Computer-related technology has become one of an integral part of everyday human life. Moreover, it has been seen that in the present time it is growing rapidly apart from that due to the rise of computer technologies there are various crimes which have been evolved with this kind of Technologies such as financial fraud unauthorised intrusion, there are multiple causes related to identity theft as well as intellectual theft. It is necessary to counteract those computer-related crimes, and for that computer forensics plays an essential role as it involves various kind of Data Collection as well as analysing Digital information use it as evidence in those cases.
It has been seen that there is no single digital forensic investigation model which has been accepted universally; every model has focused on a particular on which the law enforcement works appropriately. It has been seen that there is a basic Digital forensic investigation model, which is known as the fourth step forensic process. this kind of model provides better flexibility than another model so that any organisation can able to adapt any of the suitable models if any situation occurred in the future.
Figure: Forensic Investigation Model
There is the various scope of investigation which is being followed:
Identifying malicious activities with respect to 5Ws
To identify any security lapse in their network
To evaluate the impact if any of the computer or network system was compromised
To identify any of the legal procedures if it’s required
to provide various activities in order to improve their system
There are numerous legal challenges, which may be faced by the forensic team, which are as follows:
Required and written permission to conduct the forensic investigation unless there is other response authorisation procedure has been implemented
To identify the potential issues that can be raised during the improper handling of the investigations which need to be discussed with the legal advisor
Determining if there is any law enforcement assistant is required and it should be available if there is any case of assistance
Gather all the information required to evaluate the incident
Identify the impact of the investigation on the business
Gathering information related to network or computers for any kind of data breach
Finding an external storage device such as a pen drive or flash drive
Identifying various forensics tools that can be used in the investigation
Documenting all the activities of investigation
Imaging the target device for Data integrity
Collection phase is one of the first phases of the in which the investigator will identify label record as well as required data from relevant sources by following proper guidelines and procedures. Two Types of data will be collected that will be e volatile data and non-volatile data.
If the investigator is able to gather all the evidence, it is required to conduct and proper analysis with the help of Digital forensic investigation tool. Apart from that, there will be an examination of file system Windows registry as well as various database forensic examination.
File System Examination
MFT, which is known as the master file table, also contains various information related to the files and disk. Moreover, the data which records in MFT, also known as metadata. if any users try to delete the data stream and user can retrieve the file by providing a specific command
Windows Registry Examination
Windows registry contains various information related to volatile and non-volatile. This means an investigator must be familiar with each of the functionalities of Windows registry before undergoing any investigation. while investigating any USB removable storage it is required to have proper knowledge related to Windows registry. It has been seen that all the devices which have been connected to the computer will maintain in a computer registry under a specific key “HKEY_LOCAL_MACHINE\System\ControlSet00x\Enum\USBSTOR”. Moreover, by using the highest in the mounted drive, the investigator will get a clue after analysing the device ID content which has been maintained by the registry to know which device has been mounted in the organisation.
It is required to analyse all the evidence which has been gathered and examine. Will look into the data to see any hidden files or an unusual file which has been presented or not. If there is a necessary process which has been run by the suspected employee, the investigator will look if any application has made a request which is unusual. Investigative later will create a for the strategy for Digital forensic investigation like complete analysis of memory, analysis of file system as well as timeline analysis.
After the investigation will do them in will provide a summary of the results. In which the investigator will provide information related to the identification of the attacker, persistent remote access to any of the company's computer. Forensic analysis will help the investigator to provide better evidence related to the system which has been compromised. If the attacker compromises some of the arrangements with the help of removable storage, then any of the suspected Malware will be found. moreover, the investigator will be determined that the attacker had proper access to the client system with the help off USB storage or any Malware by providing any kind of appropriate website link for or and payment gateway
The investigator will suggest various measures that could be used to reduce the attacks made by the people in order to gain an advantage. Moreover, the investigator will suggest providing better training that will help to increase network security.
At last, the investigator will provide and Digital forensic report that will highlight various evidence to the company moreover it will help for gathering more evidence that can be used in the time of company hearings or it can be used in court hearings.
Based on the above section, it can be concluded that a proper investigation plan should be conducted with appropriate Digital forensic investigation and Manual investigation by various methods as well as by multiple tools. Moreover, with the help of forensic investigation model, the investigator will conduct the research. Apart from that, it is necessary to prepare the initial steps before starting the investigation
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Digital Forensics Assignment Help
5 Stars to their Experts for my Assignment Assistance.
There experts have good understanding and knowledge of university guidelines. So, its better if you take their Assistance rather than doing the assignments on your own.
What you will benefit from their service -
I saved my Time (which I utilized for my exam studies) & Money, and my grades were HD (better than my last assignments done by me)
What you will lose using this service -
Unfortunately, i had only 36 hours to complete my assignment when I realized that it's better to focus on exams and pass this to some experts, and then I came across this website.
Kudos Guys!Jacob "
Proofreading and Editing$9.00Per Page
Consultation with Expert$35.00Per Hour
Live Session 1-on-1$40.00Per 30 min.
Doing your Assignment with our resources is simple, take Expert assistance to ensure HD Grades. Here you Go....