Issues Implicated, and the Expected Outcome of the Request. Free Essay

Depending on the investigation report from Paul Agent regarding on the attack of the XYZ system, the investigator ort to take various options in obtaining the evidence from the foreign countries that are linked to being the sources of multiple processes executed during the attack of the XYZ system. For instance, it was proved that from the two email account that was used to attack the XYZ system, the 1st email originated from an email provider that is based in the UK. Thus, the investigator (Paul Agent) should opt for investigating the company to establish further information regarding the email created and stored in the established UK email provider company servers a situation that may be swift due to the recent executive agreement entered between the UK and the US.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Further, the 2nd email account was established to originate from Hushmail, which is an encrypted Canadian application. Also, to gather adequate evidence regarding the attack, Paul Agent will opt visiting the Hushmail Company via the company's office located in the US and guide him on whether he could visit its headquarters based in Canada for the investigation. Moreover, the system investigation report establishes that the 1st IP address used by the 1st attacker was rooted back and was proven to originate from an internet service provider (ISP) company based in Asia and which was noticed to have been previously used by the Bureau21 which is a military unit. Thus the investigator (Paul Agent) should opt to visit the ISP Company that owned the IP address in Asia to determine the real user of the device under the established IP in the attack.

The entire investigation ort to determine the reason behide the attack of the XYZ Corps system. Paul Agent investigation process aims at establishing the individual behind the cyber-attack, the reason for the attack, and the benefit of the attacker from the malicious activity on the XYZ corps system.

Paul Agent option in investigating the email provider company based in the UK where the 1st email that was used in registering the key domain names that were used route the attacker into the XYZ system. Based on the international law on cybersecurity, the act gives the mandate the responsible agencies to investigate any unlawful conduct exercised in the computer systems. Further, due to the executive agreement entered between the UK and the US, the evidence is expected to be successfully obtained. The act of Paul Agent subdividing the investigation into three Teams will make the exercise more accurate and reliable since it is based on lawful and experienced agencies. This will help in establishing the owner of the account since the mail company has to comply with the law and extract the full details relating to the account until the account user is caught.

Similarly, team 2 assigned the role of obtaining the evidence and the root of the 1st attacker, would be successful in accessing the owner of the second email that originated from the Hushmail. Basically, the Hushmail account was noted to have been used for registering the domain which was used for exporting the exfiltrated files of the XYZ Company in an encrypted format. Notably, the obtainment of the evidence would be successful since already the Hushmail Canadian Company has an office in the US that would be used as the base by team 2 for evidence obtainment. Further, if more advanced evidence would be required, the team would be riffed to Canada by Hushmail company's officers already based in the US.

Also, through the application of the cyber security international laws, it would be possible for the team two to obtain evidence on the 1st IP address that was established to originate from an internet service provider ISP Company based in Asia. The team2 would be able to root down and establish the exact computer used and under whose network it operated.

Need for evidence preservation and how Paul Agent should go about it. Suggested laws and instruments.

Preservation of the evidence more so electronic evidence such as those associated with cyber security incidences must be stored in an orderly manner to facilitate the overview of the full incidence as well as establish the bases of further investigations and containment of threat. The preservation of the evidence by Paul Agent would be of vital importance for the analysis of the successful incidences. This would be made possible through the utilization of the strict standards for preserving data that would ensure all the potential data has been captured and would remain uncompromised in the entire process of investigation of the XYZ system attacker.

According to my knowledge of evidence preservation, I would propose that the investigator (Paul Agent) should not be wary of rushing to the collection of evidence. This act could potentially compromise the value of the evidence which could be utilized in identifying the attacker's approach of compromise. Further, I would advise Paul Agent to put the act of evidence preservation as the first priority since according to the established regulations, the appropriately collected evidence is used in enforcing the successful criminal prosecution.

Additionally, I would propose to Paul Agent that, when he is gathering the evidence from the targeted sources, he need to utilize the forensic sound method in order to preserve the important digital evidence. This would help him in establishing a clear image of the occurrence as well as the effective responses that need to be launched. He should ensure that all the electronic evidence obtained is well handled with care and prevent it from further compromises, such as being overwritten or otherwise corrupted.

