Question: Discuss the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence.

A new start-up SME (small-medium enterprise) with an E-government model has recently begun to notice anomalies in its accounting and product records. It has undertaken an initial check of system log files, and there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. They have also recently received a number of customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate.

The company has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full-scale malware/forensic investigation. So they employed a digital forensic investigator to determine whether any malicious activity has taken place and to ensure that there is no malware within their systems.

The team wants you to carry out a digital forensics investigation to see whether you can trace the cause of the problems, and if necessary, prepare a case against the perpetrators.

The company uses Windows Server NT for its servers. Patches are applied by the IT support team on a monthly basis, but the team has noticed that a number of machines do not seem to have been patched.

Question: Discuss the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence