Current Challenges in Digital Forensics Investigations Analysis
VerifiedAdded on 2020/05/28
|21
|6018
|412
Report
AI Summary
This report delves into the current challenges facing digital forensics investigations, categorizing them into technical, legal, and resource-related issues. It critically evaluates the impact of cybercrimes, such as the use of encryption, steganography, and anti-forensic methods, on the investigative process. The report analyzes the effectiveness of existing digital forensic principles, procedures, techniques, and standards, highlighting the complexities arising from the increasing volume and heterogeneity of data, lack of standardization, and privacy concerns. It discusses challenges like the 'bring your own device' policy, encryption, and the need for sophisticated data analysis techniques. The report also touches upon issues related to first responders, data acquisition, and the evolution of mobile device technologies. Finally, the report provides recommendations aimed at enhancing the success of digital forensic investigations in the modern cyber environment.
Running head: CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
Current Challenges in Digital Forensics Investigations
Name of the Student:
Name of the University:
Author note:
Current Challenges in Digital Forensics Investigations
Name of the Student:
Name of the University:
Author note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
Table of Contents
1. Introduction..................................................................................................................................3
2. Critical evaluation of the impact of cyber crimes to digital forensic investigation.....................3
3. Systematic analysis of the effectiveness of present digital forensic principles, procedures,
techniques and standards.................................................................................................................9
4. Recommendation and conclusion..............................................................................................16
References......................................................................................................................................17
Table of Contents
1. Introduction..................................................................................................................................3
2. Critical evaluation of the impact of cyber crimes to digital forensic investigation.....................3
3. Systematic analysis of the effectiveness of present digital forensic principles, procedures,
techniques and standards.................................................................................................................9
4. Recommendation and conclusion..............................................................................................16
References......................................................................................................................................17
3CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
1. Introduction
Digital forensics is considered as a technique used for identifying computer based crimes.
However, there are several major challenges in digital forensics faced while it is used in
conducting investigations. The challenges involved in digital forensics can be categorized in
three major categories such as technical challenges, legal challenges as well as resource
challenges. On the other hand, the ever increasing prevalence of science and technology results a
corresponding increase in the digital devices, which becomes pertinent to do criminal
investigation. In the present study, the impact of cybercrimes to digital forensic investigation is
critically evaluated. In addition, systematic analysis has been done regarding effectiveness of
current digital forensic principles, processes, techniques and standards involved with digital
forensic investigation. Recommendation is also provided in order to enhance conducting more
successful digital forensic investigation in the modern cyber environment.
2. Critical evaluation of the impact of cybercrimes to digital forensic investigation
Scanlon (2016) stated that the current development of information and communication
technology has brought a massive change in life. The changes are reflected in the areas
associated with cyber space. The positive influence of cyberspace on knowledge, trade as well as
business and communication has any doubt. However, cyberspace deteriorates has a negative
side on peaceful utilization in cybercrime. Any types of illegal activities practiced through
cyberspace and electronic environment is mentioned as cybercrime (Cahyani et al. 2017). It also
presents a real dilemma for the particular identity of criminals hidden in virtual domain. On the
other hand, the concept of digital forensics becomes popular through making an attempt of
formulating the possible method for investigating cybercrimes. Cyber attacks and crimes are
1. Introduction
Digital forensics is considered as a technique used for identifying computer based crimes.
However, there are several major challenges in digital forensics faced while it is used in
conducting investigations. The challenges involved in digital forensics can be categorized in
three major categories such as technical challenges, legal challenges as well as resource
challenges. On the other hand, the ever increasing prevalence of science and technology results a
corresponding increase in the digital devices, which becomes pertinent to do criminal
investigation. In the present study, the impact of cybercrimes to digital forensic investigation is
critically evaluated. In addition, systematic analysis has been done regarding effectiveness of
current digital forensic principles, processes, techniques and standards involved with digital
forensic investigation. Recommendation is also provided in order to enhance conducting more
successful digital forensic investigation in the modern cyber environment.
2. Critical evaluation of the impact of cybercrimes to digital forensic investigation
Scanlon (2016) stated that the current development of information and communication
technology has brought a massive change in life. The changes are reflected in the areas
associated with cyber space. The positive influence of cyberspace on knowledge, trade as well as
business and communication has any doubt. However, cyberspace deteriorates has a negative
side on peaceful utilization in cybercrime. Any types of illegal activities practiced through
cyberspace and electronic environment is mentioned as cybercrime (Cahyani et al. 2017). It also
presents a real dilemma for the particular identity of criminals hidden in virtual domain. On the
other hand, the concept of digital forensics becomes popular through making an attempt of
formulating the possible method for investigating cybercrimes. Cyber attacks and crimes are
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
4CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
considered as major consequences, which balances out the benefits obtained from advancements
in technologies.
