Question
In: Computer Science
In addition to legal and procedural inhibitions on the use of digital evidence in criminal trials,...
- In addition to legal and procedural inhibitions on the use of digital evidence in criminal trials, the use of such evidence is subject to best practices of forensics evidence analysis. As a special subset of professional criminal forensics, these standards also apply to computer forensics.
DESCRIBE four considerations that best practices dictate, which should be employed when recovering system forensics evidence.
- A general maxim of computer forensics analysis is that the best digital evidence is normally original or a "true copy" of the information in question. Digital evidence, by its nature, is based on hexadecimal expression of fixed- length data segments, which must be complete to fully express the underlying information.
IDENTIFY AND DESCRIBE three reasons why system forensics examiners would want to recover digital evidence from bit-level backups.
Solutions
Expert Solution
Four best practices for system forensics evidence recovery:
1. Proper identification:
It is important to properly identify and recognize the evidence sources and evidence. Looking at the documentation can be beneficial as well. It mainly depends on the evidence value and volatility.
2. Gathering:
Identification is the best way to know about the sources and gathering helps in collecting all the potential alternatives. One can use static or live acquisition. Live acquisition can sometimes be used for critical issues.
3. Integrity:
It is important to acquire data without actually compromising the data integrity. This can be achieved using imaging or other backup plans. Mostly hash values are used to perform encryption on the data and keep the original file intact.
4. Preservation:
Preservation of incidents and data evidence is also very important. It mainly depends on the way data was collected and possessed. Documentation at different stages can be really helpful.
Three reasons to recover evidence from bit-level backups:
- Bit-level backup recovery can be faster as compared to other systems.
- It is very easy to monitor minute changes and modifications.
- Their consumption of system resources is very less. This means that running processes are not affected at all.
venereology answered 8 months agoRelated Solutions
What is digital evidence? Explain the types of evidence. What is digital evidence? Explain the types...
What is digital evidence? Explain the types of evidence.
What is digital evidence? Explain the types of evidence.
Evaluate the effectiveness of using lay people as jury in criminal trials.
Evaluate the effectiveness of using lay people as jury in criminal
trials.
The collection of system forensics evidence is governed by the general rules of criminal evidence. As...
The collection of system forensics evidence is governed by the
general rules of criminal evidence. As such, it is subject to a
number of well-established and formal steps. As a pervasive form of
communication and commerce, e-mail also presents many opportunities
to facilitate criminal activities. You have been hired to help
investigate a computer crime. Respond the questions given using the
scenario below.
A classic phishing attempt. Mark received an e-mail plea
asking for his assistance in retrieving funds from...
Drawing on evidence from several published trials, evaluate the evidence that supports, and contradicts, the following...
Drawing on evidence from several published trials, evaluate the
evidence that supports, and contradicts, the following statement
“Gardasil-9 is a better vaccine than Gardasil”.
*Explain the difference between procedural and nonprocedural languages. Use specific procedural and nonprocedural languages of your...
*Explain the difference between procedural and nonprocedural
languages. Use specific procedural
and nonprocedural languages of your choice to illustrate the
difference.
*Explain what is backtracking in Prolog systems, and why
backtracking is necessary.
*Explain resolution and unification in Prolog, and their
relationship.
*Write Prolog programs for the following problems:
a) Reverse a list.
b) Find the length of a list.
c) Find the average of a list of numbers.
*Write Scheme programs for the following problems:
a) Reverse a list....
Fully explain the following types of regulations and their legal effect: Legislative Interpretive Procedural As pertains...
Fully explain the following types of regulations and their legal
effect: Legislative Interpretive Procedural As pertains to the
Internal Revenue Code
A legal researcher wanted to measure the effect of the length of a criminal trial on...
A legal researcher wanted to measure the effect of the length of
a criminal trial on the length of jury deliberation. He observed in
a sample of 10 randomly selected courtroom trials the following
data on length of trial (in days) and length of jury deliberation
(in hours). Using the table below, complete the followiwng steps: I
have to work the problem out. no exel
Step 1: Calculate the regression and Y-intercept by calculating
N, the sum of X, the...
A legal researcher wanted to measure the effect of the length of a criminal trial on...
A legal researcher wanted to measure the effect of the length of
a criminal trial on the length of jury deliberation. He observed in
a sample of 10 randomly selected courtroom trials the following
data on length of trial (in days) and length of jury deliberation
(in hours). Using the table below, complete the followiwng steps: I
have to work the problem out. no exel
Step 1: Calculate the regression and Y-intercept by calculating
N, the sum of X, the...
A legal researcher wanted to measure the effect of the length of a criminal trial on...
A legal researcher wanted to measure the effect of the length of
a criminal trial on the length of jury deliberation. He observed in
a sample of 10 randomly selected courtroom trials the following
data on length of trial (in days) and length of jury deliberation
(in hours). Using the table below, complete the followiwng
steps:
Step 1: Calculate the regression and Y-intercept by calculating
N, the sum of X, the sum of Y, the sum of X-squared, the sum...
Explain each of the three legal tests (3-prong test) that schools use as evidence of compliance...
Explain each of the three legal tests (3-prong test) that
schools use as evidence of compliance to the Title IX
legislation
Proportionality
History of continuing progress
Accommodating interests
ADVERTISEMENT
ADVERTISEMENT
Latest Questions
- Singh Development Co. is deciding whether to proceed with Project X. The cost would be $12...
- CS2123 Data Structures - Fall 2019 Assignment 1: Function Runtimes Table Due 9/11/19 by 11:59pm Completing...
- Question 2. Design a 16-1 MUX using any number of lower MUXs, such as 8-1 or...
- . Write a function that takes, as arguments, two objects, value1 and value2. If
- Wii Brothers, a game manufacturer, has a new idea for an adventure game. It can market...
- Consider the distillation of ethanol (C2H5OH) and the combustion of ethanol . Use a bullet point...
- 1.How does Economic exposure to exchange rate movements affect the capital budgeting of a firm? Provide...
ADVERTISEMENT