Question

As part of the duties of a digital forensics examiner, creating an investigation plan is a standard pactice. Write a paper that describes how you would organize an investigation for a potential fraud case. In addition, list methods you plan to use to validate the data collected from drives and files, such as Word and Excel, with hashes. Specify the hash algorithm you plan to use, such as MD5 or SHA1.

Answer 1

In general an investigation is planned by defining goal, scope, materials needed, and the tasks to perform. We have to determine the investigation belongs to which field i.e category of the potential fraud:

l. Criminal limited to data defined in the search warrant

2. Civil. limited to coon orders for discovery

3. Corporate: expands till finding as much as possibilities of company policy violation resulting in the Scope creep.

The mentioned term Scope creep nowadays is very common as intends to explore as mud as violations which often are beyond the original description. Obviously its exhaustive process ensures higher order of data hence requires more time to extract/analyze/present data.., I must be prepared with documents withjustifications of extra time and expansion of scope, Now, for cases where it's an internal investigation, evidence or whatever required comes under the same domain which seems easy to access whereas for external links we might face issues due to permission or periodic auto-removal of possible nide.. F. digital forensics there are a lot of suggestions available which includes explicit steps of validation using hashes like MDS or SHA-1, explore all the files/directories under root, recovery of password protected files, removal of malwares and obviously maintaining control of all evidence and findings through examineWe might require refining and modifying the investigation plans accordingly prior to field a. requirements differing with initial plans. , spoken, it might expand all the things, A very important step is to validate forensic data for example using Hash values or digital tools. Examining encrypted files and recovering passwords by encrypted graphical methods are also taken in consideration.
Validating the forensics data is very dial aspect of computer forensics as it ensures the integrity of data collected for pr.enting to co. Though m.t computer forensics tools provide automated hashing of image files, it has some limitations in performing hashing and that is why IT prefer advanced hexade.nal editors to work with hash values to discriminate data Using had values and the Known File Filter (KFF) we'll find program files from view such as MSWord exe or Excel and then wean determine illegal files KFF compares known file hash values to files on evidence drive or extracted image files (=,del or such) as well as it updates itself on lmown file hash values There exist some commercial computer forensics programs with built-in validation features such as ProDiscover and so on, still Raw format image files say, 4,1 files ach does not contain metadata have to be validated manually to ensure integrity Forensics primarily uses MDS and SHA-1 hash values, where MD means Message digest and SHA means Secure hashing algorithm which uses cryptographic techniques There are a varieties of SHA's and mrrently SHA-256 is also considered for the same purpose as MDS and SHA-1 both can be exposed to failure by cryptanalyses Obviously, going for better algorithm must

Conclusion:

In general an investigation is planned by defining the goals, scope, materials required and tasks to perform.

you would organize an investigation for a potential fraud case. in addition, list methods you plan to use to validate the data collected