Question Description
1.When choosing the components for a forensic workstation there are many elements to consider including hardware, software, and peripherals. However, we cannot simply go to the local big box computer store to buy our forensic workstation.
This week find resources to help one build a forensic workstation. When discussing your findings make sure to explain why you chose the items you put forth.
2. Not only is conducting an investigation important, but presenting the evidence is even more important. If that presentation is not understood, then it will be rejected. Experts are educators for the courts.
Write a two paragraph description of hashing that a non-technical user could understand and post it for your classmates to critique.
3. Since we have so many different ways to produce a forensically sound image, why do you think we need more than one? Is there some advantage of one over another?
What are the advantages of hardware solutions versus software solutions?
4. Network forensics is considered a very hard problem for a number of reasons:
First, the general anonymity of users on the Internet makes is extremely difficult to determine who a suspect is.
Second, the fact that international borders make it difficult to determine jurisdiction on the Internet, it is sometimes impossible to backtrack all the way form a victim to a perpetrator.
Third, logs are not kept forever, so if efforts are not made relatively quickly, they may be erased.
What can we do in forensics to speed up the process of collecting data? Hypothesize a solution knowing what you know about network data collection.
5. In NTFS, file metadata is stored in the Master File Table (MFT) as opposed to the File Allocation Table in FAT systems.
There is much more rich data available in the MFT, but what is the one thing provided by the MFT and not the FAT that makes it difficult to find small files?
Are there other noteworthy challenges?
6. There are a number of digital forensic analysis tools that are available. Some are very expensive and some are free.
What makes one analysis tool better than another? Are there certain criteria to consider?
Is it true that you should always use the “better” tool?
In what situations do you use a tool that may not be the best tool?
Find at least two tools and evaluate them using the criteria you devise. Make sure to include URLs to the actual tool websites.
7. Linux and MacIntosh File Systems differ a lot and, therefore, need different tools to adequately analyze them.
What analysis tools are available–either proprietary or open source–to work with Linux and MacIntosh file systems?
Find at least one for each operating system and discuss its merits with the class.
Make sure to provide URLs to the software sites and/or reviews.
8. Analyze and discuss complete header information from an e-mail sent to you that contains an attachment.
You can use existing e-mail in your inbox or send e-mail among each other. However, what is most important is discussing all items found in the full e-mail header.
*Make sure to include a screenshot of your complete header in the post (not as an attachment).
9. Being an expert witness is a difficult task. Even if you are technically proficient, if you cannot speak with confidence and convince the jury that you are correct, you will fail in your task as an expert.
What is the primary role for an expert witness working for the court and not for either side? You might want to look for expert witness testimony to support your point(s).
10. Consider your organization. (If you are not currently employed, choose an organization with which you are familiar or that you can explore on the web.) Where is the Chief Information Security Officer (CISO)? To whom does he/she report? What is the CISO’s title? How does this position relate to risk management? information system management? to privacy? to physical security? How is policy issued (that is – who signs it)? Who handles breaches: reporting about them to right authorities, communicating about them and recovering from them? Basically, discuss the organizational placement of the CISO and what this indicates about organization culture and focus on security.
11. Identify and read the privacy policy/agreement of one company with which you deal. Ideally, you want to choose a company that has a lot of your personal data (including your habits) such as eCommerce sites, social network sites, banks and other financial institutions, heath care providers and healthcare insurance providers. Using the TRUSTe white paper as a guide, comment how well their privacy policy made you comfortable enough to continue to do business with them (assume you have a choice). Is there anything that surprised you? Was it a readable policy?
12. Read the following documents on Cybersquatting and answer the questions that follow:
“Cybersquatting.” Gale Encyclopedia of E-Commerce. Ed. Jane A. Malonis. Vol. 1. Detroit: Gale, 2002. 173-174. Gale Virtual Reference Library. Web. 7 Sept. 2016. Retrieved from:
http://ezproxy.umuc.edu/login?url=http://go.galegroup.com.ezproxy.umuc.edu/ps/i.do?p=GVRL&sw=w&u=umd_umuc&v=2.1&it=r&id=GALE%7CCX3405300116&asid=b07fd1f5d8595e67e64dd96e17e7a6b2
FindLaw. (n.d.). Internet Cybersquatting: Definition and Remedies. Retrieved from: http://smallbusiness.findlaw.com/business-operations/internet-cybersquatting-definition-and-remedies.html.
ICANN. (n.d.). About Cybersquatting. Retrieved from: https://www.icann.org/resources/pages/cybersquatting-2013-05-03-en
Explain cybersquatting in your own words. Explain laws and other remedies that are available against cybersquatting. Should the law be tightened? Why or why not? Use examples to support your positions.
13. Discuss advantages and disadvantages of each approach (CIA Triad Controls, DRM, Copyrights Law) for protecting digital information (music, movies, e-book, etc.).
Should government be involved in enforcing good DRM behavior by vendors?
- 14. What is the main source of the problem? Was there a contract?
- What option(s) Dietz could have exercised instead of suing Perez in a court for the unpaid bill for the work he did for Perez? What could he have done differently?
- Why didn’t Dietz win his case for collecting the unpaid bills?
- Was Perez justified with her “allegedly” disparaging or slander remarks in online sites (angieslist.com and yelp.com)? What could she have done differently?
- Did Dietz have a case against Perez for ruining his business? He was asking the court for both injunction remedy and monetary compensation. (We will actually cover the First Amendment Rights and defamation and business disparagement in Session 8; you are welcome to preview that session.) What options could he have taken to settle the escalating dispute?
- Why the Supreme Court of Virginia issued a summary reversal of the injunction?
- What is the lesson that you learnt from this? Is it “Never do business with a high school friend?”
15. In December 2015, two legal experts presented conflicting views about limiting Internet communications. Here are their articles:
http://www.slate.com/articles/news_and_politics/view_from_chicago/2015/12/isis_s_online_radicalization_efforts_present_an_unprecedented_danger.html
and
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/12/21/protecting-the-first-amendment-in-the-internet-age/?utm_term=.ce196c82b386
By Wednesday, post your argument. For those whose last name begins from A- J, post your argument supporting Judge Posner’s position. All other students, post your argument supporting Professor Post’s position, Be sure to include research beyond the article.
Follow-up by posting a response, again representing your assigned position, to a posting arguing the other position.
Finally, in the Thread titled “Honest Position,” post your real position and basic rationale.
17. Assume you are a CISO. These are the laws governing evidence collection, preservation and presentation in a court of law:
Explain how your digital evidence processes will be / is compliant to one of the above. (They have to be complaint to all, but, for this exercise, you just focus on one.) 18. Now that you have a good idea of legal and technical issues with teleworking and BYOD to Work, are you in favor of teleworking and BYOD to Work in your organization? How will you make it work in your organization? What restrictions will you put in place to make it work? If your last name begins with A-K, you focus on teleworking. If your last name begins with L-Z, your focus should be on BYOD to Work. |