Cybersecurity

Cybersecurity has emerged as a major issue that threatens a wide range of businesses in South Africa. Cybersecurity refers to protecting systems such as data, hardware, and software from cyber threats in the context of the internet. The primary goal is to implement and maintain the security that is a good posture on these devices to protect all servers, mobile devices, computers, and any data stored on any of these devices from attacks by attackers with malicious intent. Several methods for detecting and preventing these malicious acts have been developed, implemented, and tested.
South African Laws governing implementation will also be discussed to demonstrate how to best deal with malicious attackers of this type. Policies concerning the preservation of respect and the integrity of potential evidence are the most frequently relied on and implemented. For example, using controlled boot discs to retrieve sensitive data, physically removing devices from their original locations for storage, and ensuring that they are functional are general guidelines for evidence preservation.

Introduction
Cyber defense, cyber operations, cyber exploitations, cyber intelligence, cybercrime, and cyber law are all intertwined. All of this is discussed in more detail below. Cyber forensics, which is defined as collecting, analyzing, and reporting digital data in a legally permissible manner, is also considered. It is used in the detection and prevention of criminal activity. It is also used to detect and prevent disputes when evidence is stored digitally. As a result, cyber forensics investigations seek to investigate data extracted from computer hard disks and storage devices using generally accepted procedures and policies. This paper will present a multi-year computing capstone project to contribute to cybersecurity knowledge implementation in a non-computer institution.
As a result, the research focuses on the South African government and falls under the guide domains. The understudy constructed Vulnerable Web Server application is a framework that bundles instructional materials and pre-fabricated virtual machines, made utilizing Oracle VirtualBox, into intelligent cybersecurity exercises. The practices covered the introduction to digital, law/morals, Linux, cross-site scripting, SQL infusion, and remote record consideration. The activities include guarded methods, and the three assault exercises have ideas for appropriate observation.

The exercises enable non-specialized understudies to rapidly and securely experience a specialized yet multi-disciplinary introduction to PC security that appeals to their creative minds. The Vulnerable Web Server materials are aimed at a small number of secondary schools. They are now being used in various security exercises as a middle-of-the-road general training data innovation course at the South African Military Institute.

In 2001, Macon achy et al. (2001) published a fundamental model for data confirmation. Figure 1 depicts this. People are described in their paper as the “central core of secure frameworks,” and they express that People “require mindfulness, proficiency, preparing, and training in sound security practices for frameworks to be ensured about.”

Regardless of this emphasis and need, we believe that properly preparing and training individuals is perhaps the most vulnerable aspect of modern society. This deficiency is especially prevalent among the younger generation, for whom data technology is now practically universal.

Based on this inspiration, the primary goal of this project is to assist non-specialized understudies in gaining interest and information in PCs and PC security by providing a one-of-a-kind asset and experience. Helpless Web Server is a free programming and educational plan designed to teach cybersecurity basics. We anticipate that this product will eventually inspire students to pursue degrees and careers in cybersecurity fields desperately needed to meet our nation’s security needs in the private sector, government, and military. In conjunction with a current PC lab study hall, we believe that any advanced secondary school or school educator can use the Vulnerable Web Server programming and educational plan to instruct and motivate students about critical cybersecurity concepts.

Literature review
It is clear that cybersecurity has emerged as a critical issue affecting a wide range of businesses. According to the company’s primary goal, attackers are kept away from all servers, mobile devices, computers, and stored data. Several detection and prevention strategies have been developed, tested, and evaluated over the years. Furthermore, the laws governing implementation were scrutinized to demonstrate how attackers could be dealt with.

Cyber defense, cyber operations, cyber exploitations, cyber intelligence, cybercrime, and cyber legislation are all terms used to define the field of cyber security. This section contains more information on each of the topics discussed. Cyber forensics, which is the activity of gathering, analyzing, and reporting digital data following applicable laws and regulations, is also considered. It aids in the detection and avoidance of criminal activity in public places. It is also used to detect and prevent problems associated with digital evidence preservation. Businesses have long emphasized the importance of safeguarding your passwords, financial information, and other sensitive personal information from intruders who may gain access to your network. It is essential to protect and secure personally identifiable information. Adherence to sound data protection guidelines and practices are becoming increasingly important for businesses and individuals. A major goal of this research is to create a multi-year computing capstone project to assist non-computer institutions in developing cybersecurity expertise. Employee records, customer information, loyalty programs, transactions, and data collection are just a few examples of the critical information businesses store and maintain regularly. This procedure is followed to prevent third-party fraud, such as phishing scams and identity theft, from gaining access to the data. Organizations such as the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST), and the International Organization for Standardization (ISO) have published standards and benchmarks for the development of security policies and procedures that have been established and are regarded as best practices.

