digital-forensics-3
Digital forensics involves processing data from many different types of devices, ranging from desktops to laptops, tablets to smartphones, servers to cloud storage, and even devices embedded in automobiles, aircraft, and other technologies. In this project you will focus on the architecture and imaging of desktop and laptop computers. You will be working in the VM to image and verify the contents of the following:
- a USB stick
- the RAM and swap space of a live computer
- a networked computer hard drive
There are seven steps in this project. In the first step you review a technical manual containing information about the various locations where we typically find data of forensic value. The next two steps guide you through the process of imaging a USB stick with both Linux and Windows tools. The next step poses several questions that frequently come up in cases similar to this scenario. In the next step, you’re back to collecting forensic evidence; this time you’re imaging the RAM (memory) and swap space of a live, running computer. In the next step, you image a computer’s hard drive over the network. In the final step, you compile all of the previous lab notes and reports into one comprehensive report. The final assignment in this project is a forensic imaging lab report that can be presented in a court of law.
Before you can begin imaging the USB drive provided by your supervisor, you need to review your technical manual in order to prepare a statement of work to give to your company’s legal team. Are you ready to get started?
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
Step 1: Conduct a Background Review
Before you have a chance to begin the imaging process, your supervisor calls to tell you that the organization’s legal team has been asking questions about types, sources, and collection of digital information. They have also asked about file formats. Your supervisor asks you to prepare a brief explanatory memo. You use the department’s technical manual to compose your memo on locations of valuable forensic information and formats in which digital evidence can be stored. You also review imaging and verification procedures.
For the first step in this project, prepare a memo (1-2 pages in length) that summarizes possible locations of valuable digital forensic information, as well as collection and storage options in laymen’s language. For each location described, include a short description of the following:
- Area
- Types of data that can be found there
- Reasons why the data has potential value to an investigation in general, and for this case in particular
The locations to be addressed are: USB sticks, RAM and swap space, and operating system hard disks.
Also describe possible digital evidence storage formats (raw, E01 (ewf), and AFF), the advantages and disadvantages of each, and how digital forensic images are collected (local and remote, memory and disk) and verified. Your memo will be included in the final forensic imaging lab report.
Links
https://lti.umuc.edu/contentadaptor/page/topic?key…
