Digital Forensics - Free Paper Sample

Read our sample essays and get inspired for your own academic work

Exact matches only

Search in title

Search in content

Search in excerpt

Search in posts

Search in pages

Digital Forensics

Commercial forensic packages offer forensic investigators many benefits which help an investigator analyze and process the data quickly. Some of the methods included with commercial packages include imaging, recovering deleted data, searching for keywords, and viewing picture files. Another specialty feature of more expensive commercial software such as EnCase is the eScript scripting language (Forensic Focus, n.d.). The benefit of the eScript scripting language is the ability for forensic investigators to use highly, customizable scripts to search and filter imaged data with an extremely fast capability. While not every situation will require commercial software, there are many benefits for an investigator to have access to specialty commercial forensic packages.

One major disadvantage of commercial forensic packages is the cost. Some packages which offer more functionality and complexity for digital forensics have a more expensive price associated. For example, there are many free investigation tools available but these free tools may not have all the capabilities of a more expensive commercial option. Additionally, the free tools may not be as user friendly and the forensic investigator may lose valuable time needed to analyze and process the data. Ultimately, the forensic investigator will need to evaluate the nature of the situation and choose the most appropriate tool to use either a free or commercial.

A key process an investigator can use to ensure the verifiable integrity of the data is to make a video recording of the investigation through a screencast and webcam video of the investigator as he/she analyzes the digital forensics evidence. The first part of the process is when the investigator makes a screencast of the browser and what is clicked and/or typed as part of the investigation (SANS Digital Forensics and Incident Response Blog, 2011). The second part of the process is to utilize the webcam to record an image of the investigator working in real-time as the screencast occurs (SANS Digital Forensics and Incident Response Blog, 2011). These two parts together create a verifiable and legal affidavit by the investigator.

The main tools and technologies which could be used to ensure the evidence is unmodified include imaging, screencast, and webcam video recording. These tools have the ability to capture the data as it was discovered and record it for analysis. Imaging is a critical tool the investigator uses to make of an exact copy of all the data on a disk (Forensic Focus, n.d.). The screencast is a valuable tool to record every click the investigator types when analyzing the digital forensic evidence. The webcam records the investigator’s every move, facial expression, and spoken words.