It covered various topics, including an introduction to digital, law and morals, Linux, cross-site scripting, SQL infusion, and remote record consideration. The drills include safety procedures, and the three assault drills incorporate appropriate observation techniques into their overall design. Firewalls’ inability to prevent users from visiting malicious websites exposes them to internal threats or attacks, virus attacks, and the misuse of login credentials.

Updates to the software are used for a variety of purposes. Revision and rewriting are necessary steps. Patching discovered security holes and repairing or removing computer bugs are examples of such tasks. When you update your devices, you can access new features while removing those that the user no longer needs.

According to Anand (2017), cyber security rules and regulations are well defined. Numerous reforms have also been implemented, including cybersecurity and law enforcement. S. A. M. Authority (2017) also described in detail the operation of the Cyber Security Framework, which is related to cybersecurity. Bhushan, B., and G. Sahoo (2020) have clarified the requirements, protocols, and security challenges that must be addressed by industries concerned with cyber security and computer networks in the context of wireless sensor networks. Cook, K. D. (2017) investigated the efficacy of security management strategies in the cyberspace environment. R. Crouton (2017) offers a concise overview of international cybersecurity and recommendations for increasing accountability in state-controlled cyberspace.

According to Eoyang and Keitner (2020) authors, cybercrime and cyberwar, both concerned with malicious cyber activities, have been addressed. Furthermore, the national security law policies have been thoroughly scrutinized. In their paper, Tari Schreider, SSCP; CCISM; and CISO, I. (2017) argue to develop effective cybersecurity programs. Tari Schreider, SSCP; CCISM; and CISO, I. Lin, X., Lin, X., and Lagerstrom-Fife were the first to introduce cyber and computer forensics concepts (2018). In their paper Cyber Forensics: Designing Wired and Wireless Networks, Hadi, M. S., Lawey, A. Q., El-Gorashi, T. E., and Elmirghani, J. M. (2018) define more specifics of cyber forensics, including data analysis for designing wired and wireless networks.

According to Anand (2017), cyberspace is increasingly becoming a political issue. Because of Wikileaks’ successful leaks of sensitive administration documents and cyber-based attacks used to attract nuclear weapons, most countries now turn off the internet during times of unrest. Another point raised by Anand is that cyberspace has resulted in creating reality. This fact is thought to be riddled with flaws that jeopardize national security. WannaCry, also known as WannaCrypt, is a ransomware attack expected to affect over 200,000 computers in 150 countries. India is one of the hardest hit countries. WannaCry messages on network computers demand a ransom to regain access to internal data and network devices. This reduces the risk of a ransomware attack.. The threat of a ransomware attack will be reduced in this manner. The WannaCrypt ransomware attack, on the other hand, will pose a significant risk to the general public and serve as a reminder of how easy it is for cybercriminals to coerce people into fulfilling their demands by using important things that will make our lives better through the use of the internet.

S. A. M., according to the authorities (2017). We will live in a digitally connected world due to the internet revolution, with opportunities for innovation and creativity in new social endeavors. Because of the pervasiveness of digital technology in both economic and social life, the widespread use of digital technology in all aspects of economic and social life may result in significant gains in terms of increased facility value to citizens and financial gains. Nonetheless, because this world is defined by a glimmering covert to digital schemes, this will include the use of cybercrime and digital information that will be accessible to people regardless of where they live. As a result, the committers will remain unconcerned about cybersecurity policy measures for both business and local government authorities, as they have in the past.

According to Nwankwo, an increase in information and computing advancement, as evidenced by the global placement of supercomputers, will be documented as a possible source of degradation and a contributor to the problem of climate change. The impending dangers that may result from the large growing scale of infrastructures installed in information and communication technology will cause the thinking of the biosphere’s global chief executives to become increasingly blurred due to the inherent desire of businesses to maintain a competitive advantage over their competitors. In light of the preceding explanation, the project’s goal will be to investigate policies and practices implemented in South Africa that have resulted in a negative environment affecting information and communication technology infrastructure.

Discussions
It also discusses functions surrounding the program being overseen or the aspect of a high-level technical security program that should be well managed to ensure currency with changing risk and threat environments. A strategy for developing strategies is discussed and how to design cybersecurity functions.
Cybersecurity protects systems connected to the internet, such as data, hardware, and software, from cyber threats.

