On today’s work, finally Sir Justin returned!!! We are going to present to him the two cases that we analyzed and created. He gave his opinion regarding the cases of each group and he commented what should be added and what should be removed.
Moving on, on the next meeting we had a new lesson about Auditing and Baselining and as usual we had an activity about it. We used two useful tools regarding with the topic. The first one is the Belarc and the other one is the CCleaner. Auditing talks about how manually or systematically measures the technical assessment of a system or application itself. While the baselining is a method to identify, and implement computer security measures in an organization. It also aims to achieve an adequate and appropriate level of security for electronic devices within the security infrastructure.
For me, the importance of this is to improve the security significantly and useful for the infrastructure itself.
In this day, we didn’t have a discussion but we have an activity regarding to mobile security of an Apple Device. This activity was kinda difficult since we need to find out all the passwords that the user kept in his/her device. In this subject, we have three groups that need to help each other how to find the locations of the passwords and act as Quick Response Team (naks). We were imagining that there was a deadline to find out the passwords. As soon as Sir started the clock, we were on our way to explore the storage of the Apple Device. Unfortunately, we ran out of time of time within our class period. But when I went home, I started my computer right away and continued our search for the passwords. It wasn’t easy at first but when I thought clearly, I was able to think the possible or the critical paths that contains the passwords. Luckily, I found them all within the day!! YAS!
On the next week, Sir Justin was not around because he had to attend the Research Conference at Cebu City. (Go Sir WOOH!!!) And there was a substitute teacher, that was going to handle us. So we had an activity again to do. With my partner, we need choose two cases which were the Wilner v. NSA case and the other one is the Social Networking and 4th Amendment. Me and my partner were finished it early and send it to Sir Justin right away! 😊
This week, we had a new topic that introduced us again to the world of security. Since the last few weeks were focused on PESTEL analysis, I was excited about our new lesson in Mobile security. This made me realize that security could be implemented in different platforms to provide assurance and no compromises on the device.
The first half of the lesson that we had was about Apple’s implementation of security into their devices. I learned a lot from the half portion of the class, for example; there is a term called sandboxing, which prevents the sharing of files to other applications installed in the device. The app store also contributes to security since they would verify the app first before publishing the application into the app store. This is to prevent any unwanted tampering of the said device.
For our second half of the class, we dived in the security implementation of Android devices. There are antivirus application for Android devices that would detect known signatures and implement countermeasures to prevent any mobile malware spread in the device. There is also the possibility of having a device going back to its previous OS version. The version of the device could also depend on the manufacturer or the company who sells the device. Sometimes, there are third-party apps that would be installed into the device and it cannot be uninstalled unless you root the device.
New terms surfaced when I listened to the lecture. One term is root where you upgrade the privilege of the user residing inside the Android device. Another set of terms that I learned was about mobile malware and that the biggest target of malware in the realms of mobile devices is Android
It has been awhile since I wrote an update about the lessons and what I learned in EVIDENCE but, these past two weeks have been an educational journey to me. Since I’m not familiar in the subject of analysis, this was a new technique to analyze a certain subject carefully. It was about the Political, Economic, Socio-Cultural, Technological, Environmental, Legal (PESTEL) analysis accompanied by Opportunity & Threat (OT) analysis. This PESTEL – OT made me realize how important to know how to analyze a certain subject. We were asked to analyze the upcoming proposal of a National Cybersecurity plan of 2022. This was exciting to read since it was about the improvement of security here in the Philippines. The plan doesn’t only cover security, it also promotes other improvements in terms of the government and businesses.
After we read the plan, I was a little skeptic if the plan would really be implemented here in the Philippines. I know for a fact that there is a possibility of corruption in the plan since it involves countless expensive pieces of equipment. Abuse of the funds is also a possibility but I decided to put these thoughts to rest and I’ll just wait and see what would happen next. I am glad that something like this would happen here since we are in need of advancing to the standards of other countries.
