Data acquisition methods for digital forensics
VerifiedAdded on 2022/09/15
|11
|1180
|18
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
MN624
Name of the student
Name of the University
Author’s note
Name of the student
Name of the University
Author’s note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: MN624
Table of Contents
Digital Clues:................................................................................................................................................3
Prodiscover forensics tool:..........................................................................................................................3
Data acquisition in digital forensics:............................................................................................................8
Data preservation methods:........................................................................................................................9
Data acquisition methods for digital forensics:...........................................................................................9
References:................................................................................................................................................11
Table of Contents
Digital Clues:................................................................................................................................................3
Prodiscover forensics tool:..........................................................................................................................3
Data acquisition in digital forensics:............................................................................................................8
Data preservation methods:........................................................................................................................9
Data acquisition methods for digital forensics:...........................................................................................9
References:................................................................................................................................................11
Running head: MN624
Digital Clues:
The digital forensics is referred to as the procedure of preserving, recognizing, obtaining and
documentation of computer evidence that can be utilized by the court of law. It is a science of
discovering evidences from the media those are digital such as mobile phone, computer, server and
many more. It offers the team of forensic with best tools and techniques in order to resolve complex
cases related to digital [1]. The digital forensics assists the team of forensic s to evaluate, inspect,
recognize and then preserve the digital evidence stored on different types of electronic devices. The
procedure of digital forensics consists of identification, preservation, evaluation, documentation and
preservation. There are various types of digital forensics that consists of, disk forensics, network
forensics, database forensics, wireless forensics and many more. The main aim of digital forensics is to:
It assists in order to recover, evaluate and then preserve the digital materials in a manner such
that it assists the agency of investigation
It assists to postulate the motive that is behind the crime and recognize the criminal
Prodiscover forensics tool:
The ProDiscover is a tool of computer security that enables the professionals of law
enforcement to discover all the data on the computer disk while safeguarding the evidence and
developing quality reports to be presented to the court of law. The ProDiscover is a system of disk
forensics that offers a host of functionalities in order to capture and evaluate disks. The product
supports a variety of Mac, Linux and Windows files. The tools make sure that both capturing and
evaluation procedures are by applying methods those are forensically sound. The resulting reports meet
the quality requirements. The tool is integrated with search engine, sequence of embedded viewers and
methods of hash comparison. Forensic image creation:
Digital Clues:
The digital forensics is referred to as the procedure of preserving, recognizing, obtaining and
documentation of computer evidence that can be utilized by the court of law. It is a science of
discovering evidences from the media those are digital such as mobile phone, computer, server and
many more. It offers the team of forensic with best tools and techniques in order to resolve complex
cases related to digital [1]. The digital forensics assists the team of forensic s to evaluate, inspect,
recognize and then preserve the digital evidence stored on different types of electronic devices. The
procedure of digital forensics consists of identification, preservation, evaluation, documentation and
preservation. There are various types of digital forensics that consists of, disk forensics, network
forensics, database forensics, wireless forensics and many more. The main aim of digital forensics is to:
It assists in order to recover, evaluate and then preserve the digital materials in a manner such
that it assists the agency of investigation
It assists to postulate the motive that is behind the crime and recognize the criminal
Prodiscover forensics tool:
The ProDiscover is a tool of computer security that enables the professionals of law
enforcement to discover all the data on the computer disk while safeguarding the evidence and
developing quality reports to be presented to the court of law. The ProDiscover is a system of disk
forensics that offers a host of functionalities in order to capture and evaluate disks. The product
supports a variety of Mac, Linux and Windows files. The tools make sure that both capturing and
evaluation procedures are by applying methods those are forensically sound. The resulting reports meet
the quality requirements. The tool is integrated with search engine, sequence of embedded viewers and
methods of hash comparison. Forensic image creation:
Running head: MN624
Files in the drive:
excel file has been deleted:
Launching Prodiscover:
Files in the drive:
excel file has been deleted:
Launching Prodiscover:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: MN624
Creating disk image:
Creating disk image:
Running head: MN624
Capturing image:
File created:
Capturing image:
File created:
Running head: MN624
Hex analysis:
Image information:
Hex analysis:
Image information:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: MN624
Data acquisition in digital forensics:
The acquisition of data is procedure of creation of a picture of forensics from the digital media
such as thumb drive, hard drive, removable hard disk and many more, which stores the electronic data
consisting of consoles of gaming and various other devices. The illustration of forensic is done utilizing
particular hardware that stops any data from being written to the media of source so that it stays intact
[3]. The picture of forensic not the unique media is utilized by the investigators in order to perform the
evaluation. The procedure of acquisition of data consists of copying all the serial numbers and various
other markings utilizing a camera. The picture of forensic is then authorized against the original to make
sure the picture of forensic image is an accurate copy of the media that is original. There are four
techniques of acquiring data. It includes disk-to- image file, disk-to-image copy, logical disk-to-disk file
and sparse copy of data. The acquisition of data should be validated with built-in tools such as an editor
that is hexadecimal with MD5 or SHA-1 functions of hashing.