The primary goal of cybersecurity
The implementation goal is to provide good posture security to all servers, mobile devices, computers, and any data stored in these devices against attacks by attackers who usually have malicious intent.
Cybersecurity is associated with several factors. Cybersecurity is intertwined with cyber defense, operations, cyber exploitations, cyber intelligence, cybercrime, and cyber law. Their relationship within Federal and State Law is also investigated in light of all cybersecurity aspects.

Aspects of cybersecurity
• Data governance is an important aspect of cybersecurity. This is an example of role management and identity management. Each user’s access rights to any devices mentioned above should be clearly defined. Furthermore, there should be a clear definition of who can access sensitive files or dedicated services.
• Insurance is another aspect of cybersecurity. This aspect generally ensures that the manufacturer only imagines the interactions proposed within the platform. This means that other unanticipated exchanges cannot be permitted because the user may have stolen data from another user.
• Therefore, it is critical to ensure that whatever task is designed for the platform is completed without performing other functions not intended for it.
Some platforms are run by services whose territories are extremely sensitive, such as banks, administration, communication via airplane for airlines, and health administration.
• In light of cybersecurity issues, another aspect of cybersecurity is the robustness of the technology. The vast majority of malicious attackers are assumed to create planned interactions and have some pure technical characteristics that make it possible and simple to take system control.
• If malicious attackers successfully penetrate and control the company’s system, the company’s reputation may suffer, and some systems may cease to function.
• Among the aspects of cybersecurity are useful analytics. Moving to where an issue has occurred is simple when one can see the risk and monitor situations that can lead to threats.
• Any organization that uses any technology platform must rate its threats to have a good historical picture of past risks.
• Another aspect of cybersecurity is the prevention of internal threats. The insider breach is unavoidable in the majority of businesses. Internal threats in organizations are errors or poor decisions made by employees. A trustworthy cybersecurity platform should be able to notify you of errors and issues that have a high likelihood of putting the device, data, or network at risk.
• Another aspect of cybersecurity is compliance. Every organization and industry has its definition of information security. Unique regulations, standards, and specific best practices vary by industry. For this reason, all cybersecurity platforms assist their organizations in maintaining, achieving, and ensuring compliance with the set regulations of the specific industry and organization.
• Another aspect of cybersecurity that is being considered is continuous monitoring. Insofar as compliance is concerned, continuous monitoring should be ensured. This is due to the possibility of a person configuring an organizational server.
• Failure to have continuous monitoring by the security platform may expose the organization to risk and not adhere to compliances.
• Another aspect of cybersecurity is risk management across an organization’s or industry’s entire ecosystem.
• Partners, vendors, and contractors who typically have data and network access are critical sources of risk within a business.
• As a result, third parties pose significant risks. The cybersecurity platform should enable the owners of industries and organizations to manage and monitor any threat posed by third parties.
Cyber defense
Cyber defense protects the most valuable assets of a business against malicious attacks.
A wide range of activities is covered and adhered to, which are essential in enabling one’s business to protect itself from attacks. The company is also able to respond to threats that are evolving rapidly. Some of the activities involved include;
● Reduction of the business appeal to attackers through cyber deterrents.
● Controls for preventing attackers require their attacks to be more expensive.
● Capability to detect attacks and spot their target on your business.
● Capability to react and respond to repel the attackers.

Cyber operations
The specialist who conducts cyber operations is referred to as performing defensive and offensive cyberspace operations. They are usually in favor of full-fledged military options. They have an impact on cyberspace by employing specially designed techniques.
As a result, offensive operations are associated with force targeting hostile activities and capabilities. The goal of defensive operations is safeguarding networks,
• protecting networks,
• designated systems,
• data and net-centric capabilities.

Cyber exploitations
Cyber exploitation is defined as the abusive act of deceiving another person or using another person’s information for personal gain on online platforms. It is a crime that involves the unauthorized distribution of intimate videos or photos. Anyone could have obtained the images.
• either stranger or
• ex-husbands or ex-wives
• ex-lovers via hacking
The primary goal is to humiliate and degrade the victims. The goal is to sully the victim’s reputation and completely extort them.

Cyber intelligence
Cyber intelligence combines defense and modern information technology espionage and includes hacking, countering, and analyzing digital security threats. The cyber intelligence community is associated with the provision of digital risk protection, such as;
• terrorists,
• viruses and malware
• hackers
The main goal of all of this is to steal sensitive information via the internet.

Cybercrime
Cybercrime is a crime committed using a device that can connect to networks, such as a computer and network. The computer, as a method, is used as a target or in the commission of a crime. Cybercrime poses a threat to any activity that involves the use of a computer. The network is employed as follows:
• an instrument used to further illegal ends such as identity theft,
• committing a heinous crime,
• invading one’s privacy and
• Intellectual property smuggling
The majority of cybercrimes involve the theft of information from governments, corporations, or individuals. Cybercrime occurs in jurisdictions separated by vast distances.