This is our second week in our EVIDENCE class. What we have discussed this week is about Procedures in Computer Forensics and some review about what we have discussed in COMSEC and in INVESTI, like the Incident Response Process and also includes the Search Warrant thingy. If there is no search warrant, what will happen? And when do we not need it? This is where the six exceptions would help to give access to the authorities. A quick review 😛 These are the Consent, Exigent Circumstances, Inventory Searches, International Issues, Search Incident, Lawful Arrest and the Border searches!
We also reviewed about the Chain of Custody processes, if evidence is gathered there is a proper procedure that should be followed because it is standard procedure. If it is not followed the evidence could be damaged and there is no record of who possessed it last.
In the half portion of our discussion, we were task to do an analysis in the case “TJX Data Loss”. We are asked to answer some questions if TJX is liable in the Data Loss or not. Unfortunately, YES. They are at fault. Belat. Hahahaha.
We also asked to do a PESTEL and the OT analysis of the National Cybersercurity Plan that is to be included the RAMPAGE lol. It is a part of the summit which Ms. Rhea will attend.
Hello there! This is my first Learning Log for Evidence. These two weeks we had already discussed a lot of topics and I’m glad that I easily understand the lessons without destruction 😛 (char) I’m also glad that I took this subject because this is also an advantage to my major. Hihi
And yes…. enough for my papansin introduction. So to start of, in the first week or our discussion we reviewed about Legal issues which we already discussed in INVESTI and COMSEC2. One thing that I noticed to myself is that, I forgot some of the terms in this topic. Oh no Joanna! GRR. But some lang naman…. but I still need to review it! After that we move on to the “Privacy” topic which on our INVESTI we had a case in Apple vs FBI. So moving on.. we had a new topic under this lesson which is the Philosophical Viewpoints. I know to myself that it is easy to understand, because for example when we talk about “Privacy as Control over Information” It is obviously means that the data or the information should not disclosed to a third party right? All of the viewpoints discussed is easily to understand because of the word used in the points. In Tagalog – maiintindihan mo na yung meaning sa title kahit di mo pa nababasa yung meaning. 😛 All we need to do is to know those five viewpoints by heart! In this lesson, I’m still confused on the types and standards of evidence. In some point nababaliktad ko. 😛 I need to be careful on that.
In our second meeting, we moved on to the Procedures for Computer Forensics. In this lesson, we all know that this is familiar to us, since the topic is most likely discuss on our previous major subject. Honestly, in our case study in this topic. Mej mahirap saken tho alam ko na ang mga gagawin maybe some of the points in the article ay di ko naintindihan. But I will do my best na we will come up with the best answer sa case na to. Yay!
In these weeks, Sir EVIDENCE asked us to take a certification exam in Cybrary coz it’s free. All we need to do is to study. Hahaha. Sayang libre din yun. 😦
This is my final learning log for COMSEC2. It’s so sad that our security subject is coming to an end but I am expecting to carry on my studying through the references given by our professor 🙂 Although it’s sad 😦 , I am a bit happy because I got to learn so many things about Computer Security this term. I remembered our exercises about the nmap usage for the networks, Snort and other useful applications that I want to explore more. For example, Kali Linux was available to me since our INVESTI subject and I only got to explore BeEF framework and nothing else. I want to learn how to defend systems from attacks that are common in today’s society. That’s one of my motivation to study well in our COMSEC2 class as well as in our other classes. For these two past weeks, we had many events that happened. We learned from the mobile malware lesson that Sir Justin taught us. It was interesting since I taught that mobile malware was limited and not defined that much. We also had our presentation of our correlator this week and it was a success!! Yehey!!!!! :)) I was nervous because at first I thought it was hard to do since we had our basis from two other correlation techniques which are Alert Correlation and Event Correlation. We aptly named our correlation technique as Tree Correlation and we began deciding what types of software should we use to produce the output of correlated logs. We decided to use the Visual Basic language from the Visual Studio application and use the older version of Snort since the newest version doesn’t have the support for the database connection. We used Snort 184.108.40.206 which has the schema example as well as the database connection functionality. I was excited because we were creating a correlator from scratch and we were implementing our correlation technique. Overall, we had great success and we plan to continue this project for a research paper! Thanks for reading!! 🙂