Description
I need someone to paraphrase my paper and answer two qestions left
please see attached
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
Running Head. LIVE DATA COLLECTION
1
Live Data Collection
Name
Institutional Affiliation
LIVE DATA COLLECTION
Investigative question that live data collection is likely to answer
It helps to answer any investigation initially on computer system. It depends on the data
the user collects during the investigation so as to find data sources. They include users, process,
registry keys, or even networks where it investigates to know if malicious attacks are available.
These malicious attacks are caused by preservation of information that is from receiving of data
found in running system or even offline system. They have memory, hard drives, log files and
network. The obvious question that the investigator asks is whether the virus was active on the
system or if any copied data, or also if the data was stolen. It is also good to ask if the system
was compromised.
Should you perform a live data collection on each system you suspect is compromised?
Live data collection on compromised system should be performed so as to retrieve the
information that had been lost.
In what situations would collect an image of memory is most useful to the investigation?
Malware is one situation in collecting an image and it is used when primarily memory
resident places some trace evidence which is on storage. The second source is when any
encryption message is used by milsource attacker.
Define/describe simple duplication. Define/describe forensic duplication
Simple duplication refers to making another copy to any specific data that is hidden on a
single or group of files. Also it is partitioning on a hard drive or even the whole drive and the
components of data storage. While forensic duplication is referred to as the exact copy of data
2
LIVE DATA COLLECTION
3
which is created with an aim of being able to admit as evidence in a legal procedures which
consider as an image to an accessible form from the main source.
If you have connected evidence hard drives to a system for imaging, Do you need to use a
write blocker if you going to boot a linux-based CD? Explain why or why not
Writer blocker should be used to boost a linux b...