Three best practices in collecting digital evidence from a computers memory and hard drive

Looking for help with an assignment? Connect with an assignment Expert Now!

Research best practices in collecting digital evidence from a computer’s memory and hard drive..

1. Research best practices in collecting digital evidence from a computer’s memory and hard drive.

Assignment Requirements

You have been working for the DigiFirm Investigation Company for several months. The company has a new initiative to continually improve its processes.There is a meeting scheduled for next week to talk about best practices in collecting digital evidence, as well as to fill in gaps in the company’s procedures manual.Organizations such as the National Institute of Justice and the FBI offer up-to-date recommendations on best practices, as do a number of reputable digital forensic resources.For this assignment:

1. Research best practices in collecting digital evidence from a computer’s memory and hard drive.
2. Briefly describe three significant best practices.
3. Describe a legal hold and its purpose.
4. Briefly describe a procedure for capturing video of a crime scene.
5. Describe the significance of recording a computer’s time offset.
6. Describe three best practices to follow when interviewing witnesses.
7. Describe what to take screenshots of during an investigation.
8. Create an electronic presentation for the meeting that highlights your findings.

Required Resources

• Course textbook
• Internet access

Submission RequirementsFormat:Microsoft PowerPointFont:Slide headings: Arial 32 pt; Slide body: Arial 32 pt (no less than 20 pt for smaller text)Citation Style:Your school’s preferred style guideLength:12 to 15 slides

Research best practices in collecting digital evidence from a computer’s memory and hard drive.

Total price (USD) $: 10.99

At Online Writing Help, we get lots of students asking us, “Can you help me write my essay for me?” and for sure our answer is always a big YES! Writing a proficient essay requires quite alot in terms of :

• Qualitative research from recent materials and research
• Compiling valid arguments and backed up theoretical perspectives
• Writing, editing & proofreading
• proper citation and so much more

At Online Writing Help, we understand that writing such a paper requires more than the time, effort and an understanding of concepts learned in class. Our College Essay Help Online service incorporates all these to develop a custom written paper from scratch from our pool of professional writers. You need not fear anymore about asking us for help with essay.

Our winning strategy is founded on having a great team of writers, editors & support team. whether you need help with a discussion board assignment, responses, quiz & exam, final paper, case study and so much more, we got you covered!

The vast majority of students who seek online writing service are always enamoured due to the many benefits they can get from us. We simply make your college life easy and leave you with more time to do your other stuff like working part time. Working with homeworktutorlib.com gives you a great experience through letting off all your writing baggage.

Why Choose us?

w

Our customer support are remotey available to help with all your queries

U

We have quality assurance team to ensure you get quality work. We use control tools to ensure quality work



At homeworktutorlib.com, we do not turn down any assignment



We have competitive rates matched with quality work. We also give regular discounts for new and return clients

}

Our active writers are more than enough to handle all your writing needs

Z

More than 90% Return rate from our clients. We are five star rated across varied platforms

Z

We understand what your grade means and our QA team is here to ensure that for every paper

As the realm of the Internet, Technology, and Digital Forensics constantly expand, there is a need for you to become familiar with the ways they contribute to preserving digital evidence. The fundamental importance of digital evidence preservation is quite clear. Through this article, we want to highlight the necessity to follow a series of steps in order to preserve digital evidence, as even a small inattentive move could lead to a loss of evidence and the break of a case.

In this article, we will be covering the following topics:

1. Top 11 Critical Steps in Preserving Digital Evidence.
2. Details You Should Plan To Share.
3. Three Methods to Preserve Digital Evidence.
4. Problems in Preserving Digital Evidence.

Let’s start discussing each section in detail.

Top 11 Critical Steps in Preserving Digital Evidence

In this section, we will be discussing the critical steps that need to be followed to prevent loss of data before bringing to the forensic experts. Time is highly important in preserving digital evidence.

