last study illustrates the process and activi- ties for successful business continuity planning in three steps: 1. Formulating a framework for robust project management, where banks should: a. develop basic policy and guidelines for BC planning (basic policy); b. Develop a study firm-wide aspects (firm-wide control section); c. Implement appropriate progress control (project management pro- cedures) 2. Identifying assumptions and condi- tions for business continuity plan- ning, where banks should: a. Recognize and identify the poten- tial threats, analyze the frequency of potential threats and identify the specific scenarios with mate- rial risk (Disaster scenarios); b. Focus on continuing prioritized critical operations (Critical opera- tions); c. Target times for the resumption of operations (Recovery time objec- tives); 3. Introducing action plans, where banks should: a. Study specific measures for busi- ness continuity planning (BC measures); b. acquire and maintain back-up data (Robust back-up data); c. Determine the managerial re- sources and infrastructure avail- ability capacity required (Procure- ment of managerial resources); Figure 1. 2004 top business priorities in industrial and financial sectors (source Gartner) a The Operationally Critical Threat, Asset, and Vulnerability Evaluation Method of CERT. CERT is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
Background image of page 2
Show entire document
SEC 402 – Student Notes Case Study 2: Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise Due Week 7 and worth 100 points Access the ACM Digital Library by following the steps below: Students: 1. Login to iCampus. 2. From iCampus, click STUDENT SERVICES>> Learning Resources Center >> Databases 3. Scroll down to "Information Systems/Computing". 4. Select “ACM Digital Library” below the heading. 5. Enter your library username and password. Faculty: 1. Login to Blackboard: bb.strayer.edu . 2. Click the "Resource Center" tab at top right of page. 3. From the list on the left, click "Databases" 4. Scroll down to "Information Systems/Computing". 5. Select “ACM Digital Library” below the heading. 6. Enter your library username and password. Download and read the following articles available in the ACM Digital Library: Arduini, F., & Morabito, V. (2010, March). Business continuity and the banking industry. Communications of the ACM , 53 (3), 121-125 Dahbur, K., & Mohammad, B. (2011). The anti-forensics challenge . Proceedings from ISWSA '11: International Conference on Intelligent Semantic Web-Services and Applications. Amman, Jordan. Write a five to seven (5-7) page paper in which you: 1. Consider that Data Security and Policy Assurance methods are important to the overall success of IT and Corporate data security. a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. b. Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved. c. Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response. 2. Suggest at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented. 3. Explain the essentials of defining a digital forensics process and provide two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article. 4. Provide a step-by-step process that could be used to develop and sustain an enterprise continuity process. 5. Describe the role of incident response teams and how these accommodate business continuity. 6. There are several awareness and training efforts that could be adopted in order to prevent anti- forensic efforts. a. Suggest two (2) awareness and training efforts that could assist in preventing anti- forensic efforts.
Background image of page 1
SEC 402 – Student Notes b. Determine how having a knowledgeable workforce could provide a greater level of secure behavior. Provide a rationale with your response. c. Outline the steps that could be performed to ensure continuous effectiveness. 7. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: Describe and apply the 14 areas of common practice in the Department of Homeland Security (DHS) Essential Body of Knowledge. Describe best practices in cybersecurity. Explain data security competencies to include turning policy into practice. Describe digital forensics and process management. Evaluate the ethical concerns inherent in cybersecurity and how these concerns affect organizational policies. Create an enterprise continuity plan. Describe and create an incident management and response plan. Describe system, application, network, and telecommunications security policies and response. Use technology and information resources to research issues in cybersecurity. Write clearly and concisely about topics associated with cybersecurity using proper writing mechanics and technical style conventions. Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric. Points: 100 Case Study 2: Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise Criteria Unacceptable Below 60% F Meets Minimum Expectation s 60-69% D Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A 1a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. Weight: 10% Did not submit or incompletely determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. Insufficiently determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. Partially determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. Satisfactorily determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. Thoroughly determined how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.
