Assignment 2 CCJS 321

docx

School

University of Maryland, College Park *

*We aren’t endorsed by this school

Course

321

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by BrigadierIceStarling13

1 Assignment 1 Jae Woo CCJS 321 Section 6382 Professor Daniel Grove 01/28/2023

2 The importance of digital data recovery for evidence are in an abundance of ways to complete this process to achieve goals. There are five specific ways to recover already deleted digital files that I find necessary for the process of digital data recovery. The chain of custody requires for each forensic image made up of the data recovered from the devices to be fully recorded in detail. This includes full descriptions of the exhibit, cases references, custodian details, and signatures of every party involved (Boddington, 2016). Recovering digital evidence through the process of forensic imaging is another way to extract deleted data from a digital device. There are two options when it comes down to forensic imaging, dead recovery, and a live recovery. A dead recovery occurs when the data from a computer is being copied forensically with the use of computer’s hardware that is booted from a trusted external device as well as the use of copies of data from an extracted hard drive using a hardware write blocker (Boddington, 2016). The process of a live recovery consists of extracting the live system data before powering down a computer and involves capturing the data while at the same time, preserving volatile memory as well. This process can only be occurred while the computer operating system is still running throughout the entire process (Boddington, 2016). Volatile memory recovery is considered an advantage of a live recovery process, and this allows the ability to recover volatile and non-volatile data, such as the memory stored in RAM (Boddington, 2016). Lastly, the recovery of deleted memory remnants is a phenomenon in

3 which includes a Windows operating system that dictates the length of the files saved on a hard drive. The computer may pack a percentage of clusters in each file space and with whatever free space is left will be filled with random data from the computer memory, which may be recoverable and possibly even provide useful evidence (Boddington, 2016). The Locard’s exchange principle means that within every criminal act, there will always be something added or removed from the scene of the crime. There are many ways to ensure that a mark won’t be missed during the digital evidence collection and acquisition, including photographing the computer and the scene especially if the computer is already on, leaving the computer off if it is already turned off, documenting all device model numbers and serial numbers, and keeping all media away from magnets, radio transmitters and other elements that could be potentially dangerous (Henry, 2009). There are many digital marks that are left behind by users on the most common devices that includes a laptop, the internet, and even health and fitness trackers. The most common device is the laptop. This one device could potentially store a lot of digital marks that could be unknowingly left behind by the user. Laptops and the internet are two devices that go hand-in-hand with the risks of leaving digital marks. They may both contain fingerprints and other pieces of DNA on the device. Both passive and active digital marks may occur during the use of these two devices. You need a laptop to use the internet and the internet contains access to websites and social media sites that contains personal information. Fitness trackers utilizes applications and subscriptions to put the user at risk from potentially containing a lot of personal information (Kaspersky, 2022). Investigators can use

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

4 digital marks as evidence for investigations by utilizing encrypted data using various types of software and tools as well as techniques to recover deleted files and passwords (Brown, 2022). There are step-by-step procedures for a digital forensic practitioner should follow when encountering a live laptop computer: Step 1: Incident Response Preparation – responders should prepare as much as they can to be able to react to a security incident like being able to get a first responder toolkit ready on hand. Step 2: Incident Documentation – utilizing naming conventions as a tool output to further organize and store logs in a readable format. Step 3: Policy Verification – ensuring that planned actions are not in a violation of an existing network and computer usage policies. Step 4: Volatile Data Collection Strategy – Devising a strategy based on the different types of volatile data, the source of data, the type of media, and the type of connection. These steps should be considered when attempting to extract data from a live laptop computer (Panhalkar, 2023). There are some benefits of a live data acquisition that you can’t acquire from a dead computer. Data custodians, or computer users, can install encrypted hard drives in the computer which allows remote live imaging tools to run without the use of the data custodians afterwards. Live imaging is when an image of a RAM is captured to provide a complete picture of the system and how it is being used immediately prior to the imaging process. Live imaging may also bypass most encryption due to the custodian using their own credentials to already be logged-in at the time of the acquirement (Greetham, 2023). Most importantly, recovering digital

