Coursework

Astitwo Pandey

BSc. (Hons.) Ethical Hacking, Softwarica college of IT and E-commerce, Coventry University

ST4060CEM Digital Forensics Fundamentals

Mr. Ganesh Bhusal

Jan 15.2022
 Acknowledgment

On this project, I have worked hard. However, without the kind support and assistance of

many people, it would not have been feasible. I want to express my heartfelt gratitude to

each and every one of them. I owe a great deal to Mr. Ganesh Bhusal for his direction,

ongoing oversight, and provision of the information required for the project as well as for

their assistance in seeing it through to completion. I would want to thank my parents for

their great support and cooperation, both of which helped me finish this project. My friends

who gladly assisted me with this report's development and those who were able to lend a

hand are also deserving of my gratitude and respect.

 Abstract

First, a quick introduction to Astro, a private firm, and the security breach that occurred are

provided in this article. The threat, vulnerability, and risk analyses of the firm and the

incident are also presented. I've also spoken about how professional collaboration and

cooperation are practiced in a cybersecurity business and how they might be improved. After

that, I discussed the decision-making elements that may result in a favorable or unfavorable

result. Similar to this, I've included a short on the value of decision-making in business and

how making the wrong choice might result in security breaches.

Table of Contents
Acknowledgment ............................................................................................................................ 2
Abstract ........................................................................................................................................... 3
Process of Handling Digital Evidence ............................................................................................ 6
Identification ............................................................................................................................... 6
Seizure......................................................................................................................................... 6
Preservation................................................................................................................................. 6
Analysis....................................................................................................................................... 7
Presentation ................................................................................................................................. 7
Integrity of Digital Evidence Using Different Tools and Techniques ............................................ 8
Hash verification: ........................................................................................................................ 8
Digital signatures: ....................................................................................................................... 8
Chain of custody: ........................................................................................................................ 8
Data duplication: ......................................................................................................................... 8
Time-stamping: ........................................................................................................................... 9
Digital Forensics Tools: .............................................................................................................. 9
Forensically sound imaging: ....................................................................................................... 9
Secure storage: ............................................................................................................................ 9
Integrity in Rural Areas ................................................................................................................ 10
Securing the scene: ................................................................................................................... 10
Documenting the scene: ............................................................................................................ 10
Secure storage: .......................................................................................................................... 10
Training ..................................................................................................................................... 10
Transfer the evidence to the right authorities: .......................................................................... 11
Evidence Kits: ........................................................................................................................... 11
Remote Expertise: ..................................................................................................................... 11
Rural Law enforcement agencies .................................................................................................. 12
Forensic imaging tools: ............................................................................................................. 12
Digital media acquisition tools: ................................................................................................ 12
Analysis software: ..................................................................................................................... 12
Hardware write blockers: .......................................................................................................... 12
Hardware storage devices: ........................................................................................................ 13
Digital evidence collection bags: .............................................................................................. 13
Portable power supply: ............................................................................................................. 13
Training materials: .................................................................................................................... 13
Chain of custody documentation: ............................................................................................. 13
 Process of Handling Digital Evidence

To guarantee that the evidence is gathered, kept, and processed in a way that is legally

acceptable and protects the integrity of the evidence, there are a number of measures that must be

taken when handling digital evidence in today's cyberspace. The key steps in the procedure are as

follows:

Identification:

Locating and identifying the evidence is the first stage in processing digital evidence. This

may entail identifying certain hardware or media that house the evidence as well as particular files

or data that house the evidence.

Seizure:

Evidence must be seized in a way that maintains its integrity and admissibility after it has

been recognized. This may entail physically seizing the hardware or media containing the evidence

or copying it while leaving the original evidence in its original location.

Preservation:

Since digital evidence is very brittle and can readily manipulated or destroyed, it is crucial

to keep it intact. Making copies of the evidence, employing specialist software to produce forensic

photographs of the evidence, or putting the evidence in a secure place are all examples of how to

do this.
Analysis:

Once the evidence has been maintained, it may be examined to gather pertinent data and

make inferences about the alleged occurrences. The evidence may be examined using specialist

software tools and methods, and experts in pertinent domains may also be consulted.

Presentation:

The presentation of the evidence in a form that is convincing to the appropriate parties,

such as a court or law enforcement agency, is the last stage in the processing of digital evidence

process. Making reports, charts, or other visual aids to effectively communicate the pertinent

information may be required.

To guarantee that the digital evidence is gathered, kept, and examined in a manner that is

legally acceptable and retains its integrity, it is crucial to carefully follow these procedures. To

make sure that the evidence is handled appropriately, this can be a complicated procedure, and it

is frequently required to contact with legal and technological professionals.

 Integrity of Digital Evidence Using Different Tools and Techniques

The integrity of digital evidence can be preserved using a variety of methods and instruments.

