Order ID |
53563633773 |
Type |
Essay |
Writer Level |
Masters |
Style |
APA |
Sources/References |
4 |
Perfect Number of Pages to Order |
5-10 Pages |
Description/Paper Instructions
Module 5.
Analysis and verification of volatile nonvolatile data
Analysis and verification of volatile nonvolatile data. When we talk about examining and analyzing a target computer, what we do is going to depend upon the nature of the investigation. If it is a fraud case, certainly we’re going to be looking for e-mails, spreadsheets, and documents. However, if it is a child exploitation case, we’re certainly going to be looking for mounds of pictures and video. Nonetheless, we’re going to prepare our target drive, where we’re going to store the acquisitions, we’re going to prepare them in a forensic manner; wipe them and clean them in a forensic way. We’re going to document all the hardware components that are attached to the suspect suspects computer. And here we should take note of what’s connected to the suspects computer. When you serve a search warrant, you want to look at the wireless router to determine how many devices are connected to it and see which ones might be speaking to the target computer. We’re also going to look at the date and time on the CMOS of the target computer to determine in which time zone it is recording data. Regarding metadata, we’re going to look at documents and folders and files and we’re going to know which ones are important to our investigation. We’re going to try to open password protected files as well. Most software suites will prompt you for the password and, if you don’t know it, you’re going to have to find out what it is. This could be very difficult in some situations. What I typically do in a non-custodial situation (of course again there is no compulsion involved here) and I’m not forcing anyone to divulge something. But in the noncustodial situation, I might ask the suspect “hey, could I have the number of one of your loved ones a phone number.” And they’ll pull out their phone and they won’t know the number and try to bring it up. They’ll type in a password to bring up the home screen and when they do that then, if I have probable cause to seize the phone, I’ll just take it from them and that’s a good way to get the information without having to go through retrieving passwords. These are some advanced items you might want to consider. Indexing. Advanced digital forensic tools have features such as indexing and what that means is, because of the voluminous nature of all the words and key words that are on a on a computer (again we’re talking about 1 or 2 or maybe even 3 terabytes of data), To search for those words puts a strain on the computing power of the computer that you’re using for your workstation. So what we do is we index all of that to begin with and the computer stores that information so can be retrieved easily. So what I would just do is set the entire acquisition to be indexed and probably turn that on and let it run for 4 or 5 hours and maybe do it overnight and come back in next day. And every word on that acquisition will be indexed and I can search it. When I type in a search term, the word comes up within 2 to 3 seconds. A critical aspect of digital forensics is validating the digital acquisition. As I say this every time, validate all of your data; all of your acquisitions; validate them. There are commonly 3 ways to recover passwords. If we have to do that and we spend time doing that, it takes a great deal of time. We can do it through dictionary attacks; in other words, favorite words stored up in a dictionary file that we can we can attack the the device that way using various favorite passwords. Or there’s a brute force attack where we just attack it using a different combination of letters and numbers until it guesses the password correctly. Or we can use the rainbow tables, which are a collection of hash files of passwords or favorite passwords that users have used throughout history. Virtual analysis is somewhat complicated and it’s very intimidating to people who don’t understand much about it. And to police executives, they sometimes don’t even want to know about it and trust their forensic examiner to deal with it. For knowledge sake, virtual machines are just simply operating systems that can be booted up virtually from a host operator system that resides on a hard drive. This is basically what it is and these are used extensively in organizations now, especially in the private sector. Most companies will have all of their proprietary data on a server and virtual machines at employee’s desktops will accept that data and the forensic procedures for retrieving these virtual machines start by creating a regular image and acquisition of the target computer. And then you would export those virtual machine files from the target machine while you’re doing your exam. Memory and network analysis. Most forensic examiners or police departments don’t do this. But if you are called upon to do this, you might want to understand little bit about it. Live acquisitions are necessary to retrieve volatile items such as RAM and running processes. If you walk into a house during a search warrant and the computer is powered up, there is an opportunity there for you to not only image the hard drive of the computer but also image the RAM. In other words, that volatile memory that’s floating around in there contains passwords, chats, encryption keys. This is very important information. Because once that machine is turned off or shut down, all of that information goes away and the RAM is wiped clean. Network forensics is the process of collecting and analyzing network data over a network and systematically tracking that network traffic to determine how the attack took place. If there was an attack and you do this through open source software such as Wire Shark, you can spot variations in network traffic and it will help you track these intrusions. For example, we can record our network traffic and capture it as a packet and save it as a file. And then we can look at that through Wire Shark and have time to analyze. We can go through line by line and see what the network traffic there is and if any irregularities exist. We can identify them. For example, I once attended a class where we were able to carve out a picture that was sent over a network and able to carve that picture out as an image file and catch it going over a network. If you want to learn more about this, check out The Honey net Project website. It may help you learn the latest intrusion techniques that attackers are using. We have a difficult job and many times people look to us as the people who can solve eternal problems in 10 minutes and that’s not rightly so. But people trust us to do a good job. They trust us to be honorable and well meaning. At the end of our careers, many of us, we look back and at one point when we said we just want to help people… we simply look back now with a greater perspective and say that we simply just didn’t trust anyone else to do it. And that’s why the Lord put his hand on us to do that. Nehemiah says that I told him of the hand of my God which was good upon me as also the king’s words that he had spoken under me and they said Let us rise up and build so they strengthen their hands for this good work Nehemiah 2:18. May the Lord bless you as you seek to do His will.
