I need an explanation for this Computer Science question to help me study.
Hello,
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
Questions (both questions must be answered):
1. Find an online article (or resource) regarding penetration testing OR computer forensics.
2. Summarize the article.
Student one:
As part of my course of study I have taken computer forensics classes and I have found them fascinating. Finding the “hidden†data on an image is very satisfying and challenging at the same time. The article “An Introduction to Computer Forensics†by Ravi Das is a great overview of the field of computer forensics and some of the steps involved in conducting a forensic investigation (n.d.). The author starts with his own definition of computer forensics, “an established scientific process for the collection, analysis and presentation of evidence†(Das, n.d.). This is definition does cover all the basics of computer forensics. Collecting the data is done so that has not been modified in the process, analysis of the collected data is complete to create a timeline of events, and the presentation may need to be a testimony in court. The article also references the US CERT definition which is more detailed but effectively the same in meaning.
The article also identifies five basic steps to computer forensics; readiness, evaluation, collection, analysis, and presentation (Das, n.d.). Readiness is ensuring the people have the training they need to conduct a forensics investigation and also that they have the equipment up to speed and on hand. This can be challenging because of the level of understanding needed by investigators and the variety of equipment that may be needed based on the systems to be analyzed. The evaluation step is the first part of the actual investigation. The system(s) have not been touched yet, this is where the planning starts. At this step the roles and responsibilities, tools, and techniques will be identified as part of an investigative plan. The third step, collection, is where the system is finally accessed. This is where the data is collected and securely stored. The next step, analysis, is combing through the collected data to answer what happened and when did it happen. This step can take a long time and requires specialized tools and an extraordinary amount of knowledge about the specific system and computing fundamentals. The last step, presentation, can take place in a court if there is a legal case or be briefed to leaders that need to understand what happened. The investigator needs to be able to present the facts from an investigation in a way that anyone without an understanding of computer operations can understand.
Das, R. (n.d.). An Introduction to Computer Forensics. Retrieved from https://resources.infosecinstitute.com/category/computerforensics/introduction/
-Trevor
Student two:
The article that I have found to summarize this week explains penetration testing, how it’s important to businesses, and which type of testing would be right for different types of businesses. Penetration testing is essentially a real life attack scenario that is carried out on a business in order to uncover, and exploit, vulnerabilities that may exist within assets, data, employees, or physical security (Basu, 2013). Penetration testing goes far beyond vulnerability scans and audits because in addition to finding vulnerabilities it utilizes tools and attacks to exploit those vulnerabilities and show a business how effective their security measures and protocols actually are. The article states that testing is valuable to businesses because it evaluates security defenses, meeting regulation compliance, and is a good idea after an actual incident to help aide in a forensic analysis (Basu, 2013). Having testing done after an incident will help establish the steps of the attack and help answer the big questions of when, who, how, and why.
Penetration testing can be very valuable to a business or organization, so you want to be sure that you are finding the best testing service available. Just like many other aspects in life, there are different tiers of testing services on the market. There is the simple online testing that can provide you with quick reports and results, but it may not be as inclusive as needed for your organization. You want the ensure that your systems and data are as safe as possible, so you will usually want to go with a top tier testing service that takes it time evaluating your entire network and protocols and ensures that you will not be left reeling after and attack. Of course there is a difference in price ranges between these services, but if you choose a quick and easy testing route that may be cheaper your business could still be vulnerable to attacks that could lead to costlier damage to your operations down the road. When looking at penetration testing, it’s best to get the best.
References:
Basu, E. (13 Oct, 2013). What Is A Penetration Test And Why Would I Need One For My Company? Retrieved from http://www.forbes.com/sites/ericbasu/2013/10/13/wh…
-Jay
For a custom paper on the above or a related topic or instructions, place your order now!
What We Offer:
• Affordable Rates – (15 – 30% Discount on all orders above $50)
• 100% Free from Plagiarism
• Masters & Ph.D. Level Writers
• Money Back Guarantee
• 100% Privacy and Confidentiality
• Unlimited Revisions at no Extra Charges
• Guaranteed High-Quality Content
