Lab 1
docx
keyboard_arrow_up
School
Victoria University *
*We aren’t endorsed by this school
Course
NIT2141
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
3
Uploaded by shivnag
Lab 1
1.
There are five phases in the digital forensics process. List them and explain what their key activities are.
-
Identification: In this phase, the focus is on identifying potential sources of relevant data and evidence. Key activities include: -
Preservation: Once potential sources of evidence are identified, the next step is to preserve them to ensure their integrity and prevent any damaging. -
Analysis: In this phase, forensic examiners analyse the preserved data to extract relevant
information and evidence. -
Documentation: Documentation is crucial throughout the entire digital forensics process, but it's particularly important in this phase to record the findings and the steps taken during analysis. -
Presentation: In the final phase, forensic examiners present their findings to relevant parties, such as law enforcement, legal teams, or organizational leadership. 2.
Provide examples of how errors, uncertainties, and doubt can impact the evidence integrity and forensic soundness.
-
Errors: For example, failing to properly preserve the chain of custody or mishandling storage media can lead to data corruption or loss. -
Uncertainties: For example, certain file formats or encryption methods may be difficult or impossible to analyse, leading to uncertainties about the completeness of the investigation.
-
Doubt: For example, if unauthorized personnel have accessed the evidence or if the chain of custody has been compromised, it can cast doubt on the reliability of finding who was it.
3.
A murder has occurred. The victim is identified to be the national chief of defence. Not long afterwards, a security breach in the IT systems of the department of defence is detected. The suspected perpetrator appears to be an outside hacker. What would be your hypothesis, and how would you investigate the case?
Where a murder has occurred involving the national chief of defence and a security breach in the Department of Defence’s IT systems is detected shortly afterward, with an outside hacker suspected, several theories could be considered for investigation. One possible theory could be: Investigation Plan:
Crime Scene Investigation
Analysis and Forensic Examination
Digital Forensics Investigation
Interviews
Background Investigation
By following this investigative plan, authorities can work towards uncovering the truth behind the murder of the national chief of defence, identifying the criminal, and bringing them to justice.
4.
You are involved in the analysis phase of an investigation of a cyberattack. All potentially relevant data objects have been collected and examined. In order to proceed, what do you need to ensure with regard to the evidence integrity? How will you do this, and why?
In the analysis phase of a cyberattack investigation, ensuring the integrity of the evidence is crucial to maintain the reliability and integrity of the findings. Here's what needs to be ensured regarding evidence integrity:
-
Data Validity
-
Chain of Custody
-
Data Integrity Verification
-
Documentation
-
Validation of Tools and Procedures
-
Peer Review and Quality Policy
By ensuring evidence integrity through accurate documentation, verification, and loyalty to best practices, forensic examiners can maintain the trustworthiness of their findings and support the integrity of the investigation.
Lab 2
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help