Cyberlaw
Cyberlaw is a branch of law concerned with the internet’s relationship to technical elements of electricity such as hardware, computers, information systems, and software. The laws govern how information technology and networks are used.
The law’s primary goal is to ensure that cybersecurity guidelines and regulations are followed. Cybercrime issues are being monitored, and those who commit the crimes are prosecuted.

Cyber forensics investigation procedures
Cyber forensics is defined as the legal collection, analysis, and reporting of digital data. It is used in the detection and prevention of criminal activity. It is also used to detect and prevent disputes where evidence is digitally stored..
As a result, cyber forensics investigation aims to investigate data extracted from computer hard disks and storage devices that adhere to generally accepted procedures and policies. This is done to determine whether compromised devices have unauthorized access. Cyber forensics investigations involve several processes.

Policy and procedure creation
Insofar as malicious cyber activities, the intent to commit a criminal conspiracy of the crime, are involved, digital evidence is usually vulnerable and delicate. It is critical that all of the guidelines that have been established, as well as the procedures for conducting cyber forensic investigations, are strictly followed to the letter and spirit..
This is done because cybersecurity professionals respect and understand the value of information that can be easily compromised if not handled properly. Procedures of this type may include:
• Techniques for preparing systems to retrieve evidence quickly,
• Procedures for documenting activities and processes for establishing procedures for reporting procedures for
• instructions detailing the time frame for authorizing computer forensics investigators
This procedure is carried out to ensure that the data is genuine. To protect the operations of cyber forensic investigations, strict guidelines should be established. Cybersecurity divisions should be prepared to develop rules and regulations for all other digital activities within the organization.

Evidence assessment
This is a critical step in the cyber forensic investigation process. In a cybercrime, this process involves the evaluation of potential evidence. Computer forensic investigators typically employ sophisticated sifting methods.
• all of the email addresses,
• digitized archives,
• hard disk drives and
• social networking sites to retrieve and thus evaluate any useful information that may be relevant to the involved case
This serves as evidence of the crime when the agency needs to prove that an individual committed a crime involving identity theft. The investigator must determine the reliable source and integrity of the data before engaging with the evidence during the investigations in this process.

Evidence acquisition
This is the most important stage of a successful forensic investigation process because it is the most detailed and rigorous obtaining evidence. Extensive documentation is required both before and after the acquisition process. Furthermore, highly detailed information is recorded and preserved, including systems used during the investigation process, investigated methods, and hardware and software specifications.
Policies about preserving respect and integrity of potential evidence are most relied on and applied at this stage. Among the general guidelines that can be used in evidence, conservation is the use of boot discs that are controlled to retrieve highly sensitive data, remove devices for storage, and ensure functionality.
Appropriate steps should be taken to transfer the obtained evidence to the investigator’s system. Evidence should be obtained and completed legally and deliberately. An investigator’s ability to document and authenticate the chain of evidence is critical, especially when pursuing a court-related case. Because there are complex cybersecurity cases, this is the same case for cyber forensics.

Examination of evidence
This cyber forensic investigation process entails using procedures to retrieve, copy, and store the necessary evidence within the appropriate set of databases for active investigations to be conducted.
Investigators effectively and typically examine data from designated archives using various methods and approaches for information analysis. Such plans and techniques include using software analysis to search for massive amounts of archived data for specific file types or keywords. This process of cyber forensic investigations also consists of the recently deleted procedures for file retrieval. Using data that has been tagged with dates and times is especially important for investigators. This is because they are suspicious programs and files that have been intentionally hidden or encrypted.

In this stage of cyber forensic investigation, analyzing file names aids in determining where and when a specific data was uploaded, created, or downloaded, assisting investigators in connecting files that exist on devices for storage to online data transfer.
This is when cyber forensic investigators must work side-by-side and collaborate with lawyers, criminal investigators, and anyone else who is qualified. This is done to identify the types of information that can be used as evidence and to comprehend the user actions for investigation.

Reporting and documentation
• Cyber forensic investigators should keep all relevant information.
• the methods employed in the investigation,
• methods for testing the system’s functionality,
• retrieval,
• copying, storing data, and
• Actions are taken to obtain, assess, and examine the obtained evidence.

This is an extremely important stage because it ensures that all parties follow all guidelines, policies, procedures, and regulations. The validity of the evidence and the case’s outcome can be jeopardized if the investigator fails to accurately document the proof (Yoshikawa, 2018).

