Need computer science help with Forensic Examiner

Nov 22nd, 2015
Price: $20 USD

Question description

This week you are reading about some of the forensic tools used by Computer Forensics Examiners (there are many). While two of the more popular tools are Guidance Software’s EnCase and AccessData’s FTK, there are other tools that are available and should be part of your toolbox.

Once you have properly identified and collected digital evidence, the next step is to analyze it. It does not really matter if you are performing analysis as part of a criminal investigation or as part of a corporate investigation: you should always follow the same protocols. An emphasis in this course is on helping you understand why using an analysis protocol is important.  Remember, you should NEVER, EVER work on original evidence, if it can be avoided by any means; instead, use a forensic image. When you work on the image, you pick the tools you will use. Again, it does not matter which tool you actually use, as long as the tool is accepted by the forensic community, and you are able to testify to the tool’s validity, as well as the process you used in your examination.

During your analysis, you should document every step you take and record all of your findings. Some tools have a report function that works well to capture both the identified data and the date/time of your various analyses.  This should always be supplemented with your own notes and documentation.

This week, I would first like you to discuss ‘write blockers’ (hardware- or software-based. What do they do? Why do you need to use a write blocker in your examinations, whether for a criminal case or a corporate case?

Now imagine that you are a computer forensic examiner who has just received a suspect hard drive from a detective in your department.  The drive was properly seized during a legally executed search warrant. The detective signs the chain of custody log and hands you the drive. Your job is to accept the drive, conduct an analysis, and store the drive until trial. Explain the steps you would take, from the time you receive the drive until you testify in court. Include the reasons why you would take each step.  For just one example, what would you check for when you sign for the drive on the chain of custody?

Tutor Answer

(Top Tutor) chemtai
School: Rice University

Studypool has helped 1,244,100 students

Review from student
" Awesome! Exactly what I wanted. "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1825 tutors are online

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors