User Account

All Pages

Forensic tools used by computer forensics examiners

Assignment Help Basic Computer Science
Reference no: EM131233410

This week you are reading and watching about the forensic tools used by Computer Forensics Examiners. While the two most popular tools are Guidance Software's EnCase and AccessData's FTK, there are other tools that are available and should be part of your toolbox. Once you have properly identified and collected digital evidence, the next step is to analyze it. It does not really matter if you are performing analysis as part of a criminal investigation or as part of a corporate investigation; you should always follow the same protocols. An emphasis in this course is on helping you understand why using an analysis protocol is important. Remember, you should NEVER, EVER work on original evidence, if it can be avoided by any means; instead, use a forensic image. When you work on the image, you pick the tools you will use. Again, it does not matter which tool you actually use, as long as the tool is accepted by the forensic community, and you are able to testify to the tool's validity, as well as the process you used in your examination.

During your analysis, you should document every step you take and all of your findings. Some tools have a report function that works well to capture both the identified data and the date/time of your various analyses. However, this should always be supplemented with your own notes and documentation.

This week, I would like you to discuss why you need to use a write blocker (either hardware or software) in your examinations, whether for a criminal case or a corporate case.

Also, imagine you are a computer forensic examiner receiving a suspect hard disk drive from a detective in your department. The drive was seized properly during a legally executed search warrant. The detective signs the chain of custody log and hands you the drive. Your job is to accept the drive, conduct an analysis, and maintain the drive until trial. Please explain the steps you would take, from receipt until testimony, including the reasons why you would take each step. For example, what would you check for when you sign for the drive on the chain of custody?

Reference no: EM131233410

Questions Cloud

Come up with a vialble replacement solution : You have been asked to research replacement desktops for our Dell Optiplex 755 systems running 4GB of RAM with 500GB of storage. Take time to research this model and come up with a vialble replacement solution.
How much work is done by the air inside : The piston is released, and just before the piston exits the end of the cylinder, the pressure inside is 200 kPa. If the cylinder is insulated, what is its length? How much work is done by the air inside?
What is the companys current wacc : What is the company's current WACC? What would be the cost of floating new 20 year semi-annual bonds? What would be the cost of floating new P/S?
Why shorter term moving average is considered to be a faster : why a shorter-term moving average is considered to be a "faster" moving average and a longer-term moving average is considered to be a "slower" moving average.
Forensic tools used by computer forensics examiners : This week you are reading and watching about the forensic tools used by Computer Forensics Examiners. While the two most popular tools are Guidance Software's EnCase and AccessData's FTK, there are other tools that are available and should be part..
Summarizes the current research on the nervous system : A brief review of the current empirical research regarding the construction of the nervous system and its role in shaping behavior. A discussion of the controversies surrounding research on the nervous system.
Monitoring and control procedures : Monitoring and Control Procedures Be sure to reference your change control processes for your project. I.e. how the project manager identifies and influences the key factors - both internal and external to the project - that impact project scope, tim..
Complement of the sum of words : UDP and TCP use 1's complement for their checksums. Suppose you have the following three 8-bit words: 11010101, 01111000, 10001010. What is the 1's complement of the sum of these words?
Project closeout criteria in the project management : How to do the Project closeout criteria in the project management. 1) "Be sure to focus on activities that take place AFTER customer acceptance of the final deliverables. Describe Project Closeout activities - NOT User Acceptance activities." 2. "Con..

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Problem regarding the joint-cost function

A company produces x units of commodity A and y units of commodity B each hour. The company can sell all of its units when commodity A sells for p=80-10x dollars per unit and commodity B sells for q=100-4y dollars per unit.

  Create a single-entity data model for this list

Modify your answer to A to include entities SENDER and SUBJECT. Specify the identifiers and attributes of entities and the type and cardinalities of the relationships. Explain which cardinalities can be inferred from Figure 5-55 and which need to ..

  Sydney logistics

Sydney's Logistics is a growing business that specializes in providing business services that many small firms do not have the expertise, the space or the resources to handle on their own. These services include warehouse receiving and storage, inter..

  Write an application that prints the following diamond shape

(Diamond Printing Program) Write an application that prints the following diamond shape. You may use output statements that print a single asterisk (*), a single space or a single newline character. Maximize your use of repetition (with nested for..

  Which five google technologies

1. Which five Google technologies would you like to research for your Final Case Studies?

  Calculating missing women for india at birth

Suppose the sex ratio at birth (males born/ females born) is 1.076 in India and 1.059 on average in the developed countries. Suppose the birth rate is India is 25.8 per thousand people. We will calculate how many women go missing at birth (due to ..

  Does the same hold in maekawa''s algorithm

Does the same hold in Maekawa's algorithm?

  Aspects of adam smith concept of the economy

What are main aspects of Adam Smith's concept of the economy? What is the "invisible hand"?

  User enters a negative number or a nondigit number

If the user enters a negative number or a nondigit number, throw and handle an appropriate exception and prompt the user to enter another nonnegative number.

  Why you chose the three points of view

Explain why you chose the three points of view that you did for each world.

  Handling the exception tl

Consider the function fun g(l) = hd(l) : : tl(l) handle Hd => nil; that behaves like the identity function on lists. The result of evaluating g(nil) is nil. Explain why. What makes the function g return properly without handling the exception Tl?

  Most important components of a fully specified enterprise

What are the two most important components of a fully specified enterprise model? Describe the two basic approaches to designing an enterprise model.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd