Question Assignment description
This week you’re studying about a few of the forensic instruments utilized by Computer Forensics Examiners (there are numerous). Whereas two of the extra common instruments are Steering Software program’s EnCase and AccessData’s FTK, there are different instruments which are accessible and ought to be a part of your toolbox.After you have correctly recognized and picked up digital proof, the following step is to research it. It does probably not matter if you’re performing Assessment as a part of a legal investigation or as a part of a company investigation: you need to all the time comply with the identical protocols. An emphasis on this course is on serving to you perceive why utilizing an Assessment protocol is necessary. Bear in mind, you need to NEVER, EVER work on authentic proof, if it may be averted by any means; as a substitute, use a forensic picture. While you work on the picture, you choose the instruments you’ll use. Once more, it doesn’t matter which instrument you truly use, so long as the instrument is accepted by the forensic group, and you’ll be able to testify to the instrument’s validity, in addition to the method you utilized in your examination.Throughout your Assessment, you need to doc each step you’re taking and file your entire findings. Some instruments have a report perform that works properly to seize each the recognized knowledge and the date/time of your varied analyses. This could all the time be supplemented with your personal notes and documentation.This week, I’d first such as you to debate ‘write blockers’ (hardware- or software-based. What do they do? Why do you could use a write blocker in your examinations, whether or not for a legal case or a company case?Now think about that you’re a computer forensic examiner who has simply acquired a suspect arduous drive from a detective in your division. The drive was correctly seized throughout a legally executed search warrant. The detective indicators the chain of custody log and palms you the drive. Your job is to just accept the drive, conduct an Assessment, and retailer the drive till trial. Clarify the steps you’ll take, from the time you obtain the drive till you testify in court docket. Embrace the the reason why you’ll take every step. For only one instance, what would you verify for if you signal for the drive on the chain of custody?