5 evidence through the extraction of a live system data before powering down the computer will help preserve volatile memory that could not be recoverable through the dead recovery process (Boddington, 2016). Cloud storage comes in the form of a model that enables storing data on the internet through a provider that you can access through the public internet or even private network connections (AWS, 2023). Cloud forensics are important for investigators because without a cloud forensics strategy, the owner of the cloud storage maybe not have the rights to all of their data or even potential evidence through the cloud. Cloud computing is also a known safe and secure way to store data, but when issues like data breaches occur, investigators will be able to gather evidence through the platform. Cloud-based technology may be considered inexpensive and useful, but without the right amount of knowledge, cloud services can make investigations harder (Lim, 2020). Other known benefits for cloud storage and forensic investigations include easy compliance with the law enforcements which could also be included within a compliance plan within an agency. Another benefit is that cloud services are protected from ransomware attacks (Cunningham, 2017). Investigators can access cloud data by understanding the difference between public and private cloud data. Private cloud data is secured but may also deliver advantages including scalability and self-service. Public clouds are easily accessible and delivers services to multiple organizations. Investigators who pay attention to devices that are on or open may have an advantage in acquiring cloud data or instant access to cloud data. If a private cloud data is not easily accessible, then obtaining specific “artifacts” left on devices can help provide clues and

6 information (Mahalik, 2021). Cloud forensics implements a strategy that is focused on crimes involving the cloud including data breaches and even identity thefts, with the ability to properly protect data information and preserve evidence (Lim, 2020). The United States enacted a procedure called the CLOUD act to investigators to obtain access to electronic information held by service providers. Some of the CLOUD act agreements provide requirements based on factors such as: respect for the rule of law and principles of nondiscrimination, and adherence to applicable international human rights obligations (Department of Justice, 2019). Serving a search warrant on the cloud provider is beneficial for providing transactional records, however, cloud providers may not have complete access to the customer data stored within their system and cannot provide data in a complete format (Cauthen, 2014).

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

7 References Boddington, R. (2016). EBSCOhost Research Platform: EBSCO . EBSCO Information Services, Inc. | www.ebsco.com. Retrieved February 14, 2023, from https://www.ebsco.com/products/ebscohost-research-platform Henry, P. (2009, February 10). Best Practices in Digital Evidence Collection . SANS Digital Forensics and Incident Response Blog | Best Practices In Digital Evidence Collection | SANS Institute. Retrieved February 14, 2023, from https://www.sans.org/blog/best- practices-in-digital-evidence-collection/ Kaspersky. (2022, March 9). What is a digital footprint? and how to protect it from hackers . www.kaspersky.com. Retrieved February 14, 2023, from https://www.kaspersky.com/resource-center/definitions/what-is-a-digital-footprint Brown, D. (2022). How is digital forensics used in an investigation? LinkedIn. Retrieved February 14, 2023, from https://www.linkedin.com/pulse/how-digital-forensics-used- investigation-brown-ph-d-mcmi-acfe/?trk=pulse-article_more-articles_related-content-card Panhalkar, T. (2020, July 13). Live Data Acquisition . Infosavvy Security and IT Management Training. Retrieved February 14, 2023, from https://info-savvy.com/live-data-acquisition/ Greetham, D. (2023). Three benefits of using live forensic imaging in your next case . Ricoh USA. Retrieved February 14, 2023, from https://www.ricoh- usa.com/en/insights/articles/three-benefits-of-using-live-forensic-imaging-in-your-next- case AWS. (2023). What is Cloud Storage . Amazon. Retrieved February 14, 2023, from https://aws.amazon.com/what-is/cloud-storage/#:~:text=Cloud%20storage%20is%20a %20cloud,a%20dedicated%20private%20network%20connection. Lim, N. (2020). Everything you need to know about cloud forensics . AppDirect. Retrieved February 14, 2023, from https://www.appdirect.com/blog/cloud-forensics-and-the-digital- crime-scene#:~:text=What%20Is%20Cloud%20Forensics%20and,and%20can%20better %20preserve%20evidence. Cunningham, M. (2017, February 15). 4 benefits of cloud-based solutions for law enforcement . ShotSpotter. Retrieved February 14, 2023, from https://www.shotspotter.com/blog/4- benefits-of-cloud-based-solutions-for-law-enforcement/

Mahalik, H. (2021). How to lawfully collect and examine data in the cloud . Forensic®. Retrieved February 14, 2023, from https://www.forensicmag.com/3425-Featured-Article- List/575758-How-to-Lawfully-Collect-and-Examine-Data-in-the-Cloud/ Department of Justice. (2019). The Purpose and Impact of the CLOUD ACT . Google. Retrieved February 14, 2023, from https://chrome.google.com/webstore/detail/adobe-acrobat-pdf- edit-co/efaidnbmnnnibpcajpcglclefindmkaj Cauthen, J. (2014, October 7). Executing search warrants in the cloud . FBI. Retrieved February 14, 2023, from https://leb.fbi.gov/articles/featured-articles/executing-search-warrants-in- the-cloud

Assignment 2 CCJS 321

Related Documents