Explain the purpose and potential results of a file system

Assignment Help Other Subject

Reference no: EM132915121

ICT248 Cyber Forensics

Question 1

(a) Define what is meant by the term, 'digital evidence', and describe the environments where cyber forensics examinations are carried out and the range of offences and issues examined.

(b) Discuss how human evidence and tangible (physical) evidence could assist in your analysis of the digital evidence you found during your examination of the crime scene in Assignment 1.
Question 2

(a) Describe and discuss the term 'chain of custody of the evidence' AND explain why it plays a critical part in cyber forensic examinations. You should provide examples to reinforce your explanation.

(b) In the context of a cyber forensics examination, explain the terms 'chain of evidence', 'admissibility of evidence' AND 'credibility and weight' of evidence". You should provide examples to reinforce your explanation.

Question 3

(a) Describe and explain the processes involved in live analysis of digital evidence in the cyber forensic environment.

(b) Describe and explain the processes involved in dead analysis of digital evidence in the cyber forensic environment.

(c) Discuss the advantages and disadvantages of using each process to acquire AND preserve digital evidence located on your suspect's home computer that was linked to the Internet, based on your investigation in Assignment 1.

Question 4
(a) Define the terms 'inculpatory evidence' AND 'exculpatory evidence' as they relate to cyber forensic investigations.
(b) Include in your answer the objectives, importance and benefits of developing `alternative hypotheses' when reconstructing a cyber crime.
(c) Provide examples of exculpatory evidence you found in the investigation you undertook of the crime scenes in completion of Assignment 1.
Question 5
(a) Validating digital evidence goes beyond seeking corroboratory facts that make up a 'chain of evidence' or 'continuity of evidence'. Define the term, `validation of digital evidence' and discuss its relevance and importance in cyber forensics.
(b) Describe the processes you used to validate evidence in the crime scene you examined in Assignment 1.
(c) In the context of cyber forensics examinations, discuss the statement, "The forensic examiner 's primary role is to seek the truth of a matter."

Part -2

QUESTION 1
a. Using an example, explain why cyber crime has resulted in a need for new investigative methods.

b. Discuss the aspects of investigation of cyber crime that are similar to investigation of other crimes. Your discussion should include examples that illustrate your argument.

C. Discuss three (3) examples of corporate environment violations that would result in a cyber forensic investigation.

d. Compare Computer Security and Cyber Forensics in terms of timing and protection against attack.

QUESTION 2
a. Explain how the Locard Exchange Principle relates to cyber forensic investigations. Your answer should include an example.

b. Explain the differences between dead and live data acquisition and when each would be used.

c. Explain, using an example, why it is important to collect evidence to refute your hypothesis as well as evidence to support it.

QUESTION 3
a. Give an example of how steganography could be used to commit a cyber crime, and explain how you could go about demonstrating that the crime had been committed.

b. Explain the purpose and potential results of a File System Analysis.

c. Provide three (3) examples of information that could be contained in the metadata category of a file system analysis.

QUESTION 4
a. Discuss three (3) reasons why identifying digital crime is difficult, and the impact each has on the conduct of a cyber forensic investigation.

b. Explain, using an example, how a time line would be used in a cyber forensic investigation.

a. Explain why digital evidence is seen as being "fragile". Use an example to illustrate your answer.

QUESTION 5
a. There are a number of traps and pitfalls in the examination of computers from a forensic perspective. Give an example of a way in which a computer could be modified to destroy evidence.

b. Explain, using examples relevant to digital evidence, the difference between inculpatory and exculpatory evidence.

c. Discuss why caution should be exercised when using freeware tools for cyber forensic investigation.

Reference no: EM132915121

Questions Cloud

Describe actions of ego booster : Describe the actions of an "ego booster" - a significant other who shaped your self-concept in a positive way.

What stock price would estimate? now : If DFB maintains this higher payout rate in the? future, what stock price would you estimate? now? Should DFB follow this new? policy?

How is pert-cpm used in business strategy : Discuss three key aspects of PERT/CPM (from chapter 11). Use your own words, you may paraphrase, but this should be minimal.

What are some thoughts on the chapter on substance abuse : What are some thoughts on the chapter on substance abuse? Was this area of social work of interest? What are some things society should do against drug addictio

Explain the purpose and potential results of a file system : Describe and explain the processes involved in live analysis of digital evidence in the cyber forensic environment and Explain the purpose and potential results

What are two different type of budgets : What are two different type of budgets? How can you compare and contrast them by highlighting organizational benefits?

Customs and attitudes of prevailing culture and customs : Cultural Assimilation is the process whereby a minority group gradually adapts to the customs and attitudes of the prevailing culture and customs.

Determine the percent change in the price of an item : Determine the percent change in the price of an item that was selling for $180.00 last year, and is being sold for $153.00 this year. % X

How does stress increase the chance of group conflict : Discuss several observable and measurable ways someone can improve your listening skills. And provide me with 2 personal examples.

User Account

All Pages