Question

• discuss the fundamental advantages that the commercial forensic packages offered to forensic investigators. Next, speculate on whether there is an overall disadvantage(s) to using commercial packages in digital forensics. Justify your response.
• From the second reading, discuss the key process that a forensic analyst could use in order to preserve the verifiable integrity of digital evidence. Next, identify the main tools or technologies that the forrensic analyst could use in order to ensure that the original evidence is unmodified

Answer 1

Hi,

Please find the solution below:

----------------------------------------------------------------------------------------

Solution:

There are many commercial forensic packages in the market, that can be used by forensic investigators. Some of them that aid in the forensic investigation are as follows:

• EnCase
• X-Ways Forensics
• SafeBack

Commercial forensic packages offer full-featured and fully equipped assistance to forensic investigators. For example, Encase is a windows based tool that is used for disk imaging. The main features of the tool are reading file formats like NTFS, FAT, recover deleted files, etc. This offers a lot of help to forensic investigators and provides detailed reporting, ease of use and information at the granular level.

There are many advantages to the commercial package including the data process, recovering, searching, etc. Just that, the forensic investigator has to judge which commercial tools are the most useful for forensic investigation and how to use them. There is NO disadvantage of using Commercial forensic packages.

-------------------------------------------------------------------------------------

It is important for a forensic analyst to preserve the integrity of digital evidence. Digital evidence can easily be altered or destroyed intentionally. It is crucial to preserve the evidence. The court of law or the judge hearing the case can conclude that the data is in the same condition when it was seized and not altered.

Document all the steps of the forensic analysis. A forensic investigator can record events and document how digital resources looked at a particular point in time. Forensic analysis should be able to reproduce from the steps and seized digital evidence.

The main steps are: acquiring the data or the system, authentication of the data, imaging the evidence, etc.

Main tools or technologies that the forensic analyst could use in order to ensure that the original evidence is unmodified are as follows:

• Witness Signature
• Content of forensic investigator Report
• No digital Signature i.e not applying the digital signature to the evidence records.
• Webcam signature provides a realtime testimony.
• Email Integrity-provides record of authentication if multiple copies are sent

-----------------------------------------------------------------------------