PricingBlogAbout Us

MN624 Digital Evidence Report: Acquisition Methods, Data Preservation

Verified

Added on  2022/09/15

|4
|582
|22
Report
AI Summary
Document Page
Running head: REPORT ON DIGITAL EVIDENCE
By
Academic Year: 2019-20
Module: Digital Evidence
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
Question 1
ProDiscover Tool
Here are the contents from the image of digital clues
Question 2
Factors Affecting Data Acquisition methods
Business Needs: The main thing to consistently consider is the business need - for
what reason are these data required? What will be finished with them?
Business Rules: A business rule distinguishes the imperatives under which the
business works.
Document Page
2
Data Standards: Any Government, USGS, or industry guidelines that apply will
require thought.
Precision Requirements: Among the most natural exactness necessities is the
locational precision for spatial data; yet there are other precision prerequisites that you
may need to consider also.
Cost: Cost is constantly a thought. Once in a while it's less expensive to purchase than
to gather.
Time Constraints: You ought to decide how soon you need the data.
Format: Do you need the data as spatial data, photographs, level records, Excel
documents, XML records? This may not have any significant bearing, however you
have to verify that for each undertaking.
Question 3
Data Preservation Methods
Drive Imaging
Investigastors are required to image the evidence before they begin to analyse
evidence. Imaging of a file is a process of creating a duplicate of the original file bit
by bit. It helps keeps the evidence collected from the source for analysis. Analyst
should keep in mind that deleted drives can keep important information that can be
used as evidence. S
Chain of Custody
Investigators should document each step of transfering data. They should keep
important details such as date and signatures. It is fundamental to recollect chain-of-
custody desk work. This antiquity shows that the picture has been under known
belonging since the time the picture was made. Any slip by in chain of guardianship
invalidates the lawful estimation of the picture, and accordingly the investigation.
Question 4
Two Acquisition Methods
Live Acquisition Using Bootable CD
DD Command is utilized in Live securing when utilizing Live bootable CD. Its
motivation was to make an a tiny bit at a time duplicate of any document, drive, or
Document Page
3
parcel. The document can be saved money on a hard circle or other stockpiling media.
A picture has the favorable position not to be naturally mounted in the securing
framework. DD record is Fragmentable in numerous littler pieces to fit onto
stockpiling media.
Offline Acquisition
Offline system acquisition can deliver some data, they can't recoup everything. So as
to make a legal picture of a whole plate, the imaging procedure ought not adjust any
information on the circle and that all information, metadata and unallocated space be
incorporated. By and large, PC scientific agent utilize the legal duplicator to make the
clone duplicate or legal picture for additional handling and examination and planning
report. Be that as it may, this technique doesn't catch the unpredictable information.
For cases like malware criminology or need to recognize the latest document utilized
and gadgets like SSD hard circle should be gained by live procurement strategy. Dead
procurement sets aside less effort to process. The legal duplicator that is utilized has
inbuilt equipment compose blocker.
chevron_up_icon
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.