CST-640
Digital Forensic Investigation Exploration
University of Maryland Global Campus
Table of Content
Preliminary Phase: Introduction, Objectives, and Documentation………………………….3
Search Warrants……………………………………………………………………………..5
Chain of Custody……………………………………………………………………………5
Forensic Equipment, Software, and Labor Expenses………………………………….…..10
Evidence Acquisition…….…………………………………………………………………15
Evidence Preservation…….…………………………………………………………………17
Transporting Evidence…….………………………………………………………………..18
Conclusion…….…………………………………………………………………………….19
Preliminary Phase: Introduction, Objectives, and Documentation
As of late, corruptive activities have been occurring in the computer systems. As a
forensic investigator, I need to dive deep into formulating the perfect strategy to analyze a
series of events and come to a conclusion based on evidence. To proceed with this
investigation, I must examine individuals, tools, security, and computer systems involved,
leading up to these activities. It is also imperative to partner up with 3rd party investigators who
are withholding the case. With this approach, necessary information is being transferred
amongst two parties, and we ensure we don’t arrive at conflicting analysis and conclusions,
which can mistreat the case. To commence the case, I must first examine the guidelines,
protocols, and boundaries I must adhere to. I want to ensure we aren’t breaching any code of
conduct or placing all parties at risk. The
, cyber investigation phase includes identification(observing and identifying tools),
preservation, analysis, documentation and presentation. We shall also examine digital forensic
laws such as subpoenas, chain of custody, jurisdiction, search warrants to guide us through this
investigation. These are imperative when reporting and presenting our case at the court of law.
To understand the cybercriminal's crime, we must interview different parties involved
with this case, such as staff, 3rd party organizations, detectives, partners, and clients. We need
to execute a plan that certifies we have the right team of people to conduct this investigation.
Once that is completed, we need to find evidence. We also need to implement the act of
assembling copies of original evidence found. Not working off of the initial evidence is a
critical aspect as to preserve the integrity of evidence. The organization needs to safeguard the
original copies of data or evidence found. With this information, we will to proceed into the
meeting with different parties to extract as much information as possible. We’ll also need to
gather necessary documents to carry out this investigation.
Meeting Agenda
Date: 10/09/2020
Time: 11:46 AM EST
Location: Hyattsville, Maryland
Objectives to be met:
Objective 1: Discuss the investigation process (25 Minutes)
Objective 2: Plan of the investigation. Timeline and duration of the investigation (20 Minutes)
Objective 2: Chain of Custody (15 Minutes)
, Objective 3: Discuss tools, techniques and systems that are under investigation (20 Minutes)
Objective 4: Present Cyber Security compliance such as NIST and PSCI-DSS and how these
criminal activities has gone against both frameworks. (20 Minutes)
Objective 5: Encryption and credential tactics used by attackers. Are devices encrypted or do
they have easy accessibility (25 Minutes)
Objective 6: Presentation of Evidence to the lab (15 Minutes)
Search
Warrants
Search Warrants are often needed for officers to investigate digital devices such as
laptops, phones, tablets, and other digital devices. Technology is emerging on a rapid
magnitude, sanctioning laws to be funneled around devices to safeguard individuals from
arbitrary searches. Search warrants are only granted when there are probable cause for its need.
“A search warrant may be issued to search a computer or electronic media if there is probable
cause to believe that the media contains or is contraband, evidence of a crime, fruits of crime,
or an instrumentality of a crime.” (Law Enforcement Cyber center, n.d, p.1) Search warrants
contain a unambiguous timeframe of which the search of information on the device(s) can be
executed.
Chain of
Custody
We must also design a timeframe of which evidence is being collected. Chain of
custody is the chronological documentation of evidence regarding the investigation. Chain of
custody encompasses the individual(s) who comes in contact with the evidence whether past or
present. The Chain of custody sanctions preservation of integrity. Integrity preservation
Digital Forensic Investigation Exploration
University of Maryland Global Campus
Table of Content
Preliminary Phase: Introduction, Objectives, and Documentation………………………….3
Search Warrants……………………………………………………………………………..5
Chain of Custody……………………………………………………………………………5
Forensic Equipment, Software, and Labor Expenses………………………………….…..10
Evidence Acquisition…….…………………………………………………………………15
Evidence Preservation…….…………………………………………………………………17
Transporting Evidence…….………………………………………………………………..18
Conclusion…….…………………………………………………………………………….19
Preliminary Phase: Introduction, Objectives, and Documentation
As of late, corruptive activities have been occurring in the computer systems. As a
forensic investigator, I need to dive deep into formulating the perfect strategy to analyze a
series of events and come to a conclusion based on evidence. To proceed with this
investigation, I must examine individuals, tools, security, and computer systems involved,
leading up to these activities. It is also imperative to partner up with 3rd party investigators who
are withholding the case. With this approach, necessary information is being transferred
amongst two parties, and we ensure we don’t arrive at conflicting analysis and conclusions,
which can mistreat the case. To commence the case, I must first examine the guidelines,
protocols, and boundaries I must adhere to. I want to ensure we aren’t breaching any code of
conduct or placing all parties at risk. The
, cyber investigation phase includes identification(observing and identifying tools),
preservation, analysis, documentation and presentation. We shall also examine digital forensic
laws such as subpoenas, chain of custody, jurisdiction, search warrants to guide us through this
investigation. These are imperative when reporting and presenting our case at the court of law.
To understand the cybercriminal's crime, we must interview different parties involved
with this case, such as staff, 3rd party organizations, detectives, partners, and clients. We need
to execute a plan that certifies we have the right team of people to conduct this investigation.
Once that is completed, we need to find evidence. We also need to implement the act of
assembling copies of original evidence found. Not working off of the initial evidence is a
critical aspect as to preserve the integrity of evidence. The organization needs to safeguard the
original copies of data or evidence found. With this information, we will to proceed into the
meeting with different parties to extract as much information as possible. We’ll also need to
gather necessary documents to carry out this investigation.
Meeting Agenda
Date: 10/09/2020
Time: 11:46 AM EST
Location: Hyattsville, Maryland
Objectives to be met:
Objective 1: Discuss the investigation process (25 Minutes)
Objective 2: Plan of the investigation. Timeline and duration of the investigation (20 Minutes)
Objective 2: Chain of Custody (15 Minutes)
, Objective 3: Discuss tools, techniques and systems that are under investigation (20 Minutes)
Objective 4: Present Cyber Security compliance such as NIST and PSCI-DSS and how these
criminal activities has gone against both frameworks. (20 Minutes)
Objective 5: Encryption and credential tactics used by attackers. Are devices encrypted or do
they have easy accessibility (25 Minutes)
Objective 6: Presentation of Evidence to the lab (15 Minutes)
Search
Warrants
Search Warrants are often needed for officers to investigate digital devices such as
laptops, phones, tablets, and other digital devices. Technology is emerging on a rapid
magnitude, sanctioning laws to be funneled around devices to safeguard individuals from
arbitrary searches. Search warrants are only granted when there are probable cause for its need.
“A search warrant may be issued to search a computer or electronic media if there is probable
cause to believe that the media contains or is contraband, evidence of a crime, fruits of crime,
or an instrumentality of a crime.” (Law Enforcement Cyber center, n.d, p.1) Search warrants
contain a unambiguous timeframe of which the search of information on the device(s) can be
executed.
Chain of
Custody
We must also design a timeframe of which evidence is being collected. Chain of
custody is the chronological documentation of evidence regarding the investigation. Chain of
custody encompasses the individual(s) who comes in contact with the evidence whether past or
present. The Chain of custody sanctions preservation of integrity. Integrity preservation
