Contents
This report is based on the following case study – - Summary:
- Southern Investment and Insurance (SII from hereon) has Australia wide operations with over 10,000 employees. The operations of SII include investment, insurance and financial planning. An employee has contacted the Information Security department at SII head office with concerns that a senior executive at their regional office is engaged in a scamming activity amounting to millions of dollars. This employee suspect’s up to 3 senior executives at their regional office might be involved.
- Background:
- SII has offices all over Australia and thus requires use of computer networks to facilitate exchange of information and support its business processes. SII uses Information Systems to supports its business. Some investments in IT/IS were made in the late 90s but management has lost focus of updating the network and application infrastructure that supports the operation in recent years. The network environment between all of SII offices is relatively unrestricted with poor authentications procedures. Users from one office can access systems and servers from another office. Workstations and servers are typically Microsoft Windows based. Firewalls and network segmentation are implemented poorly, at best, throughout the environment. Intrusion detection and logging exist on systems, although seldom used. Information security including digital forensic capabilities is housed at the head office in Sydney. A highranking employee from one of the regional offices has contacted the Information Security office with some concerns regarding fraudulent and scamming activities at their regional office. The Information Security office does not take fraud allegations lightly. Thus a team of auditors was formed to investigate the senior executives at the regional office. Apart from reviewing paper based company documents, the auditing team is tasked to undertake digital forensic analysis of the computer systems at the regional office. This involves gathering digital evidence from relevant desktop PC’s and e-mail accounts. Some examples of the type of files that may be collected include MS - Word documents, spreadsheets, MSOutlook and deleted files.
Description
This report answers the following questions on the case study –
As part of the auditing team in capacity of a Digital Forensics expert, your task is to prepare digital forensics investigative plan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic and digital data. Assuming all systems are Windows based, this plan should detail following:
• justify why use of the digital forensic methodology and approach is warranted including procedures for corporate investigation.
• describe the resources required to conduct a digital forensic investigation, including team member skill sets and required tools.
• outline an approach for data/evidence identification and acquisition that would occur in order to prepare the auditors for review of the digital evidence.
• outline an approach and steps to be taken during the analysis phase making the assumption the computer system is a Microsoft Windows-based computer.
• create a table of contents for the investigative plan describing what the primary focus of the report would be.
