Can you help me understand this Law question?
Analysis on a digital evidence must never be conducted on the original evidence if possible as alterations to the data may occur. This being said, write blockers are used to prevent contamination to the original evidence during a capture, analysis, and control (CRU, n.d.). Write blockers are software or hardware that enable read-only access to data within a storage drives while keeping the integrity of the data (Cybrary, 2016). As the name says, write blockers prevents writes to a storage device. Using this tool, analysts are able to access the data within a storage device without altering the data.
Upon receiving the evidence from the detective, a computer forensic examiner would first review the chain of custody log and ensure all information are correct. Then, all appropriate information will be filled out on the log to update the chain of custody and ensure its validity in court. Next, a hash of the original evidence will be taken for later comparison. Following the hash, the acquisition process is started where data from the digital evidence is acquired without altering the data within the original evidence (InfoSec, n.d.). This can either be done with a physical acquisition where an image is captured from a physical storage device or through logical acquisition where a sparse or logical image is captured from a storage device (InfoSec, n.d). A write blocker is used during this process to prevent alteration to the original evidence.
Following the acquisition process, the analysis phase starts. During this process, the examiner conducts analysis on a copy or image of the original evidence, analysis should not be conducted on the original evidence (InfoSec, n.d.). Various actions can be conducted during this phase to find evidence and help reconstruct actions or events that occurred relating to a case (InfoSec, n.d.). After the analysis phase, reporting must be conducted on the results and process. The reports will include a detailed step by step list of the process and information regarding the acquisition phase such as who conducted it, when it was conducted, and what software/hardware tools were used (InfoSec, n.d.). In addition, the report will include a comparison of a hash of the original evidence and a hash of the image/copy where the analysis was conducted on and ensure the hashes match (InfoSec, n.d.). This comparison will show alterations were not made to the copied/imaged device. Finally, the original evidence and the imaged/copied evidence will be securely stored with access control policies in place within a climate-controlled area free from magnetic fields (Forensic Magazine, 2010).
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more