Description
Start Here
This project will provide an introduction to digital forensic analysis.
Digital forensic analysis is used to review and investigate data collected through digital communications and computer networks. The National Institute for Standards and Technology (NIST) has defined four fundamental phases for forensic analysis: collection, examination, analysis, and reporting. You will learn more about these concepts as you navigate throughout the steps of this project and read the literature and links found in each step.
There are four steps that will lead you through this project. Begin with Step 1: Methodology. The deliverables for this project are as follows:
- Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
COMPETENCIES
Your work will be evaluated using the competencies listed below.
- 10.8: Use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
- 10.9: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response.
- 10.10: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement.
Step 1: Methodology
The methodology for digital forensics follows a systems process. Identify the requirements, purpose, and objectives of the investigation. Click the links below to review information that will aid in conducting and documenting an investigation:
Learn about the investigation methodology. Consider secure programming fundamentals. Define the digital forensics analysis methodology and the phases of the digital forensics fundamentals and methodology, including the following:
- preparation
- extraction
- identification
- analysis
This information will help you understand the process you will use during an investigation.
PROFESSIONALS IN THE FIELD
Digital forensics is a specialized area of cybersecurity that overlaps with criminal law and the judicial system. As mentioned in a previous project, knowledge of multiple domains is often a desirable or even necessary bona fide job qualification. For instance, knowing and applying the best practices for setting up secure information systems does not necessarily mean that the system, processes, and people will align in a way that allows for the gathering of criminal evidence admissible in a court of law. That alignment requires knowledge in multiple domains. Could that be you?
Step 2: Tools and Techniques
Select the following links to learn about forensics analysis tools, methods, and techniques:
- forensics analysis tools
- web log and session analysis
- hash analysis
Forensics Analysis Tools
Forensic analysis is performed with tool kits designed for various platforms, including Windows, Linux, and Mac. The tool kits have several functions created to perform specific tasks, such as disk imaging, file recovery, e-mail parsing, hash and image analysis, memory capture, password recovery, P2P analysis, string search, etc., with technical parameters.An extensive catalog of forensic tools, compiled by the National Institute of Standards and Technology (NIST), is being updated by “adding new functions based on the work of the Computer Forensics Tool Testing (CFTT) project” (NIST, 2014).
Web Log and Session Analysis
Log and session analysis is used to collect information about accessibility of web servers and use of websites. According to Quirk (2010):
Log-file analysis software reads the records, called log files, on the webserver, which record all clicks that take place on the server. Web servers have always stored all the clicks that take place in a log file, so the software interprets data that have always been available. A new line is written in a log file with each new request. For example, clicking on a link, making an Ajax call, or submitting a form will each result in a new line being written.
While logs record clicks on the server, sessions emphasize user time spent on the websites. Quirk (2010) defines session as “interaction by an individual with a website consisting of one or more page views within a specified period of time.” Both logs and sessions are useful for deriving analytics about user behaviors and patterns.
Hash Analysis
Hashing is a method used to change data characters into keys so that they are indexed and can be accessed quickly. The method is also used for data encryption and decryption by authenticating digital signatures.The Forensic Tool Taxonomy from the National Institute of Standards and Technology (NIST) provides details of hash analysis and algorithms for different systems including Windows, Mac, and Linux (NIST, 2014). The algorithms are used for several applications, including computing, creating and managing hash sets, searching and filtering files, and eliminating duplicate files.
Step 4: Digital Forensics Research Paper
Now that you have learned the basics of digital forensics analysis and methodology, and have experienced one of the common forensic tools, use the material presented in this project as well as research you have conducted outside of the course materials to write a research paper that addresses the following:
- digital forensics methodology
- the importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase)
- hashing in the context of digital forensics
- How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in court?
The deliverables for this project are as follows:
- Digital Forensics Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
Requirements: At least 5 pages