All actions performed by cyber forensic investigators should be adequately saved in their designated archives and accounted for in a clear and digital format. This ensures the integrity of any evidence-based conclusions. Experts can confirm evidence by comparing it to the investigator’s documentation, which was recorded in digital form.

Goals of Cyber Forensics Investigations
Cyber forensics is concerned with providing a service in which legal evidence is stored in a digital format. One of the primary objectives of cyber forensics is
The goal of investigations is to make it easier for everyone who needs the team’s assistance to anticipate the information that will be used as virtual evidence resulting in a stronger case in court due to the availability of the evidence (Howlett et al. 2017).

Another goal of cyber forensics investigations is to make it possible to retrieve information that has previously been lost or stored in a computer. Various factors should be considered to proceed with the retrieval process. The path forward for overcoming various roadblocks and any other factors that impede the process should be regarded (Tari, 2017).

Another goal of cyber forensics investigations is to preserve data that has been extracted from a computer. When the litigation and investigation processes take excessive time, preservation becomes critical. The information is usually vulnerable, and it is the investigators’ responsibility to be extremely cautious while preserving the data, as outsiders can also destroy it.

Importance of search warrant and chain of custody in a forensic investigation
In a forensic investigation, the importance of a search warrant and chain of custody cannot be overstated.
A search warrant is a document that a magistrate signs. The main purpose of signing is to give law enforcement officers the authority to conduct searches for specific items. In cyber forensics, the chain of custody is the paper trail or historical documentation of electronic evidence indicating collection, transfer, control sequence, and analysis. In a forensic investigation, maintaining a chain of custody is critical to preventing evidence contamination and preserving the integrity of the evidence (Hadi et al., 2018).
Chain of custody is important in forensic investigations because it benefits the examiner. It aids in demonstrating the location of potential primary evidence, the person who created it, and its significance. Source and the type of equipment used; as a result, investigators are advised to maintain their integrity throughout their processes (Lin et al., 2018).

A missing link in the chain of custody can result in evidence that has been presented to the court being thrown out completely if the missing link is not discovered immediately.. It is critical to ensure that the chain of custody is healthy and meaningful. Its presentation to the court should include some evidence as well (McDavid et al. 2018)

The functions surrounding the program being overseen or the aspect of a high-level technical security program should be well managed, ensuring currency with changing risk and threat environments.

Implementing a formal Information System governance approach will assist in managing the functions that surround the program being overseen or a high-level aspect of a technical security program (Eoyang & Keitner, 2020). This will also aid in ensuring currency in the face of changing risk and threat environments. The information security framework typically supports the business, thus aligning with assurance strategies.

Another method of managing the functions surrounding the program being overseen or the aspect of a high-level technical security program that will help ensure currency with changing risk and threat environments is to prevent data loss (Crootof, 2017).
Access control should also be well managed so that the only people who have access to the data are well known and specific. People should also ensure that the data is not at risk of loss or attack. Monitoring of vendors, employees, and even contractors within the organization or industry should be done firmly to ensure that data leakage is reduced (Cook, 2017)

Detection of the insider threat is another method for managing the functions encompassing the program being overseen or the aspect of a high-level technical security program, which will also aid in ensuring currency with changing risk and threat environments. Because employees and well-trained employees are significant threat sources, technology will be required to act as a defense. Because illegal behavior is easily detected, an organization should monitor activities surrounding users.

Another method of managing the functions surrounding the program being overseen or the aspect of a high-level technical security program that will aid in ensuring currency with changing risk and threat environments are creating backup data.

This is an essential practice. This is because it aids in combating any attacks that may arise along the way. Every organization, therefore, requires a fully operational backup. A good backup and recovery strategy should include the following elements:
• Plan for implementation and begin the data backup process regularly.
• I’m storing copies in a secure location to reduce the risk of theft.
• Testing backups regularly.
• As part of a backup, including system and software settings.

Educating and training your users will aid in the management of the functions that surround the program being overseen or the aspect of a high-level technical security program. This will also assist in ensuring currency in the face of changing risk and threat environments. Your users are always the weakest link in any organization or industry regarding information security. Training should include:
• Procedural steps for detecting a phishing email.
• Methods for maintaining and creating passwords are so strong that malicious data attackers cannot gain access.
• Methods for ensuring that high-value information does not leak out of the company or any other user who poses a security risk.
Making a clear outline of how to use policies for third parties and new employees within an organization will assist in managing the functions that surround the program being overseen or the aspect of a high-level technical security program. This will also aid in managing currency with changing risk and threat environments.