Computer forensics makes integration in computer science and law in order to make an
investigation of crime. In addition, digital evidence requires to be legally admissible in the court
where investigators requires following appropriate legal processes at the time of recovering data
from the systems (Ab Rahman et al. 2017). On the other hand, computer forensics is
indispensable in specific conviction of several well-known criminals. It consists of terrorists,
sexual predators as well as murders. In addition, terrorists’ organizations may utilize internet in
order to recruit members as well as sexual predators for social networking sites for stalking
possible victims. On the other hand, most of the criminals fail in covering their tracks at the time
of using technology for implementation of crimes (Khan et al. 2016). However, they realize that
files as well as data of the computer remain on specific hard drive even after deletion. Moreover,
it allows investigators for tracking of criminal activities. Criminals delete incriminating files.
However, it remains as binary format for data remanence.
Pichan, Lazarescu, and Soh (2015) mentioned that the data may be overwritten for
volatile nature of computer memory and used data. Martini and Choo (2014) stated that the
contents can be safely utilized by lawyers as well as detectives for more analysis. Global Position
System software are presently embedded in smart phones as well as satellite navigation systems
that aid prosecutors through tracking whereabouts of suspect.
Digital forensic has some challenges when issue of conduction of investigation comes
into action (Al Fahdi, Clarke and Furnell 2013). In the last few years with advancement of
computer technologies the usage of technology can be defined as bad or good. One of the major
considered as major consequences, which balances out the benefits obtained from advancements
in technologies.
Computer forensics makes integration in computer science and law in order to make an
investigation of crime. In addition, digital evidence requires to be legally admissible in the court
where investigators requires following appropriate legal processes at the time of recovering data
from the systems (Ab Rahman et al. 2017). On the other hand, computer forensics is
indispensable in specific conviction of several well-known criminals. It consists of terrorists,
sexual predators as well as murders. In addition, terrorists’ organizations may utilize internet in
order to recruit members as well as sexual predators for social networking sites for stalking
possible victims. On the other hand, most of the criminals fail in covering their tracks at the time
of using technology for implementation of crimes (Khan et al. 2016). However, they realize that
files as well as data of the computer remain on specific hard drive even after deletion. Moreover,
it allows investigators for tracking of criminal activities. Criminals delete incriminating files.
However, it remains as binary format for data remanence.
Pichan, Lazarescu, and Soh (2015) mentioned that the data may be overwritten for
volatile nature of computer memory and used data. Martini and Choo (2014) stated that the
contents can be safely utilized by lawyers as well as detectives for more analysis. Global Position
System software are presently embedded in smart phones as well as satellite navigation systems
that aid prosecutors through tracking whereabouts of suspect.
Digital forensic has some challenges when issue of conduction of investigation comes
into action (Al Fahdi, Clarke and Furnell 2013). In the last few years with advancement of
computer technologies the usage of technology can be defined as bad or good. One of the major
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
issues encountered by various forensic officer is today’s market is that as soon as technology is
created for identifying and investing a large number of criminals a technology is build which
helps the various kinds of criminals to make themselves untraceable (Aminnezhad,
Dehghantanha and Abdullah 2012). There are large number of anti-forensic methods like
encryption, steganography, conversion channel, hiding of various kinds in storage place, residual
wiping of data, attacking tools, attacks from the sides of investigation, tail obfuscation and
attacking of various kinds of tools.
The age of” bring your own device” companies allow various personal to make use of
personal mobile device for providing mobile device which is used for providing an access to
various kinds of officials which can easily gather for contributing to various challenges during
investigation (Aminnezhad, Dehghantanha and Abdullah 2012). Accessing mail from various
webmail through various devices and can download attachments which can have an issue of theft
confidential information. Some particular or specific information which was downloaded and it
also contains details on certain number of files which are considered to be difficult for tracing in
the present or current environment. Encryption is defined as a method which is used for
scrambling various kinds of information which can be easily decoded by making use of various
kinds of keys. Method of encryption is used for hiding evidence which is used in unreadable
form for evidence on the compromised system.
