ABC Corporation Cyber Breach Legal Restrictions

Table of contents

ABC Corporation has experienced a security breach on the company network and hired Cyber Forensics INC. CFI was chosen to conduct the investigation into and produce the Expert report detailing all of the tests conducted and provided with expert testimony when all of the evidence is provided to ABC Corporation and ready for trial.

Cyber Forensics Incorporation will be conducting the preliminary investigation for ABC Corporation. The investigation will include the approach that the computer forensic investigators will take that will include an incident review, collection requirements and how to acquire and authenticate evidence while maintaining a chain of custody to ensure the continuity of the evidence throughout the investigation. Conducting the investigation will include information needed for an expert report and the necessary legal restrictions that exist in the main campus of ABC Corp the intent of the investigation and the scope of the breached network.

The cyber forensic investigator will include all known facts of the incident and write out all procedures that were used to conduct the investigation into the ABC Corp breach. Once all of the investigation is conducted CFI will include the expert report to ABC Corporation that includes all the necessary evidence in an easy to read report that our expert investigator will be available for expert testimony during all trials and pretrial meetings with the defense team.

Identification and Collection

The first step the investigator will start off the investigation with an analysis report this will guide how the investigator will approach each specific crime scene. The analysis report for ABC Corporation needs to take into account the evidence the data analysis plan will start with the generic versions that CFI uses for all cases and will be customized for ABC Corporation to define the following items; How to gather evidence, how to ensure that the evidence is not changed or destroyed, the most appropriate tools necessary to conduct the investigation based on the types of systems used at ABC Corp., and lastly whether this is a state or federal case (Easttom, 2017).

CFI will look at the information quickly to assess the three main data collection considerations. The first and second considerations are the life p of the data and CFI investigators will create a list of data volatility to aid in collecting the data quickly and efficiently to preserve as much evidence as possible (Easttom, 2017). The collection will start with the most volatile data and work to the least volatile some examples are: registers and cache, routing tables, ARP cache, process tables, Kernel statistics modules, main memory etc, this order will be established for ABC Corporation once the investigator knows exactly what has gone and ensure that collection of the data is efficient and collected quickly to preserve the necessary evidence (Easttom, 2017).

The third consideration is the collecting the data at the 1s and 0s and is the bit level collection and aids in the ability of the tools that will be used to conduct the investigation of ABC Corporation and allow the investigator to rebuild potential deleted data (Easttom, 2017).

When an investigator is on site once the crime scene is protected and ensured safe the investigator will start to look at the initial state and look for different types of physical evidence that can lead to clues as to what the person launching cyber-attacks using the laptop left behind at ABC Corporations headquarters in New York. CFI follows the Scientific Working Group (SWGDE) on Digital Evidence Framework to conduct their investigations that processes in four stages: collect, Preserve, Examine, and Transfer and the last step is any time data is moved from the lab to court or returning evidence when no longer needed (Easttom, 2017).

CFI also relies on rule 902 that declares that certain evidence is self-authenticating and require not extrinsic evidence to be admitted in a trial ( 2, n.d.). For the legal portions of the case CFI will ensure the proper steps to isolate evidence so it is useable in court, preserve the evidence so it is not lost as the data is fragile, and lastly the data will be prepared for use in a trial and stand up to judicial scrutiny to ensure that the data is the same as it was found based on the analysis report and the frameworks put in place for this data as the end goal is for ABC Corporation to be able to use the evidence gathered by CFI in court against the individual that conducted cyber-attacks from the ABC Corp network and infrastructure using the laptop left on scene (Easttom, 2017).

Wireless communication will be disabled at the crime scene to ensure that nothing comes in or leaves the scene through unintended means by CFI. At the lab CFI will make multiple copies of the data and ensure that it is all authenticated with MD5 hash to ensure that the copies remain unchanged. (Easttom, 2017)

Evidence must be tagged to ensure continuity and aid in the Chain of custody therefore CFI will ensure that all data is tagged and collected properly (Olzak, 2007). The tags used at CFI include a sticker that contains the following information: date, time, control number, and the name or initials of the investigator on the case (Olzak, 2007). CFI will tag the following evidence for chain of custody and keeping track of all evidence items: Removable media found on the scene, Cables will be photographed for reproduction in the lab and tagged, All computer equipment will be tagged and photographed for lab reproduction, any items found in the trash where the attack Laptop was found, and any miscellaneous items found at the crime scene such as notes (Olzak, 2007).

CFI will also add all evidence into sealable bags and initiate the chain of custody software to ensure that each investigator handled the information and why there was a change of possession and how the evidence was safeguarded (Olzak, 2007). These steps are important as if there is any failure to capture a change of possession this could make the data excluded in the legal case and administrative proceedings for ABC Corporations case against the known cyber-attacker (Olzak, 2007).

Legal Restrictions Intent and Scope

ABC corporation is located in New York and CFI will adhere to legal restrictions that exist in New York State and will list the restrictions. Overhauls in New York laws now dictate what evidence must be turned over to defendants in the discovery phase for criminal cases like the one ABC corporation will be going for after in this case (Schwartzapfel, 2019). CFI follows all rules to ensure that all evidence is identified and classified as evidence in this case CFI follows rules created by Cornell Law School, for authenticating evidence CFI will follow rule 901 to authenticate and identify evidence and Wigmore describes authentication as an inherent logical necessity ( 1, n.d.). CFI also relies on rule 902 that declares that certain evidence is self-authenticating and require not extrinsic evidence to be admitted in a trial ( 2, n.d.).