Updating systems and software is an excellent strategy for managing the functions encompassing the program being overseen or the aspect of a high-level technical security program and ensuring that currency with changing risk and threat environments are well managed. Keeping software and systems up to date with the latest and greatest features aids in network security.

Compliance maintenance is another method of managing the functions surrounding the program being overseen or the aspect of a high-level technical security program that will help ensure currency with changing risk and threat environments.
Regulations that provide ways and methods for conducting security should be followed and kept up to date.

Physical and environmental security should also be considered to ensure that the functions surrounding the program under supervision, or aspects of a high-level technical security program, are well managed to ensure that the program remains current with changing risk and threat environments and compliance maintenance. Physical security includes mechanisms that protect against the threats listed below.
• Human risks
• Environmental dangers
• Threats to the supply system
Another plan in which functions that surround the program being overseen or an aspect of a high-level technical security program will help in ensuring that currency with changing risk and threat environments can be managed is network security creation and constant monitoring. A business that is overly reliant on the internet or uses it regularly is more vulnerable to threats. Employees can also intentionally or unintentionally expose such threats to the company. Among the goals of network security are the following:
• The network’s security is ensured.
• Reducing the susceptibility of computers and applications to network threats.
• Data protection during the transmission process across a given network.

The following is a plan for designing functions surrounding program scoping or the development of processes, procedures, and architectures that guide work execution at the system or program level.
• Deployment and upkeep of a discovery-oriented automated asset inventory tool.
• They are forcing users to re-login automatically after a period of inactivity.
• Configuration of security and network devices
• They are in charge of the system of access to the computer’s audit log.
• Keeping any evidence and strictly adhering to the chain of evidence to support any anticipated legal actions.
• I am calculating any financial losses that may have resulted from the breach.
• Reduction of indirect and direct costs of cybersecurity incidents.
Proper planning of the functions that surround program scoping, or the development of processes, procedures, and architectures that guide work execution at the level of
The system or application must be well-designed. The project and business objectives should be clearly defined (Shackelford, 2020).

The impact of the chosen project on the management should also be considered. A SMART (Specific, Measurable, Attainable, Relevant, and Time-based) goal will aid in the achievement of a worthy goal.
Parameters and constraints should be clearly defined. This will aid in designing and planning the functions that encompass, designate, and scope a program and the development of processes, procedures, and architectures that guide the execution of work at the system or program level. It is critical to document the methods and techniques that will be performed and those that will not be performed (Stallings, 2018).

The processes of cyber forensics investigations
Cyber forensics is defined as collecting, analyzing, and providing a report on digital data in a manner that is permissible under applicable laws and regulations. It is employed in the detection and prevention of crime. It is also used to detect and prevent any disputes where evidence is stored digitally and in detecting and preventing fraud.
Forensics investigations into computer hard drives and storage devices are intended to look into data obtained through standard operating procedures and policies followed by all parties involved in the study. This is done to determine whether or not devices that have been compromised have unauthorized access to sensitive information. Several processes are involved in cyber forensic investigations.

Development of policies and procedures
It is common for digital evidence to be vulnerable and delicate in malicious cyber activities to perpetuate a criminal conspiracy of the crime. It is important to adhere to all of the guidelines that have been strictly established and the procedures set for conducting cyber forensic investigations.
This is done because the professionals in the field of cybersecurity respect and understand the value of the information, which can be easily compromised if not handled properly. Procedures such as these can be used; for example,
preparing procedures for systems that will allow for the retrieval of evidence quickly
procedures for documenting activities and procedures
Instructions specific to the time frame for authorizing computer forensics investigators are also provided.
This procedure is carried out to ensure that the data is authentic. Strict guidelines must be established to protect the operations of cyber forensic investigations. Strict guidelines must be set to protect the operations of cyber forensic investigations.s. Divisions responsible for cybersecurity should be prepared to develop rules and regulations for all other digital activities within the company.
Evaluation of the evidence
This is a critical step in the cyber forensic investigation process.s. In the case of cybercrime, this process involves the potential evidence assessment process. Investigators who work in computer forensics typically employ sophisticated methods of sifting through evidence.
• every one of the email accounts,
• archives in the digital age,
• hard drives, and other storage devices
• Using social networking sites, investigators can retrieve and evaluate any relevant information relevant to the case.
This serves as evidence of the crime when an agency needs to demonstrate that an individual has committed a crime involving the theft of an individual’s identity. The investigator must determine the reliable source and integrity of the data during the investigations during this process before engaging with the evidence.

Obtaining documentary evidence
The most detailed and rigorous phase of a successful forensic investigation process is the most critical phase for obtaining the necessary evidence to complete the investigation. Extensive documentation is required throughout the acquisition process before and after the transaction is completed. Furthermore, to record and preserve information with highly detailed content, such as systems used during the investigation process, methods under investigation, and hardware and software specifications.

Currently, policies about preserving respect and integrity of evidence that can be used are most heavily relied on and implemented. General guidelines for evidence preservation include using boot discs that are controlled in the event of a fire or other disaster.
• retrieval of highly sensitive data, physical removal of devices for storage, as well as ensuring that the devices are functional
• Obtaining unauthorized access to another person’s computer is considered a crime under the Computer Fraud and Abuse Act of 1986. (CFAA).
• Gathering evidence and completing tasks must be done legally and purposefully. An investigator’s ability to document and authenticate the chain of evidence is extremely important, especially when investigating a case that will go to court. In the same way, cyber forensics is a difficult field to work in because there are many complex cybersecurity cases to deal with.

Conclusion
Finally, numerous methods for detecting and preventing these malicious acts have been developed, implemented, and tested. They are described further below. Various laws governing the system’s implementation have also been discussed to demonstrate how malicious attackers can effectively deal with it. The policies with the most potential for preserving evidence’s respect and integrity are the most relied on and applied. The use of boot discs that are controlled in the retrieval of data, which is highly sensitive, the removal of devices for storage that is physically removed from the scene, and ensuring that the devices are functional are all general guidelines that can be used in the preservation of evidence.
To avoid being subjected to harmful assaults and attacks, a company must take several precautions. SIEM systems can correlate events and identify suspicious patterns; user behavior analytics can monitor for unusual or risky activity, and penetration testing can be used to detect malicious attacks. Anomaly detection can be accomplished using system and network monitoring tools; SIEM systems can correlate events and identify suspicious patterns, and penetration testing can be used to detect malicious attacks. To protect themselves, they may also use firewalls and spyware-cleaning software. Laws and restrictions must be enacted to keep the onslaught under control. To deter future attacks, one approach to dealing with harmful attacks is to impose specific penalties on those who commit cybercrime, such as fines or prison time.
Furthermore, regulations requiring businesses to disclose any security issues within their networks may be advantageous. One of the relevant guidelines is environmental protection. The findings should be documented, and electronic media should be saved.

An organization must implement various security measures to protect itself from malicious attacks. These include user policies, procedures, and multiple tools for detecting malicious attacks and preventing them from occurring. All of these tools and policies, on the other hand, are only useful if their users are properly trained in their use.
An organization can use a variety of techniques to detect malicious attacks. User behavior analytics to see unusual or risky behavior; penetration testing and vulnerability scanning to identify weaknesses in defenses that attackers could exploit. In addition, other tools System and network monitoring tools are used to detect abnormal activity, security incident and event management (SIEM) systems to correlate events and identify suspicious patterns, and other tools may be included.
Following an attack, forensics analysis can be used to examine infected systems to repair the damage caused by the attack and learn from it to avoid repeating the same mistakes.
Among the other possibilities are:
• Antivirus software, which scans all of your computer’s files, emails, and other contents for viruses, prevents viruses from entering your computer. Updating antivirus software is critical for maximum protection against potential threats.
• Firewalls: The use of firewalls is the second type of security measure. The computer’s firewall protects it from the outside world by preventing it from connecting to the internet. It works by shutting down the ports that hackers could use to access your computer without your knowledge. As a bonus, it prevents malware and spyware from being downloaded onto your computer.
• Malicious software removal tool (available from the Microsoft website) – This tool aids in the removal of malicious software from your computer.
• A spyware removal tool, in addition to the steps outlined above, can assist you in removing any spyware or adware that may have been installed unintentionally on your computer.
• The policies and laws can deal with malicious attacks in various ways. An effective strategy for dealing with malicious attacks is to impose specific punishments on those who engage in cybercrime, such as fines or prison sentences.
Having a policy that requires organizations to report any security incidents within their networks may also be beneficial.
This information can help law enforcement officials apprehend and prosecute the perpetrators of these crimes. It is also possible to protect individuals and businesses from becoming victims of cybercrime by enacting stringent cybersecurity legislation. These laws serve as a deterrent to would-be attackers by making it illegal for hackers to steal data or damage computer systems.
It is also possible to protect individuals and businesses from becoming victims of cybercrime by enacting stringent cybersecurity legislation. These laws serve as a deterrent to would-be attackers by making it illegal for hackers to steal data or damage computer systems. Several federal statutes in South Africa address various aspects of cybersecurity.
Under the Computer Fraud and Abuse Act, gaining unauthorized access to another person’s computer is a crime (CFAA). It is unlawful to intercept electronic communications without authorization under the Electronic Communications Privacy Act. Here are a few examples of how cybersecurity policies and laws can deter malicious attacks.
When it comes to preserving evidence after a cyberattack, it is important to remember that not all data is created equal, and some data is more valuable than others are. Certain types of information may be more useful to investigators than others, and certain pieces of data may be more important to collect and preserve than others. There are several guidelines that organizations can follow to ensure that digital evidence is properly maintained, including the following:
• To put it another way, determine what needs to be preserved: First, it is necessary to understand what evidence is being sought. It is essential to decide which systems or devices were affected by the attack and which files or folders were affected. Create an inventory of all digital assets associated with your organization, which may be useful in the future.
• The organization should safeguard the environment by doing the following: Once the relevant data has been identified, the surrounding environment must be secured to prevent tampering. Close infected machines and, if necessary, disconnect them from networks. If quarantine is required, isolate the infected machines and place them in quarantine.
• It is critical to save electronic media after a breach has occurred. After a breach, attackers frequently try to delete incriminating files. To avoid this, copy any relevant electronic media onto forensically sound storage devices and keep them in tamperproof containers until the investigation is complete. It is critical to document the investigation’s findings so that attorneys or law enforcement officials can refer to them later if necessary.