RUBRIC
QUALITY OF RESPONSE |
NO RESPONSE |
POOR / UNSATISFACTORY |
SATISFACTORY |
GOOD |
EXCELLENT |
Content (worth a maximum of 50% of the total points) |
Zero points: Student failed to submit the final paper. |
20 points out of 50: The essay illustrates poor understanding of the relevant material by failing to address or incorrectly addressing the relevant content; failing to identify or inaccurately explaining/defining key concepts/ideas; ignoring or incorrectly explaining key points/claims and the reasoning behind them; and/or incorrectly or inappropriately using terminology; and elements of the response are lacking. |
30 points out of 50: The essay illustrates a rudimentary understanding of the relevant material by mentioning but not full explaining the relevant content; identifying some of the key concepts/ideas though failing to fully or accurately explain many of them; using terminology, though sometimes inaccurately or inappropriately; and/or incorporating some key claims/points but failing to explain the reasoning behind them or doing so inaccurately. Elements of the required response may also be lacking. |
40 points out of 50: The essay illustrates solid understanding of the relevant material by correctly addressing most of the relevant content; identifying and explaining most of the key concepts/ideas; using correct terminology; explaining the reasoning behind most of the key points/claims; and/or where necessary or useful, substantiating some points with accurate examples. The answer is complete. |
50 points: The essay illustrates exemplary understanding of the relevant material by thoroughly and correctly addressing the relevant content; identifying and explaining all of the key concepts/ideas; using correct terminology explaining the reasoning behind key points/claims and substantiating, as necessary/useful, points with several accurate and illuminating examples. No aspects of the required answer are missing. |
Use of Sources (worth a maximum of 20% of the total points). |
Zero points: Student failed to include citations and/or references. Or the student failed to submit a final paper. |
5 out 20 points: Sources are seldom cited to support statements and/or format of citations are not recognizable as APA 6th Edition format. There are major errors in the formation of the references and citations. And/or there is a major reliance on highly questionable. The Student fails to provide an adequate synthesis of research collected for the paper. |
10 out 20 points: References to scholarly sources are occasionally given; many statements seem unsubstantiated. Frequent errors in APA 6th Edition format, leaving the reader confused about the source of the information. There are significant errors of the formation in the references and citations. And/or there is a significant use of highly questionable sources. |
15 out 20 points: Credible Scholarly sources are used effectively support claims and are, for the most part, clear and fairly represented. APA 6th Edition is used with only a few minor errors. There are minor errors in reference and/or citations. And/or there is some use of questionable sources. |
20 points: Credible scholarly sources are used to give compelling evidence to support claims and are clearly and fairly represented. APA 6th Edition format is used accurately and consistently. The student uses above the maximum required references in the development of the assignment. |
Grammar (worth maximum of 20% of total points) |
Zero points: Student failed to submit the final paper. |
5 points out of 20: The paper does not communicate ideas/points clearly due to inappropriate use of terminology and vague language; thoughts and sentences are disjointed or incomprehensible; organization lacking; and/or numerous grammatical, spelling/punctuation errors |
10 points out 20: The paper is often unclear and difficult to follow due to some inappropriate terminology and/or vague language; ideas may be fragmented, wandering and/or repetitive; poor organization; and/or some grammatical, spelling, punctuation errors |
15 points out of 20: The paper is mostly clear as a result of appropriate use of terminology and minimal vagueness; no tangents and no repetition; fairly good organization; almost perfect grammar, spelling, punctuation, and word usage. |
20 points: The paper is clear, concise, and a pleasure to read as a result of appropriate and precise use of terminology; total coherence of thoughts and presentation and logical organization; and the essay is error free. |
Structure of the Paper (worth 10% of total points) |
Zero points: Student failed to submit the final paper. |
3 points out of 10: Student needs to develop better formatting skills. The paper omits significant structural elements required for and APA 6th edition paper. Formatting of the paper has major flaws. The paper does not conform to APA 6th edition requirements whatsoever. |
5 points out of 10: Appearance of final paper demonstrates the student’s limited ability to format the paper. There are significant errors in formatting and/or the total omission of major components of an APA 6th edition paper. They can include the omission of the cover page, abstract, and page numbers. Additionally the page has major formatting issues with spacing or paragraph formation. Font size might not conform to size requirements. The student also significantly writes too large or too short of and paper |
7 points out of 10: Research paper presents an above-average use of formatting skills. The paper has slight errors within the paper. This can include small errors or omissions with the cover page, abstract, page number, and headers. There could be also slight formatting issues with the document spacing or the font Additionally the paper might slightly exceed or undershoot the specific number of required written pages for the assignment. |
10 points: Student provides a high-caliber, formatted paper. This includes an APA 6th edition cover page, abstract, page number, headers and is double spaced in 12’ Times Roman Font. Additionally, the paper conforms to the specific number of required written pages and neither goes over or under the specified length of the paper. |
|
|
GET THIS PROJECT NOW BY CLICKING ON THIS LINK TO PLACE THE ORDER
Also, you can place the order at www.collegepaper.us/orders/ordernow / www.phdwriters.us/orders/ordernow
|
Do You Have Any Other Essay/Assignment/Class Project/Homework Related to this? Click Here Now [CLICK ME]and Have It Done by Our PhD Qualified Writers!! |
|
|
PLACE THE ORDER WITH US TODAY AND GET A PERFECT SCORE!!!