Cyber Incident Response and Computer Net

Cyber Incident Response
and Computer

Network Forensics

Incident Response and Computer Network Forensics

Introduction

Incident Response and computer network forensics course was a practical, accurate, and ethical assessment of issues in society, and within organizations is essential for law enforcement leaders to develop and implement policy, forensics engineers, and forensics enthusiasts.

The course critically analyzes the various methods to research social issues and public policy. Through the course, I have learned and applied a critical understanding of social science research to the complex issue of criminals to demonstrate the potential efficacy of social science research for law enforcement leaders.

The content covered during this course was:

Cyber Incident Response Basics
Computer Forensics Basics, Phases of a computer forensics investigation
Technical Issues Facing Computer Forensics
Legal Issues Facing Computer Forensics
Computer Forensics Tools
Standard of Computer Evidence

Course Artifacts

The course content is very dense towards unusual aspects of security, from setting up the environment to execute tools safely, against exploitable machines. Right on the first assignment, we can mention the ethics and professionalism aspect, the fact as a conduct a research and tools comparison, we were conducting in an isolated environment and following rules and ethical issues of the research, and not engaging with public endpoints.

Threat and Vulnerability management scanners are crucial tools for the enterprise scope to help identify, assess, and remediate endpoint weaknesses.

Enterprises’ vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.

The main benefit of threat and vulnerability management is that it helps close the gap among security administrators, security operations, and IT administrators.

The tools evaluated and used are used professionally by thousands, if not millions of companies across the globe, to assess the security posture and to conduct a step-by-step of exploiting a vulnerable system using a system that emulates adversarial behavior such as the Metasploit framework.

We explored tools and techniques that attackers have at their disposal to exploit networks and systems. We explored these types of attack in action and gained a better understanding of these attack types’ potential ramifications.

Red Teaming or penetration testing in the more commodity version is not just about running a set of a few automated tools against your target. It is a phase-oriented process that involves multiple stages, and each step is equally important to measure success for an operation. The need for automation throughout the process for performing all repetitive tasks throughout all stages of penetration testing would need to use various tools. Then, in the end, we would need to combine results from many different tools together to produce a single meaningful report. It would have been effortless and time-saving if a unique tool could have helped us perform all the required penetration testing tasks. This exact need is satisfied by a framework such as Metasploit.

Computer Forensic Examination Report

Reflections

I am very passionate about this topic, and I have invested throughout the course on the different books and researching above and beyond to future apply the learnings and assist in helping investigations for non-profit organizations.

Every day the increasing complexity of the environment in which we are working and operate are posing significant challenges to those that are entitled to care about security and integrity of the underlying computer network, digital data, electronic communications, and related equipment. In the last ten years, many organizations have decided that it would be best to establish a practice of managing computer security incidents with systematic approach trough the organization of task force that would be capable of identifying, containing, investigating, and eventually prosecuting computer security incidents. Sizes and scope of activities of this type of task force can be various. However, necessarily the foundations of such an organizational structure are similar.

The purpose of this document is to provide knowledge for cybersecurity professionals, a basic overview and references of Computer Security Incident Response structures. Having this information as starting point, it could be the starting point of setting up the scope and basic requirements for further activities in building such structures that can cover Computer Security Incident Response targeting small units or institutions up to building National Computer Security Incident Response Team that will address this problem within a geographic location, providing services for the citizens and the business.

Incident response, as the name implies, is the process of how your organization or institution will respond to a security incident when it occurs. You have to know how you will react and the details of this response.

Incident response is not only the act of how you respond to a security incident but also the details involved in that response. If you respond incorrectly to an incident, you could make a bad situation worse. For example, not knowing what to do, whom to call, or what the chain of command is in these situations would potentially do further damage.

Finally, when a security incident happens, it may fall under the area of computer or related crimes, so it might require that additional care be taken when responding. When you decide that you are going to pursue criminal charges, you move from the act of just reacting to performing a formal investigation. The official investigation will include special techniques for gathering and processing evidence to prosecute the criminal later potentially.

Resources

Books References

HAYES, DARREN R. Practical Guide to Digital Forensics Investigations. PEARSON, 2019.

Sachowski, Jason. Implementing Digital Forensic Readiness: From Reactive to Proactive Process. Syngress, 2016.