Case Projects in Computer Forensics Essay Example | Topics and Well Written Essays - 750 words

Case Projects in Computer Forensics - Essay ExampleDespite the position that the Daubert Standard is not directly connected to forensics tryout, it sets a good guideline for acceptability of validation reports in courts of law (cited Brunty 1). In order to determine the hardihood of the findings in question, it is vital to determine from the police investigator the exact procedure he/she took as well as all the forensic tools he/she employ in examining the computer data. In the Digital Evidence discipline, it is fundamental that the examination of procedures include a complete understanding of the methodology used so as to determine its specificity, limitations and margins of error. The validation of forensic tools is conducted to verify that they did not alter, add or delete any of the original data. (Barbara 4). Computer forensics involves, at least, the basic four processes of identification, preservation, synopsis and presentation. Since identification and presentation depen d on the skills of the investigator they thunder mugnot be subjected to the validation process of the computer laboratory. On the other hand, preservation and analysis are forensics-tool bases and thus, can be verified and validated. Preservation entails forensic copy, verification, write protection and media sanitation while analysis involves the processes of searching, file rendering, data recovery, decryption, file identification, processing, temporal data, and process mechanization (Guo et al 2009, pp. S-15-S16). Validation and verification of electronic evidence requires mathematical technique primarily to determine their error dimension. One way of doing this is to split a try data into subsets, to be called model subsets, and compare them to the remaining subsets. Next, the file system should be examined remembering that file systems have two layers abstract and low level. When examination had focused on the abstract level, it is most likely that the low level evidence ha s been overlooked. To determine if this is the case, the file system image should be examined and layer 1 obtained. From layer 1, layer 2 should be inferred and this inferred layer should be compared to the actual layer 2 and the discrepancies noted. All other file systems are then examined also and the average error proportion obtained. To continue with the validation, a mathematical formula mustiness be adopted for each file system that consists of a burthen summation of every layer. The following is an example of a formula of FAT12 Er = 0.05(L1) + 0.1(L2) + 0.05(L3) + 0.1(L4) + 0.2(L5) + 0.2(L6) + 0.3(L7) A FAT12 file system, a file system commonly used in most computers, has seven layers boot sector values FAT and data areas FAT entries clusters formatted cluster content linked list of clusters all directory entries. Each of these layers must be examined for their respective abstract and lower-level, a forecast lower level layer developed with the help of the abstract and the predicted lower-level compared with the original lower-level layer and error ratio is stored. At the end, all stored layer ratios must be placed into a weighted formula similar as above and an average error ratio for the file system obtained. This examination would establish the extent of the discrepancies in the previous examination (Sremack 2003). Case Project 14-3 Several characteristics distinguish a technical/ ceremonial paper from other types.