The world has transformed into digital space to store information and as a platform to work, engage, and execute business. Digital forensics professionals play an essential role in the management, retrieval, and documentation of digital data stored on digital devices such as computers and cell phones or over networks and external data storage devices such as flash discs, memory cards, and external hard disks. The information extracted can then be used in a court of law as evidence and in the prosecution of causes related to the information obtained.
Question 1
It is imperative to perform a bitstream collection during a digital forensics process. The bitstream collection offers a bit to bit clone of digital evidence. With the diversity of digital information, a group of the vast material stored on digital devices increases the probability of finding the investigation's report (Craigball, 2018). Besides, bitstream collection offers the exact information stored on the devices unless the individuals' data is altered using the tools. Because of the information collected, bitstream collections enable the extraction of permanently deleted data on the devices using various designed protocols. Evidence collected by bitstream ranges from website browsing histories, dates and metadata contained on multiple files, and frequency of access of various files to decoding the deleted data on the devices. Obtaining the deleted information is critical in building a case in court as it provides significant proof in the event of conflicting statements.
Delegate your assignment to our experts and they will do the rest.
Question 2
When documenting a collection, we should include the following. Conducting an analysis leading to individual decision leads may cause one to change course, and the steps followed while collecting the information. The inclusion of document examination is vital since it explains why a device or network is reliable. For example, in contact between companies, it may be essential to check the company's official websites and emails since they may have been used for communication (Baseline, 2007). Inadequate support and cooperation in giving passwords and compromised evidence's integrity may give reason to change course. Documenting all the steps during the collection is critical. The steps that should be recorded include identifying the examiner, assigning payment duties, feasibility study, and information on the process's effectiveness.
Question 3a
In the event of a contact breach matter, I would collect the data using the disk to image collection strategy. The method is suitable because it would contain all the information on the server about the story and the mails. The data recovered from the server will reveal the agreement's contents, including any other contracts and engagements made by the two parties. This recovery approach is flexible because a bit to bit clone of the information on the devices and the sites can be done, therefore providing detailed evidence that can be used in court.
Question 3b
Cost-effectiveness is often a consideration of any form of analysis. However, for digital forensics, as much information must be collected as possible to give compelling evidence for prosecution. If the client has cost concerns, an explanation of the importance of obtaining diverse data would be essential to understand that the information obtained could be weak to initiate prosecution (General Counsel News, 2015). Minimizing resources and collecting small amounts of data could cause the process to re-initiate should the data not be enough, leading to extra costs that can be avoided.
Question 3c
After data collection and giving the client the collected data, I would use several methods to ensure that the data collected remains original with no alterations. First, I will take a copy of the digital evidence, used the disk to image collection strategy that allows several copies of the data to be made. Besides, taking on-site pictures of the obtained evidence is evidence of authenticity, even after leaving the client with the data (Baig et al., 2017). Other measures that will help attest to the data's authenticity include encrypting the devices that store the data, using passwords and pins, and ensuring that no external devices that could erase data stored are plugged into the device with the data.
In conclusion, digital forensic is critical in providing evidence from information that has been stored on digital devices. The evidence obtained can be used in court cases in the event of disagreements between parties, companies, or individuals in alleged deletion or manipulation of initial agreements and contracts. A digital forensic professional's role is to examine the information stored on the web portals and retrieve the data using the outlined processes to value the evidence obtained.
References
Baig, Z. A., Szewczyk, P., Valli, C., & Rabadia, P. (2017, August 16). Future challenges for smart cities: Cyber-security and digital forensics . Digital Investigation. https://www.sciencedirect.com/science/article/pii/S1742287617300579 .
Baseline. (, 2007). Forensically Sound Data: What Does IT Need to Do?
http://www.baselinemag.com/enterprise-content-document-management/forensically-sound-data-what-does-it-need-to-do-3.html .
Craigball. (2018, September 11). Drafting Digital Forensic Examination Protocols . Ball in your
Court. https://craigball.net/2018/08/28/drafting-digital-forensic-examination-protocols/ .
General Counsel News. (2015). Five Types of ESI Chain of Custody Documentation . General Counsel News. http://generalcounselnews.com/qdiscovery-five-types-of-esi-chain-of-custody-documentation/ .
