Many are times when technology is handled inappropriately for diverse purposes as found by (Walden, I. 2007) some intended others being unwanted, nevertheless results could be catastrophic to anyone not putting into considerations of the motives of the accused person. This hence necessitates for justice for the victimized persons, following the technicality of finding out the real person who committed the crime especially if the crime is computer inclined, forensic experts and tools acts a very vital role making sure ensuring this comes into a reality.
(Luttgens, Pepe & Mandia.2014). . Writes that Computer forensics primarily is the use of subjective investigative and analytical techiniques to gather and hold evidence from a certain computing device in a way that is suitable for providing evidence in a court of law. The goal of cyber forensics is to carry out a procedural research at the same time keeping a well-noted sequence of evidence to get to know precisely what took place on a computing or digital device and who was accountable for the deed perceived to be the crime. Inclining on (Kruse ii and Heiser Nelson, Phillips & Steuart 2014) writes that Forensic analysts basically adhere to a pre-set guidelines:( angalos, Ilioudis & Pagkalos, . 2010, June), After physically removing the evidence in the study to make sure it cannot be in some way altered analysts to create a digital duplicate of the device’s storage media. Preceding the native media has been duplicated/copied, it is destruction-proofed in a secure or other fortified facility to support its un-interrupted set up. All study is conducted on the digital duplicate. (Nelson, Phillips, & Steuart.2014) puts it on the table that investigators/analysts use a diverse myriad of techniques and exclusive software forensic applications to study the copy, peruzing for concealed folders or directories and unallocated disk space for duplicates of obliterated, abstracted, or dented files. Any evidence found on the digital copy is certainly noted down in a “findings report” and (Ware,S.2012). verified with the native in the groundwork for legal hearings that comprises innovations, statements, or even real litigation.
By the use of the Markov chain,(Nelson, Phillips,and Steuart, 2014).puts the architecture into clarity as the architecture or rather the chain of custody literally ranging from the very first operator of the digital device to the current user from who the discoveries were made. (Giova ,2011) explains the chain of custody, the alleged device or computer is being claimed to be having some illegal drug-pertaining data likely from a cartel, peddler or the user. The device’s disk requires to be given to the police for examination to ascertain the claims and trace the digital signature linked to the data. There are disk images from all of the computer on-site and USB flash drives on-site surrendered over to the authorities for scrutiny.
Settling on AccessData Forensic Tool, convinced for the suitability of the tool for the task with its ability for digital imaging and data recovery. (Solomon, Rudolph, Tittel, Broom and Barrett, 2011). Explains on the choice of the tools.The AccessData FTK has the ability to recover deleted information such as emails and photos. The toolkit also comprises of a stand-alone disk-imaging extension known as FTK Imager. The FTK Imager is a simple but precise toolkit. It stores an image of a hard disk in a single file or in sections that may be later on rejoined. It computes MD5 hash numbers and ascertains the integrity of the data before closing the files. The result is an image file that can be stored in various formats.
Digital forensics has been industrialized in a manner to other methods of forensics (Dykstra and Sherman, 2012). Writes that; With diverse forensic sciences, techniques have often been built on scientific innovations. However, as a result of the fast evolution of digital probing scientific procedures are now merged into investigations so as to make digital forensics evidence admissible in court of law. A lot of work has also been done to avail methods to aid juries or the judges understand the value of digital evidence.
In the Computer Forensics Tool Testing (CFTT) study, NIST (Kubi, Saleem, and Popov, 2011, October)came up with techniques to verify a scope of forensics tools, focusing on data acquisition tools and write blocker software & hardware based. When a tool is to be tested, the NIST techniques commences by fetching the tool itself, with a background of the tool notes. If this notes are not in existence, the tool is analyzed in so as to produce such notes, and this leads to a list of properties together with the necessities for these properties, and hence a test framework. This technique relies on explicit and scientific methodologies, and the outcomes are re-studied by both of the involved parties; developers or the sellers and testing group, making sure a some level of fairness is attained. Nevertheless, this is also the major drawback of this method, as the time needed for the measure can be much significant. The resources required to undertake each test does not enable a single organization to test all tools together with all versions or the releases. Hence, by the time the results are openly available, the releases of the tested tool might be deplored. In accumulation, the necessities of properties might advance which need to be replicated in the test plan. In addition, the time wanted to define the necessity of a solitary purpose need to be tallied in years. NIST defines principles for string penetrating tools, but since extra work has been made overtly obtainable. The stipulations for digital data acquirement tools are still in a draft versions as of 2004, and these examples depicts that this method is not feasible for law implementation agencies to rely only on organizations which assess DFTs. Some categories of tools usually used in digital are only not enclosed, such as file carving tools. For these reasons, it is essential for digital detectives to legalize DFTs themselves. AccessData FTK imager having been certified by these probing teams for its suitability, it is the correct choice for this task.
Open case
Creating digital images in AccessData FTK is as simple as clicking (Ahmed, 2018) writes that on the create image from the tools in the GUI menu provided. For this to happen a case needs to be opened in the tool.
Once the case is opened in the forensic tool the investigator can proceed to create the digital images of the given drive(s).
(Mylonas, Meletiadis, Tsoumas, Mitrou, and Gritzalis, 2012, June). Found that Forensic soundness is a terminology used to describe and to qualify the use of some evidences or forensic tool. The rising stress on admissibility in past years has seen the centrality of the forensic computing area to relocate to the domain of forensic science. With this relocation comes the necessity to solemnize most of the forensic procedures and procedures that have been built in an un-structured or ad-hoc way. Proof of the relocation is ostensible in NIST’s Computer Forensic Tools Testing Program also in the work of the Scientific functioning personel on Digital Evidence (SWGDE) and the Electronic Evidence Technical Advisory Group of the Australian National Institute of Forensic Science, which is aiding in the integration of the forensic computing role into the forensic science field. The necessity to make sure that electronic evidence generated by a forensic procedure is admissible has given birth to the terminology “forensically sound” when trying to explain the dependability of the forensic procedure. Before sightseeing what “forensically sound”. The image created above with no doubt is of sound-mind forensically having been created with consideration of the above aspects to uphold the admissible aspect of forensic investigations and reporting.
(Casey, 2011) found that Literally data recovery is a process in which the corrupt data is retrieved from a corrupted digital media when it cannot be accessed in the normal way. This process of salvaging data is easily done on forensic tools.
(Garfinkel, 2010) according to the later, it was found that Data carving is the process of searching for data in the evidences that were deleted from the machine’s file systems. To do this, identify the file headers and the footers in the unallocated groups;
On the tool UI, navigate to the top left and click on the add evidence tab,
Using the HEX mode of view ,position the mouse cursor from the desired point where the carving should begin the right click on the HEX view icon and choose set selection length.
Right click the highlighted section then save.
Evidence analysis in computer forensics is a comprehensive process from acquisition of the evidence through carving, image creation, data recovery to the admissibility of the evidence acquired as documented by (Taylor,Fritsch,and Liederbach, 2014)To see this a success the machine needs to have VMware player in this case VMware workstation 14 is used.
Evidently the major vital face of effective and efficient computer forensic investigations and analysis are vigorous, well elaborated strategy for collecting proofs. Explicit publication is required ealier to, in the event of, and after the collection procedure; elaborated data should be noted and stored, comprising all hardware and software specs, any set ups used in the analysis procedure, and the set-ups under investigation. This is the step in which the policies relating to preservation of the integrity of likely proofs are mostly usable. In totality steps for storing proofs comprises of: the physical detarching of preservation gadgets, by use of regulated boot CDs to gain the delicate data and making sure of the relevancy of functionality, and taking suitable guidelines to duplicate and transmitt evidence to the investigator’s system.
Acquiring evidence must be accomplished in a manner both deliberate and legal. Being able to document and authenticate the chain of evidence is crucial when pursuing a court case, and this is especially true for computer forensics given the complexity of most cybersecurity cases.
The field of computer forensics investigation is developing, specifically as law implementation and legal parties comes to an understanding just how important information technology (IT) professionals are in the matters to probe steps. With the growth of cyber-crime, tracing crime online activities has become vital for safeguarding personal citizens, alongside preservation of real-time activities in general public security, national safety, administrators and law implementing. Tracing digital activities permits forensic scientists to link cyber communications and digitally-preserved data to physical proofs of unlawful activities; computer forensics gives a way to scientists to put to public premeditated unlawfull motives and may help in the obstruction of coming cyber offenses
Whether concerned to ill cyber activities, unlawful plan or the motive to do a crime, digital proof could be highly sensitive. Cyber-security professionals understands the importance of these facts and respect the fact that it can be easily altered if not keenly taken and safeguard. For this goal, it is important to lay down and adhere to strict steps and guidelines for actions concerned with computer forensic probing. Such guidelines can comprse of elaborated stipulations on when computer forensics scientists are allowed to acquire likely digital proof, how to keenly set up systems for proof acquisations, where to put any gained proofs, and how to note these actions to aid making sure the validity of the evidence.
