Digital Forensic Fundamentals: Roles, Responsibilities, Hardware and Software
VerifiedAdded on 2023/05/26
|20
|3723
|154
AI Summary
This article discusses the fundamentals of digital forensics, including roles and responsibilities of digital forensic professionals, hardware and software used in the field, and the importance of lab security and facility management. It also explores different models and SOPs used for investigating digital evidence.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: DIGITAL FORENSIC FUNDAMENTALS
DIGITAL FORENSIC FUNDAMENTALS
Name of the Student
Name of the University
Authors note
DIGITAL FORENSIC FUNDAMENTALS
Name of the Student
Name of the University
Authors note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1DIGITAL FORENSIC FUNDAMENTALS
Table of Contents
Introduction................................................................................................................................2
Business Case.............................................................................................................................2
Potential customers and recent cybercrimes..............................................................3
Computer Forensic Workstation................................................................................................3
Roles, responsibilities................................................................................................3
Hardware....................................................................................................................3
Software.....................................................................................................................5
Accreditation and License requirements....................................................................7
Lab security................................................................................................................8
Facility Management..................................................................................................9
SOP............................................................................................................................9
Conclusion................................................................................................................................13
Table of Contents
Introduction................................................................................................................................2
Business Case.............................................................................................................................2
Potential customers and recent cybercrimes..............................................................3
Computer Forensic Workstation................................................................................................3
Roles, responsibilities................................................................................................3
Hardware....................................................................................................................3
Software.....................................................................................................................5
Accreditation and License requirements....................................................................7
Lab security................................................................................................................8
Facility Management..................................................................................................9
SOP............................................................................................................................9
Conclusion................................................................................................................................13
2DIGITAL FORENSIC FUNDAMENTALS
Part A
Introduction
Digital forensics emerged in response to rise of the digital or cybercrimes that are
committed using the of different information systems/computer systems either as instrument
used for the crime an or a victim/target for the committed crime. Digital Forensic
professionals are mainly responsible for solve the cases in which an intruder or suspect has
committed a digital crime while exploring the attacker or culprit legally using the different
standard methodologies.
Digital evidence such as hard drives, other storage devices, internet footprints has a
prominent importance in the whole scenario. Since all the investigative are conducted on the
collected evidence. This kind of evidence might be tampered in different manners which
leads to the failure of whole investigation. As the digital evidence are mainly in the form of
binary data thus it can be created, communicated as well as manipulated from or to any
device for the sake of investigation. In this mean time being a fragile in nature element
(digitally acquired evidence) thus can be easily damaged, destroyed as well as altered in case
of the communication channel is eavesdropped and is available to any attacker or suspect.
Business Case
Different information frameworks are attacked/reached by utilizing different digital
devices and systems in order to commit the crimes as well as hide their digital identity or foot
prints, making new challenges for the investigators. Malicious applications or codes that are
used to exploit the other system vulnerabilities additionally acts as obstacles to the digital
forensic investigators.
Part A
Introduction
Digital forensics emerged in response to rise of the digital or cybercrimes that are
committed using the of different information systems/computer systems either as instrument
used for the crime an or a victim/target for the committed crime. Digital Forensic
professionals are mainly responsible for solve the cases in which an intruder or suspect has
committed a digital crime while exploring the attacker or culprit legally using the different
standard methodologies.
Digital evidence such as hard drives, other storage devices, internet footprints has a
prominent importance in the whole scenario. Since all the investigative are conducted on the
collected evidence. This kind of evidence might be tampered in different manners which
leads to the failure of whole investigation. As the digital evidence are mainly in the form of
binary data thus it can be created, communicated as well as manipulated from or to any
device for the sake of investigation. In this mean time being a fragile in nature element
(digitally acquired evidence) thus can be easily damaged, destroyed as well as altered in case
of the communication channel is eavesdropped and is available to any attacker or suspect.
Business Case
Different information frameworks are attacked/reached by utilizing different digital
devices and systems in order to commit the crimes as well as hide their digital identity or foot
prints, making new challenges for the investigators. Malicious applications or codes that are
used to exploit the other system vulnerabilities additionally acts as obstacles to the digital
forensic investigators.
3DIGITAL FORENSIC FUNDAMENTALS
Since the devices such as PCs and systems are utilized by individuals, organization or
investigators, pernicious projects and practices that may taint the integrity of the evidences
can prompt to the loss of the acquired data.
Recent cybercrimes
Spamming is about sending spontaneous messages to numerous clients at once,
potentially up to thousands, with the typical expectation of promoting items to potential
clients. Spamming can additionally be utilized as a type of disturbance by singling out an
email address and sending the proprietor of that address several messages for each second.
