logo

Electronic and Digital Forensic: Study Material with Solved Assignments

Question 1: Definition of forensic copy, compression algorithm used by popular archiving tools, definition of search warrant, definition of chain of custody, advantage of using tape backup system for forensic acquisitions. Question 2: Three rules for a forensic hash, two key concerns when acquiring data from a RAID server, differences between computer forensics and data recovery. Question 3: Components of a disk drive and their relationship. Question 4: Key items for a forensics investigator in email investigations. Part B: Various questions related to case reports, evidence custody forms, proprietary format acquisition files, encryption algorithms, initial-response field kit, FAT database, extraction function, identifying unknown graphics file format, components of a search warrant. Part C: Scenario-based questions on evidence acquisition techniques, integrity of digital images, rootkits vs collection of data, corporate investigation, data compression techniques, actions for files that cannot be opened, questions to ask in computer crime response, file timestamps as evidence, emails stored on local server vs cloud server.

13 Pages3903 Words74 Views
   

Added on  2023-06-03

About This Document

This study material covers various topics related to electronic and digital forensic, including forensic copy, search warrant, chain of custody, and more. It also includes solved assignments, essays, and dissertations. The material is suitable for students studying electronic and digital forensic.

Electronic and Digital Forensic: Study Material with Solved Assignments

Question 1: Definition of forensic copy, compression algorithm used by popular archiving tools, definition of search warrant, definition of chain of custody, advantage of using tape backup system for forensic acquisitions. Question 2: Three rules for a forensic hash, two key concerns when acquiring data from a RAID server, differences between computer forensics and data recovery. Question 3: Components of a disk drive and their relationship. Question 4: Key items for a forensics investigator in email investigations. Part B: Various questions related to case reports, evidence custody forms, proprietary format acquisition files, encryption algorithms, initial-response field kit, FAT database, extraction function, identifying unknown graphics file format, components of a search warrant. Part C: Scenario-based questions on evidence acquisition techniques, integrity of digital images, rootkits vs collection of data, corporate investigation, data compression techniques, actions for files that cannot be opened, questions to ask in computer crime response, file timestamps as evidence, emails stored on local server vs cloud server.

   Added on 2023-06-03

ShareRelated Documents
Electronic and digital forensic
Student’s Name
Institutional affiliation
Course
Date
Electronic and Digital Forensic: Study Material with Solved Assignments_1
QUESTION 1 5 MARKS
a) What is a forensic copy?
In the field of forensic, forensic copy is a bit by bit direct image of a physical storage device. The
forensic image includes files; the files include located and unallocated, slack and free space.
b) Favorite archiving tools, such as PKZip, WinZip, and WinRAR, use an algorithm to
compress files. What type of compression do they use?
The type of compression that remains deployed by this tool is file compression. Technically, file
compression remains performed using the lossless concept of algorithm. This means that there is
no information is lost during compression process and thus, the information compressed can stay
regained to its original state (Sammons 2015).
c) What is a search warrant?
In the discipline of electronic and digital forensic, the search is a concept that is used to refer to
the legal document that allows a police officer or any other relevant officer to enter and perform
searching in a particular premise that the legal document permits him/her.
d) What is “chain of custody”?
Chain custody is ideology when the information remains collected from the place where a crime
happened, and the information is used to create the CoC revealing the location and the condition
of the offense. Chain of custody is vital because it can be used during the court trial against the
criminal.
e) What is an advantage of using a tape backup system for forensic acquisitions of large
datasets?
The sole benefit of tape endorsement system is that it is scalable an ideology that stays not
exploited by the tape driver. Therefore, it is capable of storing more data as compared to the tape
drive, which is scalability infinitely. Additionally, it lowers cost, as there is no need to add disk
arrays, which is expensive (Sammons 2015).
QUESTION 2 6 MARKS
a) Give three rules or desirable conditions required for a forensic hash.
(Two Marks)
The first rule is that if the forensic hash file get altered the has value get changed too
Hashing tends to use the algorithm to convert the evidence file to the hash value
The forensic hash cannot be predicted
Electronic and Digital Forensic: Study Material with Solved Assignments_2
b) What are two key concerns when acquiring data from a RAID server?
(2 Marks)
The type of form of RAID
The total amount of data storage that is required
c) What are the differences between computer forensics and data recovery?
(2 Marks)
Computer forensics tends to deal with one or more system that may sometime it may be fluid in
the context of the demand and request. In another computer forensic happens to deal with
missing data and need to be defensible while data recovery sells with one hard disk drive.
PART B 24 MARKS
Question 3 8 Marks
A disk drive is a conventional storage device found in computer systems.
(a) Describe the following components of a disk drive briefly:
(i) Geometry,
The geometry of a disk is the organization of data on the platters that are composed within the
hard disk. It is responsible for deciding where and how data/information is stored on the surface
of the shelves. Therefore, the device is responsible for maximizing the storage capacity of the
hard disk (Sammons 2015).
(ii) Head,
Head is s device that is located on the arm of the hard disk, and it is responsible for reading and
writing the information that is the data from the hard drive. Ideally, the hard drivers usually have
one read and write the header on each platter.
(iii) Tracks,
This is the circular part on the surface of the hard disk where information is magnetically
recorded, and it is usually from this recorded information is interpreted.
(iv) Sector. (4 Marks)
The industry is the subdivision of the track on the magnetic disk. It is used to store accessible
user information that is always fixed to a certain number. In that point of view, the sector is the
smallest storage unit of the hard disk.
Electronic and Digital Forensic: Study Material with Solved Assignments_3
(b) Draw a simple diagram to illustrate the relationship between these parts.
(4 Marks)
Question 4 8 Marks
Emails have often been used in committing crimes.
(a) Give 4 (four) essential items that a forensic investigator needs to obtain or access
when investigating email abuse. (4 Marks)
Mail inbox
Sent messages
Mail header
Messages received
(b) Give 4 (four) pieces of important information that may be found in an email
header. (4 Marks)
Question 5 8 Marks
Computer forensics investigators need to maintain the highest level of ethical and
professional conduct
(a) What are the basic guidelines when working on an attorney-client privilege case? Give 3
(three) important recommendations. (3 Marks)
Electronic and Digital Forensic: Study Material with Solved Assignments_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Lonewolf Execute Summary
|4
|1786
|449