Technology Case Study: Digital Forensics

Digital Forensics
Student’s Name
Institutional Affiliation

Digital Forensics
Between 2014 and 2015, cyber breach attempts targeting health organizations, financial enterprises, retail firms, and education institutions heightened. In most cases, hackers wanted to acquire personally identifiable information (PII) so that they can use it in identity theft or people’s financial information. Either way, cyber attackers benefited by reselling the PII on the black market or accessing individuals’ money if they acquired information, such as credit card number, date of birth, names, physical address, social security number, and email. The University of Virginia (UVA) was not exceptional. On 15th June 2015, Virginia Evans, UVA’s chief information officer (CIO), received a call that would have affected her career adversely if appropriate measures were not taken (Nelson & Wright, 2017). The call from the chief information security officer reported a major security breach of UVA’s information system. Organizations should use the right forensic tools to detect cyber-attacks before they happen to prevent the catastrophic effects of losing sensitive information to hackers whose primary objective is financial gains.
UVA’s information system was complex since it had numerous processes and was accessed by many people. In particular, it managed the data of about 22,000 students, 2,800 faculty members, 10,000 full-time staff, and other stakeholders (Nelson & Wright, 2017). Additionally, UVA managed medical patient services, which was one thing that worried Evans if such information was already in the wrong hands of the hackers. UVA’s cyber-attack was done using three primary methods, namely zero-day exploits, unpatched systems, and spear phishing. After realizing the urgency of the issue at hand, Evans did not hesitate to call Mandiant, a well-recognized international cybersecurity firm, to handle the situation. Within 24 hours, Mandiant’s security experts were on site. Mandiant discovered that two hackers from China were responsible for UVA’s system cyber breach and that they had used unpatched system loopholes to penetrate the system since April 2014. These cybercriminals had infected 62 servers. Evans needed to make decisions faster to control the situation (Nelson & Wright, 2017). For this reason, hence the urgency of addressing the problem. Evans initiated project Phoenix, whose objectives were to determine the extent of the cyber-attack, develop a plan to remedy it, execute the plan, harden UVA’s system defenses, and restore services.
The best forensic techniques or tools that can significantly help in the security breach identification process are FTK Imager, HackerCombat, SANS Investigative Forensic Toolkit (SIFT), Computer-Aided Investigative Environment (CAINE), Xplico, ProDiscover Forensic, and X-Ways Forensics (Prasanthi, 2016). The FTK Imager examines the images of hard drives and disks that are used by electronic devices. As such, cyber investigators can know whether the hard drive has been modified by hackers or not. HackerCombat is a highly sought software that enables security experts to scan computer networks and devices to identify different types of malicious programs or threats. SIFT is an Ubuntu-based forensic tool that can be used for file carving, examining the trash bin, and giving the timeline for the system logs. ProDiscover Forensic is a security tool that reads the data at different sector levels and can be used to recover deleted files. Additionally, it examines the access to Windows Alternate Data Streams and slack space. X-Ways Forensics is among the latest forensic tools that are efficient, portable, and faster. Information system security experts can use it to recover deleted files and analyze the system logs (Prasanthi, 2016). Furthermore, many firms use Xplico to reconstruct acquisition contents using a packet sniffer, such as tcddump and Wireshark. The tool can help reconstruct and extract web page contents, such as cookies, files, and images. Moreover, it can be used in penetration testing and backtracking.
The forensic tools used to detect security breach attempts are installed in the network and monitored by information system security experts. In particular, the most significant thing for organizations to do in safeguarding the PII is to ensure that any security threat is detected immediately it happens to avoid deeper system intrusion by hackers (Ronquillo, Winterholler, Cwikla, Szymanski, & Levy, 2018). For instance, UVA’s chief information security officer noted the system breach, through the help of federal authoritie...