Answer To: In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical...
Robert answered on Dec 27 2021
Abstract:
This is based on the BTK serial killer, which go as one of the major unexplained
mystery in America. Police exhausted hundreds of thousands of hours and millions of dollars
frustrating to learn the identity of the man had who killed 10 people in and around Wichita,
Kansas, between 1974 and 1991.
After that, in a small amount of small hours on February 16, 2005, computer
forensicists able what police had unsuccessful to do for other than 30 years by recognize the
killer as a man named Dennis Rader. The case remains the most famous ever solved by
computer forensics.
IADT ,2011, “Most Famous Case Ever Solved by Computer Forensics”
How the Digital storage devices could taste in the forensic taste:
Disk forensics is the technology of take out foresic data from digital storage media like
Hard disk, USB devices, Fire wire devices, CD, DVD, Flash drives, Floppy disks etc.. The
procedures of Disk Forensics are
1. Recognize digital proof
2. Grab & obtain the data
3. Validate the proof
4. Conserve the proof
5. Analyze the proof
6. Details the findings
Identify digital storage devices:
Primary step in Disk Forensics is recognition of storage devices at the prospect of offence
like hard disks with IDE/SATA/SCSI interfaces, CD, DVD, Floppy disk, Mobiles, PDAs,
flash cards, SIM, USB/ Fire wire disks, Magnetic Tapes, Zip drives, Jazz drives etc. These
are a number of the foundation of digital proof.
Seizure and Acquisition of Storage devices:
Subsequently step is grabbing the storage space media for digital proof compilation.
This movement is performing at the sight of crime. In this step, a confusion worth of the
storage media to be detained is computed by means of suitable cyber forensics tool. Hash
value is a exclusive signature generate by a arithmetical hashing algorithm base on the
contented of the storage space media. Subsequent to compute the hash value, the storage
space media is steadily preserved and taken for more processing.
Solitary of the basic rules of Cyber Forensics is “Under no circumstances work on unique
evidence”. To make sure this rule, a precise copy of the unique evidence is to be formed for
examination and digital evidence compilation. Attainment is the procedure of creating this
precise copy, where unique storage medium will be write protected and bit stream copying is
made to make sure absolute data is copied into the target media.
Authentication of the evidence:
Confirmation of the proof is agreed out in Cyber Forensics laboratory. Hash values of both
cause and purpose medium will be compare to create certain that in cooperation the values
are similar, which make certain that the contented of purpose media is an precise copy of the
source media.
Preservation of the evidence
Electronic proof may be distorted or tamper with no trace. Just the once the acquisition and
verification have been completed, the innovative confirmation have to be located in secure
storage space custody away from extremely attractive and radiation sources. One more copy
of image has to be engaged and it requirements to be store into suitable media or dependable
accumulation storage space. Optical medium can be used as the accumulation storage space.
It is dependable, speedy, longer life distance and reusable.
Verification and Analysis of the evidence
Substantiation of proof before initial examination is an important step in Cyber Forensics
process. This is completed in Cyber Forensics laboratory previous to beginning analysis.
Hash value of the proof is compute and compares it with the hash value engaged at the time
of achievement. If both the standards...