Spamming is normally arbitrary and untargeted yet it tends to be directed to either a gathering
of individuals, for instance, ads that provide food for a specific gathering of individuals.
Virus and malwares
Virus is a program that defiles executable records. The executable record capacities
are adjusted once tainted by an infection. The progressions can happen in numerous
structures, for example, the way toward showing undesirable message or the way toward
erasing documents haphazardly without the client's endorsement. However, these undesired
moves possibly make put when the executable document is run. Some infections are
innocuous and engaging to their beneficiaries while the dominant part cause real harm to the
vault, documents, or even equipment. Conversely, worms are programs that duplicate
themselves. The contrast between an infection and a worm is that an infection is never
duplicates itself; it is replicated just when the executable document is run
Since the devices such as PCs and systems are utilized by individuals, organization or
investigators, pernicious projects and practices that may taint the integrity of the evidences
can prompt to the loss of the acquired data.
Recent cybercrimes
Spamming is about sending spontaneous messages to numerous clients at once,
potentially up to thousands, with the typical expectation of promoting items to potential
clients. Spamming can additionally be utilized as a type of disturbance by singling out an
email address and sending the proprietor of that address several messages for each second.
Spamming is normally arbitrary and untargeted yet it tends to be directed to either a gathering
of individuals, for instance, ads that provide food for a specific gathering of individuals.
Virus and malwares
Virus is a program that defiles executable records. The executable record capacities
are adjusted once tainted by an infection. The progressions can happen in numerous
structures, for example, the way toward showing undesirable message or the way toward
erasing documents haphazardly without the client's endorsement. However, these undesired
moves possibly make put when the executable document is run. Some infections are
innocuous and engaging to their beneficiaries while the dominant part cause real harm to the
vault, documents, or even equipment. Conversely, worms are programs that duplicate
themselves. The contrast between an infection and a worm is that an infection is never
duplicates itself; it is replicated just when the executable document is run
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4DIGITAL FORENSIC FUNDAMENTALS
Computer Forensic Workstation
Roles, responsibilities
In case of the Digital forensic the data security part of law authorization and is firmly
identified with legal science and criminal equity work; accordingly, most PC measurable
experts work for law requirement organizations. The job of the examiner is to recuperate
information like records, photographs and messages from PC hard drives and other
information database devices, for example, zip and blaze drives, that have been erased,
harmed or generally controlled. Experts regularly take a shot at cases including offenses
carried out on the Internet and look at PCs that may have been associated with different sorts
of wrongdoing so as to discover proof of illicit action.
Hardware
Computerized legal sciences workstations can be bought as total, turnkey
extraordinary reason units from sellers or custom worked from individual parts.
Extraordinary reason units for example, the Forensic Recovery of Evidence Device (FRED)
from Digital Intelligence, TForensics are accessible in numerous setups and range in cost
from around three thousand as far as possible up to sixteen thousand dollars and above. These
turnkey arrangements have the two points of interest and hindrances when constructing a
criminology lab for understudy use. They are for the most part total units that touch base with
a working framework and in addition many varying information/yield (I/O) associations with
suit different kinds of media that are experienced in the field. They will accompany a maker's
guarantee, screens and are the sort of workstation that an analyst will be presented to in most,
if not all, cutting edge working labs. Utilizing a reason fabricated workstation opens the
understudy to the sort of gadget they are well on the way to experience in the genuine
working world. The clear hindrance is obviously cost.
Computer Forensic Workstation
Roles, responsibilities
In case of the Digital forensic the data security part of law authorization and is firmly
identified with legal science and criminal equity work; accordingly, most PC measurable
experts work for law requirement organizations. The job of the examiner is to recuperate
information like records, photographs and messages from PC hard drives and other
information database devices, for example, zip and blaze drives, that have been erased,
harmed or generally controlled. Experts regularly take a shot at cases including offenses
carried out on the Internet and look at PCs that may have been associated with different sorts
of wrongdoing so as to discover proof of illicit action.
Hardware
Computerized legal sciences workstations can be bought as total, turnkey
extraordinary reason units from sellers or custom worked from individual parts.
Extraordinary reason units for example, the Forensic Recovery of Evidence Device (FRED)
from Digital Intelligence, TForensics are accessible in numerous setups and range in cost
from around three thousand as far as possible up to sixteen thousand dollars and above. These
turnkey arrangements have the two points of interest and hindrances when constructing a
criminology lab for understudy use. They are for the most part total units that touch base with
a working framework and in addition many varying information/yield (I/O) associations with
suit different kinds of media that are experienced in the field. They will accompany a maker's
guarantee, screens and are the sort of workstation that an analyst will be presented to in most,
if not all, cutting edge working labs. Utilizing a reason fabricated workstation opens the
understudy to the sort of gadget they are well on the way to experience in the genuine
working world. The clear hindrance is obviously cost.
