In computer forensic investigation, the first pro-active step is that of acquisition. However, the method used for data acquisition by a forensics investigator plays a major role in influencing the admissibility of electronic evidence to be used in a court or law, or the reliability of any other relevant information required when dealing with computer forensic cases at the organizational level (Dykstra & Sherman, 2012). Different data acquisition techniques allow for the recovery of electronic data from devices like hard drives, databases, web server, internet sites, e-mail servers, zip drives, back-up storage media, and personal digital devices like digital cameras and phones (Chu, Deng & Chao, 2011). The purpose of this paper is to analyze
…show more content…
This can be attributed to the fact that it allows for faster acquisition of data, as well as it eliminates common errors of transcription by ensuring correctness and meaningfulness of the acquisition method to be used. It’s also necessary to validate data acquisition since this guarantees accuracy and consistency of the data to be acquired as described by Chu et al. (2011).
Failure to validate data acquisition not only makes data acquisition slow, but also increases the chances of data modification. Therefore, it makes it somewhat hard for the data to be verified or be admissible in a court of law, for instance. Essentially, there are several validation techniques in data acquisition, such as MD5, CRC-32, SHA-1, and SHA-512, which can be used in operating systems without built-in hashing algorithm tools designed for computer forensics (Chu et al., …show more content…
For example, when live acquisition technique is used, procedures that comprise of documenting all steps recommended for the technique applied, followed by imaging of the target evidence using a selected tool as long as the tool has full access to the system (Dykstra & Sherman, 2012). If the imaging software or tool cannot access the system, then decryption ought to be undertaken using the most appropriate decryption technique in order to remove cryptographic keys without modifying the data. A good example of a tool that can be used in acquisition for Linux data acquisitions is the Idetect, a tool that attempts to extract detailed information about active processes in a target storage system. Another forensic data acquisition tool is the Windows Memory Forensic Toolkit (WMFT), which allows for the analysis and acquisition of image files running Windows XP and Windows 2003 (Guo, Jin & Shang,
This can be attributed to the fact that it allows for faster acquisition of data, as well as it eliminates common errors of transcription by ensuring correctness and meaningfulness of the acquisition method to be used. It’s also necessary to validate data acquisition since this guarantees accuracy and consistency of the data to be acquired as described by Chu et al. (2011).
Failure to validate data acquisition not only makes data acquisition slow, but also increases the chances of data modification. Therefore, it makes it somewhat hard for the data to be verified or be admissible in a court of law, for instance. Essentially, there are several validation techniques in data acquisition, such as MD5, CRC-32, SHA-1, and SHA-512, which can be used in operating systems without built-in hashing algorithm tools designed for computer forensics (Chu et al., …show more content…
For example, when live acquisition technique is used, procedures that comprise of documenting all steps recommended for the technique applied, followed by imaging of the target evidence using a selected tool as long as the tool has full access to the system (Dykstra & Sherman, 2012). If the imaging software or tool cannot access the system, then decryption ought to be undertaken using the most appropriate decryption technique in order to remove cryptographic keys without modifying the data. A good example of a tool that can be used in acquisition for Linux data acquisitions is the Idetect, a tool that attempts to extract detailed information about active processes in a target storage system. Another forensic data acquisition tool is the Windows Memory Forensic Toolkit (WMFT), which allows for the analysis and acquisition of image files running Windows XP and Windows 2003 (Guo, Jin & Shang,