Discuss in detail why you need to use a write blocker

Assignment Help Computer Engineering

Reference no: EM132154552

While the two most popular tools are Guidance Software's EnCase and AccessData's FTK, there are other tools that are available and should be part of your toolbox.

Once you have properly identified and collected digital evidence, the next step is to analyze it. It does not really matter if you are performing analysis as part of a criminal investigation or as part of a corporate investigation; you should always follow the same protocols.

An emphasis in this course is on helping you understand why using an analysis protocol is important. It goes back to our discussion in week one regarding best practices and industry standards. Remember, you should NEVER, EVER work on original evidence if it can be avoided by any means; instead, use a forensic image.

When you work on the image, you pick the tools you will use. Again, it does not matter which tool you actually use, as long as the tool is accepted by the forensic community, and you are able to testify to the tool's validity as well as the process you used in your examination.

During your analysis, you should document every step you take and all of your findings. Some tools have a report function that works well to capture both the identified data and the date/time of your various analyses. However, this should always be supplemented with your own notes and documentation.

For this week's discussion, complete the following questions below in detail. Please discuss thoroughly and substantively in your post.

1) Discuss in detail why you need to use a write blocker (either hardware or software) in your examinations, whether for a criminal case or a corporate case.

2) Imagine you are a computer forensic examiner receiving a suspect hard disk drive from a detective in your department. The drive was seized properly during a legally executed search warrant.

The detective signs the chain of custody log and hands you the drive. Your job is to accept the drive, conduct an analysis, and maintain the drive until trial.

Please explain the steps you would take, from receipt of the evidence until testimony, including the reasons why you would take each step. For example, what would you check for when you sign for the drive on the chain of custody document?

Reference no: EM132154552

Questions Cloud

Risk premium on small-company stocks for period : What was the risk premium on small-company stocks for this period?

About organizational structure like holocracy : What are the positives about an organizational structure like Holocracy? What are the negatives?

What is the alpha for the fad followers : What is the alpha for the fad followers? Enter your answer as a percentage to two decimal places

Most important to crew of astronauts working for NASA : Which team processes do you believe are most important to a crew of astronauts working for NASA who are traveling to Mars?

Discuss in detail why you need to use a write blocker : An emphasis in this course is on helping you understand why using an analysis protocol is important.

Allowance of doubtful accounts reveals : An analysis of the Allowance of Doubtful Accounts reveals:

Equal annual payments : The bank's stated rate on its loans is 9%. Based on this information, how much principal will you repay in the 10th year of the loan?

What would be the mac-address learned by the switch on port : Does the switch need an IP address for PCI to communicate with PC2? What would be the mac-address learned by the switch on port 2

What is the present value : What is the present value of 13 annual payments of $ 1,599 each with the first payment being received immediately?

User Account

All Pages