5DIGITAL FORENSIC FUNDAMENTALS
The standard setup FRED framework costs $5999.00; furnishing an eight workstation
lab with simply this benchmark device cost around $50,000.00. This is exceptionally cost
restrictive to most instructive foundations that will probably decide to manufacture their own
frameworks utilizing singular parts. Building custom frameworks with parts is a significantly
more moderate arrangement and can be designed to meet the picked programming needs and
in addition institutional necessities. Also; a custom fabricated workstation likewise takes into
consideration future equipment overhauls as required because of the measured quality of a
custom manufactured unit.
Working out a lab with custom constructed workstations enables a program to be
begun that is on a littler spending plan that can be overhauled gradually as more assets wind
up accessible. Obtaining the turnkey units requires a expansive, forthright cost that may not
be workable for each establishment. There is additionally instructive esteem not just for the
understudies, yet in addition for the program staff in looking into programming necessities,
sourcing the required parts lastly collecting a total unit and hence a whole lab. A task lab for
understudies can in reality be the procedure of investigating equipment prerequisites and the
real collecting of lab PCs to go about as criminological workstations. Settling on the choice to
equip an understudy lab with custom manufactured workstations takes into account the
development of a reason constructed arrange permit server for the examination software
licences.
Software
The Software Tools utilized in Computer Forensics is more often determined in view
of the kind of examination that is to be completed. In the event that it is an information
recuperation investigation then Data Recovery Tools are utilized, every product devices as its
very own motivation and its very own outcomes. PC crime scene investigation programming
devices would be portrayed into Information Recovery Tools, Testing Tools, RAM Test
The standard setup FRED framework costs $5999.00; furnishing an eight workstation
lab with simply this benchmark device cost around $50,000.00. This is exceptionally cost
restrictive to most instructive foundations that will probably decide to manufacture their own
frameworks utilizing singular parts. Building custom frameworks with parts is a significantly
more moderate arrangement and can be designed to meet the picked programming needs and
in addition institutional necessities. Also; a custom fabricated workstation likewise takes into
consideration future equipment overhauls as required because of the measured quality of a
custom manufactured unit.
Working out a lab with custom constructed workstations enables a program to be
begun that is on a littler spending plan that can be overhauled gradually as more assets wind
up accessible. Obtaining the turnkey units requires a expansive, forthright cost that may not
be workable for each establishment. There is additionally instructive esteem not just for the
understudies, yet in addition for the program staff in looking into programming necessities,
sourcing the required parts lastly collecting a total unit and hence a whole lab. A task lab for
understudies can in reality be the procedure of investigating equipment prerequisites and the
real collecting of lab PCs to go about as criminological workstations. Settling on the choice to
equip an understudy lab with custom manufactured workstations takes into account the
development of a reason constructed arrange permit server for the examination software
licences.
Software
The Software Tools utilized in Computer Forensics is more often determined in view
of the kind of examination that is to be completed. In the event that it is an information
recuperation investigation then Data Recovery Tools are utilized, every product devices as its
very own motivation and its very own outcomes. PC crime scene investigation programming
devices would be portrayed into Information Recovery Tools, Testing Tools, RAM Test
6DIGITAL FORENSIC FUNDAMENTALS
utility, System Speed Test, Hard Disk Tools, Partition Tools, Disk Clone Tools, Recuperation
Tools, System Information Tools, Dos tools and Other Tools. Each Tool as an assortment of
programming's the following is couple of instances of and some depiction on them. The
devices are recorded underneath as per the classification of the activity.
Stealth ™ Suite
The SteaIth Suite is utilized to evaluate movement on a PC hard circle drive without
the client requiring a measurable foundation. This arrangement of instruments helps character
regardless of whether a focused on PC framework was utilized to get to unseemly data. TSK
(The Sleuth Kit)
TSK is open source scientific programming and it can recognize UNIX or Microsoft
working framework documents and parcels. In addition, it enables legal officers to re-
establish records, deliver picture documents and rootkit shrouded records. The TSK's design
can be partitioned into four sections: File framework layer, Data layer, Meta information
layer and User interface layer.
