In: Computer Science
As part of the duties of a digital forensics examiner, creating an investigation plan is a standard pactice. Write a paper that describes how you would organize an investigation for a potential fraud case. In addition, list methods you plan to use to validate the data collected from drives and files, such as Word and Excel, with hashes. Specify the hash algorithm you plan to use, such as MD5 or SHA1.
In general an investigation is planned by defining goal, scope, materials needed, and the tasks to perform. We have to determine the investigation belongs to which field i.e category of the potential fraud:
l. Criminal limited to data defined in the search warrant
2. Civil. limited to coon orders for discovery
3. Corporate: expands till finding as much as possibilities of company policy violation resulting in the Scope creep.
The mentioned term Scope creep nowadays is very common as
intends to explore as mud as violations which often are beyond the
original description. Obviously its exhaustive process ensures
higher order of data hence requires more time to
extract/analyze/present data.., I must be prepared with documents
withjustifications of extra time and expansion of scope, Now, for
cases where it's an internal investigation, evidence or whatever
required comes under the same domain which seems easy to access
whereas for external links we might face issues due to permission
or periodic auto-removal of possible nide.. F. digital forensics
there are a lot of suggestions available which includes explicit
steps of validation using hashes like MDS or SHA-1, explore all the
files/directories under root, recovery of password protected files,
removal of malwares and obviously maintaining control of all
evidence and findings through examineWe might require refining and
modifying the investigation plans accordingly prior to field a.
requirements differing with initial plans. , spoken, it might
expand all the things, A very important step is to validate
forensic data for example using Hash values or digital tools.
Examining encrypted files and recovering passwords by encrypted
graphical methods are also taken in consideration.
Validating the forensics data is very dial aspect of computer
forensics as it ensures the integrity of data collected for
pr.enting to co. Though m.t computer forensics tools provide
automated hashing of image files, it has some limitations in
performing hashing and that is why IT prefer advanced hexade.nal
editors to work with hash values to discriminate data Using had
values and the Known File Filter (KFF) we'll find program files
from view such as MSWord exe or Excel and then wean determine
illegal files KFF compares known file hash values to files on
evidence drive or extracted image files (=,del or such) as well as
it updates itself on lmown file hash values There exist some
commercial computer forensics programs with built-in validation
features such as ProDiscover and so on, still Raw format image
files say, 4,1 files ach does not contain metadata have to be
validated manually to ensure integrity Forensics primarily uses MDS
and SHA-1 hash values, where MD means Message digest and SHA means
Secure hashing algorithm which uses cryptographic techniques There
are a varieties of SHA's and mrrently SHA-256 is also considered
for the same purpose as MDS and SHA-1 both can be exposed to
failure by cryptanalyses Obviously, going for better algorithm
must
Conclusion:
In general an investigation is planned by defining the goals, scope, materials required and tasks to perform.
you would organize an investigation for a potential fraud case. in addition, list methods you plan to use to validate the data collected