In: Computer Science
Q1.As a private sector investigator, you are investigating an important case for an office. You have been given access to the office computer network and the computers that may contain some important information related to the case. You are allowed to speak the network administrator. In this scenario, what data acquisition method will you prefer to use? Justify your answer. Also, outline the problems you expect to encounter and explain how to rectify them describing your solution. Identify any potential customer privacy issues that should be considered.
subject:Guide to Computer Forensics and Investigations 6th edition
computer forensics and
investigations can be done by investigating cases inorder to find
severity of incident took place which may resulted in loss of
revenue or any confdential info loss.
By accessing the computer network of the office we can configure threats occuring even at present through capturing network traffic of the office computer networks..
By accessing computer data or information of office we can collect data and evidences by performing data aquisition by doing so it is possible to trace the affected machines and try to disinfect them using static or dynamic tools.
we have 4 methods of data aquisition
most common one is disk to image file where a forensic image file is made fram computer media by using hard drive,CDROM,servers
but the best data aquisition method would be sparse aquisition which is beneficial
1) if time is limited
2)captures specific files related to case study
3))also collects the fragments deleted data which is been unallocated.
4)it is helpful in larger disks and RAID servers.
The different challenges that we can face through the process of investigation is the customer privacy challenges,,data loss , also if any unauthorised action took place during investigation.
Usage of cookie may be a potential customer privacy issue also data aquisition may lead to customer privacy issues which can be handled with cloud services as we can rely on privacy given by cloud throughout the process of nvestigation.