References
Anand, N. (2017). Cybersecurity and law enforcement.

Authority, S. A. M. (2017). Cyber Security Framework.

Bhushan, B., & Sahoo, G. (2020). Requirements, Protocols, and Security Challenges in Wireless Sensor Networks: An Industrial Perspective. In Handbook of Computer Networks and Cyber Security (pp. 683-713). Springer, Cham.

Boddington, R. (2016). Practical digital forensics. Packt Publishing Ltd.

Capano, G., & Woo, J. J. (2017). Resilience and robustness in policy design: A critical appraisal. Policy Sciences, 50(3), 399-426.

Cook, K. D. (2017). Effective Cyber Security Strategies for Small Businesses.

Crootof, R. (2017). International Cybertorts: Expanding State Accountability in Cyberspace. Cornell L. Rev., 103, 565.

Eoyang, M., & Keitner, C. (2020). Cybercrime vs. Cyberwar: Paradigms for Addressing Malicious Cyber Activity. Journal of National Security Law and Policy, Forthcoming.
Giraldo, J., Sarkar, E., Cardenas, A. A., Maniatakos, M., & Kantarcioglu, M. (2017).

Security and privacy in cyber-physical systems: A survey of surveys. IEEE Design & Test, 34(4), 7-17.
Hadi, M. S., Lawey, A. Q., El-Gorashi, T. E., & Elmirghani, J. M. (2018). Big data analytics for wireless and wired network design: A survey. Computer Networks, 132, 180-199.

Howlett, M., Mukherjee, I., & Rayner, J. (2017). The elements of effective program design: A two-level analysis. In Handbook of Policy Formulation. Edward Elgar Publishing.

Lin, X., Lin, X., & Lagerstrom-Fife. (2018). Introductory Computer Forensics.Springer International Publishing.

McDavid, J. C., Huse, I., & Hawthorn, L. R. (2018). Program evaluation and performance measurement: An introduction to the practice. Sage Publications.

Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE) cybersecurity workforce framework. NIST Special Publication, 800(2017), 181.

Nwankwo, W., & Ukaoha, K. C. (2019). Socio-Technical perspectives on Cybersecurity: Nigeria’s Cybercrime Legislation in Review. International Journal of Scientific and Technology Research, 8(9), 47-58.

Sampigethaya, K. (2019). Aircraft Cyber Security Risk Assessment: Bringing Air Traffic Control and Cyber-Physical Security to the Forefront. In AIAA Scitech 2019 Forum (p. 0061).

Shackelford, S. J. (2020). Cyber War and Peace: Toward Cyber Peace. Cambridge University Press.Skopik, F., Settanni, G., & Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security, 60, 154-176.

Stallings, W. (2018). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Addison-Wesley Professional.

Tari Schreider, S. S. C. P., CISM, C., & CISO, I. (2017). Building Effective Cybersecurity Programs: A Security Manager’s Handbook. Rothstein Publishing.

Yoshikawa, H., Wuermli, A. J., Raikes, A., Kim, S., & Kabay, S. B. (2018). Toward high‐quality early childhood development programs and policies at the national scale: Directions for research in global contexts. Social Policy Report, 31(1), 1-36.