Computer Forensic Essay Sample
- Word count: 884
- Category: computer
A limited time offer!
Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
Computer Forensic Essay Sample
Instructions: There are multiple parts to this assignment. Carefully read each section and type your answer in the space provided. Complete each part of this Homework Assignment to receive full credit.
Part 1: Investigation Web Sites
Chapter 4 in the textbook contains links to several web sites which are important to understanding computer investigations. In this section, list the web sites discussed in the chapter and include their Internet links along with a brief description of what is contained at each of these sites.
Expert Computer Forensic Analysis:
Specialized techniques for data recovery, evidence authentication and analysis of electronic data far exceeding normal data collection and preservation techniques www.afflib.org
The Advanced Forensics Format (AFF®) and AFF Library (AFFLIB®) are a joint development project of Simson L. Garfinkeland Basis Technology Corp. The AFF and AFFLIB may be used royalty free and without limitation. Technology that incorporates the AFFLIB must acknowledge this fact and note that the technology copyright agreement. www.basistech.com/digital-forensics/aff.html
Whether you need to ask an occasional question to feel secure with your chosen open source tools or a team of forensic experts for an unusually challenging digital forensic investigation, Basis Technology has a wide range of solutions and services to address each need. Commercial support for open source digital forensic tools combines the flexibility of open source tools with the dependability of commercial support. Custom development solutions build custom forensic software for organizations with specialized needs. Professional services supplement in-house expertise and resources, research solutions to tough problems, or provide specialized training
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for several seconds after power is lost, even at room temperature and Even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufﬁciently for malicious (or forensic) acquisition of usable full-system memory images
Part 2:Acquisition Tools (Case Project 4-1)
Your supervisor has asked you to research current acquisition tools. Using your preferred Internet search engine and the vendors listed in this chapter, prepare a report containing the following information for each tool and stating which tool you would prefer to use:
* Computer forensics vendor name
Technologies Pathways ProDiscover
– Guidance Software EnCase
– X-Ways Forensics
– Runtime Software
– R-Tools Technologies
* Acquisition tool name and latest version number
You can remotely connect to a suspect computer via a network connection and copy data from it Remote acquisition tools vary in configurations and capabilities * Features of the vendor’s product
With ProDiscover Investigator you can:
– Preview a suspect’s drive remotely while it’s in use
– Perform a live acquisition
– Encrypt the connection
– Copy the suspect computer’s RAM
– Use the optional stealth mode
ProDiscover Incident Response additional functions
– Capture volatile system state information
– Analyze current running processes
Remote Acquisition with EnCase
Remote acquisition features
– Remote data acquisition of a computer’s media and RAM data
– Integration with intrusion detection system (IDS) Tools
– Options to create an image of data from one or more systems – Preview of systems
– A wide range of file system formats
– RAID support for both hardware and software
• R-Tools suite of software is designed for data recovery
• Remote connection uses Triple Data Encryption
Standard (3DES) encryption
• Creates raw format acquisitions
• Supports various file systems
– Disk Explorer for FAT
– Disk Explorer for NTFS
• Features for acquisition
– Create a raw format image file
– Segment the raw format or compressed image
– Access network computers’ drives
Place your response to Part 2 here.
Part 3:My Investigation (Case Project 4-5)
You’re investigating a case involving a 2 GB drive that you need to copy at the scene. Write one to two pages describing three options you have to copy the drive accurately. Be sure to include your software and media choices.
A log should be kept of who has had access to the drive including names, affiliations, and dates. After obtaining the drive, it should be placed in a secure container and a custody for should be filled out. A secure drive that is bigger than 2GB should be obtained in order to make the proper copy image of the original. The computer forensics will also need to note the kind of drive you are copying so that you have the proper cables/ports to connect the disk to your forensic PC. Copying this drive may take some time so it is essential to have a secure work area to perform the copy.
I would then use my forensic software to make a bit stream copy of the drive. For safety reasons, I would appoint a key padlock and also a key custodian, stamp sequential numbers on each duplicate key, maintain a registry listing which key is assigned to which authorized person, also conduct a monthly audit, take an inventory of all keys, place a key in a lockable container and maintain the same level of security for keys as for evidence containers and change the locks and keys annually so I know the only limited number of people that have access to the data. Moreover, I will ensure proper communication is held with the legal counterpart on all parts of the investigation, key words to be used and other desired principles. I will arrange for a lawyer to see the results in the preferred presentation.