Background image of page 2
Show entire document
The Anti-Forensics Challenge Kamal Dahbur [email protected] Bassil Mohammad [email protected] School of Engineering and Computing Sciences New York Institute of Technology Amman, Jordan ABSTRACT Computer and Network Forensics has emerged as a new field in IT that is aimed at acquiring and analyzing digital evidence for the purpose of solving cases that involve the use, or more accurately misuse, of computer systems. Many scientific techniques, procedures, and technological tools have been evolved and effectively applied in this field. On the opposite side, Anti-Forensics has recently surfaced as a field that aims at circumventing the efforts and objectives of the field of computer and network forensics. The purpose of this paper is to highlight the challenges introduced by Anti-Forensics, explore the various Anti-Forensics mechanisms, tools and techniques, provide a coherent classification for them, and discuss thoroughly their effectiveness. Moreover, this paper will highlight the challenges seen in implementing effective countermeasures against these techniques. Finally, a set of recommendations are presented with further seen research opportunities. Categories and Subject Descriptors K.6.1 [ Management of Computing and Information Systems ]: Projects and People Management – System Analysis and Design, System Development. General Terms Management, Security, Standardization. Keywords Computer Forensics (CF), Computer Anti-Forensics (CAF), Digital Evidence, Data Hiding. 1. INTRODUCTION The use of technology is increasingly spreading covering various aspects of our daily lives. An equal increase, if not even more, is realized in the methods and techniques created with the intention to misuse the technologies serving varying objectives being political, personal or anything else. This has clearly been reflected in our terminology as well, where new terms like cyber warfare, cyber security, and cyber crime, amongst others, were introduced. It is also noticeable that such attacks are getting increasingly more sophisticated, and are utilizing novel methodologies and techniques. Fortunately, these attacks leave traces on the victim systems that, if successfully recovered and analyzed, might help identify the offenders and consequently resolve the case(s) justly and in accordance with applicable laws. For this purpose, new areas of research emerged addressing Network Forensics and Computer Forensics in order to define the foundation, practices and acceptable frameworks for scientifically acquiring and analyzing digital evidence in to be presented in support of filed cases. In response to Forensics efforts, Anti-Forensics tools and techniques were created with the main objective of frustrating forensics efforts, and taunting its credibility and reliability. This paper attempts to provide a clear definition for Computer Anti-Forensics and consolidates various aspects of the topic. It also presents a clear listing of seen challenges and possible countermeasures that can be used. The lack of clear and comprehensive classification for existing techniques and technologies is highlighted and a consolidation of all current classifications is presented. Please note that the scope of this paper is limited to Computer- Forensics. Even though it is a related field, Network-Forensics is not discussed in this paper and can be tackled in future work. Also, this paper is not intended to cover specific Anti-Forensics tools; however, several tools were mentioned to clarify the concepts. After this brief introduction, the remainder of this paper is organized as follows: section 2 provides a description of the problem space, introduces computer forensics and computer anti-forensics, and provides an overview of the current issues concerning this field; section 3 provides an overview of related work with emphasis on Anti-Forensics goals and classifications; section 4 provides detailed discussion of Anti-Forensics challenges and recommendations; section 5 provides our conclusion, and suggested future work. 2. THE PROBLEM SPACE Rapid changes and advances in technology are impacting every aspect of our lives because of our increased dependence on such systems to perform many of our daily tasks. The achievements in the area of computers technology in terms of increased capabilities of machines, high speeds communication channels, and reduced costs resulted in making it attainable by the public. The popularity of the Internet, and consequently the technology associated with it, has skyrocketed in the last decade (see Table 1 and Figure 1). Internet usage statistics for 2010 clearly show the huge increase in Internet users who may not necessary be computer experts or even technology savvy [1]. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ISWSA’11 , April 18–20, 2011, Amman, Jordan. Copyright 2011 ACM 978-1-4503-0474-0/04/2011…$10.00.
Background image of page 1
