Compare and contrast systems forensic uses of the military, law enforcement agencies, and private corporations. Determine which of these groups has the greatest need for systems forensics and what issues may arise if adequate forensics operations were not in place. Give a justification with your response.
2. Use the Internet or the Strayer Library to research at least one commonly used system forensics software tool.From the e-Activity, discuss Discuss the tool’s primary uses, strengths and weaknesses, competing products, costs, system requirements, and whether military, law enforcement and / or private corporations use the tool. Explain why you would consider utilizing this tool as a system forensics specialist, and provide a scenario where this tool would assist you in an investigation.
3. Consider the two (2) goals of data collection – maximizing the usefulness of the evidence and minimizing the cost of collecting it. Analyze why these goals can create significant challenges for an investigator. Determine what potential downfalls may arise in an investigation when limiting evidence collection operations purely based on cost.
4. Examine the nuances of evidence collection when dealing with volatile and temporary data and provide an example. Suggest at least three (3) procedures, tools, and / or techniques at the disposal of an investigator that could assist him / her in evidence collection of this potentially critical evidence.
5. Select two principles for policy and standards development (accountability, awareness, ethics, multidisciplinary, proportionality, integration, defense-in-depth, timeliness, reassessment, democracy, internal control, adversary, least privilege, continuity, simplicity, and policy-centered security). Examine how these principles would be the same and different for a health care organization and a financial organization.
6. Determine which type of organization would have the most difficulty implementing the principles you selected. Support your answer.
7. From the e-Activity, provide a brief explanation of the Operationally, Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methods. Explain how they are beneficial for organizations developing their IT risk management approaches.
8. From the e-Activity, explain how the size of the organization impacts the OCTAVE method utilized. Determine the factors that large organizations, as opposed to small organizations, are most concerned with. E-Activity for 7/8 - Operationally, Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a commonly used methodology for risk-based information security assessment and planning. Review the information located at http://www.cert.org/octave/. Be prepared to discuss.
Leave them numbered.