In: Computer Science
1. Explain the process used to preserve the verifiable integrity of digital evidence. How does this ensure that data is preserved unmodified? How can an analyst show that the original evidence is modified?
2. What are the major principles of risk analysis? List the common steps in developing a risk analysis strategy.
Digital information is of two forms. It could be static, that is, it is stored on physical memories like hard drives, CDs and other memory storage devices. It may be dynamic, meaning it the information may be moving on a certain medium i.e. internet. For example if a file has been shared over groups and other active members, it would be traveling from one to another network or device. In both cases, it is important to preserve its integrity if it is a part of an investigation. In an age where a lot of information is stored in the cloud storage, preserving the integrity of information for investigation purposes has become more challenging and requires an active participation of the companies that are providing these cloud storage facilities.
To preserve the integrity of information, the first thing that we need is an effective chain of custody. Effective chain of custody ensures that information is dealt with effectively during its collection and analysis phases. The personnel’s who are collecting digital evidence must keep proper documentation that would tell about the health of information at different stages that it is handled. Byte by byte copies of information is also used. This helps in order to recover the whole information if some or all of it is lost or tempered with.
Investigators can also use specialized software to preserve the integrity of information. This type of software is developed to manage digital forensic information and is operated by experts. This software would keep track of how the information was acquired and how it has been examined to get information for legal proceedings.
Performing a risk analysis includes considering the possibility of adverse events caused by either natural processes, like severe storms, earthquakes or floods, or adverse events caused by malicious or inadvertent human activities. An important part of risk analysis is identifying the potential for harm from these events, as well as the likelihood that they will occur.
Steps in risk analysis process
The risk analysis process usually follows these basic steps: