Computer Forensic Investigation

Great Essays
In computer forensic investigation, the first pro-active step is that of acquisition. However, the method used for data acquisition by a forensics investigator plays a major role in influencing the admissibility of electronic evidence to be used in a court or law, or the reliability of any other relevant information required when dealing with computer forensic cases at the organizational level (Dykstra & Sherman, 2012). Different data acquisition techniques allow for the recovery of electronic data from devices like hard drives, databases, web server, internet sites, e-mail servers, zip drives, back-up storage media, and personal digital devices like digital cameras and phones (Chu, Deng & Chao, 2011). The purpose of this paper is to analyze …show more content…
This can be attributed to the fact that it allows for faster acquisition of data, as well as it eliminates common errors of transcription by ensuring correctness and meaningfulness of the acquisition method to be used. It’s also necessary to validate data acquisition since this guarantees accuracy and consistency of the data to be acquired as described by Chu et al. (2011).
Failure to validate data acquisition not only makes data acquisition slow, but also increases the chances of data modification. Therefore, it makes it somewhat hard for the data to be verified or be admissible in a court of law, for instance. Essentially, there are several validation techniques in data acquisition, such as MD5, CRC-32, SHA-1, and SHA-512, which can be used in operating systems without built-in hashing algorithm tools designed for computer forensics (Chu et al.,
…show more content…
For example, when live acquisition technique is used, procedures that comprise of documenting all steps recommended for the technique applied, followed by imaging of the target evidence using a selected tool as long as the tool has full access to the system (Dykstra & Sherman, 2012). If the imaging software or tool cannot access the system, then decryption ought to be undertaken using the most appropriate decryption technique in order to remove cryptographic keys without modifying the data. A good example of a tool that can be used in acquisition for Linux data acquisitions is the Idetect, a tool that attempts to extract detailed information about active processes in a target storage system. Another forensic data acquisition tool is the Windows Memory Forensic Toolkit (WMFT), which allows for the analysis and acquisition of image files running Windows XP and Windows 2003 (Guo, Jin & Shang,

Related Documents

  • Superior Essays

    The collection process shall commence utilizing the forensic toolkit necessary for all the devices, conducting either live or dead acquisition, depending the state of the devices. Also, external storage devices shall be imaged for analysis and examination for digital evidence. Furthermore, to gather information from the network ports used to access the network, network forensics must be conducted. However, information can only be collected if there were any prior network security features installed like packet filters, firewalls, and intrusion detection systems (Kizza, 2009). Finally, reviewing log files for the information systems and from network devices will also be conducted for any digital evidence regarding the internal skimming operation.…

    • 1243 Words
    • 5 Pages
    Superior Essays
  • Great Essays

    Timely updates should be incorporated in the procedures to be sure of the effectiveness of the solution. Reports of incidents, prevention and vaulting should be provided to evaluate the effectiveness of the solution in place and types of attacks being encountered. b. Uniformity of software to be installed in end-user Smartphone based on what the equipment will be used for. c. Antivirus solution must be part of the security setup and set to automatic scan/update. d. Any files received either electronically sent or through removable media should be scanned for probable malicious software content.…

    • 1344 Words
    • 6 Pages
    Great Essays
  • Superior Essays

    This led to a closer look at specific files. Further examination disclose file activity that was consider unseen when the server was running(Johnston & Reust, 2006, p.119). Another process was the dumping the contents of the memory to an external device provide significant amounts of evidence such as IP addresses, passwords and other data related to intrusion((Johnston & Reust,…

    • 1086 Words
    • 5 Pages
    Superior Essays
  • Great Essays

    To connect scanner to PC, SecuGen device drivers need to be installed. G.H Raisoni College of Engg. & Mgmt 17 Distorted Fingerprint matching performance improvement based on Fuzzy logic 3. To develop application, SecuGen Software Development Kit(SDK) tool should also be installed on PC. 4.…

    • 1824 Words
    • 8 Pages
    Great Essays
  • Superior Essays

    In the criminal justice field there are a number of jobs and one of those jobs is Computer Forensics. Now computer forensics is defined as the practice of collecting, analyzing and reporting on digital data in a way that is legally admissible (forensiccontrol.com. n.d.). All of this is done by the use of detecting and prevention of a crime as well as in any dispute where some evidence may be stored digitally. Furthermore, they follow the same or similar processes as other forensic disciplines, and faces some if not all of the same issues (forensiccontrol.com.…

    • 1260 Words
    • 5 Pages
    Superior Essays
  • Improved Essays

    After the disk is imaged, the hash values will be recorded in multiple locations and I will ensure that I do not make any changes to the data from the time of collection of the data till the end of the investigation. Target System Hard drives, External Storage devices, and the Windows NT Server Hard drive must be acquired for the digital forensic investigation in this case. Examination of Data Once I have gathered all the available evidences, there will be a need to conduct the examination by the help of various computer forensic investigation tools. I will also examine the file system, Windows registry, Network and Database forensic examination. File System Examination The Master File Table (MFT) which contains information about all files and disks is the first file in the New Technology File System (NTFS).…

    • 984 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    Computer forensics – Code of Ethics and Morals Introduction Computerized crime scene investigation, otherwise called PC and system legal sciences, as numerous definitions. Most generally, it is viewed as the use of science to the recognizable proof, accumulation, examination, and investigation of information while saving the respectability of the data and keeping up a strict chain of care for the information. Personal computer and legal sciences is the act of distinguishing, separating and considering proof from computerized media, like personal computer hard drives. The field of forensic science is heavily relied on the criminal justice system (Holmgren-Richards, 2002). Forensic personnel are responsible for the collection, preservation, analysis and interpretation of physical evidence (Saerstein, 2011).…

    • 1604 Words
    • 7 Pages
    Great Essays
  • Superior Essays

    Introduction Digital forensics is the investigation procedures for a legal purpose (Nelson, Phillips, Steuart, 2016). Digital forensics also prepares computer investigations There are four key factors before the computer investigation is complete. The key factors are developing and documenting procedures, following evidence handling procedures, documenting extraction, and presenting the findings. All of these combined lead to the preparing of a more complete computer investigation. As with everything there is a biblical integration, and the same can be said about digital forensics procedures and protocols.…

    • 1231 Words
    • 5 Pages
    Superior Essays
  • Great Essays

    The goal of an APT is to gain access into the power grid network and collect as much information as possible. They use the exfiltration techniques that allow them to transfer sensitive information to their data-miner area also know as Command and Control Center. It is important for the APT to mask the data to resemble normal network traffic so that it detection can be made difficult or almost impossible (Cruz, 2013). Method for data exfiltration includes: Backdoors: This method used by the attacker to capture keystrokes, as well as video and audio of the system’s environment, using attached audio microphones and video cameras File transfer protocols Abuse: Attackers can abuse legitimate Windows features as well. For instance, attackers can…

    • 1307 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    The Basic Guide to Network Success Foot Printing also known as reconnaissance is the technique used for gathering information about computer systems and the entities that they belong to. To get this information, a hacker might use various tools and technologies. There are various methods in which a hacker can obtain your information/data. One in particular that comes to mind is Port Scanning. Other methods of gaining access to a network infrastructure would be Social Engineering, Keylogging, Denial of Service, otherwise known as DOS/DDOS, Waterhole Attacks, etc.…

    • 1187 Words
    • 5 Pages
    Improved Essays