Computer Forensics Investigation Report: A Case Study

Verified

Added on 2025/05/01

AI Summary

Desklib provides solved assignments and past papers to help students succeed.

Computer Forensics

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Introduction......................................................................................................................................3
Explain the principles of digital forensics and their application within the legislative structures
and the global context of cyber security......................................................................................2
Apply digital forensic methodologies to crime investigation in accordance with UK law and
UK police investigation principles regarding digital evidence....................................................4
Evaluate the legal, ethical and professional issues involved in digital forensic investigation....7
Deploy advanced technical writing skills to document digital evidence and accurately report
on the findings of a forensic investigation...................................................................................9
Conclusion.....................................................................................................................................11
References......................................................................................................................................12

LIST OF FIGURES
Figure 1: Overview of the process of digital forensic system.........................................................7
Figure 2: Identification mythology..................................................................................................8
Figure 3: The analysis methodology................................................................................................9

Introduction
Computer forensic is the systematic approach in which the experts and technician skilled person
uses their scientific and professional knowledge to collect evidence, analyse and report to present
it in the court. In the present case, the dead body of Joshua Zarkan’s girlfriend found in his
apartment that was immediately reported by him. A USB drive was seized by law enforcement
officer as evidence at the crime scene to analyse it. The report has discussed the principles
required to be used in the consumer forensics to conduct the investigation for the present case
and document it.
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Explain the principles of digital forensics and their application within the legislative structures
and the global context of cyber security.
Forensic refers to the process of utilising scientific knowledge to collect, analyse, interpret and
present the evidence in the court. The latest evidence, like, fingerprints on an object, files in hard
drives, etc. are effectively recovered and analysed with the help of the forensic process.
Computer forensics is a new standardised discipline that combines the components of both
computer science and law to collect, and interpret the data with the help of a computer, network,
storage devices, and wireless communication in such a way that make evidence admissible in the
court of law (Maras, 2015).
Hence, the following are some of the principles that skilled technical officer will consider while
collecting and analysing USB drive acquired from the crime scene:
 On the collected evidence, no action regarding data change can be taken by the law
enforcement officers or agencies on the collected evidence from the crime scene as it will
be presented in the court without any alterations (Casey, 2011)
 When it is essential to access original data from the USB drive, then the person accessing
it must be competent to do so. In addition, he must be able to explain the reason and
implication of his actions
 It is essential to create or develop an audit trail, evidence and process related records. The
records must be created in such a way that independent another agency or party can
examine the records and processes to get the same outcome. For example, in the present
case, the technician has created an image of a USB drive with FTK Imager and named it
C1Prj01.E01.
 The overall responsibility of investigation lies on the person in charge of the investigation
to ensure that all the principles and laws are complied with.
Application
2

Computer forensics can be utilised for both private examination, and criminal laws. In terms of
criminal laws, a confirmation is given to gather latent evidence from the crime scene under the
watchful eye of the courts. The collected proof is now referred to knowledge gathering and
therefore, can be utilised for various legal and regulatory procedures at the national and
international level (da Cruz Nassif, and Hruschka, 2013).
There are various forensic tools are developed that help investigators to get the data from seized
electronic devices, and make copies of it for its usage in different testing purposes. However,
such copies must be accurate and do not impact the original integrity of the hardware. Computer
forensics is also useful in identifying the severity of network attack and the data breach that
enables the investigator to access the hackers easily (Fernandez et al., 2005). It is also helpful in
securing the private servers from hackers attack. With the help of forensics, critical information
about the quarantine suspicious activities, preferred hacker methods, etc. can be identified, and
accordingly, responsive tools can be designed to protect the data.
3

Apply digital forensic methodologies to crime investigation in accordance with UK law and UK
police investigation principles regarding digital evidence.
The tools and methods in Computer forensics are based on verified scientific concepts, but it
involves components of judgement, ability, and interpretation to analyse the proof effectively.
Figure 1: Overview of the process of digital forensic system
Digital forensic methodology
Preparation/Extraction: The first method focuses on getting authorisation to proceed with the
investigation. After authorisation, the forensic examiner is responsible for deciding the process
required to be completed at different stages of investigation and must communicate to its team. It
is essential to carry out investigations clearly to detect the associated fraud with the help of
current advanced methods of technology. Validation of hardware and software is also essential to
make copies of evidence and to ensure its original integrity is maintained. An image of evidence
is created of bit-for-bit copy from the original data. A working copy is essential to proceed with
the investigation and to guard the original copy (Carroll et al., 2008).
The investigator has to find and analyse significant data relevant to the case of a suspicious
death, and therefore, it is essential to validate the techniques and tools relevant to it. Different
techniques are used in different circumstances, like, random number generation, histogram,
descriptive statistics, etc. For example, in the present case, Autopsy software is used by the
investigator and technician, which is used as a graphical interface tool to recover and analyse the
data from a USB drive.
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Identification: The identification process is repeated again and again on the extracted data list.
The item that is relevant to the forensic investigation must be documented, and the items that are
not relevant must be marked processed, and the investigator moves on to further investigation. In
addition to the USB drive, there is other evidence too that investigator can identify, for example,
contents in the e-mail accounts of the Joshua Zarkan’s girlfriend, the computer system at the
prime location, etc (Computer forensic methodology, 2019). After completion of the processing
on the extracted data list, the examiner has to move the case forward to analyse it.
Figure 2: Identification mythology
Analysis: In this phase, examiner identifies the answers of what, when, who, how, and where.
The examiner has to explain for each item, when it was developed, received, sent, accessed,
altered and launched. A final “Analysis result list” is prepared which contains the information
5

