Question

In: Computer Science

As part of the duties of a digital forensics examiner, creating an investigation plan is a...

As part of the duties of a digital forensics examiner, creating an investigation plan is a standard pactice. Write a paper that describes how you would organize an investigation for a potential fraud case. In addition, list methods you plan to use to validate the data collected from drives and files, such as Word and Excel, with hashes. Specify the hash algorithm you plan to use, such as MD5 or SHA1.

Solutions

Expert Solution

In general an investigation is planned by defining goal, scope, materials needed, and the tasks to perform. We have to determine the investigation belongs to which field i.e category of the potential fraud:

l. Criminal limited to data defined in the search warrant

2. Civil. limited to coon orders for discovery

3. Corporate: expands till finding as much as possibilities of company policy violation resulting in the Scope creep.

The mentioned term Scope creep nowadays is very common as intends to explore as mud as violations which often are beyond the original description. Obviously its exhaustive process ensures higher order of data hence requires more time to extract/analyze/present data.., I must be prepared with documents withjustifications of extra time and expansion of scope, Now, for cases where it's an internal investigation, evidence or whatever required comes under the same domain which seems easy to access whereas for external links we might face issues due to permission or periodic auto-removal of possible nide.. F. digital forensics there are a lot of suggestions available which includes explicit steps of validation using hashes like MDS or SHA-1, explore all the files/directories under root, recovery of password protected files, removal of malwares and obviously maintaining control of all evidence and findings through examineWe might require refining and modifying the investigation plans accordingly prior to field a. requirements differing with initial plans. , spoken, it might expand all the things, A very important step is to validate forensic data for example using Hash values or digital tools. Examining encrypted files and recovering passwords by encrypted graphical methods are also taken in consideration.
Validating the forensics data is very dial aspect of computer forensics as it ensures the integrity of data collected for pr.enting to co. Though m.t computer forensics tools provide automated hashing of image files, it has some limitations in performing hashing and that is why IT prefer advanced hexade.nal editors to work with hash values to discriminate data Using had values and the Known File Filter (KFF) we'll find program files from view such as MSWord exe or Excel and then wean determine illegal files KFF compares known file hash values to files on evidence drive or extracted image files (=,del or such) as well as it updates itself on lmown file hash values There exist some commercial computer forensics programs with built-in validation features such as ProDiscover and so on, still Raw format image files say, 4,1 files ach does not contain metadata have to be validated manually to ensure integrity Forensics primarily uses MDS and SHA-1 hash values, where MD means Message digest and SHA means Secure hashing algorithm which uses cryptographic techniques There are a varieties of SHA's and mrrently SHA-256 is also considered for the same purpose as MDS and SHA-1 both can be exposed to failure by cryptanalyses Obviously, going for better algorithm must

Conclusion:

In general an investigation is planned by defining the goals, scope, materials required and tasks to perform.

you would organize an investigation for a potential fraud case. in addition, list methods you plan to use to validate the data collected


Related Solutions

A2Z Forensics is a digital forensics investigation firm that conducts forensic investigations for public as well...
A2Z Forensics is a digital forensics investigation firm that conducts forensic investigations for public as well as private sectors. You are working in this firm as a forensics specialist for a number of years now. The firm is establishing a new forensics lab to meet the future requirements. You have been asked to prepare a business case for this new lab. Your job is to focus on three aspects of the new lab which are hardware, software and lab security....
As a digital forensics examiner, you often accompany law enforcement teams to execute a search warrant....
As a digital forensics examiner, you often accompany law enforcement teams to execute a search warrant. Consider a situation where a law enforcement team is planning to execute a search warrant in a large and powerful organization. You are advised to join the team as a chief digital forensics examiner. You are given a full briefing about the search warrant execution and it is expected that the location will have a lot of digital equipment as well as large amount...
Forensics Forensics is the application of investigation and analysis techniques to gather and preserve evidence from...
Forensics Forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. It is usually on of the more interesting topics we can discuss. Take the following scenario and map out the chain of custody (in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or...
What is a white-hat-hacker? What is digital forensics? What is anti-forensics?
What is a white-hat-hacker? What is digital forensics? What is anti-forensics?
This must be made for a computer forensics investigation: Choose or take a picture with your...
This must be made for a computer forensics investigation: Choose or take a picture with your camera, use Autopsy to analyze metadata that could be used in court. List three metadata items you found. Explain how would each be useful as evidence in a case.
As a fraud examiner you need to be able to conduct an investigation. how you would...
As a fraud examiner you need to be able to conduct an investigation. how you would prepare an investigation for a case that involved hidden assets and unknown sources of income.   What specifically would you do in this case to prove that fraud occurred?
Discuss why time stamps play an important part of digital forensics. List three different time stamp...
Discuss why time stamps play an important part of digital forensics. List three different time stamp examples and how they are measured. (For example: Unix Epoch - the number of seconds that elapsed from..)
Digital Forensics 1. Many anti-forensic techniques also have purposes which are not for anti-forensics. For each...
Digital Forensics 1. Many anti-forensic techniques also have purposes which are not for anti-forensics. For each of the following, describe the technique and what would be required to show there was intent to destroy or hide evidence. a. Encryption b. Defragmentation c. Drive Wiping
The Scientific Working Group on Digital Evidence develops best practice and standard documents for digital forensics....
The Scientific Working Group on Digital Evidence develops best practice and standard documents for digital forensics. What are three important digital forensic standard practices that an organization starting a digital forensic unit should implement? Why?
Digital forensics is not solely about the processes of acquiring, preserving, analyzing, and reporting on data...
Digital forensics is not solely about the processes of acquiring, preserving, analyzing, and reporting on data concerning a crime or incident. A digital forensic scientist must be a scientist first and foremost and, therefore, must keep up-to-date with the latest research on digital forensic techniques. They may also contribute to the discipline through their research and publish it in peer-reviewed journals. Consider how digital evidence collection techniques have changed and evolved over time. Discuss how technology has driven this change...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT