Discussion Topic 1: What do you see as the role of computer forensics in recovering from cyber-attacks?
In these modern days many businesses, organizations and industries use computers to perform their business functions. The computers are mostly connected to internet services and store almost all the information about the company. This makes computers the targets of people with malicious motives and thus the company may be forced to comprise if such people threaten them. If such an attack happens, computer forensics use modes such as digital media, computer systems and laws to know who, where, how and when the data was lost through a cyber-attack. The data is also recovered in the process. The evidence is then used to take legal action against the attacker. (US justice department)
This process is done by first: Identifying situation where there is the need for action such as missing information. Then computer forensic identifies storage devices that can be targeted such as memories of computer copies, the hard drives in computers, files among other resources that prone to have information. (Ahmad, 2002)
The second step involves the gathering of identified materials using legal action allowed in the organization when gathering evidence. Thus the collector can only take copies of original data in situations where it is reasonable to do so. Where it is not reasonable, identical copies of the active files and parts of the media that are not used are taken. The unused parts of the drive are used to regain the history, concealed data and omitted information. (Ahmad, 2002)
The analysis is the third step. This involves investigating the collected substances with regards to the case at hand. The exculpatory information gained shows what or who is accountable for the case that is been interrogated. In the analysis process, the computer forensic may find part of the computer that was not used, memory captures, the evidence been sought or objects used to act as utilities of the operating system or software that was used. (Case, 2000)
The last step involves reporting the evidence got after the analysis for disciplinary purposes. Also, recommendations are given by the forensic scientist on how to prevent or what may be done in future if such a situation recurs. (Case, 2000)
2: How might business continuity planning incorporate aspects of computer forensics with respect to risk management?
Business continuity planning can integrate forensic readiness with respect to risk management. After this, the company will incorporate forensic readiness to the level which they value their investment. For the company to prevent future risks, the management can incorporate asset register to know which of their resources are most likely to be targeted by cyber attackers and what the company should do in such a situation.
Other aspects of computer forensic that can be used in order to prevent risks include: the management can use the evidence obtained to forward the case to court. This action acts as a deterrent measure to other cyber criminals. Failure to do this, the company can attract more cyber-attacks both from internal and from external hackers. (Stephen, 2002)
In case a cyber-attacks happens for the second time in the company, the business manager can perform a quick investigation through the appropriate means of inspection with the least possible interruption of the business. During the first attack, most business lose a lot of clients and go through a huge loss due to a lot of time spent to due to the investigation process.
The company can also adopt safer ways with which they can store valuable data in order to reduce time and cost used when the investigation is in process. This can be done through an organized means for evidence storage without requiring the business to legally unveil data to data protection legislation. (Wolfe-Wilson et al., 2003)
The business can also implement forensic readiness by using information security, use forensic readiness policies and audit computers and systems regularly. This can be done by employing forensic trained staff. (Haggerty, 2011)
Also, to prevent future risks, the company should ensure employees sign policy agreement before been employed. The business can as well adopt strong auditing policies and means on how to impose the policies in order to ensure all the information that deals with the company is secure from internal cyber attackers.