Technology Case Study: Digital Forensics

Digital Forensics
Student’s Name
Institutional Affiliation

Digital Forensics
Between 2014 and 2015, cyber breach attempts targeting health organizations, financial enterprises, retail firms, and education institutions heightened. In most cases, hackers wanted to acquire personally identifiable information (PII) so that they can use it in identity theft or people’s financial information. Either way, cyber attackers benefited by reselling the PII on the black market or accessing individuals’ money if they acquired information, such as credit card number, date of birth, names, physical address, social security number, and email. The University of Virginia (UVA) was not exceptional. On 15th June 2015, Virginia Evans, UVA’s chief information officer (CIO), received a call that would have affected her career adversely if appropriate measures were not taken (Nelson & Wright, 2017). The call from the chief information security officer reported a major security breach of UVA’s information system. Organizations should use the right forensic tools to detect cyber-attacks before they happen to prevent the catastrophic effects of losing sensitive information to hackers whose primary objective is financial gains.
UVA’s information system was complex since it had numerous processes and was accessed by many people. In particular, it managed the data of about 22,000 students, 2,800 faculty members, 10,000 full-time staff, and other stakeholders (Nelson & Wright, 2017). Additionally, UVA managed medical patient services, which was one thing that worried Evans if such information was already in the wrong hands of the hackers. UVA’s cyber-attack was done using three primary methods, namely zero-day exploits, unpatched systems, and spear phishing. After realizing the urgency of the issue at hand, Evans did not hesitate to call Mandiant, a well-recognized international cybersecurity firm, to handle the situation. Within 24 hours, Mandiant’s security experts were on site. Mandiant discovered that two hackers from China were responsible for UVA’s system cyber breach and that they had used unpatched system loopholes to penetrate the system since April 2014. These cybercriminals had infected 62 servers. Evans needed to make decisions faster to control the situation (Nelson & Wright, 2017). For this reason, hence the urgency of addressing the problem. Evans initiated project Phoenix, whose objectives were to determine the extent of the cyber-attack, develop a plan to remedy it, execute the plan, harden UVA’s system defenses, and restore services.
The best forensic techniques or tools that can significantly help in the security breach identification process are FTK Imager, HackerCombat, SANS Investigative Forensic Toolkit (SIFT), Computer-Aided Investigative Environment (CAINE), Xplico, ProDiscover Forensic, and X-Ways Forensics (Prasanthi, 2016). The FTK Imager examines the images of hard drives and disks that are used by electronic devices. As such, cyber investigators can know whether the hard drive has been modified by hackers or not. HackerCombat is a highly sought software that enables security experts to scan computer networks and devices to identify different ty...