You can view samples of our professional work here.Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.
The Computer Forensics Investigation Plan A computer forensic investigates data that can be retrieved form storage media of a computer such as a hard disk, it is also considered that to be a successful computer forensic the knowledge of many different platforms to perform computing is a must, for our case we will consider you as the chief forensic investigator in the state of Virginia, as a part of private enterprise you are assigned the role of planning the computer investigation of a suspected criminal activity, we will see from your perspective how you should conduct all the necessary procedures.
We don’t just need science; we need good science (Evans, 2004) Always analyze major issues in preparing for an investigation.
Determining location of the evidence and the case’s type is very crucial, it allows to determine if computers can be removed.
If the removal of the computers will cause harm to the company then it should not be done in the interest of the company, problems in investigation may arise if the files are most probably hidden, encrypted or stored in some offsite, if the computers are not allowed to be taken for investigation then the investigator must determine the resources to acquire digital evidence and the proper tools which will be needed to make data acquisition faster.
The crime scene is considered to be a very sensitive place in terms of collecting proofs and evidences which are in many cases very vulnerable and can be very easily be manipulated so special attention is needed in every aspect of recovery methods in order to gain as much as possible.
Before arriving at the scene of crime, it is mandatory that you should always take a systematic approach in problem solving like making an initial assessment about the case then determining a preliminary approach to the case, after that, create a detailed checklist of the objectivity of the case, analyze the resources needed, identify all the risks and try the very best to minimize them, also outline all the details known about the case until then in a systematic manner such as the situation in which you will be arriving, the nature and specifics of the case, the type of computer forensic tools which will be needed at the case and to check on the specific operating systems in disposal which assist in the forensics investigation process.The purpose of this paper is to review the basic methodologies and the appropriate processes that a computer forensic investigator goes through in conducting an investigation.It will give an idea to the reader about the planning and organization of an investigator who is involved in a computer related crime, the ways in which he will conduct the investigation such as basic preparation, use of the required tools and techniques, acquisition and analysis of the data, role in giving testimony, use of forensic laboratories or the guidance of all the staff working under the main investigator and even planning network forensics all of which are related to his work.In order to do this, some answers from the victim and an informant may be needed, informant can be a detective for the case, a witness, a manager or any coworker to the specific person of interest.If you can identify the computing system, then estimate things such as how many computer systems to process and size of drive on the computer of the suspect, also determine which operating systems and hardware are involved.Further guidelines include on bagging and tagging the evidence which is done as follows, first assign a person to collect (and log) the evidence, then tag all the evidence which is collected with the present date/time, serial number or other features.Always keep two separate and different logs of evidence collected an keep control of the evidence at the crime scene.Documenting all the evidence in the lab is also a necessary process, which involves in recording the activities and findings as the investigators work; this can be done by maintaining a journal to record the steps taken as the investigator process evidence.The main objective is to produce the same results when the main investigator or any other repeat the steps that were taken to collect evidence, a journal serves as reference that documents all the methods that have been used to process evidence.Once arrived, securing the crime scene or the specific computer is the foremost priority of the investigation team, the purpose is to preserve the evidence and keep the acquired information confidential.The investigative team should define a secure perimeter using a special type of yellow barrier tape, it should also have the legal authority to keep the unnecessary people out but do not fail to comply the other law enforcers or obstruct justice in any manner possible.