For precise evidence collection and preservation, competent tools need to be analyzed efficiently before the exercise kicks off. According to Paul Agent's investigation, I would recommend the use of the following instrument;

Image Validation Tool

The application of this tool in the investigation process reassures the analyst that the image of the beat stream obtained from the evidentiary device matches those of the original drive (Erdur 115). This would be determined through the hash function mathematical formula on the instrument that helps in calculating the hash value of both the image copy and that of original media. Then the validity on the evident copy may be established through a signature that is created of the original drive, and their comparison is made to that created on the image. Later, a unique signature is created from the comparison which is used for validating the integrity forensic image bit stream made in the process of collecting the evidence.

Write Blocking Tools

The write blocking tools can be used for preventing unintended changes on the file attributes in an evidence system. Preserving of the obtained evidence by Paul Agent should ensure the evidence is free from alteration from any intruder. The writer blocking instrument plays an essential role in that I does not allow the last access date to change, it maintains the file time and date thus it is good at retaining the evidence integrity for the cybercrime investigation.

Country to Attribute the Initial Hack (being handled by Paul Agent's Team 1).

Attribution made and Information based on this Attribution, Information dismissed in terms of Attribution, and Categories of Attribution for the chosen Factors.

Based on the established report from Paul Agent investigation that is to be handled by team 1, the initial attacker is likely to have originated from Asia. From the knowledge of network communication in the issue of IP address, one is able to trace a computer user by his device IP address. From the report, it was established that two IP addresses were identified. However, the 1st IP address which was from the original hacker originated from an Internet service provider company that is located in Asia. This shows that trough back rooting of the IP address octets, it will lead the investigator up to the company's network where the device was operating. After that, the company would trace back its routing tables on their servers, and establish the mac address of the device used which fall at the middle of the IP address and further the computer number which is presented by the last octet of the IP address.

Further, despite the creation of the two email accounts by the attacker from different countries (UK and Hushmail from Canada), their host countries are registered under specific IP address that may be linked from the country where the hacker is based. Hence they may only help identify the hacker intention and may also help in identifying the hackers country of residence since they are registered under specific IP assigned to each country.

According to the investigative report, the XYZ system attribution falls under the hacker. Based on the report, it was examined that the attacker (hacker) used several navigation methods such as the creation of multiple email accounts that he ensured originated from different companies. The attacker also used IP addresses that he used came from different ISP companies. Additionally, the attacker gained access to the XYZ system via multiple links such as email accounts and maneuvered via different servers to ensure his identity is not noticed. However, due to the competency of the investigating agency, this was noticed since they used the multiple IP addresses to route down up to the origin.

New Investigative Measures Discussed in this New Set of Facts and whether there any 4th Amendment or other Legal Issues Implicated by Each (Whether Already Employed in these New Facts, or going to be Employed Shortly )

Based on the investigations on the new set of facts, it can be examined that the attacker breached the 4th amendment act on cyber security law which protects individuals from the search that are unreasonable. The amendments protect the company and individual privacy. Further, the 4th law amendment stipulates on creative ways and procedures which the law enforcement uses to conduct surveillance and access company's personal computers, phones as well as the mails (Brenner and Clarke 211).

For instance, despite the actions of the investigating agency of obtaining evidence from the 1st mail account that seemed to originate from an email provider based in the UK, it was examined to have been used in registering a number of the critical domain that was used in routing the attacker in the XYZ Corp system. The procedure may breach the provided 4th amendment of law since the responsible investigating agency has no permission to access an individual email account from the owner despite being allowed by the email provider. This may lead to an exposer on individual privacy to the public a condition that may pose a lot of risk to the individual. Further, accessing the individual information without his consent may lead to compromising of the individual data integrity that rendering them unviable.

In the same way, the act of the Investigating agency to obtain evidence from the second email account that was used by the attacker for registering the domain which was used for exporting the exfiltrated file from the XYZ system and examined to have originated from a Canadian mail service provider by the name Hushmail. The investigating agency procedure for evidence extraction from the email created may breach the individual right on privacy according to the 4th amendment of cybersecurity law.