Reference no: EM132371561
Forensics Data Acquisition And Analysis
Assignment
Forensics Data Acquisition and Analysis is a methodological approach of preparing for an investigation, collecting and analysing digital evidence. This require investigator to have a good hands on experience of various digital forensics tools, hardware, software, Files and file systems, Operating systems and Networking. When collecting information computer forensic specialists must keep in mind the lifespan of the information, the importance of collecting evidence quickly, and the need to collect information at the bit level. They should know how to obtain evidence from hidden or deleted data and cope with counter-forensics activities that are designed to conceal the perpetrator's location, actions, or identity. Examples of counter-forensics include destruction/deletion, hiding, encryption, fabrication and falsification and file system alteration.
It is highly recommended that first responders must make a backup copy of any logs, damaged or altered files, and any files left by the suspect. If investigators arrive while the incident is in progress, they should immediately activate auditing or recording software. Investigators should work with a copy of the hard drive, not the original.Today, cybercrimes involve white-collar crimes, counterintelligence, economic espionage, counterfeiting, Identity theft, cyberstalking, Internet Fraud and cyberterrorism. Without proper documentation, a forensic specialist has difficulty presenting findings and courts are unlikely to accept investigative results. This methodology includes strong evidence-processing documentation and good chain-of-custody procedures.
You are hired as a junior forensics examiner by a UK based firm called Digital Eye (DE). The company provide new joiners training to forensics data acquisition and analysis process in their state-of-the-artforensics' lab located in suburbs of London. Your role is to conduct number of forensics experiments before you could be signed off for a field work and should include tasks below.
Assignment tasks and deliverables
This is not anexhaustive list of tasks and provide opportunity to explore more innovative digital crime investigations if required.
• Recovering deleted file from the evidence
• Generating hashes and checksum files
• Calculating the MD5 value of the selected file
• Viewing files of various formats
• Handling evidence data
• Creating a disk image file of a hard disk partition
• Analysing hard disk and investigating file systems
• Creating forensics images using AccessData FTK Imager
• Defeating Anti-forensics - cracking application password
• Analysing files hidden using steganography
• Discovering and extracting hidden forensic material on suspected computer using OSForensics
• Investigating processes using Windows Process explorer
• Analysing Events Logs
• Analysing Volatile Data in Linux Systems
• Network Forensics
• Email Forensics
• Web Attacks
Student need to perform at least 2 investigations. All finding from each should be complied in to a single report with walk through snippets of investigation carried out and commentary to provide critical evaluation of their tasks.
The report should follow the structure below.
1. Computer Emergency Response Team (CERT): a comprehensive plan to establish a CERT team for Digital Eye (DE). [no more than 300 words]
2. Expert Report: examples of what should be covered include (but not limited to) a suitable cover page; summary; expert witnesses, tools used, methodology and procedures; complete statement of all opinions and conclusions; supporting facts and data; witness CVs. [no more than 600 words]
3. Appendix 1 - Reflective Report: must produce a brief individual report to reflect on his/her role and challenges faced (if any). You could focus on limitations, errors or things that could have been done differently. [no more than 50 words per person]
4. Appendix 2 - Table of contribution: to show which tasks/sections was done by whom.
5. Appendix 3: Any other relevant material e.g. forms, templates