Resource challenges is generally involving data which might be very large in many cases.
As time is considered to be a limiting factor, it can easily become a challenging issue in the field
or domain of digital forensic. In cases of volatile memory of forensic since data which stored are
overwritten in volatile memory. So the investigation can analyze the various kinds of information
which is stored in the volatile memory which ultimately reduces its value for various kinds of
issues encountered by various forensic officer is today’s market is that as soon as technology is
created for identifying and investing a large number of criminals a technology is build which
helps the various kinds of criminals to make themselves untraceable (Aminnezhad,
Dehghantanha and Abdullah 2012). There are large number of anti-forensic methods like
encryption, steganography, conversion channel, hiding of various kinds in storage place, residual
wiping of data, attacking tools, attacks from the sides of investigation, tail obfuscation and
attacking of various kinds of tools.
The age of” bring your own device” companies allow various personal to make use of
personal mobile device for providing mobile device which is used for providing an access to
various kinds of officials which can easily gather for contributing to various challenges during
investigation (Aminnezhad, Dehghantanha and Abdullah 2012). Accessing mail from various
webmail through various devices and can download attachments which can have an issue of theft
confidential information. Some particular or specific information which was downloaded and it
also contains details on certain number of files which are considered to be difficult for tracing in
the present or current environment. Encryption is defined as a method which is used for
scrambling various kinds of information which can be easily decoded by making use of various
kinds of keys. Method of encryption is used for hiding evidence which is used in unreadable
form for evidence on the compromised system.
Resource challenges is generally involving data which might be very large in many cases.
As time is considered to be a limiting factor, it can easily become a challenging issue in the field
or domain of digital forensic. In cases of volatile memory of forensic since data which stored are
overwritten in volatile memory. So the investigation can analyze the various kinds of information
which is stored in the volatile memory which ultimately reduces its value for various kinds of
6CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
investigation (Aminnezhad, Dehghantanha and Abdullah 2012). When data is collected from a
source which an investigator which checks or make sure of the fact none of the important data is
changed or modified during the whole investigation of the case and also ensures about the fact
that data has be secured for its usage. Sources of data which are easily damaged cannot be used
for any kinds of investigation. A major issue encountered by investigator is to find the source
which is not in usable form.
Privacy is considered as an important factor for an enterprise or various kinds of victims
associated with it. In some of the cases it is seen that it requires computer forensics analyst or
experts for sharing or distributing of data or making adjustment with the privacy for having the
truth (Jang and Kwak 2015). A private organization may have lots of private information which
is generated on a day to day basis. So it is considered to be risky for analyzing the data at the risk
of privacy which is being delivered or revealed.
The degree of enablement in various operating systems for computers has changed for better.
It has now taken into account the requirement of gathering various kinds of background
information for accessing application, usage and other kinds of information at the level of user.
In many cases it is seen that evolution is progressing at a much faster rate on mobile devices but
it is yet to be matured (Damshenas et al. 2012). The accessibility of various applications of data
has various constraints which generally works in the nature of data in which operating system
and various kinds of application are defined properly. For example, changes which are made in
the file can be traced until and unless it is compared with previous version of file or its last
modification with kind of stamp of time. This can be quite challenging for various kinds of
documents which are suspected. Apart from this certain number of logs and application
information are generally gathered by operating system which can be considered to be helpful in
investigation (Aminnezhad, Dehghantanha and Abdullah 2012). When data is collected from a
source which an investigator which checks or make sure of the fact none of the important data is
changed or modified during the whole investigation of the case and also ensures about the fact
that data has be secured for its usage. Sources of data which are easily damaged cannot be used
for any kinds of investigation. A major issue encountered by investigator is to find the source
which is not in usable form.
Privacy is considered as an important factor for an enterprise or various kinds of victims
associated with it. In some of the cases it is seen that it requires computer forensics analyst or
experts for sharing or distributing of data or making adjustment with the privacy for having the
truth (Jang and Kwak 2015). A private organization may have lots of private information which
is generated on a day to day basis. So it is considered to be risky for analyzing the data at the risk
of privacy which is being delivered or revealed.
The degree of enablement in various operating systems for computers has changed for better.
It has now taken into account the requirement of gathering various kinds of background
information for accessing application, usage and other kinds of information at the level of user.
