The role of an investigator in any investigative process is to collect from both suspects and witnesses. They can survey the crime scene for possible clues to solve the criminal offense. Proper preparation of the individuals to be investigated, and the investigation process will ensure a thorough investigative process. The investigator should determine the important documents in an investigation, identify the individuals to be interviewed, and analyze the collected information.
As the investigator, the first step will involve conducting interviews for every individual involved in the case. The first individual to be interviewed will be the victim, John Doe. The victim should provide details regarding the issue, such as the date of the fraud incident, how it took place, and their response. The next individual to be interviewed will be the white hacker. The white hacker should provide a detailed overview of their investigation and the results. He or she should give a detailed response to how he traced the ransomware to the two students. The final individuals interviewed are the two college individuals suspected of using the ransomware to extort the victim. The suspects should provide their motivation to engage in the crime. The investigator should also try to get a direct confession from the suspects.
Delegate your assignment to our experts and they will do the rest.
The next step will involve identifying and analyzing documents that should be important for the investigation. The document that will be gathered to conduct the investigation is log files from the victim’s and suspects’ computers. In the given case, the white hacker successfully retrieved the event logs. The event log documents should be used as evidence that the two suspects were ransomware perpetrators. The event logs from the victim’s computer will also be used to show proof of ransomware presence. The hacker should also provide screenshots that document the entire process of how he or she identified the suspects. The hard drive from the suspects should also be retrieved. The hard drive from the suspected individuals should be seized and investigated for possible ransomware in the form of a “setup.exe” file. Email server log documents should be examined to identify the source of the emails. In case the email is deleted, the server log from the ISP can be analyzed to determine the address of the email.
The final section of the investigation will involve an analysis of the information gathered. The interviews should provide an overview of how the crime was committed. The investigator should construct a timeline of the entire incident, right from when the victim noted an Amazon message in his email to the time the victims were identified and arrested. One should identify the key individuals in the case and their specific role, either as a victim, a perpetrator, or an individual that tried to solve the crime. When analyzing the specific documents gathered from log files and other files, keyword and file types can be used to analyze the particular data. The times, dates, and tags of the data will help the investigator identify suspicious programs and files that could be hidden or encrypted (Burnap et al., 2018). The analysis of filenames is essential as it determines the specific data uploaded, downloaded, and created. Online files usually point to a particular computer and server where the files were uploaded.
Oral evidence from the interviewees will be compared with the documents in the log files. The oral interview from the victim should provide information regarding the date when the specific incident took place. Analyzing data from the log files document will provide information about the date when the particular incident took place. The hacker's oral interview should provide information regarding how he or she discovered the two suspected individuals. The information should be compared to the hacker's screenshots to show that the data retrieved from the white hacker can be verified. Matching the file names to the suspect’s hard drive should be used to verify the digital evidence (Gül & Kugu, 2017). In case the suspected individuals provide a confession, their responses can be analyzed based on the contents of the hard drives.
Deterrence Measure Design
There are multiple and cost-effective steps that can be undertaken to prevent the incident from taking place in the construction company. The first measure will be for the organization to use access control. The process involves identifying an individual and determining the security access within the security system. An access control system should identify an individual and give them the key to access specific resources. Administrative access control sets the administrative rights for any user that access the organization’s systems. User access should be based on every employee's roles and responsibilities (Nikolov & Slavyanov, 2018). Such a process should prevent unnecessary software installation, as seen in the given case. It will only be prevented by having very few individuals with administrative rights. The organization’s IT manager should be involved in overseeing the implementation of access control.
The next deterrence measure will involve training of the organization’s employees regarding cybersecurity. It was apparent that the employee that opened the suspicious email and entered their details was not conversant with the threat posed by such activities. The benefit of the training should make cybersecurity awareness a priority for the organization. The training can involve other issues, such as the need to have strong passwords. Training employees on preventing cybersecurity incidences should avoid a future incident from taking place. The organization should seek to share cybersecurity news with the employees frequently.
The organization should undertake a risk or vulnerability assessment to identify the organization's possible threats and vulnerabilities. The evaluation should provide an overview of the weaknesses of the information system. The severity of the given vulnerabilities should be placed into different levels, and recommendations on the mitigation or remediation strategies provided. The vulnerability assessment can be undertaken on different computer system parts such as the database, the network, and application (Li, 2017). The organization will benefit from the recommendations to improve its cybersecurity strategies.
The use of antivirus and antimalware software both for internet and computer security should prevent security incidences. An email security service can be a useful tool to stop ransomware from protecting email threats. Internet security should also block malicious URLs by scanning a website before opening it. In case a website or link has been checked for malware and identified to be malicious, a warning will be displayed to indicate that the given website can have malware. The use of antivirus software should prevent the installation and running of a ransomware device.
The organization should also establish a cybersecurity policy. The policy's aim is that it should act as a guide for the employees to engage in cybersecurity strategies. It should set the standard for various activities such as restrictions in social media use, encryption of email attachments, and the company’s network systems. A vulnerability or risk assessment conducted periodically should be included in the policy. It should describe the general security responsibilities, roles, and expectations within the organization. The policy should prioritize areas of critical importance to the organization. It should strive to address all the causes of data breaches and identify the plans and steps to prevent the data breach.
References
Burnap, P., French, R., Turner, F., & Jones, K. (2018). Malware classification using self-organizing feature maps and machine activity data. computers & security , 73 , 399-410. https://doi.org/10.1016/j.cose.2017.11.016
Li, T. (2017, December). Design and Implementation of Computer Network Vulnerability Assessment System. In 2017 International Conference on Computer Systems, Electronics, and Control (ICCSEC) (pp. 440-445). IEEE. https://doi.org/10.1109/ICCSEC.2017.8447004
Gül, M., & Kugu, E. (2017, September). A survey on anti-forensics techniques. In 2017 International Artificial Intelligence and Data Processing Symposium (IDAP) (pp. 1-6). IEEE. https://doi.org/10.1109/IDAP.2017.8090341
Nikolov, L., & Slavyanov, V. (2018). Network infrastructure for cybersecurity analysis. In International scientific conference . http://aadcf.nvu.bg/scientific_events/dft2018/L.%20G.%20Nikolov,%20V.%20O.%20Slavyanov.pdf