PC Incident Response Suite
These suites of instruments are regularly utilized in corporate and government
examinations and security chance audits. This suite is streamlined for the least cost
measurable stage for DOS and Windows preparing, DOS. A large number of the apparatuses
likewise have variant that can be kept running on a Windows OS. This ought to be one of
your first measurable toolsets. It additionally makes an astounding arrangement of
instruments to cross-approve your discoveries previously you go before the court or the
board.
Data Elimination Suite
utility, System Speed Test, Hard Disk Tools, Partition Tools, Disk Clone Tools, Recuperation
Tools, System Information Tools, Dos tools and Other Tools. Each Tool as an assortment of
programming's the following is couple of instances of and some depiction on them. The
devices are recorded underneath as per the classification of the activity.
Stealth ™ Suite
The SteaIth Suite is utilized to evaluate movement on a PC hard circle drive without
the client requiring a measurable foundation. This arrangement of instruments helps character
regardless of whether a focused on PC framework was utilized to get to unseemly data. TSK
(The Sleuth Kit)
TSK is open source scientific programming and it can recognize UNIX or Microsoft
working framework documents and parcels. In addition, it enables legal officers to re-
establish records, deliver picture documents and rootkit shrouded records. The TSK's design
can be partitioned into four sections: File framework layer, Data layer, Meta information
layer and User interface layer.
PC Incident Response Suite
These suites of instruments are regularly utilized in corporate and government
examinations and security chance audits. This suite is streamlined for the least cost
measurable stage for DOS and Windows preparing, DOS. A large number of the apparatuses
likewise have variant that can be kept running on a Windows OS. This ought to be one of
your first measurable toolsets. It additionally makes an astounding arrangement of
instruments to cross-approve your discoveries previously you go before the court or the
board.
Data Elimination Suite
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7DIGITAL FORENSIC FUNDAMENTALS
This Suite enables the investigators to expel data from a drive also, cross-approve that
the data has been evacuated. This is our most well-known suite of programming devices for
the high affirmation government or professional workplace. This suite of apparatuses has
been tried and affirmed by the US Department of Resistance. It dispenses with grouped
information 'spillage' and checks that the information was appropriately dispensed with.
TextSearch software Suite
TextSearch NT and TextSearch Plus have both been redesigned. TextSearch NT is
utilized to process Windows NT/2000lXP-based PC frameworks from a DOS order line. The
redesigned program gives the equivalent prevalent interface and highlights as TextSearch
Plus however it distinguishes numerous packed and designs records utilizing the document
header signature, giving the specialist a posting of documents that could store data in a
packed or realistic organization. Additionally, incorporated into this suite is HexSearch. This
instrument gives a comparable interface as TextSearch Plus while permitting the client to
look for hexadecimal strings, for example, document headers, nonprinting characters, and
more.
This Suite enables the investigators to expel data from a drive also, cross-approve that
the data has been evacuated. This is our most well-known suite of programming devices for
the high affirmation government or professional workplace. This suite of apparatuses has
been tried and affirmed by the US Department of Resistance. It dispenses with grouped
information 'spillage' and checks that the information was appropriately dispensed with.
TextSearch software Suite
TextSearch NT and TextSearch Plus have both been redesigned. TextSearch NT is
utilized to process Windows NT/2000lXP-based PC frameworks from a DOS order line. The
redesigned program gives the equivalent prevalent interface and highlights as TextSearch
Plus however it distinguishes numerous packed and designs records utilizing the document
header signature, giving the specialist a posting of documents that could store data in a
packed or realistic organization. Additionally, incorporated into this suite is HexSearch. This
instrument gives a comparable interface as TextSearch Plus while permitting the client to
look for hexadecimal strings, for example, document headers, nonprinting characters, and
more.
8DIGITAL FORENSIC FUNDAMENTALS
NTl Secure ToolKit
This product is utilized to anchor sensitive records put away on convenient and PCs.
Since it utilizes NIST tried furthermore, affirmed AES 256 encryption, it fits the bill for
government use with confidential information. This product surpasses business security
prerequisites and it is a lot simpler to utilize than PGP. It incorporates an administration
device so corporate data is not lost to the partnership.
SafeBack 3.0
The business standard for making proof review bit-stream reinforcements of hard
drives has improved with form 3.0
Autopsy Forensic Browser
It is a frontend for the sleuth unit. Attributable to it is graphical interface and it
likewise gives computerized examination apparatuses in TSK. We can without much of a
stretch use it and these apparatuses enable us to explore the record framework and volumes of
a PC. AFB incorporates File and catalogue program, Sector perusing, Inode peruse and
Segment seek.
Accreditation and License requirements
Inside the PC legal order not very many accreditations are accessible than can be
utilized for a criminological processing lab. There are three principle accreditations ordinarily
utilized in the field including the 'American Society for Crime Laboratory.
