PricingBlogAbout Us

Analysis of Data Collection and Acquisition in Digital Forensics

Verified

Added on  2022/08/25

|4
|700
|26
Report
AI Summary
This report focuses on the processes of data collection and acquisition within the realm of digital forensics. It begins by defining the core methods involved, including the collection of digital evidence and subsequent acquisition from electronic media. The report details the four primary methods of data acquisition: disk to disk copy, logical disk to disk file, disk to image file, and sparse data copy. The author reflects on their personal experience, highlighting the ease of data collection compared to acquisition, particularly the challenges encountered with sparse data copy on RAID drives. The importance of adhering to the “Order of Volatility” is emphasized, along with the use of appropriate forensic tools and the need for test acquisitions. The report concludes with an overall assessment of the data collection and acquisition process in digital forensics, underscoring the importance of following established rules and procedures for successful investigation.
Document Page
Running head: COLLECTION AND ACQUISITION
Collection and Acquisition
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1COLLECTION AND ACQUISITION
Description of the Method:
In this aspect the chosen method is the collection and acquisition. In the aspect of
digital forensic collection and acquisition are two individual process used for the gathering of
digital evidence. The collection process is executed after the identification of the digital
evidence. In this aspect, all the digital devices are transferred to the laboratory or some
equivalent place for the analysis purpose (Quick and Choo 2016). After the collection
process, the acquisition process is executed. Acquisition is the process of extracting the
digital evidence from the electronic media (Ramadhani et al. 2017). There are total four
methods in which data acquisition can be performed. The first one is the disk to disk copy.
The other methods are the logical disk to disk file, disk to image file and sparse data copy of
a folder or file. The sparse data acquisition can be useful for some specific type of situation
where too much data needs to be acquired from the large drives or the RAID drives. The
examiner needs to comply with the “Order of Volatility” during collection of digital
evidence.
Reflection on Experience:
I have personally performed the data collection and the data acquisition and from my
personal point of view these processes are quite easy to follow. In this aspect, collection of
the data was the easiest part for me. The next part in this process was the data acquisition. As
discussed in above there are total four methods through which data acquisition can be
performed. For me, three of the four methods were very easy to perform. Only I have faced
some difficulty during the sparse data copy especially when it performed over the raid
drivers. So, my point of view forensic acquisition of the RAIDs can be a bit difficult for the
data investigators. Also, during collection of data it was mandatory that I must comply with
the rule of “Order of Volatility”. From my personal evaluation I have assessed that every
Document Page
2COLLECTION AND ACQUISITION
investigator like me must comply with this rule as it defines the sequence in which collection
of digital evidence must be done. I have followed this rule for the data acquisition and for me
the data collection sequence was highly volatile data to less volatile data. In this aspect for
performing data acquisition there are some other rules also that needs to be followed. Here,
for the data acquisition purpose using appropriate tool is mandatory. In many cases I have
also need perform a test acquisition to ensure everything is working proper. For this type of
tests, test drive should be used always. The suspect drive must not be used for performing any
type of tests.
Conclusion:
From my overall experience, I can conclude that in the aspects of digital forensics
overall process of data collection and data acquisition is very easy to follow. I only part
which was bit tough for me was data acquisition from a RAID drive. The rest of the part for
the data acquisition was very easy to follow. In this case there were some important rules also
that an investigator needs to follow and I have followed those rules. Thus, from an overall
perspective data collection and acquisition were both easy and data collection process was the
easiest.
Document Page
3COLLECTION AND ACQUISITION
References:
Quick, D. and Choo, K.K.R., 2016. Big forensic data reduction: digital forensic images and
electronic evidence. Cluster Computing, 19(2), pp.723-740.
Ramadhani, S., Saragih, Y.M., Rahim, R. and Siahaan, A.P.U., 2017. Post-Genesis Digital
Forensics Investigation. Int. J. Sci. Res. Sci. Technol, 3(6), pp.164-166.
chevron_up_icon
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.