Digital Forensic Evidence
Evidence should be collected according to procedures that meet all applicable laws and regulations that have been developed from previous discussions with legal staff and appropriate law enforcement agencies, so that any evidence can be acceptable in court [10].
1. Legal investigation
2. Digital forensic support
3. Get system photos after the incident has occurred
4. Report on date and time of the incident
A. Phase 5: Containment and Eradication
An incident should have a different containment and eradication strategy to facilitate effective decision making. The purpose of containment is to limit the scope, magnitude and impact of an incident. There exist some incidents, like computer virus, worms and malicious code, which can spread rapidly and cause extensive damages. Disable the breach of user account, all mistrustful users must be separated from the organization system for additional investigation or analysis. Also, all systems that are being affected must be deactivated until when the incident is finally eliminated from the system. Eradicating an …show more content…
A copy of the report should be submitted to the organization. To determine the associated cost of the incident, research should be conducted within the organization to quantify the personnel time required for dealing with the incident (including time necessary to restore systems).
1. Identify all lessons learned
2. Document of incident report
3. Revise policies and procedures
4. Improve incident handling process
II. CONCLUSION AND FUTURE WORK
This proposed enhanced model which is appropriate for maintaining and discovering incident in organization. The proposed model will help to minimize the impact of the organization and to avoid any unwanted situation that may occur in the organization.
The future research in this work will involve the implementation of the model in a real world data organization to help to define the functionality of the
1. Legal investigation
2. Digital forensic support
3. Get system photos after the incident has occurred
4. Report on date and time of the incident
A. Phase 5: Containment and Eradication
An incident should have a different containment and eradication strategy to facilitate effective decision making. The purpose of containment is to limit the scope, magnitude and impact of an incident. There exist some incidents, like computer virus, worms and malicious code, which can spread rapidly and cause extensive damages. Disable the breach of user account, all mistrustful users must be separated from the organization system for additional investigation or analysis. Also, all systems that are being affected must be deactivated until when the incident is finally eliminated from the system. Eradicating an …show more content…
A copy of the report should be submitted to the organization. To determine the associated cost of the incident, research should be conducted within the organization to quantify the personnel time required for dealing with the incident (including time necessary to restore systems).
1. Identify all lessons learned
2. Document of incident report
3. Revise policies and procedures
4. Improve incident handling process
II. CONCLUSION AND FUTURE WORK
This proposed enhanced model which is appropriate for maintaining and discovering incident in organization. The proposed model will help to minimize the impact of the organization and to avoid any unwanted situation that may occur in the organization.
The future research in this work will involve the implementation of the model in a real world data organization to help to define the functionality of the