In many cases it is seen that evolution is progressing at a much faster rate on mobile devices but
it is yet to be matured (Damshenas et al. 2012). The accessibility of various applications of data
has various constraints which generally works in the nature of data in which operating system
and various kinds of application are defined properly. For example, changes which are made in
the file can be traced until and unless it is compared with previous version of file or its last
modification with kind of stamp of time. This can be quite challenging for various kinds of
documents which are suspected. Apart from this certain number of logs and application
information are generally gathered by operating system which can be considered to be helpful in
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
7CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
particular investigation. With the increasing number of application with used for mobile chat
which contains features of self-deletion on delivery. The challenges of gathering those data
which contain information become more complex (Grispos, Storer and Glisson 2013).
Encryption is a method which is used in device for protection of data or information which can
be challenging during the gathering of various evidences. For example, for gathering of various
evidences for WhatsApp an individual has to decrypt the devices. This can be bit challenging in
certain number of investigation. Similarly, with the version of android that is 6 it is expected that
it can have encryption at the level of full disk and challenges for recovery of data will increase at
an individual level (Zawoad and Hasan 2013). The computer technologies have been
improvising every day, the mankind is using the digital forensics for good, the technology usage
can be both beneficial as well as destructive for mankind. The cybercriminals can use the
computer technology for their misdeeds. Thus the cybercriminals are threat for anyone, for any
organisation. The cybercriminals carry out their misdeeds with the help of the following means.
The intruders utilize various encryption methodologies to encrypt the data, thus the
investigation department requires a lot of time to decrypt those data, in many cases it happen that
those files cam not be decrypted (Cobb et al. 2015). Steganography is another technique and is
used as the secure layer along with the cryptography. The intruders hide important files in the
file and hide those vital data. The investigators invest a lot of time and effort to get the hidden
data.
A network protocol is utilized and the intruders hide the information over the network,
bypassing intrusion detection procedures. The intruders hack the network protocol along with its
header to leak the messages in between the attackers. The intruders make use of this insecure
covert channel to establish connected with a computer system. In this way they compromise
particular investigation. With the increasing number of application with used for mobile chat
which contains features of self-deletion on delivery. The challenges of gathering those data
which contain information become more complex (Grispos, Storer and Glisson 2013).
Encryption is a method which is used in device for protection of data or information which can
be challenging during the gathering of various evidences. For example, for gathering of various
evidences for WhatsApp an individual has to decrypt the devices. This can be bit challenging in
certain number of investigation. Similarly, with the version of android that is 6 it is expected that
it can have encryption at the level of full disk and challenges for recovery of data will increase at
an individual level (Zawoad and Hasan 2013). The computer technologies have been
improvising every day, the mankind is using the digital forensics for good, the technology usage
can be both beneficial as well as destructive for mankind. The cybercriminals can use the
computer technology for their misdeeds. Thus the cybercriminals are threat for anyone, for any
organisation. The cybercriminals carry out their misdeeds with the help of the following means.
The intruders utilize various encryption methodologies to encrypt the data, thus the
investigation department requires a lot of time to decrypt those data, in many cases it happen that
those files cam not be decrypted (Cobb et al. 2015). Steganography is another technique and is
used as the secure layer along with the cryptography. The intruders hide important files in the
file and hide those vital data. The investigators invest a lot of time and effort to get the hidden
data.
A network protocol is utilized and the intruders hide the information over the network,
bypassing intrusion detection procedures. The intruders hack the network protocol along with its
header to leak the messages in between the attackers. The intruders make use of this insecure
covert channel to establish connected with a computer system. In this way they compromise
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
others’ system. The intruders hide all the important information. All the information generally
remains invisible to the system commands and the programs. The rootkits are basically
developed by the malware designers and they hide that virus within the PCs of the victims.
There are several resources that are helpful to provide information regarding digital
forensics work and primary forensic data collection along with the help of forensic methodology.
The CERT Digital Intelligence and Investigation team conducts a research as well as develop
technologies and capabilities through which the organizations can utilize for development of
incident capabilities along with facilitating incident investigations. However, challenges like
hacking of data in the cyberspace are faced by the team. The first responder has an important role
in order to guide computer forensics (Dirkmaat 2014). The first responders guide to make an
explanation of technical operations like process of making characterization as well as spoofed
email where critical training gap is found. On the other hand, the document may face issues for
proper security or network already having a basic in comprehending forensic methodology. In
addition, searching and seizing of computers as well as obtaining electronic evidence in
investigating criminals are the major problems faced while collecting evidence in the cyberspace.
The complexity issue is arising from data that is acquired at the lowest format with expanding
volume as well as heterogeneity that calls for analyzing sophisticated data minimization
techniques prior to do the analysis. The issues regarding diversity result naturally from the data
that are ever increasing. However, there is lack of standard techniques in order to analyze the
increasing numbers as well as types of sources that can bring plurality of the operating systems
and file formats. On the other hand, the lack of standardization of the storing digital evidence as
well as formatting of related metadata can unessential add to the complexity of sharing digital
evidence between national as well as international law enforcement agencies. On the other hand,
others’ system. The intruders hide all the important information. All the information generally
remains invisible to the system commands and the programs. The rootkits are basically
developed by the malware designers and they hide that virus within the PCs of the victims.
There are several resources that are helpful to provide information regarding digital
forensics work and primary forensic data collection along with the help of forensic methodology.
The CERT Digital Intelligence and Investigation team conducts a research as well as develop
technologies and capabilities through which the organizations can utilize for development of
incident capabilities along with facilitating incident investigations. However, challenges like
hacking of data in the cyberspace are faced by the team. The first responder has an important role
in order to guide computer forensics (Dirkmaat 2014). The first responders guide to make an
explanation of technical operations like process of making characterization as well as spoofed
email where critical training gap is found. On the other hand, the document may face issues for
proper security or network already having a basic in comprehending forensic methodology. In
addition, searching and seizing of computers as well as obtaining electronic evidence in
investigating criminals are the major problems faced while collecting evidence in the cyberspace.
The complexity issue is arising from data that is acquired at the lowest format with expanding
volume as well as heterogeneity that calls for analyzing sophisticated data minimization
techniques prior to do the analysis. The issues regarding diversity result naturally from the data
that are ever increasing. However, there is lack of standard techniques in order to analyze the
increasing numbers as well as types of sources that can bring plurality of the operating systems
and file formats. On the other hand, the lack of standardization of the storing digital evidence as
well as formatting of related metadata can unessential add to the complexity of sharing digital
evidence between national as well as international law enforcement agencies. On the other hand,
9CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
consistency as well as correlation issue results from existing tools that are designed for finding
fragments of evidence.
3. Systematic analysis of the effectiveness of present digital forensic principles, procedures,
techniques and standards
Even though digital forensics is considered a new research area, the process is not only
concentrated on technology perspective like tools for collecting as well as analyzing digital
evidence. It helps to enhance methodology, whereas a process model is considered as the
methodology utilized for conducting an investigation. In this perspective, a framework is
included in the number of phases in order to guide investigations (Imran et al. 2016). There are
several cases such as cyber attacks conducted with the help of IT specialist and civil cases in a
particular process. A standard methodology in digital forensics investigations includes sequence
of thee actions that are considered as essential in the process of investigation.
Cloud computing becomes a common place where cloud storage like Google Drive,
Dropbox and Apple’s cloud. On the other hand, leveraging on-demand and high speed
technology can make investigative procedure efficiently. DFaaS is one of the areas included in
digital forensic and there are several corporations have completed processing from own servers
to the vendors of cloud service like Amazon and Rackspace. On the other hand, the procedure of
digital forensic investigation includes various enhancements over the existing process (Khan et
al. 2016). An extended model of cybercrime investigation follows waterfall fashion as well as
essential activities are conducted in a proper sequence. The particular model allows the process
of iteration is based on model based on Malaysian process and systematic digital forensics
consistency as well as correlation issue results from existing tools that are designed for finding
fragments of evidence.
3. Systematic analysis of the effectiveness of present digital forensic principles, procedures,
techniques and standards
Even though digital forensics is considered a new research area, the process is not only
concentrated on technology perspective like tools for collecting as well as analyzing digital
evidence. It helps to enhance methodology, whereas a process model is considered as the
methodology utilized for conducting an investigation. In this perspective, a framework is
included in the number of phases in order to guide investigations (Imran et al. 2016). There are
several cases such as cyber attacks conducted with the help of IT specialist and civil cases in a
particular process. A standard methodology in digital forensics investigations includes sequence
of thee actions that are considered as essential in the process of investigation.
Cloud computing becomes a common place where cloud storage like Google Drive,
Dropbox and Apple’s cloud. On the other hand, leveraging on-demand and high speed
technology can make investigative procedure efficiently. DFaaS is one of the areas included in
digital forensic and there are several corporations have completed processing from own servers
to the vendors of cloud service like Amazon and Rackspace. On the other hand, the procedure of
digital forensic investigation includes various enhancements over the existing process (Khan et
al. 2016). An extended model of cybercrime investigation follows waterfall fashion as well as
essential activities are conducted in a proper sequence. The particular model allows the process
of iteration is based on model based on Malaysian process and systematic digital forensics
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
10CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
investigation model. Various kinds of cloud based devices allow the users so that they can easily
access data containing information from different information.
Steganography: It is a well-known method of encryption which is used as an extra
secure method for protection of data. This technique is used for hiding various kinds of
information inside a file with making any kind of modification in the outward of its appearance
(Grispos, Storer and Glisson 2013). Attackers generally make of use of technique for hiding the
hidden data which is also known as payloads which is mainly present in the compromised
system. During investigation of various kinds of crimes related to computer, it is the duty of
investigator to check or identify the various kinds of hidden data for revealing the information
for any kind of further reference for cases.
Convert channel: Convert channel is nothing but a protocol of communication which
allows the various attackers to hide their data over the various network and it also focus on
various kinds of bypass of intrusion detection methodology techniques or methods (Lillis et al.
2016). A protocol based on network is chosen and the header of this network is changed or
modified so that it can easily leak various kinds of messages between various kinds of attackers.
It also exploits the facts of new fields which are present in the header are modified as per the
needs of the transmission (Quick and Choo 2014). Various kinds of attackers round the globe
makes of this particular technology for maintaining a hidden connection between the attackers
and compromised system.
Data hiding in storage space: Attackers hide some of the data which is generally present
in the storage area and also make them invisible to various kinds of usual commands based on
system and programs (Martini and Choo 2012). It also makes the ongoing investigation a more
investigation model. Various kinds of cloud based devices allow the users so that they can easily
access data containing information from different information.
Steganography: It is a well-known method of encryption which is used as an extra
secure method for protection of data. This technique is used for hiding various kinds of
information inside a file with making any kind of modification in the outward of its appearance
(Grispos, Storer and Glisson 2013). Attackers generally make of use of technique for hiding the
hidden data which is also known as payloads which is mainly present in the compromised
system. During investigation of various kinds of crimes related to computer, it is the duty of
investigator to check or identify the various kinds of hidden data for revealing the information
for any kind of further reference for cases.
Convert channel: Convert channel is nothing but a protocol of communication which
allows the various attackers to hide their data over the various network and it also focus on
various kinds of bypass of intrusion detection methodology techniques or methods (Lillis et al.
2016). A protocol based on network is chosen and the header of this network is changed or
modified so that it can easily leak various kinds of messages between various kinds of attackers.
It also exploits the facts of new fields which are present in the header are modified as per the
needs of the transmission (Quick and Choo 2014). Various kinds of attackers round the globe
makes of this particular technology for maintaining a hidden connection between the attackers
and compromised system.
Data hiding in storage space: Attackers hide some of the data which is generally present
in the storage area and also make them invisible to various kinds of usual commands based on
system and programs (Martini and Choo 2012). It also makes the ongoing investigation a more
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
complex and bit time consuming and in many cases it is seen that data are present in corrupted
form. Rootkit is a popular method which is generally used for hiding data in various storage
spaces.
Residual Data wiping: When the set computer as a goal or medium for achieving its
objectives. There is list of hidden process which are working or running without the knowledge
for various attackers from different regions of the world (Nelson, Phillips and Steuart 2014). On
the contrary an intelligent or smart attacker can easily avoid the various risks for removing out of
tracks which are generally made by method and it ultimately results to fact that system works in
such a way that it was not used for this kind of work.
Present approaches towards forensics investigation have been evidencing on impounding
computer of suspects and allied media and investigate them in a Forensic laboratory. Here every
analysis is done on copies of original evidence gained posing various problems. The practice has
been heavyweight and turning expensive daily (Quick and Choo 2017). Thus is it has been
making enterprises who have been a victim of digital crimes worried and defensive in restricting
practices to gain all potentials.
The digital forensics is the method to retrieve and assess evidence in digital format.
Nature of digital proves is such that particular processes to obtain and handle the evidence are
needed. The different electronic evidence is easily altered to receive and manage evidence as
required. These are changed easily still strict processes are followed. Rebooting any system, for
instance, is the reason for losing information in volatile memory and eradicates essential traces.
An objective of digital forensics, from a standard viewpoint in any warfare cases is hard from
what has been required in civilian society (Simou et al. 2014). The sound evidence is needed to
complex and bit time consuming and in many cases it is seen that data are present in corrupted
form. Rootkit is a popular method which is generally used for hiding data in various storage
spaces.
Residual Data wiping: When the set computer as a goal or medium for achieving its
objectives. There is list of hidden process which are working or running without the knowledge
for various attackers from different regions of the world (Nelson, Phillips and Steuart 2014). On
the contrary an intelligent or smart attacker can easily avoid the various risks for removing out of
tracks which are generally made by method and it ultimately results to fact that system works in
such a way that it was not used for this kind of work.
Present approaches towards forensics investigation have been evidencing on impounding
computer of suspects and allied media and investigate them in a Forensic laboratory. Here every
analysis is done on copies of original evidence gained posing various problems. The practice has
been heavyweight and turning expensive daily (Quick and Choo 2017). Thus is it has been
making enterprises who have been a victim of digital crimes worried and defensive in restricting
practices to gain all potentials.
The digital forensics is the method to retrieve and assess evidence in digital format.
Nature of digital proves is such that particular processes to obtain and handle the evidence are
needed. The different electronic evidence is easily altered to receive and manage evidence as
required. These are changed easily still strict processes are followed. Rebooting any system, for
instance, is the reason for losing information in volatile memory and eradicates essential traces.
An objective of digital forensics, from a standard viewpoint in any warfare cases is hard from
what has been required in civilian society (Simou et al. 2014). The sound evidence is needed to
12CURRENT CHALLENGES IN DIGITAL FORENSICS INVESTIGATIONS
be utilized in a court of law or could be used in principles. There have been various steps in an
investigation related to a computer for retrieving and analyzing of different digital proofs. There
have been multiple steps in investigating the process. They are acquiring, authenticating and
analyzing. The various principles are discussed hereafter.
Firstly, no action must be taken by agencies of law enforcement and people employed by
those organizations. The agents must alter data that has been subsequently being depending on
the court.
Secondly, in cases where an individual finds that essential to access original data, he
should be competent to do that (Evison and Bruegge 2016). Moreover, he must be able to
provide proof that explains implications and relevance of the actions.
Next, an audit trail or additional records of every process applied to digital proves. This
must be preserved and created. Independent third party must be able to analyze those processes
and gain similar results.
Lastly, people in charge of this investigation must have the liability to ensure law and
principles that are adhered to. All the digital evidences are subjected to similar laws and rule
applying to documentary evidence (Freet et al. 2015). Various programs and operating systems
change and add and delete the content of electronic storage frequently. It has been occurring in
an automatic way instead of user understanding that the data is changed.
For complying with these principles of digital evidence, relevant, proportionate and
practical imaging must be made of that device (Keegan et al. 2016). It ensures that original data
gets reserved and any independent third party is enabled to examine that. Thus the same result is
achieved and demanded by the third principle. It could be a logical or physical block image of
be utilized in a court of law or could be used in principles. There have been various steps in an
investigation related to a computer for retrieving and analyzing of different digital proofs. There
have been multiple steps in investigating the process. They are acquiring, authenticating and
analyzing. The various principles are discussed hereafter.
Firstly, no action must be taken by agencies of law enforcement and people employed by
those organizations. The agents must alter data that has been subsequently being depending on
the court.
Secondly, in cases where an individual finds that essential to access original data, he
should be competent to do that (Evison and Bruegge 2016). Moreover, he must be able to
provide proof that explains implications and relevance of the actions.
Next, an audit trail or additional records of every process applied to digital proves. This
must be preserved and created. Independent third party must be able to analyze those processes
and gain similar results.
Lastly, people in charge of this investigation must have the liability to ensure law and
principles that are adhered to. All the digital evidences are subjected to similar laws and rule
applying to documentary evidence (Freet et al. 2015). Various programs and operating systems
change and add and delete the content of electronic storage frequently. It has been occurring in
an automatic way instead of user understanding that the data is changed.
For complying with these principles of digital evidence, relevant, proportionate and
practical imaging must be made of that device (Keegan et al. 2016). It ensures that original data
gets reserved and any independent third party is enabled to examine that. Thus the same result is
achieved and demanded by the third principle. It could be a logical or physical block image of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.