WK 5 Forensic Methodology Paper
docx
keyboard_arrow_up
School
SUNY Buffalo State College *
*We aren’t endorsed by this school
Course
COMPUTER F
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
4
Uploaded by DeanField4049
DIGITAL FORENSIC SCIENCE (DFS-501-85A)
Week 5:
Forensic Methodology Paper
CLIFFORD KWAME ATTAGLO
AKETTE COWART
NOVEMBER 28, 2023
Forensic Methodology
Introduction
Identification
Before an investigation is initiated, there should be enough evidence for the Chief Security
Officer (CSO) to support his claim for the cause of action. Digital investigations take time and
consume a lot of resources and is therefore necessary for the Chief Security Officer to study the
case and assign it to digital forensic investigator (DFS).
Once the case has been assigned by the CSO to Investigator, he needs to inform the DFS of all
documentation such as:
Suspect Information:
Name and Position of the suspect of the investigation. In this our
scenario, we know the subject to be Mr. Informant.
Personal Involvement:
Here we are dealing with those who have the knowledge, special
expertise would be involved in the investigation. Investigation is teamwork. The past or
history of the subject to be investigated.
His past records with the organization so here, it
would be best to work with the Human Resource Department perhaps the head of HR.
The legal department would also be involved in giving directions and following standards
and within the legal framework.
Resolution Goal:
This varies depending on the gravity of the situation. It can be
reprimand, dismissal, and prosecution as well as civil litigation. This is essential for the
DFI as it will make them know the time frame at their disposal and the resources to use as
well as how to tailor his report.
Preliminary Planning
After the case is assigned to an investigator, he will be responsible for all the initial planning
perhaps with this team. The planning would include:
Chain of Custody Log:
Chain of Custody refers to the logical sequence that records the
sequence of custody, control, transfer, analysis, and disposition of physical or electronic
evidence in legal cases. It is essential to maintain the chain of custody. This preserves the
integrity of evidence that will be collected in the entire investigation. If this is lacking, it
would be hard for any court to admit the evidence in a criminal or even civil litigation.
Interview Form:
An interview form is a document an interviewer gives candidates
during interviews. This form is used by DFI to ask first responders questions related to
the case and document how evidence was collected. In our scenario, DFI will interview
the security officers that seized the USB thumb drive and CD-R from the suspect.
Questions such as:
Where were the devices when they were discovered?
Aside from the thumb drive and the CD-R, are there any other items with
Mr. Informant?
Was any other person with the suspect when he was leaving the office?
Is there CCTV footage at the time the devices were being confiscated?
In our case, the USB thumb drive, and the CD-R with the suspect needs to be confiscated
immediately and recorded or updated with the chain of custody form. The evidence then
needs to be locked in a storage container till it is needed for further work to be done. The
legal department would then advise if the workstation also needed to be investigated as it
is the property of OOO company.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Tool Validation
As part of the preparation stage, tools and software needed to be validated. Depending on
the case, DFI should select tools that are appropriate for the investigation as well as he is
comfortable with and understand how the tool produces visible results. DFIs should not
put too much trust with the tools in their disposal but test the validity and efficacy of the
tool to see if it can execute the job without making any modifications to the evidence
being acquired. With Mr. Informant case, two validation testing were done, testing write-
blocker software and two imaging tools tested as well.
Write-Blocker Validation