Digital Forensics: Personal Reflection on Data Acquisition

Verified

Added on 2022/09/12

AI Summary

This report is a reflective essay by a student on their learning experience in a digital forensics module, specifically focusing on the practical session on data acquisition. The student discusses the importance of digital evidence handling and the procedures for collecting and acquiring data, emphasizing the order of collection and the need to preserve data integrity. The essay details the process of data acquisition, including static and live acquisition methods, and introduces the Encase tool as a key component for imaging and examining digital evidence. The student outlines the steps involved in imaging a hard drive using Encase, reflecting on their personal growth and the digital forensics skills they developed through the module. The essay highlights the significance of data acquisition in forensic investigations and the application of tools like Encase for retrieving data from various digital storage devices.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DIGITAL FORENSICS
DIGITAL FORENSICS
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1DIGITAL FORENSICS
Discussions
Digital forensic is the area of forensic science that consists of recognising, recovering,
investigation, validation and then presentation of facts regarding the evidences those are
digital and found on computer systems or same digital storage devices of media. The
investigators need to find these evidences for the successful investigation of a case (Keeling
and Losavio 2017). The first step to the investigation of the digital forensic is the collection
and acquisition of data. I have studied that handling the evidences those are digital are very
important for the investigation. I have learnt that the collection is the retrieval of the data and
information from the digital devices and making duplication of the electronic data from the
storage devices in a way such that the original do not change during the forensic
investigation. I have learnt that the forensic investigators must collect the data properly as
any can delete the data from the digital devices. I have studies about the order of collection of
data that must be followed by the investigators (Adedayo 2016). The order of collection of
the data include identification of evidence, determination of relevance of data, volatility that
is the data those are degraded should be collected first by the investigators. The investigators
must eliminate the outside interference, collection of the items with utmost care and lastly the
investigators must document the evidences that have been collected by them.
The next step after the collection of data is the acquisition of data. I have learnt that
the acquisition of data is the procedure of developing an image of forensic from the computer
media such as thumb drive, hard drive, servers and other media that stores these data. This
step is very important for the investigation (Watson and Dehghantanha 2016). I have studied
about the two types of acquisition of data. It consists of static and live acquisition of data. I
have studied that it is very important as it allows the volatility of the evidence and then
collects it in the order of volatility in order to increase the conservation of the evidences. I

2DIGITAL FORENSICS
have learnt about various tools those are used for the data acquisit6ion such as the Autopsy,
FTK imager, Encase many such tools. In this reflection, I will discuss about the Encase tool.
Encase tool is used for imaging the evidences and then examining them. I have learnt that
there are various types of acquisition of data in Encase. It includes Legacy Encase evidence
files, legacy logical evidence files, current Encase evidence files and current logical evidence
files. The investigators use these in order to retrieve the data from the digital devices (Kim et
al 2016). I have done the imaging of a hard drive and I know the steps to image a drive. The
steps of imaging a drive with Encase include attacking the suspect drive to the fastbloc
hardware, attaching fastbloc to the system of imaging, loading the Encase, clicking on
Encase, selecting the source, selecting the physical device, supplying the details of case,
selection of the destination and then verifying the image.

3DIGITAL FORENSICS
References
Adedayo, O.M., 2016, June. Big data and digital forensics. In 2016 IEEE International
Conference on Cybercrime and Computer Forensic (ICCCF) (pp. 1-7). IEEE.
Keeling, D.G. and Losavio, M., 2017. Public Security & Digital Forensics in the United
States: The Continued Need for Expanded Digital Systems for Security. Journal of Digital
Forensics, Security and Law, 12(3), p.6.
Kim, H., Bruce, N., Park, S. and Lee, H., 2016. EnCase forensic technology for decrypting
stenography algorithm applied in the PowerPoint file. In 2016 18th International Conference
on Advanced Communication Technology (ICACT) (pp. 722-725). IEEE.
Watson, S. and Dehghantanha, A., 2016. Digital forensics: the missing piece of the Internet
of Things promise. Computer Fraud & Security, 2016(6), pp.5-8.