The Process of Gathering Forensic Evidence - Essay Example

THE PROCESS OF GATHERING FORENSIC EVIDENCE College In a computer forensic investigation, there are basically six main stages that are followed in the investigation. The six stages are: 1. Consultancy This is the beginning of the investigation by consulting with clients and the crew that is involved in the forensic study. The whole team comes up with a way to collect, analyze and process data. This is necessary for all stakeholders to be able to know what to expect during the investigation. The main consultancy involves studying the place where the crime took place. In this stage, the experts have to also come up with the exact location of the evidence so that it can be collected. Coming up with the location is very important as it enables the crew to know where to collect the data. 2. Data preservation Electronic data is also fragile like any other type of data so any data that is to be preserved has to undergo a given protocol to make it safe. The expert should ensure that the data is not damaged and that computer virus does not affect the data. This can be done by storing data in a computer that is well protected from any virus and at the same time has a secure system that gives access to only stakeholders who can come up with the password. Data collection Once its location has been known the data has to be collected by the experts. They have to go to the virtually stored data get it and record it in the prepared storage device that had been preserved for its storage and that has minimum potential of destroying the data. When collecting the data various data collection tools are required to enable the process. Data recovery In this stage the data that had been collected is examined and the most important part of it is taken and is used. The other part of the data that was collected is also preserved for future reference. Computer forensic analysis This is the part where the experts sit down and examine the data that had been collected. This is the stage where they are able to know if the data has been tampered with after they have done all this then they have to give the go ahead for the writing of the report. Reports and testimonies This is the stage where the experts come up with the reports and their findings of the forensic evidence that they found. This can help support their clients in a court of law using their findings. Question 2 Yes there is a formal process of securing forensic data below is the characteristics 1. Preparation of the scene 2. Securing the scene 3. Recognition and surveying 4. Documentation of the scene 5. Shielding and communication 6. Collection of volatile evidence 7. Collection of non volatile evidence 8. Preservation 9. Examination 10. Presentation 11. Review Question 3 The laws that govern the collection of data include the following 1. Wiretap act 2. Pen/trap statute 3. Stored communication provisions of the electronic communication act Reference Doherty, E., & Liebesfeld, J. (2008). Proposing a Digital Forensics Grange. Security, 45(5), 32. Lillard, T. Carrier, B. D. (2006). Basic Digital Forensic Investigation Concepts. Retrieved, from the World Wide Web: http://www.digital-evidence.org/di_basics.html Richard-III, G. G., & Roussev, V. (2006). Next-Generation: Digital Forensics. Communications of the ACM, 49(2), 76-80 SANS investigation tools This is a computer hardware toolkit that is used in the performance of very detailed digital examination of forensic evidence. It is built using ubuntu software and is able to combine witness experience to come up with a witness format that is used in hand with advanced forensic format. The software’s that are used to make the device is sleuth kit which is a kit used to make file systems for analysis. The device has the capability of taking fingerprints through a touch screen and storing it in the computer memory. The use of SANS investigation tools This tool helps forensic experts to secure and examine raw data disks. It also has the capability of handling multiple file systems as well as come up with the format for the evidence that has been made. The tool also has the capability of placing strict deadlines to the data and how to work on it. In order to see all visible traffics, the tool is able to network to wirewash which has the ability to support promiscuous mode. The tool is networked to wirewash which has the ability to network, analyze and troubleshoot any problem that is available. The tool also has the capability of implementing its user interface to the required state. Advantages 1. It enables the investigators to get and access physical drives and memory of a computer that is remote on the network 2. It is very useful in cases of intrusions and places where data has been breached 3. It has the capability of a hard drive USB mini adapter 4. It can boot forensic distributions 5. Has the capability of protecting the data that has been collected. Drawbacks 1. It has minimal or no privacy concern on the computer user 2. It is very expensive to get the tool and few are able to afford it 3. It may also lead to data corruption and loss of data at the same time Application SANS tools is used in the extraction of data from local discs that are in a remote network. It can also be networked with another remote computer and used to obtain data from that remote computer. Truescan This is a computer hardware that constitutes frontline pitagora practical response to any printed document. This tool has the ability to scan and analyze passports, banknotes and ID cards within a very short time after only a click. This tool has a mouse like shape and one can easily pass it for a mouse. Use It scans various documents that is considered a security document and analyzes it within a click. It uses infrared radiation to scan the documents and come up with details and specifications of the person who had the documents. Advantages 1. The tool is able to firstly scan a document and reveal the holder of a certain document within a very short time 2. It is small and therefore convenient in travelling purposes to crime scenes 3. It has the capability of storing all the information that has been recorded 4. It has portable infrared light that enables it to be very convenient in the scanning process. Drawbacks 1. It is very expensive to own one of these device 2. The memory of this device is not large enough to hold a lot of data. Application It is used to make scan of documents to determine the holder of the documents. 4. Reference Doherty, E., & Liebesfeld, J. (2008). Proposing a Digital Forensics Grange. Security, 45(5), 32. Lillard, T. Carrier, B. D. (2006). Basic Digital Forensic Investigation Concepts. Retrieved, from the World Wide Web: http://www.digital-evidence.org/di_basics.html Richard-III, G. G., & Roussev, V. (2006). Next-Generation: Digital Forensics. Communications of the ACM, 49(2), 76-80 Read More