Description Of The Plan To Conduct The Investigation
This is a very vague final exam, the instructor wants us to make up an investigation that has to do with digital forensics (what we have also learned in class) and have us pretend that we are the investigator.
"It is a case study of an investigation. You need to pretend that you are a digital forensics investigator and investigate the case."
Here are topics we have learned in the class: Barriers and Challenges: Antiforensics, Encryption, and Steganography. Digital Forensic Toolkit and Planning. Digital Evidence Processing, Deleted Files & Partitions, Signature Analysis, Hash Sets. Technical Innovation and Sources of Information: Link and Visual Analysis, Social Media Forensics. Cloud, Organizational, and Big Data Forensics. Internet and Email Artifacts. Mobile Forensics. Communication, Information Sharing, and Interviewing. Game System, Embedded System, and Unusual Environments Digital Forensics. Psychological, Ethical, and Language/Cultural Implications. Social Engineering Forensics & Final Exam .
The recommended length for the final exam is 10 - 15 doubled spaced pages excluding diagrams, illustrations or other addendum. The use of APA formatting is required for any in-text citations and reference list. Please submit ONE document for all answers in Word or PDF, along with the Turnitin originality report, in the Final Exam assignment folder in WebTycho by the due date. I expect the response to immediately follow the question as follows:
Tasking One -- approximately 600 - 1000 words (2 - 4 pages) excluding diagrams, illustrations or other addendum.
Response for tasking one ….
2. Tasking Two -- approximately 600 - 800 words (2 - 3 pages) excluding diagrams, illustrations or other addendum.
Response for tasking two …
3. Tasking Three -- approximately 600 - 800 words (2 - 3 pages) excluding diagrams, illustrations or other addendum.
Response for tasking three ….
4. Tasking Four -- approximately 600 - 800 words (2 - 3 pages) excluding diagrams, illustrations or other addendum.
Response for tasking four …
If you have any questions, please go into my class to see whatever you need to.
umuc.edu
username: sebastiani
password: 3edc#EDC7ujm&UJM
CSEC 661 (this is the class you enter).
Thank you.
Digital Forensics Investigation
Name
Institution
Digital Forensics Investigation
Introduction
The forensic investigation involves the application of digital evidence in the revelation or unearthing of various criminal activities in the court of law. Most law enforcement agencies such as the FBI have developed various sophisticated programs for the examination of computer evidence in criminal cases. Computer forensic investigation process has a diverse influence on the outcome of the investigation of the criminal cases because of the selection of inappropriate investigative procedure culminating into incomplete or missing evidence. There can be inconclusive outcome through bypassing of one step of the forensic investigative process leading to invalid conclusions. It is important for the computer forensic investigator to properly perform their duties as their work is a subject of scrutiny by the judiciary. Various computer forensic investigation models are making some models specific for certain scenarios with some being too general or detailed. It is vital for a forensic investigator to adopt an appropriate investigation model as it is difficult for a junior investigator to be acquainted with a suitable investigative model. There are policies and the procedural developments guiding the computer forensic investigation discipline as the department requires highly trained personnel, funding unit, and the support from management. All the requirements are attained through the development of a comprehensive training program for the investigators, including perfect digital evidence recovery techniques and maximum efficiency. The purpose of this response is to deliberate on the plan, procedure and the process involved in the computer digital forensic investigation.
Response 1: Description of the plan to conduct the investigation
As a part of the investigation team in the capacity of the computer digital forensic expert, my role in the investigation is the preparation of the digital investigative plan to enhance the chronological gathering of evidence including the subsequent forensic analysis of the digital data and electronic. The plan should support and justify the application of the forensic technique and approach required to perform the investigations. There should be availability and the description of the required resources in conducting a digital forensic investigation including the group skill set and required tools. In this phase, there should be an outline of the approach for evidence identification and acquisition that would happen for the preparation of the investigators to review the digital evidence in various investigations. The outline should be scheduled and the steps taken during the analysis phase, making the assumptions in the creation of the genuine investigative description plan (Alawadhi, Read, Marrington & Franqueira, 2015). The phase is the preliminary stage for the digital forensic investigation approach, and a perfect model for the investigators to use in performing their duties is ascertained. It inculcates the four specific stages of a forensic process such as the collection, examination, analysis, and report used in the delivery is possible results of the entire computer digital forensic investigative process. There should be an availability of the digital forensic investigative team required to conduct the specific task and the resources for a successful outcome of the whole process. The technological support well accustomed with the latest information technology trends and the relevant supportive tools should be available. The dynamic methodologies to be used in the investigation are aligned appropriately, according to the particular project or investigation to be conducted. There is incorporating of checks in every step or stage and the existing networks to bring the consolidation of the evidence leading to concrete results.
Response 2: Description for my project plan for conducting an investigation
The total objective of the computer forensic phases such as preservation, identification, extraction, interpretation, and documentation is the detection of computer incident in the identification of an intruder or perpetrators within the court of law. There is an increase in computer crime incidents in the society, starting from the intellectual property to cyber terrorism making the computer crime common. The description of every project plan for performing a forensic investigation is necessary for the analysis, recovery, and the preservation of the computer-related tool such that they can be evident within the court of law. Forensic investigation plans assist in the identification of various forensic digital evidence effectively while estimating the possible influence of criminal activities on the culprits. As a forensic investigator, there must be various essential tools and methodologies used as major components of the disaster recovery in various organizations (Devices, 2015.). Investigators should prepare and play a decisive role in overcoming and tackling of computer incident dealing with forensic investigations. Because of the increasing technical knowledge and computer criminal activities, there should be an appropriate set of methodologies to be used in the existing investigation process. Evidence collected from the computer devices are delicate and can be altered or erased easily and compromised, and a proper technique should be initiated for the process in the plan. The investigator should avail all the forensic tools allowing the investigators to be able to recover the deleted, hidden, and temporary files that might not be easy to be located by the user. An investigator must focus on preliminary areas to collect data such as the standalone computers, workstations, online channels, and the servers. The investigation of the standalone computer stations can be easy to conduct while doing the investigation on the servers and online channel complicated and the investigator must keep proper logs for every investigative phase. An investigator should prepare logs and give them priority and importance, and they are the sources of a lead provider in every forensic case (Rowlingson, 2004). There are various important activities of forensic investigation methodologies that should be incorporated into the investigative plan such preservation, identification, extraction, interpretation, and documentation.
* Preservation: In the preservation phase the investigator must maintain the integrity and originality of the collected evidence. The preliminary evidence of every computer forensic incident should be protected from any modification or damages. The forensic investigator must make a copy or image backup for the original evidence and perform analysis on the image or copy of the initial evidence. The investigator should also use the original evidence and the copy for comparison of any alteration or damage of the existing data.
* Identification: The identification phase is the fundamental stage of every forensic investigation, and the investigator must identify the evidence and its originality. The evidence might be from various digital storage devices such as the removable media, hard disks, and the log files. Every forensic investigator should understand the distinction between the evidence container and the actual evidence necessary for accomplishing and investigation. In the digital computer forensic investigation, identification and location of data and information is difficult and challenging for the investigators. The problem is solved through the various processes of examination, including the log file analyses, keyboard searches assisting in the investigation.
* Extraction: Investigators must extract data after th...