Digital Forensics Assignment: Acquisition Methods Explained

Verified

Added on 2022/10/06

AI Summary

This assignment provides an overview of digital forensics, focusing on different data acquisition methods. It begins with an explanation of MD5, SHA-1, and SHA-256 hashing algorithms. The core of the assignment covers three primary data acquisition techniques: logical, physical, and sparse acquisition. Logical acquisition involves copying data from a specific logical storage, such as a system or user data partition, and the assignment details the steps using the adb shell in an Android emulator. Physical acquisition involves direct access to the hardware of the disk or memory, enabling the recovery of lost or deleted data. Finally, sparse data acquisition is discussed as a method that captures only the data relevant to a case, making it suitable for large drives or urgent examinations, and the Knoppix software is mentioned as a preferred tool. The assignment includes references to relevant research papers.

DIGITAL FORENSICS
STUDENT NAME
PROFESSOR’S NAME
DATE

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

PART ONE
MD5
Figure 1: MD5, In this, an MDF hash is taken which consist of a pin of four digits then the same checks for all the possible pins
SHA-1
Figure 2: SHA-1 which decrypts a specific hashing algorithm of values

SHA-256
Figure 3: SHA-256 which is another hashing string that converts the sum decrypted digits into a hashing string
PART THREE
Logical Acquisition
The logical disk to disk file data acquisition is defined as a bit to bit or disk to disk
process of copying data in a particular logical storage of data. The storage in this case may be the
system partition of data or rather user data partition. By the use of this particular partition method
gives out a generally manageable file that is able to be parsed and analyzed using the forensic
tool. In order to copy data by using the logical acquisition method, the following is a the
procedure in the Sontoku machine in android emulator (Watson & Dehghantanha, 2016). Open
the terminal window in your linux Operation system and type adb shell, this command will help
in to issue commands with no need od entering the remote shell for adb on the device emulated.
The command mount will attach file system which is found in the device to a single file tree. The
df commands is used to display the space available in a particular partition.
Physical Acquisition

The acquisition of data in this case is done directly from the direct access of the hardware
of the disk or the memory. This process of acquiring data physically is very technical and
sophisticated but if it is done successfully, the data acquired can be utilized in recovering the lost
or deleted fragments hence making it possible for the examiner to be able to totally recover the
remaining data. In the physical acquisition, a dumping phase is done followed by a decoding
phase. In case there is very useful data in the drive which has been deleted due to some errors or
rather lost, then the physical acquisition of data is the most appropriate as it will copy data
directly from the hardware of the drive and at the same time recovering all the data which has
ever been lost in the same drive hardware (Scanlon 2016).
Sparse Data Acquisition
Sparse Data Acquisition only captures data which are on interest to the case, it also collect
the deleted and fragmented files. This type of data acquisition is very much important in those
cases where the data is too much in a particular large drive whereby, data collection is only done
in specified data which are to be used for that case. The Knoppix software is the most preferred
for the sparse data acquisition. This takes few hours to copy data since it only takes specific data,
hence it is always considered the best data acquisition for examination which are very urgent and
needs to be done within the shortest time possible. Which sparse, when it is being used for he
drives which has very small data or the size of the drive itself is very small, then the results can
be achieved in a very short period of time (Cahyani 2017). A specific piece of information is
entered for searching, the data entered is the only data which will be copied for this case.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

References
Watson, S., & Dehghantanha, A. (2016). Digital forensics: the missing piece of the internet of
things promise. Computer Fraud & Security, 2016(6), 5-8.
Cahyani, N. D. W. (2017). Forensic data acquisition from cloud‐of‐things devices: windows
Smartphones as a case study. Concurrency and Computation: Practice and
Experience, 29(14), e3855.
Scanlon, M. (2016). Battling the digital forensic backlog through data deduplication. In 2016
Sixth International Conference on Innovative Computing Technology (intech) (pp. 10-14).
IEEE.