These consist of:

Hash verification:

This involves calculating a hash value (such as MD5 or SHA-1) of the original digital

evidence and then comparing it to the hash value of the evidence at a later time to ensure that the

evidence has not been tampered with.

Digital signatures:

This technique uses a private key to encrypt the hash value of the digital evidence,

creating a digital signature. This signature can then be verified using the corresponding public

key to ensure that the evidence has not been tampered with.

Chain of custody:

This involves documenting the handling and storage of the digital evidence from the

point of acquisition to the point of presentation in court. This is important to ensure that the

evidence has not been tampered with and that it can be traced back to its original source.

Data duplication:

This involves creating multiple copies of the digital evidence to ensure that the evidence

can be preserved and is not lost.

Time-stamping:

This is to ensure that the time when the digital evidence was captured is known and can

be verified.

Digital Forensics Tools:

There are various digital forensics tools available that can be used to analyze digital

evidence and retrieve information that may be useful in an investigation. These tools can be used

to recover deleted files, analyze disk images, and extract data from mobile devices.

Forensically sound imaging:

Forensically sound imaging is the process of making an identical replica of the original

digital evidence that may be used as testimony in court. Using specialist software, this may be

accomplished by creating a forensic picture of the evidence that has a hash value that can be used

to confirm the accuracy of the copy.

Secure storage:

To avoid manipulation or alteration, digital evidence has to be kept in a safe area. This can

entail utilizing encryption to safeguard the data or keeping the evidence in a secure location.
 Integrity in Rural Areas

In rural areas where no forensic personnel are available as a first responders, the integrity

of digital evidence can still be maintained through the use of proper procedures and protocols.

Some steps that can be taken include:

Securing the scene:

The scene should be secured to prevent any further contamination of the evidence. This

includes ensuring that the area is not disturbed, and that any potential evidence is not tampered

with.

Documenting the scene:

The scene should be thoroughly documented, including taking photographs and videos of

the area and any potential evidence. This documentation can be used to establish the chain of

custody of the evidence.

Secure storage:

Any potential evidence should be stored in a secure location, such as a locked room or

cabinet, to prevent it from being tampered with or lost.

Training:

First responders should be trained in proper procedures for handling and preserving digital

evidence, such as how to properly package and label evidence, and how to maintain the chain of

custody.
Transfer the evidence to the right authorities:

Once the evidence has been collected, it should be transferred to the appropriate authorities,

such as a forensic laboratory or the police, for further analysis and preservation.

Evidence Kits:

Rural areas can have a ready kit that include the appropriate containers, labels, and

packaging materials to ensure the integrity of digital evidence.

Remote Expertise:

If the digital evidence is collected, but no forensic personnel are available, it is possible to

use remote expertise to analyze the evidence, for example, by sending the digital evidence to a

forensic lab or by using digital forensic tools, which can be operated remotely by trained experts.
 Rural Law enforcement agencies

Creating a starter digital forensics kit can be a cost-effective way for rural law enforcement

agencies to improve their ability to collect and process digital evidence. A starter digital forensics

kit should include a combination of hardware and software tools that are specifically designed for

collecting and analyzing digital evidence. Some of the components that might be included in such

a kit are:

Forensic imaging tools:

These tools allow forensic personnel to create forensic images of digital evidence, which

are exact copies of the original evidence that can be used as evidence in court.

Digital media acquisition tools:

These tools allow forensic personnel to collect digital evidence from a variety of sources,

such as hard drives, USB drives, and mobile devices.

Analysis software:

Analysis software is used to examine and analyze digital evidence and may include tools

for searching for specific keywords or patterns, analyzing network traffic, and extracting metadata

from digital files.

Hardware write blockers:

Hardware write blockers prevent data from being written to a digital device, which is

important to preserve the integrity of the evidence.

Hardware storage devices:

Hardware storage devices, such as external hard drives or USB drives, can be used to store

forensic images and other digital evidence.

Digital evidence collection bags:

Digital evidence collection bags are used to store and transport digital evidence and are

designed to protect the evidence from tampering or damage.

Portable power supply:

To ensure that digital devices can be powered on and analyzed even in remote areas where

there is no electricity.

Training materials:

This could include books, videos, and online training resources that can be used to train

officers in proper procedures for handling and preserving digital evidence.

Chain of custody documentation:

This includes forms and documentation needed to establish and maintain the chain of

custody of digital evidence.

Overall, a starter digital forensics kit should be tailored to the specific needs and resources

of the rural law enforcement agency and should include a combination of hardware and software

tools that are cost-effective and easy to use. By investing in a starter digital forensics kit, rural law

enforcement agencies can improve their ability to collect and process digital evidence and more

effectively investigate crimes that involve digital evidence.