Chiefs/Laboratory Accreditation Board' (ASCLD/LAB), the National Association of Testing
Authorities (NATA) and ISO 17025 (General Requirements for the Competence of Testing
and Calibration Laboratories). ISO 17025 isn't explicitly a PC criminological research center
accreditation (or even a general measurable lab accreditation) but instead went for any lab
which is associated with testing or alignment. ISO 17025 checks that labs estimation and
NTl Secure ToolKit
This product is utilized to anchor sensitive records put away on convenient and PCs.
Since it utilizes NIST tried furthermore, affirmed AES 256 encryption, it fits the bill for
government use with confidential information. This product surpasses business security
prerequisites and it is a lot simpler to utilize than PGP. It incorporates an administration
device so corporate data is not lost to the partnership.
SafeBack 3.0
The business standard for making proof review bit-stream reinforcements of hard
drives has improved with form 3.0
Autopsy Forensic Browser
It is a frontend for the sleuth unit. Attributable to it is graphical interface and it
likewise gives computerized examination apparatuses in TSK. We can without much of a
stretch use it and these apparatuses enable us to explore the record framework and volumes of
a PC. AFB incorporates File and catalogue program, Sector perusing, Inode peruse and
Segment seek.
Accreditation and License requirements
Inside the PC legal order not very many accreditations are accessible than can be
utilized for a criminological processing lab. There are three principle accreditations ordinarily
utilized in the field including the 'American Society for Crime Laboratory.
Chiefs/Laboratory Accreditation Board' (ASCLD/LAB), the National Association of Testing
Authorities (NATA) and ISO 17025 (General Requirements for the Competence of Testing
and Calibration Laboratories). ISO 17025 isn't explicitly a PC criminological research center
accreditation (or even a general measurable lab accreditation) but instead went for any lab
which is associated with testing or alignment. ISO 17025 checks that labs estimation and
9DIGITAL FORENSIC FUNDAMENTALS
choices are exact, repeatable, convincing and certain, conveyed in an auspicious way and all
suppositions and suggestions depend on an appropriate procedure.
The ASCLD/LAB has two distinctive accreditation programs, ASCLD/LAB-Legacy
also, ASCLD/LAB-International. The ASCLD/LAB-Legacy accreditation was produced in
1982 however did not formally perceive legal processing until July 2003. The ASCLD/LAB-
International accreditation is an expansion of the ISO 17025 standard. The necessities
notwithstanding ISO 17025 are critical parts of the Legacy accreditation not secured under
ISO 17025 (Barbara 2004; American
Society of Crime Laboratory Directors 2006). Starting at 16 September 2006, there
were research centres authorize under one of the two ASCLD/LAB accreditations, 204 under
Legacy and 13 under the International program. Of the 13 ASCLD/LABInternational certify
research facilities, just a single is an advanced proof lab. The NATA is an Australian based
research center accreditation that is like the ASCLD-International accreditation as it is
actualized over ISO 17025. It is recorded just like the most seasoned confirmation of that
type on the planet
Lab security
In order secure the analysis of the digital evidences that requires following security
mechanisms and norms.
Analytical access approach
it is to be guarantee only the approved examiners can access the collected
information
secure sensitive information
controlled/logged get to (anticipate misuse, decrease risk)
IT information maintenance strategy
choices are exact, repeatable, convincing and certain, conveyed in an auspicious way and all
suppositions and suggestions depend on an appropriate procedure.
The ASCLD/LAB has two distinctive accreditation programs, ASCLD/LAB-Legacy
also, ASCLD/LAB-International. The ASCLD/LAB-Legacy accreditation was produced in
1982 however did not formally perceive legal processing until July 2003. The ASCLD/LAB-
International accreditation is an expansion of the ISO 17025 standard. The necessities
notwithstanding ISO 17025 are critical parts of the Legacy accreditation not secured under
ISO 17025 (Barbara 2004; American
Society of Crime Laboratory Directors 2006). Starting at 16 September 2006, there
were research centres authorize under one of the two ASCLD/LAB accreditations, 204 under
Legacy and 13 under the International program. Of the 13 ASCLD/LABInternational certify
research facilities, just a single is an advanced proof lab. The NATA is an Australian based
research center accreditation that is like the ASCLD-International accreditation as it is
actualized over ISO 17025. It is recorded just like the most seasoned confirmation of that
type on the planet
Lab security
In order secure the analysis of the digital evidences that requires following security
mechanisms and norms.