Law implementation bodies are growing rapidly dependant on chosen IT sections, which are staffed by periodical cyber-security experts who find out relevant investigative rules and come up with vigorous teaching sessions to make sure best activities are adhered to in an appropriate way. Additionally, putting up stern steps for forensic procedures, cyber-security sections should also set up protocols of administering for all digital activities in an enterprise. This is very important to safeguarding the information infrastructure of law implementation bodies.
Additionally, publicating information relating to hardware and software specifications, computer forensic analysts have to keep a valid record of all activities related to the probing, comprising of all methodology used for testing system relevancy and functioning and gaining, duplicating, and preserving data, together with the necessary measures taken to collect, analyse and validate evidence. Thisdoes not only depict how the integrity of operator information has been preserved but also it makes sure proper guidelines and steps have been followed by all involved individuals. As the goal of the whole procedure is to collect evidence that can be tabled as concrete evidence in a court of law, investigator’s failure to keenly note down his or her procedure could interefere with the validity and the integrity of that proof and in the long run, the case itself.
For computer forensic analysts, evry step concerned with a given case must be explained in details in a digital form and preserved in properly secured storage devices and data archives. This aids to make sure the truthfullness of any report on the findings report by giving way to the cyber security professionals to show exactly the actions that happen in terms of when, where, and how evidence was collected. This again permits for proffesionals to affirm the authenticity of proofs by comparing the investigator’s digitally encorded data to the dates and times when this data was retrieved by most likely culprits through external channels.
Network forensic is a branch on its own in the field of forensics and is related the monitoring and the analysis of the computer network traffic for the sole purpose of gathering information, legal evidences or even breakage detection. Network forensic is concerned with volatile and ever-changing traffic information. In general, network forensic is used in two ways, one is in relation to security which comprises of active monitoring of a network for unusual traffic and intruder identification. The intruder may be able to delete all the log files on unsecured host. In its second use, is in the law implementation after the capturing or identification of the intruder, the victim can sue the suspect or rather seek legal help from the authorities.
From the name network forensics, it is evident that this is internet related kind of forensic study. The pcap file is a wireshark capture of a live session of client-server operation over the internet.
The field of computer forensic is rapidly growimg as a discipline in the IT and the field of security and the. The use of computer forensic is almost inevitable as far as security is concerned bearing in mind the ever-advancing technology and security threats respectively. Following this gap in the legal systems and the IT world, more attention and resources have to be invested in the forensic technology to improve the effectiveness of the technology as far as law enforcement is concerned.
References:
Luttgens, J.T., Pepe, M. and Mandia, K., 2014. Incident response & computer forensics. McGraw-Hill Education Group.
Nelson, B., Phillips, A. and Steuart, C., 2014. Guide to computer forensics and investigations. Cengage Learning.
Solomon, M.G., Rudolph, K., Tittel, E., Broom, N. and Barrett, D., 2011. Computer forensics jumpstart. John Wiley & Sons.
Dykstra, J. and Sherman, A.T., 2012. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9, pp.S90-S98.
Kubi, A.K., Saleem, S. and Popov, O., 2011, October. Evaluation of some tools for extracting e-evidence from mobile devices. In Application of Information and Communication Technologies (AICT), 2011 5th International Conference on(pp. 1-6). IEEE.
Ahmed, M., 2018. Towards Fact-Based Digital Forensic Evidence Collection Methodology.
Bhawar, K.A. and Vyawahare, D.G., 2015. Study of Cloud Forensic.
Mylonas, A., Meletiadis, V., Tsoumas, B., Mitrou, L. and Gritzalis, D., 2012, June. Smartphone forensics: A proactive investigation scheme for evidence acquisition. In IFIP International Information Security Conference (pp. 249-260). Springer, Berlin, Heidelberg.
Mislan, R.P., Casey, E. and Kessler, G.C., 2010. The growing need for on-scene triage of mobile devices. Digital Investigation, 6(3-4), pp.112-124.
Garfinkel, S.L., 2010. Digital forensics research: The next 10 years. digital investigation, 7, pp.S64-S73.
Casey, E., 2011. Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.
Quick, D. and Choo, K.K.R., 2013. Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), pp.1378-1394.
Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice Hall Press.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download