Computer Science

INFORMATION SYSTEM SECURITY II

Research Assignment I
( Forenscis )

Names:
Abicinane Anuar Mussagy – 2017341045
Chikoondo JamesKeegan – 2021381006
Hirwa Stella Ndayambaje 2016381014
Kim II pone - 2021381002

Lecturer:
Jorge Gabriel

Maputo, March 2023

Index

Introduction .......................................................................................... 2
Concepts of Forensics ......................................................................................................................... 3
Data Loss ............................................................................................................................... 3
Data Wipping ......................................................................................................................... 3
Data Recovery ................................................................................................................................. 3

When we us engage forensics .............................................................................................................. 4

How can we engage forensics ............................................................................................................. 4

Conclusion ........................................................................................................................................... 5

References............................................................................................................................................ 6

1
Forensics
Introduction
Forensics is the practice of using scientific methods gathering, analyzing, and interpreting
evidence from digital media in order to investigate and solve crimes. Forensics can also be
defined as a scientific tests or techniques used in connection with the detection of crime. As a
result of the rapid advancement of digital technology in recent years, the field of digital
forensics has emerged. In this report, we will go over the concepts of data loss, data wiping,
data recovery, when and how to use forensics..

2
Forensics
Concepts
Key Concepts of Forensics:
Forensics involves a range of concepts that are essential to the investigation of incidents
involving electronic data. One of the key concepts is the preservation of evidence. In digital
forensics, this involves making a bit-for-bit copy of the original data, which can then be
analyzed without affecting the original evidence. The chain of custody is another important
concept, which involves maintaining a record of who has had access to the evidence and what
actions they have taken.

Data Loss
Data loss refers to the accidental or intentional destruction, corruption, or loss of data. It can
be caused by various factors such as hardware failure, software malfunction, human error,
natural disasters, and cyber-attacks. Data loss can result in the loss of important information
such as financial records, customer data, and intellectual property. It is essential to have a
proper backup and disaster recovery plan in place to mitigate the risk of data loss.

Data Wiping
Data wiping refers to the process of permanently erasing data from a storage device. It is
commonly used when disposing of old computers, mobile devices, or hard drives. Data wiping
ensures that the data is not recoverable, even by forensic experts. It is essential to use proper
data wiping software and methods to ensure that the data is erased completely and
irreversibly.

Data Recovery
Data recovery refers to the process of retrieving data that has been lost, deleted, or corrupted.
It is commonly used in forensic investigations to recover evidence from digital devices such
as computers, smartphones, and hard drives. Data recovery can be a complex and time-
consuming process, and it is essential to use proper techniques and software to avoid further
damage to the data.

3
Forensics
When we engage forensic
Forensic investigations are typically initiated in response to a legal or criminal matter. For example,
digital forensics may be used to investigate a cyber-attack, theft of intellectual property, or fraudulent
activity. Forensic investigations can also be initiated as part of internal investigations, such as in cases
of employee misconduct or data breaches.

How we engage forensic

Engaging a forensic expert typically involves the following steps:

1. Assessment: The first step is to assess the scope and nature of the investigation, including the
type of evidence that needs to be collected and analyzed.

2. Collection: The next step is to collect the relevant evidence, which may involve seizing and
analyzing digital devices such as computers, mobile devices, and storage media.

3. Analysis: Once the evidence has been collected, forensic experts analyze it using specialized
software and techniques to identify and interpret relevant information.

4. Reporting: Finally, the findings of the forensic investigation are documented in a report,
which may be used in legal proceedings or internal investigations.

N.B It is essential to follow proper chain of custody procedures to ensure that the evidence is
admissible in court.

4
Forensics
Conclusion
In conclusion Data loss, data wiping, and data recovery are essential concepts in today's
digital world. Organizations must have proper backup strategies and data wiping procedures
in place to prevent data loss and protect sensitive data. When data is lost or needs to be
recovered, forensic investigations can be engaged to collect and analyze digital evidence.
Engaging forensic investigations requires a structured approach that follows legal guidelines
and best practices to ensure that the evidence collected is admissible in court.

5
Forensics
References
1. Casey, E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers and the
Internet. Academic Press.

2. Carrier, B. (2014). File System Forensic Analysis. Addison-Wesley Professional.

3. Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to Computer Forensics and Investigations.
Cengage Learning.

4. Quick, D., & Choo,

5. Quick, D. (2014). Data wiping: An essential part of secure data destruction. Information
security technical report, 19(3), 21-28

6. https://www.sans.org/reading-room/whitepapers/incident/digital-forensics-
incidentresponse-35030

6
Forensics