Analytical access approach
it is to be guarantee only the approved examiners can access the collected
information
secure sensitive information
controlled/logged get to (anticipate misuse, decrease risk)
IT information maintenance strategy
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10DIGITAL FORENSIC FUNDAMENTALS
legitimate/administrative prerequisites
IT episode reaction prerequisites
Facility Management
scientific and insightful recuperation necessities
Establishing Forensics assets
a prepared legal sciences group
a legitimately prepared crime scene investigation lab
re-appropriating accomplices, external experts.
SOP
There are multiple models that are used by different organizations or individuals are
utilizing to investigate Digital evidences in the field of digital forensic. Following is
Standard operating procedure or SOP which can be utilized for the mentioned business case.
Following are the stages that needs to followed for any digital investigation process.
Identification
Distinguishing the motivation behind digital forensic investigation.
Identification of the digital resources required in the investigation.
Identification of the main sources of digital evidence.
Identification and determination of the techniques and tools to be used for the
investigation.
Preparation of Evidences stage
The Preparation stage ought to incorporate the following stages:
legitimate/administrative prerequisites
IT episode reaction prerequisites
Facility Management
scientific and insightful recuperation necessities
Establishing Forensics assets
a prepared legal sciences group
a legitimately prepared crime scene investigation lab
re-appropriating accomplices, external experts.
SOP
There are multiple models that are used by different organizations or individuals are
utilizing to investigate Digital evidences in the field of digital forensic. Following is
Standard operating procedure or SOP which can be utilized for the mentioned business case.
Following are the stages that needs to followed for any digital investigation process.
Identification
Distinguishing the motivation behind digital forensic investigation.
Identification of the digital resources required in the investigation.
Identification of the main sources of digital evidence.
Identification and determination of the techniques and tools to be used for the
investigation.
Preparation of Evidences stage
The Preparation stage ought to incorporate the following stages:
11DIGITAL FORENSIC FUNDAMENTALS
All the devices utilized ought to be appropriate for its purpose of use and must
be in a completely operational condition.
Individuals who are accessing and collecting the first digital evidences ought
to be prepared to do as such.
A plan needs to be developed that will direct the investigation process such as
organizing and prioritizing the sources, sets up the sequence in which the
information ought to be procured and decides the measure of exertion
required.
in case of the requirement the warrants and observing approvals as well as
management support whenever required.
Collection
Techniques for securing proof ought to be forensically stable and
unquestionable.
Guarantees no modifications are made to the original acquired data.
Security measures must be followed to take an underlying estimation of each
evidence, as well as a whole accumulation of documents. These calculations
are known as "hash" algorithms.
There are two techniques for the copying the digital evidence collection
procedure:
Preservation of the collected evidence
It must be guaranteed that all digital evidence gathered is legitimately recorded,
named, stamped, shot, video recorded or portrayed, and stocked.
All the devices utilized ought to be appropriate for its purpose of use and must
be in a completely operational condition.
Individuals who are accessing and collecting the first digital evidences ought
to be prepared to do as such.
A plan needs to be developed that will direct the investigation process such as
organizing and prioritizing the sources, sets up the sequence in which the
information ought to be procured and decides the measure of exertion
required.
in case of the requirement the warrants and observing approvals as well as
management support whenever required.
Collection
Techniques for securing proof ought to be forensically stable and
unquestionable.
Guarantees no modifications are made to the original acquired data.
Security measures must be followed to take an underlying estimation of each
evidence, as well as a whole accumulation of documents. These calculations
are known as "hash" algorithms.
There are two techniques for the copying the digital evidence collection
procedure:
Preservation of the collected evidence
It must be guaranteed that all digital evidence gathered is legitimately recorded,
named, stamped, shot, video recorded or portrayed, and stocked.
12DIGITAL FORENSIC FUNDAMENTALS
Guarantee that unique consideration is taken with the computerized confirmations
material amid transportation to stay away from physical harm, vibration and the
impacts of attractive fields, electrical static and extensive variety of temperature and
stickiness.
Guarantee that the evidence is put away in a protected, atmosphere controlled
condition or an area that isn't liable to outrageous temperature or mugginess.
Guarantee that the computerized proof isn't presented to attractive fields, dampness,
dust, vibration, or whatever other components that may harm or pulverize it.
Examination of the Collected Evidence
Analyst should survey documentation given by the requestor to decide the procedures
important to finish the examination.
The system of the examination ought to be settled upon and recorded between the
requestor and inspector.
Just suitable benchmarks, strategies and methods and legitimately assessed
apparatuses ought to be utilized for the legal examination.
All standard measurable and procedural standards must be connected.
Abstain from leading an examination on the first proof media if conceivable.