WORLD INTERNET USAGE AND POPULATION STATISTICS World Regions Population (2010 Est.) Internet Users Dec. 31, 2000 Internet Users Latest Data Growth 2000-2010 Africa 1,013,779,050 4,514,400 110,931,700 2357% Asia 3,834,792,852 114,304,000 825,094,396 622% Europe 813,319,511 105,096,093 475,069,448 352% Middle East 212,336,924 3,284,800 63,240,946 1825% North America 344,124,450 108,096,800 266,224,500 146% Latin America/ Caribbean 592,556,972 18,068,919 204,689,836 1033% Oceania/Australia 34,700,201 7,620,480 21,263,990 179% WORLD TOTAL 6,845,609,960 360,985,492 1,966,514,816 445% Table 1. World Internet Usage – 2010 (Reproduced from [1]). Figure 1. World Internet Usage–2010 (Based on Data from [1]) Unfortunately, some of the technology users will not use it in a legitimate manner; instead, some users may deliberately misuse it. Such misuse can result in many harmful consequences including, but not limited to, major damage to others systems or prevention of service for legitimate users. Regardless of the objectives that such “bad guys” might be aiming for from such misuse (e.g. personal, financial, political or religious purposes), one common goal for such users is the need to avoid detection (i.e. source determination). Therefore, these offenders will exert thought and effort to cover their tracks to avoid any liabilities or accountability for their damaging actions. Illegal actions (or crimes) that involve a computing system, either as a mean to carry out the attack or as a target, are referred to as Cybercrimes [2]. Computer crime or Cybercrime are two terms that are being used interchangeably to refer to the same thing. A Distributed Denial of Service attack (DDoS) is a good example for a computer crime where the computing system is used as a mean as well as a target. Fortunately, cybercrimes leave fingerprints that investigators can collect, correlate and analyze to understand what, why, when and how a crime was committed; and consequently, and most importantly, build a good case that can bring the criminals to justice. In this sense, computers can be seen as great source of evidence. For this purpose Computer Forensics (CF) emerged as a major area of interest, research and development driven by the legislative needs of having scientific reliable framework, practices, guidelines, and techniques for forensics activities starting from evidence acquisition, preservation, analysis, and finally presentation. Computer Forensics can be defined as the process of scientifically obtaining, examining and analyzing digital information so that it can be used as evidence in civil, criminal or administrative cases [2]. A more formal definition of Computer Forensics is the discipline that combines elements of law and computer science to collect and analyse data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” [3]. To hinder the efforts of Computer Forensics, criminals work doggedly to instigate, develop and promote counter techniques and methodologies, or what is commonly referred to as Anti- Forensics. If we adopt the definition of Computer Forensics (CF) as scientifically obtaining, examining, and analysing digital information to be used as evidence in a court of law, then Anti- Forensics can be defined similarly but in the opposite direction. In Computer Anti-Forensics (CAF) scientific methods are used to simply frustrate Forensics efforts at all forensics stages. This includes preventing, impeding, and/or corrupting the acquiring of the needed evidence, its examination, its analysis, or its credibility. In other words, whatever necessary to ensure that computer evidence cannot get to, or will not be admissible in, a court of law. The use of Computer Anti-Forensics tools and techniques is evident and far away from being an illusion. So, criminals’ reliance on technology to cover their tracks is not a claim, as clearly reflected in recent researches conducted on reported and investigated incidents. Based on 2009-2010 Data Breach Investigations Reports [4][5], investigators found signs of anti- forensics usage in over one third of cases in 2009 and 2010 with the most common forms being the same for both years. The results show that the overall use of anti-forensics remained relatively flat with slight movement among the techniques themselves. Figure [2] below shows the types of anti-Forensic techniques used (data wiping, data hiding and data corruption) by percentage of breaches. As shown in Figure [2] below, data wiping is still the most common, because it is supported by many commercial off-the-shelf products that are available even as freeware that are easy to install, learn and use; while data hiding and data corruption remain a distant behind. Figure 2 Types of Anti-Forensics – 2010 (Reproduced from [5])
Background image of page 2
Show entire document
Sign up to view the entire interaction

Top Answer

View the full answer
Data Security and Assurance Methods.docx

Running head: DATA SECURITY AND ASSURANCE METHODS Data Security and Assurance Methods
Student Name
Professor Name
Course Title
August 20, 2016 1 DATA SECURITY AND ASSURANCE METHODS 2 Roles of...

Sign up to view the full answer

Why Join Course Hero?

Course Hero has all the homework and study help you need to succeed! We’ve got course-specific notes, study guides, and practice tests along with expert tutors.

-

Educational Resources
  • -

    Study Documents

    Find the best study resources around, tagged to your specific courses. Share your own to gain free Course Hero access.

    Browse Documents
  • -

    Question & Answers

    Get one-on-one homework help from our expert tutors—available online 24/7. Ask your own questions or browse existing Q&A threads. Satisfaction guaranteed!

    Ask a Question
Ask a homework question - tutors are online