Data preservation methods:
Collection is the gathering of data and copy of information that is stored for the aim of
preserving the evidence that is digital that remains intact when the digital forensic is executed. There
are three methods of digital preservation. It includes imaging of drive and hash values
Data acquisition in digital forensics:
The acquisition of data is procedure of creation of a picture of forensics from the digital media
such as thumb drive, hard drive, removable hard disk and many more, which stores the electronic data
consisting of consoles of gaming and various other devices. The illustration of forensic is done utilizing
particular hardware that stops any data from being written to the media of source so that it stays intact
[3]. The picture of forensic not the unique media is utilized by the investigators in order to perform the
evaluation. The procedure of acquisition of data consists of copying all the serial numbers and various
other markings utilizing a camera. The picture of forensic is then authorized against the original to make
sure the picture of forensic image is an accurate copy of the media that is original. There are four
techniques of acquiring data. It includes disk-to- image file, disk-to-image copy, logical disk-to-disk file
and sparse copy of data. The acquisition of data should be validated with built-in tools such as an editor
that is hexadecimal with MD5 or SHA-1 functions of hashing.
Data preservation methods:
Collection is the gathering of data and copy of information that is stored for the aim of
preserving the evidence that is digital that remains intact when the digital forensic is executed. There
are three methods of digital preservation. It includes imaging of drive and hash values
Running head: MN624
Imaging of drive: before the examiners start examining the evidences from a source, they require
imaging it first; the imaging of a drive is a procedure of forensic in which an investigator develops copy
of a drive. This image of forensic of all the digital media assists to retain the evidence for the
investigation. When analyzing the image, the examiners must keep in mind that they can find important
data from wiped drives [4].
Hash values: When an examiner images a machine for examination, the procedure develops
cryptographic values of hash. The main aim of the values of hash is to verify the integrity and
authenticity of the image as an accurate copy of the original media.
Data acquisition methods for digital forensics:
There are two types of data acquisition methods. The data acquisition methods include live acquisition
and offline acquisition [2].
Live acquisition using Bootable CD: For better investigation, the developers have developed various
tools of digital forensics. With the increasing utilization of mobile phones and data that is digital, the
digital forensics has become essential. The cyber crimes are maximizing day by day. Therefore, the
developers are trying to initiate influential version of various tools. DD command is utilized in live data
acquisition when utilizing the live CD that is bootable. The objective of this is to make a duplicate of any
of the files, drive or partition. The files can be easily stored in the hard disk or any other media storage.
A picture has a benefit to be mechanically installed on the system of acquisition. DD file can be broken
down in small bits onto the media of storage.
Offline acquisition: the acquisition of dead system can generate various information they cannot get. In
order to develop an image of forensic of a whole disk, the procedure of imaging should not modify the
data that is present on the disk and all the data, unallocated space and metadata can be incorporated.
Imaging of drive: before the examiners start examining the evidences from a source, they require
imaging it first; the imaging of a drive is a procedure of forensic in which an investigator develops copy
of a drive. This image of forensic of all the digital media assists to retain the evidence for the
investigation. When analyzing the image, the examiners must keep in mind that they can find important
data from wiped drives [4].
Hash values: When an examiner images a machine for examination, the procedure develops
cryptographic values of hash. The main aim of the values of hash is to verify the integrity and
authenticity of the image as an accurate copy of the original media.
Data acquisition methods for digital forensics:
There are two types of data acquisition methods. The data acquisition methods include live acquisition
and offline acquisition [2].
Live acquisition using Bootable CD: For better investigation, the developers have developed various
tools of digital forensics. With the increasing utilization of mobile phones and data that is digital, the
digital forensics has become essential. The cyber crimes are maximizing day by day. Therefore, the
developers are trying to initiate influential version of various tools. DD command is utilized in live data
acquisition when utilizing the live CD that is bootable. The objective of this is to make a duplicate of any
of the files, drive or partition. The files can be easily stored in the hard disk or any other media storage.
A picture has a benefit to be mechanically installed on the system of acquisition. DD file can be broken
down in small bits onto the media of storage.
Offline acquisition: the acquisition of dead system can generate various information they cannot get. In
order to develop an image of forensic of a whole disk, the procedure of imaging should not modify the
data that is present on the disk and all the data, unallocated space and metadata can be incorporated.
Running head: MN624
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: MN624
References:
[1]E. Casey, "Maturation of digital forensics", Digital Investigation, vol. 29, pp. A1-A2, 2019. Available:
10.1016/j.diin.2019.05.002.
[2]F. Sharevski, "Rules of professional responsibility in digital forensics: A comparative analysis", Journal
of Digital Forensics, Security and Law, 2015. Available: 10.15394/jdfsl.2015.1201.
[3]S. Larson, "The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics", Journal
of Digital Forensics, Security and Law, 2014. Available: 10.15394/jdfsl.2014.1165.
[4]J. Stüttgen, S. Vömel and M. Denzel, "Acquisition and analysis of compromised firmware using
memory forensics", Digital Investigation, vol. 12, pp. S50-S60, 2015. Available:
10.1016/j.diin.2015.01.010.
References:
[1]E. Casey, "Maturation of digital forensics", Digital Investigation, vol. 29, pp. A1-A2, 2019. Available:
10.1016/j.diin.2019.05.002.
[2]F. Sharevski, "Rules of professional responsibility in digital forensics: A comparative analysis", Journal
of Digital Forensics, Security and Law, 2015. Available: 10.15394/jdfsl.2015.1201.
[3]S. Larson, "The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics", Journal
of Digital Forensics, Security and Law, 2014. Available: 10.15394/jdfsl.2014.1165.
[4]J. Stüttgen, S. Vömel and M. Denzel, "Acquisition and analysis of compromised firmware using
memory forensics", Digital Investigation, vol. 12, pp. S50-S60, 2015. Available:
10.1016/j.diin.2015.01.010.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.