The intent of this discovery is to produce proper evidence and present the evidence in this criminal case using an expert report with expert testimony. CFI will produce evidence that is useable and pertinent to the criminal case against the known cyber actor that is conducting terrorist from the ABC Corporation network and laptop left on the scene of the crime. CFI will give ABC corporation the most accurate evidence with a highly monitored chain of custody containing the results of tests conducted to ensure that all evidence can be authenticated, collected properly and use in court without the risk of evidence being excluded.

The scope of this case will include the Laptop left on the scene of ABC Corp and the network devices that were used to launch the cyber-attack and exfiltrate ABC Corp’s financial records in an attempt to make the company look bad in the media. This will drive the necessary tools needed and procedures to gather data from the laptop that is Windows 10 Professional, the Cisco network switches and the areas of the network that the Person conducting the attack used to exfil financial data to hopefully track where this data was sold. Any physical data that was left behind and notes taken on the laptop will be evaluated and stored and photographed. The Switch running configurations and ACL’s will be captured to ensure that all transactions will be caught. The Security Information and Event Management SIEM pulls all logs and stores them encrypted will be imaged and copied to evaluate back at CFI’s lab to see what data traverse the network while the cyber breach was taking place.

The known facts of the case entail what CFI knows based on the quick look and information gathered from discussions with personnel on scene and from the network staff that originally alerted their management. CFI will need to capture some initial information such as date and time when the incident was first identified, what flagged the incident, users that were logged in during the event, information for how long the suspect worked at ABC Corp, and if there were any cameras that captured the suspect entering and exiting the facility on the day of the event. Known facts of the cyber breach will allow CFI to launch the proper procedures during the Lab investigation at CFI.

There are five main known facts of this case that will aid CFI in the investigation and evidence gathering and the collection at CFI labs to help conduct the correct tools and procedures. The first known fact is that ABC Corporation is a large corporation located in New York and the IT staff has been notified through their SIEM tool that a terrorist has breached the network on May 2, 2020. The second fact is the cyber terrorist left behind a Laptop with hand written notes at the crime scene at ABC Corporation. The third fact is the last person to use the Laptop is a known international terrorist. The fourth fact is the SIEM notified the IT staff that the breach occurred on May 2, 2020. The fifth and final fact shows that the terrorist accessed financial data and exfiltrated the data using a USB drive and that the suspect also deleted some financial data showing transfers to an external bank account.

CFI procedures ensure that logical and physical protections preserve data to make sure that it is untouched and uncorrupted for use in the trial against the suspect in this criminal case. Physical preservation will take into account transmission of the information to protect against excessive shock, and Electrostatic Discharge to protect the data from potential loss (Easttom, 2017). The second procedure CFI follows the logical data that will protect the data from changing while CFI looks for evidence in the forensics lab, this includes that at the bit level the data never changes when investigators are seizing, analyzing, and storing the data and accomplished this via write blockers used at the forensics lab at CFI (Easttom, 2017)

CFI investigators are well equipped to ensure that all evidence gathered for ABC Corporation and provide an Expert Report and Expert Testimony for use in court in ABC Corp vs Known cyber-terrorist. CFI conducted the initial report of the crime scene and identified all places where the evidence will be collected and Identified for the laptop and specific items that the cyber terrorist left behind at ABC Corporation. All logs of the event were captured and kept on CFI hard drives and encrypted with MD5 hashes, all evidence that was obtained from the imaged drive of the laptop and copies were properly controlled in evidence bags and tagged accordingly and also hashed with MD5 and added and controlled with the Chain of custody document.

CFI investigated the legal restrictions that exist in New York where the headquarters of ABC Corporation exist and specific rules regarding Authentication of data that exists governing evidence and self-authenticating evidence that exists within this case and does not require extrinsic evidence to be added to this court case. CFI scoped the investigation to cover all items that were touched by the cyber-terrorist which includes the Laptop left on the scene, the Firewall, and Cisco switches used to exfiltrate the financial data from ABC Corporation.

CFI laid out the known facts of the case that will be used to scope the forensic investigation back at CFI’s lab. CFI described the procedures used to ensure the protection of the data to ensure that it is hashed and imaged to ensure that bits are not changed when tools are used to investigate the data and produce evidence for ABC Corporation to have a strong case against the know cyber-terrorist. CFI implements write blockers whenever a hard drive is seized and imaged to ensure that the original data is never changed and all tests and procedures used including tools are documented and provided in the Expert Report for this criminal case.

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with MyhomeworkGeeks
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Business and administrative studies
looks good thank you
Customer 452773, March 3rd, 2023
Managerial Accounting & Legal Aspects of Business ACC/543
excellent work
Customer 452773, February 7th, 2024
Business and administrative studies
Thank you for your hard work and help
Customer 452773, February 21st, 2023
excellent work
Customer 452773, October 6th, 2023
Business and administrative studies
excellent paper
Customer 452773, March 3rd, 2023
Human Resources Management (HRM)
excellent job
Customer 452773, July 17th, 2023
Human Resources Management (HRM)
Customer 452773, July 11th, 2023
Business and administrative studies
great job as always
Customer 452773, February 26th, 2023
The support team was late responding , my paper was late because the support team didn't respond in a timely manner. The writer of the paper finally got it right but seems there was a problem getting the revisioin to me.
Customer 452773, April 7th, 2024
Leadership Studies
excellent job
Customer 452773, July 28th, 2023
Human Resources Management (HRM)
Customer 452773, June 25th, 2023
Human Resources Management (HRM)
excellent work
Customer 452773, July 3rd, 2023
Customer reviews in total
Current satisfaction rate
3 pages
Average paper length
Customers referred by a friend
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat

Sometimes it is hard to do all the work on your own

Let us help you get a good grade on your paper. Get professional help and free up your time for more important courses. Let us handle your;

  • Dissertations and Thesis
  • Essays
  • All Assignments

  • Research papers
  • Terms Papers
  • Online Classes
Live ChatWhatsApp