Saturday, November 16, 2019
Digital Forensic Methodology and Strategy
Digital Forensic Methodology and Strategy Introduction Digital forensic can be described as the cyber security mostly used to secure to identify, preserve, analyze and present digital data evidence in the manner it will be legally acceptedà in any legal process. Digital forensic is mostly applied in recovering that involves investigation of materials on a digital media platform and network. (Britz, 2013 ) This forensic uses the method of scientific researchà à where the evidence is mostly grounded on the fields of forensic science. The certification of the forensic science requires a code of conduct of neutral and decent approaches to examinations.à This digital forensic has a good history since it was discovered by the original people who saw the need to protect the data in any digital gadget. It is estimated to be over 40 years old with the first gadget making the first show up around 1970. This was due to a demand made by the community to the court of law. The first claim was about finance which was done using a computer. The hackers used the computer to steal money hence there was a need to come up with a strategy.à The hacking does not only involve stealing but also getting access of the information from a computer without the authority from the owner. In 1980s, training courses for digital forensic were developed aimed at equipping the learner with the knowledge of forensics. Organizations such as Certified Fraud Examiners, High Technology Crime Investigational Associations (HTCIA) among other digital forensic companies were formed to deal with those frauds. (Britz, Digital Forensics and Cyber Crime, 2010) Currently, there are so many courses in the universities to offer degrees in the fields such as computer forensics and also digital investigations. In those early days, forensic tools like MACE and Norton came up with the basic resurgence abilities such as unformat and undelete, the investigation was under individual stationed in a specific workstation. (Janczewski, 2010) Today some software have been formed to do the same and effectively. Government has come up with the standardization of the same as from 1984. On the same year, the FBI came up with a structured body, Computer Analysis Response Team (CART), assigned with the responsibility of examining the evidence as per the law. Digital forensic methodology Obtaining authorization for investigation. There first methods involve getting authority so as one can start the investigation. This is so because nobody can allow one to enter into another without permission, once the permission is granted, the investigations kick off. The person mandate to do the investigation must be experienced with the full knowledge of the forensic investigation and examining. The investigation will be carried out clearly and the fraud should be met and amended. The investigator also is expected to use the current methods of digital forensic due to rapid growth in the technology, meaning advanced methods should apply. Determining evidence locations After investigation, the investigator will provide the evidence locations. This means that the investigator will determine where the location at which the fraud has occurred, then go to those places and find out what might have happened. Different locations will contain different kinds of frauds; this will lead to different kinds of locations. (Dawson, 2015) Each evidence will also contain different measure of resolving it. Digital forensic differ from one country to another and the measure taken to deal with such frauds is still different. The evidence depending on the locationà will alsoà entail different kind of data which will call for a specific way of investigating it. The location also will contain different kind of population which will mean that that population has a certain way of dealing with the forensic frauds. Determining and confirming techniques to find and interpret significant data In this method, the investigator is required to validate techniques to find and interpret significant data. There are so many techniques used to determine find data and consequently interpret the same data. Some techniques used are, histogram, random number generation, descriptive statistics and many others. When the data has been found, then it is interpreted using different methods. The forensic data will differ from one fraud to another and also from one location to the next.à The collected data which is well analyzed will give the best result. Summarize and provide explanation of conclusions After doing all what is required, the data summarized and the conclusion is provided. The investigator of the fraud makes the explanation and it should be correct without any mistake to avoid wrong conclusion. Depending on the nature of the fraud, the explanation given should provide a clear answer of what might have gone wrong. (Gladyshev, 2015) The data must be given correctly for the future reference if need be. As per the client, the explanation can be taken to the court of law alongside the sampled data as the evidence. The importance of using forensic tools to collect and analyze evidence. Many organizations have adopted forensic tools and have achieved many things. Forensic tools have collected protected and analyzed digital evidence and applied it where applicable. Can be in legal matters, disciplinary matters or even in employment tribunals. The forensic tools have been useful in the following circumstances; It has been useful in disputed transactions in an organization. Widely used in allegations pertaing to employee misconduct Used to show legal and regulatory compliance Widely used in a court of law to assist in law enforcement investigations Supporting insurance claims when a loss occurs in an organization. It is a tool to meet disclosure requirement in civil claims. Hashing in the context of digital forensics Hash values are used in cases of the electronic evidence.à Mostly used in the examination of process of computer forensics. The hash values are used to make sure that the original copy is not altered. During the process, an image is made of the original.à (Bossler, 2014) The original hard drive will be taken as a hash value also. The examination is done before the hash value is taken. In the case where the values are the same the copy is treated as the original while where the values are different, then the copy is put in a question. As the examination is concluded, a third value s commonly taken. The three hash values which include, original hard drive, imaged hard drive before the examination and imaged hard drive after the examination, must match. Again the hash values can be used in the court of law to validate evidences In another circumstances hash value can be used in discovery process. The discovery process where the hash value has been mostly applied is in court of law. How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Avoid contamination of the data- the specimen /data collected should be original and not contaminated with other materials. (DeFranco, 2014) Handle appropriately-make sure that the data collected is packed, stored and ferried correctly. Label accurately-the evidence collected should be labeled correctly to avoid confusion such that even if there can be any claim, it can be clearly produced. Ensure total security- the evidence which has been collected should be secure and tamper proof Maintain continuity-handling of the evidence should be recorded, also when the evidence pass from one person to another should also be recorded, this maintenance will ensure that the evidence is purely maintained. Why and how is this important to prove in a court of law? The collected data as per the explanation above is original. It can be proven in the court of law because there will be a full evidence that the evidence was well maintained. References Bossler, A. M. (2014). Cybercrime and digital forensics : an introduction. New York: Routledge. Britz, M. (2013 ). Computer forensics and cyber crime : an introduction . Boston: Pearson. Britz, M. (2010). Digital Forensics and Cyber Crime. Berlin: Springe. Dawson, M. (2015). New threats and countermeasures in digital crime and cyber terrorism . Hershey: An Imprint of IGI Globa. DeFranco, J. F. ( 2014). What every engineer should know about cyber security and digital forensics. Boca Raton: CRC Press. Gladyshev, P. (2015). Digital Forensics and Cyber Crime . Heidelberg: Springer. Janczewski, L. (2010). Cyber warfare and cyber terrorism. Hershey: Information Science Reference.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.