Please provide correct solution according $to$ the question. Discuss in a three$-$to$-$five$-$page paper, the procedures, tools, and results for the first steps of the Chi Mak espionage investigation process model:

$1.$ Identification$/$assessment

$2.$Preservation

Identification

Discuss: your pre$-$planned strategy in preparing and approaching the crime scenes and if a valid search warrant was required; the physical and digital evidence from each of the crime scenes; determine the suspects and their activity; and describe the physical location of the crime scene and the possibility of cyberspace $($emails$,$ URLs$),$ equipment $($various types of wire and wireless hardware devices$),$ and software applications that you expect when approaching your digital crime scene. Preservation

Here, you will show the case management of your team$$s investigation. You will also show the chain of custody, and that the data you collected is not contaminated. Remember the physical and digital data that is acquired must be properly isolated, secured, and preserved.

In this digital investigation the original evidence $($data$)$ must never be touched. So$,$ here discuss if a forensically sound copy of your original data was made, and the examination and analysis of this data was performed on the forensic copy. For example, discuss if a storage device was mounted as read$-$only to assure the data was not modified or overwritten during the time the device was mounted.

In another example, state if copies of the digital data are acquired through a live acquisition process to capture digital evidence from memory of a running system.

In this stage also show every link in the chain of custody of every person who handled or possessed the evidence from the time it was first discovered to the time it was returned to its original owner. In a three$-$to$-$five$-$page paper, provide a detailed discussion of

the procedures, tools, and results for following first three steps

of the investigation process model:

Identification$/$assessment

Collection$/$acquisition

Preservation

Total point value $-15$ points.

You were required to discuss in a three$-$to$-$five$-$page paper,

the procedures, tools, and results for the first three

steps of the Chi Mak espionage investigation process

model:

Identification$/$assessment

Collection$/$acquisition

Preservation

Identification

Discuss: your pre$-$planned strategy in preparing and

approaching the crime scenes and if a valid search

warrant was required; the physical and digital evidence

from each of the crime scenes; determine the suspects

and their activity; and describe the physical location of the

crime scene and the possibility of cyberspace $($emails$,$

URLs$),$ equipment $($various types of wire and wireless

hardware devices$),$ and software applications that you

expect when approaching your digital crime scene.

Collection$/$Acquisition

Describe the process on how you acquired the evidence,

and the methods you used to prove the evidence is

authentic and not modified during the acquisition process

$($for example was there a chain of custody$).$

The Acquisition process involves $2$ steps:

$1$ Duplication: State the forensic method used. For

example, if there was duplication of the digital evidence,

state if write blocking was used by a physical hardware

device or software to copy the original digital evidence by

removing the hard drive from the computer.

$2$ Verification:

Discuss if the forensic tools that analyzed the data were

valid. It is typical to see some form of data validation, for

example MD$5/$ SHA$1$ values for the evidence collected.

Here you want to show the evidence will be admissible to

court, and by the method you used to verify the evidence

presented, the evidence is the same as the original

evidence collected.

Preservation

Here, you will show the case management of your team's

investigation. You will also show the chain of custody, and

that the data you collected is not contaminated.

Remember the physical and digital data that is acquired

must be properly isolated, secured, and preserved.

In this digital investigation the original evidence $($data$)$

must never be touched. So$,$ here discuss if a forensically

sound copy of your original data was made, and the

examination and analysis of this data was performed on

the forensic copy. For example, discuss if a storage

device was mounted as read$-$only to assure the data was

not modified or overwritten during the time the device was

mounted.

In another example, state if copies of the digital data are

acquired through a live acquisition process to capture

digital evidence from memory of a running system.

In this stage also show every link in the chain of custody of

every person who handled or possessed the evidence

from the time it was first discovered to the time it was

returned to its original owner.