Digital Forensics Investigation
Digital Forensics Investigation
Responding to a situation where one computer is the subject of an investigation is far different than responding to a situation involving many people and devices. We’ll coin our own term here and call it Large Environment Forensics. The idea is that many people can be impacted, and in a Cloud architecture, potentially many organizations could be involved. As you work through this assignment, think Large Enterprise Environment and Big Data.
For this assignment each team prepares a written report that analyzes how to respond to a Large Environment Forensics incident where many people/devices may be involved: Cloud, Big Data, Large Enterprise Environment. You are free to choose whether you have a team within an enterprise or if you are a team deployed from a forensic response organization. Specify which of the two options you choose in your assignment abstract. Within your report each team must address the following:
1) Response Readiness Plan – this is a document that serves as a tool to plan an incident response. This would include a method to determine a gross time estimate of effort, resources, and cost. Our goal is to be in an order of magnitude, not a precise figure. Think small/medium/large and perhaps two categories within each of those. Effort is time involved as well as elapsed time. Resources includes people, equipment, tools and licenses, transportation, lab requirements, and other considerations. Realize that in a particular incident you may have a large cost estimate, but potentially a small resource and time estimate. In other words, your small/medium/large classification may be mixed for a particular incident.
2) Coordination Plan – this outlines a structure of the competencies needed, who is responsible for each, a project leader, and contact information.
3) Metrics – this will be used to measure various aspects of the response and help provide accurate estimates. For example, one metric may be imaging speed – i.e., using a hardware imager provides speeds of up to 6GB/minute with hashing, so estimates for imaging a 1TB disk could be calculated. Include at least 10 metrics that you will use for your estimates. These should be accurate and include reference support.
Develop Coordination Plan
The Coordination Plan is thoroughly developed and logically presented. Reflects real world situation.
The Coordination Plan is sufficiently developed and logically presented. Aspects resemble real world situation, but some inconsistencies.
The Coordination Plan is not sufficiently developed and/or not logically presented.
Quality of documented support (10%)
Assignment thoroughly incorporates the appropriate references in the literature. Correct APA format.
Assignment applies the appropriate references in the literature. Correct APA format.
The scope of the research presented in the assignment is inadequate. Errors in APA format.
The content is well organized with clear transitions among major subtopics.
The content is generally well organized with some improvement possible in transitioning among subtopics.
The organization of the content is confusing without clear transitions among subtopics.
Writing style (5%)
Graduate level writing is reflected throughout the paper, including accurate spelling, punctuation, grammar and sentence structure.
Writing is acceptable, a few errors in spelling, punctuation, grammar, and/or sentence structure.
Writing does not meet graduate standards. Unacceptable number of errors in spelling, punctuation, grammar, sentence structure, and/or citation format.
Overall Quality (10%)
Above average relative to rest of class.
Approximately class average.
Below class average.