1. Do not change the current state of the device: If the device is OFF, it must be kept OFF and if the device is ON, it must be kept ON. Call a forensics expert before doing anything.
2. Power down the device: In the case of mobile phones, If it is not charged, do not charge it. In case, the mobile phone is ON power it down to prevent any data wiping or data overwriting due to automatic booting.
3. Do not leave the device in an open area or unsecured place: Ensure that the device is not left unattended in an open area or unsecured area. You need to document things like- where the device is, who has access to the device, and when it is moved.
4. Do not plug any external storage media in the device: Memory cards, USB thumb drives, or any other storage media that you might have, should not be plugged into the device.
5. Do not copy anything to or from the device: Copying anything to or from the device will cause changes in the slack space of the memory.
6. Take a picture of the piece of the evidence: Ensure to take the picture of the evidence from all the sides. If it is a mobile phone, capture pictures from all the sides, to ensure the device has not tampered till the time forensic experts arrive.
7. Make sure you know the PIN/ Password Pattern of the device: It is very important for you to know the login credentials of the device and share it with the forensic experts, for them to carry their job seamlessly.
8. Do not open anything like pictures, applications, or files on the device: Opening any application, file, or picture on the device may cause losing the data or memory being overwritten.
9. Do not trust anyone without forensics training: Only a certified Forensics expert should be allowed to investigate or view the files on the original device. Untrained Persons may cause the deletion of data or the corruption of important information.
10. Make sure you do not Shut down the computer, If required Hibernate it: Since the digital evidence can be extracted from both the disk drives and the volatile memory. Hibernation mode will preserve the contents of the volatile memory until the next system boot.

Details You Should Plan To Share

For the evidence to be professionally acquired by forensics investigators, the device is either seized or a forensic copy is created at the site of the “crime” scene. Key Points to remember to speed up the process of preserving digital evidence and ease out the process for the authorities:

• Prepare your self to share your authentication codes like screen patterns and passwords.
• You may also need to share the device manuals, chargers, cables.
• Device interactions will the Internet can also be analyzed to build a complete and most appropriate picture of overall activity.
• Have ownership of the device that you plan to submit to the police. In case you do not have the authority or you’re not voluntarily submitting the device, then, in that case, Police may need to seize the device under their lawful powers.
• It is easier to share external memory storage than your devices with the police instead of giving your phone away every time, so it is recommended that you have an external memory configured for your phone.
• Regularly back-up your phone data and retain copies of these back-ups for future use. These will help you restore another handset or your phone if needs be at a later today, and also can help to log a trail of incidence.

Three Methods To Preserve a Digital Evidence

In this section, we will discuss three methods that can be used by forensics experts to preserve any evidence before starting the analysis phase.

1. Drive Imaging: Before forensic investigators begin analyzing evidence from a source, they need to create an image of the evidence. Imaging a drive is a forensic process in which an analyst will create a bit-by-bit duplicate of the drive. When analyzing an image forensic experts need to keep in mind the following points:
   • Even wiped drives can retain important and recoverable data to identify.
   • Forensic experts can recover all deleted files using forensic techniques.
   • Never perform forensic analysis on the original media. Always Operate on the duplicate image.

   A piece of hardware or software that helps facilitate the legal defensibility of a forensic image is a “write blocker”, which forensic investigators should use to create the image for analysis.

2. Hash Values: When a forensic investigator creates an image of the evidence for analysis, the process generates cryptographic hash values like MD5, SHA1, etc. Hash Values are critical as:
   • They are used to verify the Authenticity and Integrity of the image as an exact replica of the original media.
   • When admitting evidence in the court, hash values are critical as altering even the smallest bit of data will generate a completely new hash value.
   • When you perform any modifications like creating a new file or editing an existing file on your computer, a new hash value is generated for that file.
   • Hash value and other file metadata are not visible in a normal file explorer window but analysts can access this information using special software.

   If the hash values of the image and the original evidence do not match, it may raise concerns in court that the evidence has been tampered with.

3. Chain of Custody: As forensic investigators collect media from the client and transfer it, they should document all the steps conducted during the transfer of media and the evidence on the Chain of Custody (CoC) forms and capture signatures, date, and time upon the media handoff. It is essential to conduct CoC paperwork due to the following reasons:
   • CoC demonstrates that the image has been under known possession since the time the image was created.
   • Any lapse in the CoC nullifies the legal value of the image, and thus the analysis.
   • Any gaps in the procession record like any time the evidence was left unattended in an open space or an unsecured location are problematic.

Problems in Preserving Digital Evidence

In this section, we will discuss a few problems that are encountered while preserving evidence.

• Legal Admissibility: The highest risk is legal admissibility, If the evidence of a crime is a piece of digital media, it should be immediately quarantined and put under the CoC – an investigator can create an image later.
• Evidence Destruction: If in case, threat actors have installed an application on a server, the future forensic analysis will rely on the application being available and not deleted from the system.
• Media is still in Service: If the media is still in service, the risk of vital evidence destruction grows with the amount of time that has elapsed since the incident took place.

References– https://en.wikipedia.org/wiki/Digital_evidence

What are the three methods to preserve digital evidence?

What are the four steps in collecting digital evidence?

What are the best practices when conducting forensic investigations?

What is digital evidence provide three examples of digital evidence?