relevant to the forensic crime scene. Even at this stage, the examiner can explore new leads for
the case with the understanding of document findings (Perumal et al., 2015).
Figure 3: The analysis methodology
After conducting the investigation process, the data collected is summarised, and the relevant
conclusion is provided. The investigator has to interpret the entire process of data collection and
analysis so that a wrong conclusion can be avoided and can be used for future references.
6

Evaluate the legal, ethical and professional issues involved in digital forensic investigation.
The examiners in digital forensics are generally confronted with ethical dilemmas as they have
privileged access to various data and information system that they can use to make millions of
dollars. Hence, there are various legal, ethical and professional issues in the computer forensics
that hinder the process of criminal and other investigation. The privacy of stakeholder is not kept
confidential as the relevant sensitive data are directly or indirectly transferred from one system to
another to analyse and interpret the data relevant to the forensic investigation (Broucek and
Turner, 2013). This creates legal issues as such data has a high potential for unauthorised access
and misuse by third parties.
Information system in computer forensic is considered as the vital element for making reliable
decisions. However, there is a technical issue in relation to the accuracy of the outcome, as it
largely depends upon the efficiency of the information system and intelligence of the developer.
There are various runtime and development bugs that cannot be avoided, and hence it leads to
the outcome compromised with the accuracy and integrity. In addition, there are various forensic
investigation tools available that support to exploit, misuse and alter the evidence data. Hence, it
becomes difficult for users to identify the appropriate tool to conduct a forensic investigation.
The methodology and functions of computer forensic system are straightforward and unique.
However, certain computer experts take advantage of their knowledge and extend the modules of
the system to grant permission for using the data for personal use (Losavio et al., 2015). This
creates the legal liability on such experts as they are discrediting the evidence they have gathered
from the crime scene and indulging in anti-forensic moves. The non-standardization process in
computer forensic is also a major issue. For example, users of a computer forensic system
depend on creativity and experience in developing the procedure for resolving complex tasks
while typical users clearly prescribe the procedures to be carried out for the investigation. Hence,
it becomes ambiguous as which approach of the forensic system is effective for what type of
investigation.
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Legislative and legal frameworks are put in place to ensure that all the obligations of the
investigation are carried out effectively and ethical aspects are considered. However, the
complex and dynamic nature of computer forensics makes legal intervention not much effective.
8

Deploy advanced technical writing skills to document digital evidence and accurately report on
the findings of a forensic investigation.
In computer forensics, law enforcement authority answers the two questions in relation to how
evidence will be collected and how proper documentation will be made so that it can be
effectively presented in the court under the present criminal case. During the entire course of the
investigation, it is essential to record the documents at five levels, as are:
General Case Documentation
This documentation process begins as soon as the investigation proceeds. The investigator is
required to ensure that the evidence must be discoverable. It implies that opposing counsel has
the right to investigate, examine and analyse the data during the course of forensic investigation.
In the present case, the investigator has to present the copies of evidence collected to the
opposition so that better and informed judgement can be made (Dick Warrington, 2011).
Procedural Documentation
In this level of documentation, the examiner has to explain each and every step taken under the
investigation, in relation to specific tools taken for different tasks, the entire procedural steps
followed, and a summary of the outcome. For example, the entire procedure of using Autopsy for
windows to extract the data from a USB drive is required to be reported in the documents.
Process documentation
It includes the documentation relating to user manuals, readme files, logs showing upgrades,
installation manuals, online updates to manuals by vendors.. etc. this document is not necessarily
to be provided with every investigation report, however it is provided when the opposing counsel
in the court demanded it (Michael W. Graves, 2013).
Building the timeline
Every forensic investigation involves network activity that is required to be arranged in
chronological order of events so that a better understanding of the investigation can be made. For
example, the comprehensive report on the investigation events helps the investigator in
9