(1-2 pages in length) that summarizes possible locations of valuable digital forensic information, as well as collection and storage options in laymen’s language. For each location described, include a short description of the following:
Area
Types of data that can be found there
Reasons why the data has potential value to an investigation in general, and for this case in particular
The locations to be addressed are: USB sticks, RAM and swap space, and operating system hard disks.
Also describe possible digital evidence storage formats (raw, E01 (ewf), and AFF), the advantages and disadvantages of each, and how digital forensic images are collected (local and remote, memory and disk) and verified.
Image files can be created using different software and hardware tools in different standard formats. What are some of the common formats and software used to create the images?
The importance of hash functions was introduced in the context of validating the acquired electronic evidence but what exactly is a hash function and are there other uses for hash functions during the forensic process?
A hash function is a mathematic algorithm that receives an input of varying size and produces a unique output or message digest of characters of a fixed length. Given a fixed input the hash function will always produce the same output or message digest. However, a change of a single byte in the input will produce an entirely different message digest of characters.
What makes a hash “secure”?
There are many different hash functions available such as MD5, SHA-1, SHA-256, etc. Which of the hash functions are recommended or are part of published government standards?
Are some hash functions stronger or more secure than others?
Hash functions are used during many different forensic activities. What are these activities other than the initial acquisition and image validation?
Regardless of whether you are performing a live or static/dead acquisition, is it always necessary to perform a bit-by-bit copy of the entire drive?
If not, how does this impact your ability to verify and validate the acquisition?
Do you create a bit-by-bit clone of the disk or create a single image file that represents the source disk?
Some of the choices facing the forensic analysts are as follows: (1) create a bit-by-bit clone of the original source, (2) create a single image file from the original source, or (3) allow the examiner to select the files and folders from the source to be acquired. Since a hash can be calculated for an entire drive or a single file, the examiner will still be able to validate the acquisition.What are some of the features that may exist within common forensics software tools for creating multiple image files? Why might it be necessary or desirable to create multiple image files during acquisition?
PLACE THIS ORDER OR A SIMILAR ORDER WITH NURSING TERM PAPERS TODAY AND GET AN AMAZING DISCOUNT
