Topic 1: What is the role of forensics in incident response and when should forensic investigators be involved in the situation?
Role of Forensics in Incident Response
Forensics involves the scientific method of legal investigation. Unlike the other methods used when investigating criminal issues, forensics uses science. The first role of forensic investigator in incidence response involves investigation. Investigation comprises of knowing the source of problem and the person who committed the crime. Klaben (2012) asserts that this is the main role of the forensics since it assists in finding the solution easily after the investigation. According to Platt (2009) the forensics helps conduct the research scientifically and in a professional manner for ensuring accurate detail results.
Second, the other ideal role of the forensics in incident response involves giving procedure on the next step. When there is a criminal incidence at a certain place, the forensics response is important since it provide clear procedures on what is to be done in case of an incident (Lee, Lee, & Lee, 2013). This normally involves advice and precautions to the affected persons or organizations. When the forensics provide their cautions and procedures, it is important to follow the easy investigation procedure (McCarthy, Matthew, & Klaben, 2012).
Involvement of the Forensics in the Investigation
The involvement of forensic investigators in a situation is complicated since various things must be taken into consideration. Notably, the most appropriate time of involving them in the investigation is when the issue is serious. The forensic investigation is technical and deals only with serious issues. Moreover, since it involves science, it is obviously expensive. Thomas (2009) opines that there is no need to involve the forensic investigators when the matter is not very serious. Additionally, before involving the forensic investigators, the affected organization or people must be sure with the occurrence of the incident. After one is sure with what transpired, that is the only time when they can move forward and get help from the forensic investigators. If they seek help from them while they are not sure, the investigation might fail.
Klaben, J. (2012). Forensics. New York: Columbus.
Lee, K., Lee, C., & Lee, S. (2013). On-site investigation methodology for incident response in Windows environments. Computers and Mathematics with Applications, 1413-1420.
McCarthy, M., Matthew, T., & Klaben, J. (2012). The computer incident response planning handbook: Executable plans for protecting information at risk. Columbus, OH: McGraw-Hill Osborne.
Platt, R. (2009). Forensics. Chicago: Baker & Taylor, CATS.
Thomas, T. R. (2009). Forensics. New York: Saddleback Educational Publ.
Discussion Topic 2: Malware must first be detected before it can be removed. How can malware detection be best handled in a large corporate setting?
Malwares are programs used by attackers to compromise the normal functioning of the computers. Normally, the computer users download malwares from the Internet into the computers. Since they have adverse effects to the normal functioning of the computers, there are different ways provided for the users to handle them when detected.
Handling the Malwares
First, update the software. When an organization detects malware infection in their computers, they need to update their software. According to Householder, Houle, & Dougherty (2002), the updating of software is ideal in all organizations since it enables the computers to fight the malwares. Regarding that, as soon as they realize that there is computer infection with any kind of malwares, it is essential to update their software.
Second, the organization needs to inform their workers not to use alternative browsers as soon as they detect the malwares. Skoudis (2006) opines that malwares are normally downloaded from malicious websites when the users use certain browsers that are not common with computers. When the organization detects the malwares, it is important for the other computer users in the organization to avoid using alternative browsers to prevent the computer from further infection. This method of fighting the malware is ideal since there is reduction in malware infection.
Third, re-creation of a new profile is another better way of handling the malware infection in the large organizations. According to Skoudis (2006), when the malwares infect computer, they affect the users profile and might corrupt all the files. However, if the affected profile is not the local administrator, then the creation of new profile is a better way of fighting the malwares. This ensures doing away with the old profile as well as the infected files. Despite the fact that most files will disappear from the computer with the creation of a new profile, the malwares will disappear as well and the computer will be safe (University of Maryland University College, 2013).
Householder, A., Houle, K., & Dougherty, C. (2002). Computer attack trends challenge internet security. IEEE Computer, 35, 57.
Skoudis, E. (2006). Malware. Chicago: Prentice Hall Professional.
University of Maryland University College. (2013). Malware analysis and Removal. Retrieved June 12, 2012, from umuc.edu: http://tychousa3.umuc.edu/CSEC662/1306/Session_4/Resources/MalwareAnalysis.html
Discussion topic 3: Malware can be analyzed by a number of methods including behavioral analysis and reverse engineering. What are the advantages and disadvantages of behavioral analysis and reverse engineering? What skill sets are necessary for each?
Malwares are dangerous for the normal functioning of the computer. This means that the users of the computer must analyze the malwares and find out basic things about them as a way of handling them. The common ways of analyzing the malwares include the behavioral analysis and reverse engineering. These two methods have both advantages and disadvantages.
The Advantages of Behavioral and Reverse Engineering
The main advantage of using behavioral method of analysis is that it is simple and fast. Behavioral analysis only requires from the person doing the analysis to have simple knowledge about the computer. According to McCarthy, Matthew, & Klaben (2012), with that knowledge, the person can carry out the analysis and make the computer safe again. Additionally, this method is fast in comparison to others and saves time of the user.
The reverse engineering is detailed. Householder, Houle, & Dougherty (2002) opine that this is the main advantage of using this method since the user would get proper result. Despite the fact that the reverse engineering method is technical, the user gets proper results from the analysis since it is efficient. This is important since handling malwares in the future is easy with all the information available.
The Disadvantages of Behavioral and Reverse Engineering
The main disadvantage of behavioral analysis is lack of detailed results due to the method being unreliable in comparison to reverse engineering. Wall (2007) affirms that when the users apply this method in their analysis, they might not find detailed information and malware handling in the future can still remain a problem.
Reverse engineering is technical to use. This is disadvantageous since only skilled people can apply it when computers are infected. This implies that if there were no one skilled within, the computer infection issue would continue (University of Maryland University College, 2013).
The Skills Set Necessary for Each
Only computer litarate person can apply behavioral analysis. That is the main skill set necessary. However, the reverse engineering is technical and the person using it must understand the computers software in detail. This is the only way the person would manage to handle the analysis (University of Maryland University College, 2013).