Toll free: 1(888)535-9541
Call us:   1(480)477-9127
Get a free quote
Order your paper
Customer login
 
 
← The Sperry/MacLennan Architects and Planners CasePoems and Short Stories →
Live Chat

Custom The Process of Gathering Forensic Evidence essay paper sample

Buy custom The Process of Gathering Forensic Evidence essay paper cheap

A digital forensic investigation is conducted in a manner that parallels physical police investigation. The digital crime scene consists of hardware and software that hold clues to solving a digital crime. The process of conducting a digital investigation requires first the formulation of hypotheses. It is these hypotheses that are tested to give us information about the state of the computer. The process is done in a scientific manner in order to get concrete information from the digital data. The digital evidence lies in the hardware and software of the computer under investigation and it is up to the investigator to successfully extract it. Digital evidence refers to the data that is used to prove or discredit the hypotheses formulated in relation to the investigation (Carrier, 2006). The digital forensic investigation process is divided into three main general steps namely; system preservation, searching for evidence, and reconstruction of events.

System preservation phase

This is the first step in the investigation process and it is aimed at preserving the state of the digital crime scene. The whole purpose of this step is to reduce the amount of data that may be overwritten or lost. It depends on the legal or operation requirements of the investigation and may involve unplugging the system and making a full copy of all data for preservation. A dead analysis is done by running trusted applications in a trusted operating system to find evidence. All processes are terminated by turning off the system then making copies of all data. One can also prevent evidence from being overwritten by using write blockers. In a live analysis, the suspect processes can be terminated or suspended, then the network cable is unplugged. Alternatively, network filters can be used to prevent the deletion of the files from a remote server. To confirm that the preserved data does not change, a cryptographic hash is calculated on the data from the live or dead analysis. This is a mathematical formula that generates a large number based on input data. If it changes later, it is an indication that the data has been tampered with.

Evidence searching phase

This process starts by searching the common locations related to the type of incident involved. In the course of investigations, the search is done both for evidence in support of the hypothesis, and evidence to refute the same. The process involves defining what to look for, and where to look for it. Most of the search is done in a file system and inside files. This can be done by looking for keywords inside the content of the files or looking for file names or patterns in their names. Files can also be searched by looking for the time they were written or accessed. Searching for files based on their signatures enables them to be found even after their names have been changed, while hash databases can be used to find files that are known to be good or bad. When conducting network data analysis, a search is done on all sources from a particular source address, or on all packets going to a specific port. Keywords can also be used to find packets containing them.

Events reconstruction phase

Once the evidence has been gathered, it is used to reconstruct the events that occurred in the system to determine the actual of the crime. The reconstruction phase allows for the determination of the actual cause of the final event, since the event itself may have come about as a result of several processes, some of which may not be illegal or criminal. The digital events reconstruction phase once done, enables the investigator to correlate the digital events with actual physical events. During reconstruction, the investigator must know about the applications and operating system of the computer under investigation, and use them to formulate hypotheses based on their capabilities (Carrier, 2005). Different events can occur in different operating systems, while one application can cause different events. Once the hypotheses are proven, it should be clear what exactly took place and who is responsible.

Conclusion

A digital forensic investigation is a methodical process that follows well-defined steps. A good investigator must be able to preserve the data from a digital crime scene and extract all evidence available from it. Gathering evidence involves ruling out other possible causes and narrowing down to specific suspect processes or events. The investigator must also make sure he/she follows the law without infringing on the rights and privacy of those under investigation. Laws governing digital forensic investigations include The U.S.A Patriot Act of 2001 which allows for searching and seizing of computers and obtaining electronic evidence in criminal investigations. Other legislation include The Communications Assistance for Law Enforcement Act (CALEA) of 2001. These laws are designed to allow for proper digital forensic investigations while at the same time protecting the rights of citizens.

Buy custom The Process of Gathering Forensic Evidence essay paper cheap

Order Now
Orderhesitating

Related essays

  1. Poems and Short Stories
  2. Insurance Distribution Industry
  3. The Sperry/MacLennan Architects and Planners Case
  4. Supply of Fresh Water in Arid Areas
 
Email:
Password:
Forgot your password?
McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
10+ years experience on
custom writing market
Satisfied returning customers
A wide range of services
6-hour delivery available
100% privacy guaranteed
Professional team of experienced paper writers
Only custom-written papers
Free revisions on request
Constant access to your paper writer
Free extras on request
7 chat / phone operators online at the moment
856 writers active
18454 writers in the database
10 new writers passed exam this week
2066 pages written
646911 words written
8.5 out of 10 current average quality score
Satisfied customers: 97%
I have truly benefited from your writing services and the discount offered by your company :) Kindly send my best regards to the writer. Greetings to the PRIMEWRITINGS team and the best of luck to you all. The results were beyond my expectations. Your service is definitely worth paying for. Cheers.
Moses D., London, UK.
What�s up, guys! Great portion of work, man! Really grateful for your help on Japanese Style Management research. I got the material just in time and just what I needed.
Gwen R., NY, USA.
Though I was not totally pleased with my essay first it was great to see that you have made prompt revisions just the way I wanted. Keep up the good work and I will surely use your services in future.
Pamela, CA, USA
Type of assignment:
Urgency:
Writer level:
Cost per page: ...
Number of pages:
Total without discount: ...
X
15%   Order now