Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Live capture is conducted while the system is still running. This method is suitable when you need to collect volatile data, such as running processes,

Live capture is conducted while the system is still running. This method is suitable when you need to collect volatile data, such as running processes, open network connections, and system logs. The advantages are: Captures real-time information, Useful for investigating active threats or ongoing activities, Preserves volatile data that may be lost in a static capture, and Live capture is preferred when dealing with active threats or when time-sensitive information is crucial. In some scenarios, live system analysis is necessary or preferable, such as when the system is critical for business or operational continuity, encrypted or protected by anti-forensic measures, remote or inaccessible, or dynamic or ephemeral. It can also be useful when the system changes or disappears frequently and cannot be shut down or removed for offline access or analysis (2023).

 

Static capture involves shutting down or isolating the system before acquiring the data. This method is appropriate when you want to capture a snapshot of the system's state without any active processes or changes. The advantages are: Preserves the integrity of the evidence by preventing further changes to the system, Useful for analyzing file systems, registry hives, and other non-volatile data, and Ensures a consistent state for analysis. Static capture is preferred when the system needs to be preserved in a specific state, or when investigating non-volatile data is the primary focus (S., 2022).

 

The Chain of Custody for digital evidence is the chronological documentation of its handling

from the time of collection until its disposal. The Chain of Custody can consist of signed

paper forms, photographs, investigator's notes, examination reports, automatically

generated logs and forensic hashes.

The Chain of Custody should document the following:

  1. The person collecting or receiving the evidence.
  2. The source of the evidence.
  3. Date and time, including time zone information where applicable.
  4. Unique identifiers.
  5. How the evidence was collected, including the tools and methods used.
  6. Any additional documentation as required by the Organization (Geeks for Geeks, 2020).

 

Examination of digital evidence should only be performed on work copies. Computers, mobile devices and original external storage media should only be examined by trained digital forensic examiners.

Forensic hashes are computed using mathematical functions, most commonly the

Forensic hashes are used to verify the integrity of all types of

digital evidence and to verify that copies are identical to the original. Message Digest (MD5) and Secure Hash (SHA) algorithms. Forensic hashes should be computed immediately when the evidence is collected or received and should be stored securely together with the original evidence.

It is recommended that digital evidence provided by third parties is authenticated. Evidence should preferably be collected directly from its native environment. If collection from the source is not possible, the investigator should attempt to verify the evidence by confirming its existence on the original device or the online account (Conference of International Investigators, 2021).

 

With any discrepancies to the original data, the best thing to do is to be as transparent about it as possible. Issues that may arise include: bad disk sectors, dynamic data changes, compression or encryption, hardware issues, file system changes, or timestamp issues.

 

 

Responce on this disscusion


Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Java An Introduction To Problem Solving And Programming

Authors: Walter Savitch

8th Edition

0134462033, 978-0134462035

More Books

Students also viewed these Algorithms questions

Question

Write short notes on Interviews.

Answered: 1 week ago

Question

Define induction and what are its objectives ?

Answered: 1 week ago

Question

Discuss the techniques of job analysis.

Answered: 1 week ago