Need computer science help with Forensic Examiner

Nov 22nd, 2015
RockCafe
Category:
Computer Science
Price: $20 USD

Question description

This week you are reading about some of the forensic tools used by Computer Forensics Examiners (there are many). While two of the more popular tools are Guidance Software’s EnCase and AccessData’s FTK, there are other tools that are available and should be part of your toolbox.

Once you have properly identified and collected digital evidence, the next step is to analyze it. It does not really matter if you are performing analysis as part of a criminal investigation or as part of a corporate investigation: you should always follow the same protocols. An emphasis in this course is on helping you understand why using an analysis protocol is important.  Remember, you should NEVER, EVER work on original evidence, if it can be avoided by any means; instead, use a forensic image. When you work on the image, you pick the tools you will use. Again, it does not matter which tool you actually use, as long as the tool is accepted by the forensic community, and you are able to testify to the tool’s validity, as well as the process you used in your examination.

During your analysis, you should document every step you take and record all of your findings. Some tools have a report function that works well to capture both the identified data and the date/time of your various analyses.  This should always be supplemented with your own notes and documentation.

This week, I would first like you to discuss ‘write blockers’ (hardware- or software-based. What do they do? Why do you need to use a write blocker in your examinations, whether for a criminal case or a corporate case?

Now imagine that you are a computer forensic examiner who has just received a suspect hard drive from a detective in your department.  The drive was properly seized during a legally executed search warrant. The detective signs the chain of custody log and hands you the drive. Your job is to accept the drive, conduct an analysis, and store the drive until trial. Explain the steps you would take, from the time you receive the drive until you testify in court. Include the reasons why you would take each step.  For just one example, what would you check for when you sign for the drive on the chain of custody?


Tutor Answer

(Top Tutor) Daniel C.
(997)
School: Rice University
PREMIUM TUTOR

Studypool has helped 1,244,100 students

3 Reviews


Summary
Quality
Communication
On Time
Value
BlueOcean
Nov 17th, 2016
" Awesome! Exactly what I wanted. "
ashleyisgod
Oct 25th, 2016
" Top quality work from this guy! I'll be back! "
Molly_Moon
Oct 3rd, 2016
" AMAZING as always! "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1823 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors