Computer Forensics
- (5 points) Explain the reasons why computer forensics is performed. (Explain uses of computer forensics giving examples.)
This course has introduced you to computer forensics. Consider what stakeholders need and what computer forensics can do. Respond to the following:
- Describe what you feel are the three best uses of computer forensics. Give reasons for your choices.
- (15 points) Identify e-evidence and physical evidence.
With the increasing use of technology, e-evidence has become an integral part of evidence collection. As a Forensics practitioner we read many articles related to cyber fraud and cybercrimes. Use the Internet to find an article that discusses a crime or investigation (e.g., fraud or misconduct) that involved e-evidence (e.g., email, instant messages, electronic records, GPS, cell phone records, postings in MySpace, etc.). List the date, title, and full URL of the article. Ensure that the link works for the article. Do not use proprietary sources or those that require registration.
Respond to the following:
- What was the crime or the reason for the investigation?
- What types of e-evidence were involved and why?
- What were the outcomes?
- Were there any attempts to destroy or alter the e-evidence?
- Was there any physical evidence?
- Was a crime committed? Why or why not?
- (5 points) Identify the requirements for acquiring and authenticating evidence.
Different kinds of cases go through different processes. It is important that the investigator manage e-evidence throughout this process. Consider the do’s and don’ts of managing e-evidence and respond to the following:
- Explain how to manage e-evidence throughout the life-cycle of a case so that it is admissible in court or that it can be used for legal action. List two reasons why e-evidence might be inadmissible.
- (5 points) Describe acceptable methods for searching and analyzing evidence.
- Explain the ethical and legal implications regarding how evidence is gathered and analyzed.
- (5 points) Archived and Temp Data
- Discuss how archived/temp data can be obtained when collecting e-evidence.
- (5 points) Discuss at least 3 methods that can be used to hide data and three approaches to recovering that hidden data.
- (5 points) How does the boot process differ between Unix, Macintosh, and Windows systems?
- (5 points). Discuss some of the content found within an email header that can be useful in an investigation.
- (5 points) Discuss at least 3 challenges associated with performing a forensics investigation on a mobile device.
- (5 points) What are the basic guidelines to identify steganography files?
- (5 points) Discuss the role that volatility plays in a digital forensics investigation. What would be the most volatile data?
- (5 points) What are the Federal Rules of Evidence? Can computer log files be admissible as evidence?
- (5 points) Discuss what a Chain of Custody is and its import to evidence presented in court.
- (5 points) Discuss some challenges to performing computer forensics on cloud-based systems.
- (20 point question) Read the following scenario and respond to the questions below:
As a digital forensics examiner, you have been called to the scene of a kidnapping. Several witnesses have told the investigator that the victim was very excited about a new person they met online. Your job at the scene as a digital forensics examiner is to recommend to the investigating officer a course of action as to what digital evidence may or may not be needed to investigate this crime.
- Provide a list of potential digital evidence that the investigator is going to want to seize for possible forensic examination. Be thorough, as the lead investigator in this case is not computer savvy.
- What additional sources of evidence might there be besides the digital equipment and media that would have been seized? How would you gain access to this evidence?
- Describe how you will maintain the collected evidence.
- What will you do to prepare for presenting this evidence in court?
We can write this or a similar paper for you! Simply fill the order form!