Examinations ought to be directed on legal duplicates or by means of criminological
picture documents.
All things submitted for legal examination should initially be audited for the honesty.
Analysis
Foundation of the forensics us is utilizing an efficient way to deal with achieve proper
ends dependent on the proof found or discover that no end can yet be drawn. The
Guarantee that unique consideration is taken with the computerized confirmations
material amid transportation to stay away from physical harm, vibration and the
impacts of attractive fields, electrical static and extensive variety of temperature and
stickiness.
Guarantee that the evidence is put away in a protected, atmosphere controlled
condition or an area that isn't liable to outrageous temperature or mugginess.
Guarantee that the computerized proof isn't presented to attractive fields, dampness,
dust, vibration, or whatever other components that may harm or pulverize it.
Examination of the Collected Evidence
Analyst should survey documentation given by the requestor to decide the procedures
important to finish the examination.
The system of the examination ought to be settled upon and recorded between the
requestor and inspector.
Just suitable benchmarks, strategies and methods and legitimately assessed
apparatuses ought to be utilized for the legal examination.
All standard measurable and procedural standards must be connected.
Abstain from leading an examination on the first proof media if conceivable.
Examinations ought to be directed on legal duplicates or by means of criminological
picture documents.
All things submitted for legal examination should initially be audited for the honesty.
Analysis
Foundation of the forensics us is utilizing an efficient way to deal with achieve proper
ends dependent on the proof found or discover that no end can yet be drawn. The
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13DIGITAL FORENSIC FUNDAMENTALS
investigation ought to incorporate distinguishing individuals, spots, things, and occasions,
and deciding how these components are connected with the goal that an end can be come to.
Review
The inspector's office ought to have a composed arrangement to setting up the
conventions for specialized and authoritative audit. All work attempted ought to be exposed
to both specialized and authoritative audit.
Technical Specialized Review: Specialized technical audit ought to incorporate thought of the
legitimacy of all the basic examination discoveries and all the crude information utilized in
readiness of the announcement/report.
It ought to likewise think about whether the ends drawn are defended by the work
done as well as accessible. The survey may incorporate a component of autonomous testing,
if conditions warrant it.
Authoritative Review: Authoritative survey ought to guarantee that the requester's
needs have been legitimately tended to, publication rightness and adherence to strategies.
Documentation of the process and findings
All exercises identifying with gathering, conservation, examination or investigation of
advanced proof must be totally archived.
Documentation ought to incorporate proof dealing with and examination
documentation and in addition managerial documentation. Suitable institutionalized
structures ought to be used to archive.
Documentation ought to be saved by the inspector's organization approach.
Report
investigation ought to incorporate distinguishing individuals, spots, things, and occasions,
and deciding how these components are connected with the goal that an end can be come to.
Review
The inspector's office ought to have a composed arrangement to setting up the
conventions for specialized and authoritative audit. All work attempted ought to be exposed
to both specialized and authoritative audit.
Technical Specialized Review: Specialized technical audit ought to incorporate thought of the
legitimacy of all the basic examination discoveries and all the crude information utilized in
readiness of the announcement/report.
It ought to likewise think about whether the ends drawn are defended by the work
done as well as accessible. The survey may incorporate a component of autonomous testing,
if conditions warrant it.
Authoritative Review: Authoritative survey ought to guarantee that the requester's
needs have been legitimately tended to, publication rightness and adherence to strategies.
Documentation of the process and findings
All exercises identifying with gathering, conservation, examination or investigation of
advanced proof must be totally archived.
Documentation ought to incorporate proof dealing with and examination
documentation and in addition managerial documentation. Suitable institutionalized
structures ought to be used to archive.
Documentation ought to be saved by the inspector's organization approach.
Report
14DIGITAL FORENSIC FUNDAMENTALS
The style and substance of composed reports must meet the necessities of the
criminal equity framework for the nation of purview, for example, General
Principles of Legal Expertise Procedure in the respective law enforcement.
Reports issued by the analyst should address the requestor's needs.
The report is to furnish the customers or the reader of the report with all the
applicable data in an unmistakable succinct, organized and unambiguous way.
Conclusion
Digital crime scene investigation has been characterized as the utilization of
experimentally determined and demonstrated techniques towards the gathering, approval,
recognizable proof, examination, translation and introduction of computerized proof got from
affected systems for the reason of encouraging or promoting the recreation of crime scenario
observed to be criminal or foreseeing the unapproved activities appeared to be troublesome to
planned criminal activities. In this way the, way of attack or invasion by the attacker and
impact can be easily found and the access can be restricted using the preventive measures.
Part B
Assessment components
In order to acquire the assessment components, the following processes can be used
Bit-by-Bit Copy: This procedure, so as to be forensically stable, must utilize compose
blocker equipment or programming to keep any change to the information amid the
examination. When finished, this duplicate might be inspected for proof similarly as though it
were the first.
The style and substance of composed reports must meet the necessities of the
criminal equity framework for the nation of purview, for example, General
Principles of Legal Expertise Procedure in the respective law enforcement.
Reports issued by the analyst should address the requestor's needs.
The report is to furnish the customers or the reader of the report with all the
applicable data in an unmistakable succinct, organized and unambiguous way.
Conclusion
Digital crime scene investigation has been characterized as the utilization of
experimentally determined and demonstrated techniques towards the gathering, approval,
recognizable proof, examination, translation and introduction of computerized proof got from
affected systems for the reason of encouraging or promoting the recreation of crime scenario
observed to be criminal or foreseeing the unapproved activities appeared to be troublesome to
planned criminal activities. In this way the, way of attack or invasion by the attacker and
impact can be easily found and the access can be restricted using the preventive measures.
Part B
Assessment components
In order to acquire the assessment components, the following processes can be used
Bit-by-Bit Copy: This procedure, so as to be forensically stable, must utilize compose
blocker equipment or programming to keep any change to the information amid the
examination. When finished, this duplicate might be inspected for proof similarly as though it
were the first.
15DIGITAL FORENSIC FUNDAMENTALS
Forensic image collection: The analyst utilizes extraordinary programming and
methodology to make the picture record. An image cannot be changed without modifying the
hash calculation. None of the records contained inside the image can be changed without
modifying the hash calculation. Besides, a cross approval test ought to be performed to
guarantee the legitimacy of the process.
Use and experience of forensic tools
In order to find out the different important information from the collected evidence
the following tools are very helpful;
Access data FTK : Use of this tool can be very helpful in acquiring and analysis of the
different types of data formats. In addition to that, it provides Simple Users’ Interface with
numerous functionalities.
In addition to that it helps the analysts by its fast Searching techniques from the
evidence along with that EFS Decryption of the data.
Forensic image collection: The analyst utilizes extraordinary programming and
methodology to make the picture record. An image cannot be changed without modifying the
hash calculation. None of the records contained inside the image can be changed without
modifying the hash calculation. Besides, a cross approval test ought to be performed to
guarantee the legitimacy of the process.
Use and experience of forensic tools
In order to find out the different important information from the collected evidence
the following tools are very helpful;
Access data FTK : Use of this tool can be very helpful in acquiring and analysis of the
different types of data formats. In addition to that, it provides Simple Users’ Interface with
numerous functionalities.
In addition to that it helps the analysts by its fast Searching techniques from the
evidence along with that EFS Decryption of the data.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
16DIGITAL FORENSIC FUNDAMENTALS
In addition to that Reporting of the collected and analysed evidence and Password
Dictionary Creation are some of the prominent features of this tool.
OS Forensic tools
Use of this tool helps in scanning and identification of the suspicious files y using the
technique hash value matching of the file. Moreover, it can also help in comparing binary
data and e-mails, digital drive signature.
Another important tool in digital forensic is ProDiscover basic which is a free tool and
provides the features that includes all the features provided by above mentioned two tools.
In addition to that Reporting of the collected and analysed evidence and Password
Dictionary Creation are some of the prominent features of this tool.
OS Forensic tools
Use of this tool helps in scanning and identification of the suspicious files y using the
technique hash value matching of the file. Moreover, it can also help in comparing binary
data and e-mails, digital drive signature.
Another important tool in digital forensic is ProDiscover basic which is a free tool and
provides the features that includes all the features provided by above mentioned two tools.
17DIGITAL FORENSIC FUNDAMENTALS
Identification and analysis of digital evidence
Use of the tools can be very help in analysing the finding of the different suspects
and their activities against the standard organizational and legal policies. Thus use of those
tools can be used to find out the evidences as shown below;
Identification and analysis of digital evidence
Use of the tools can be very help in analysing the finding of the different suspects
and their activities against the standard organizational and legal policies. Thus use of those
tools can be used to find out the evidences as shown below;
18DIGITAL FORENSIC FUNDAMENTALS
Presentation of the evidence
Report generated from the different tools can be included in the standard reporting
procedure in order provide and convey the results of the analysis of the evidence files.
Presentation of the evidence
Report generated from the different tools can be included in the standard reporting
procedure in order provide and convey the results of the analysis of the evidence files.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
19DIGITAL FORENSIC FUNDAMENTALS
1 out of 20
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.