Assignment 2 CCJS 321

.docx

School

University of Maryland, College Park *

*We aren’t endorsed by this school

Course

321

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by BrigadierIceStarling13

1 Assignment 1 Jae Woo CCJS 321 Section 6382 Professor Daniel Grove 01/28/2023

2 The importance of digital data recovery for evidence are in an abundance of ways to complete this process to achieve goals. There are five specific ways to recover already deleted digital files that I find necessary for the process of digital data recovery. The chain of custody requires for each forensic image made up of the data recovered from the devices to be fully recorded in detail. This includes full descriptions of the exhibit, cases references, custodian details, and signatures of every party involved (Boddington, 2016). Recovering digital evidence through the process of forensic imaging is another way to extract deleted data from a digital device. There are two options when it comes down to forensic imaging, dead recovery, and a live recovery. A dead recovery occurs when the data from a computer is being copied forensically with the use of computer’s hardware that is booted from a trusted external device as well as the use of copies of data from an extracted hard drive using a hardware write blocker (Boddington, 2016). The process of a live recovery consists of extracting the live system data before powering down a computer and involves capturing the data while at the same time, preserving volatile memory as well. This process can only be occurred while the computer operating system is still running throughout the entire process (Boddington, 2016). Volatile memory recovery is considered an advantage of a live recovery process, and this allows the ability to recover volatile and non-volatile data, such as the memory stored in RAM (Boddington, 2016). Lastly, the recovery of deleted memory remnants is a phenomenon in

3 which includes a Windows operating system that dictates the length of the files saved on a hard drive. The computer may pack a percentage of clusters in each file space and with whatever free space is left will be filled with random data from the computer memory, which may be recoverable and possibly even provide useful evidence (Boddington, 2016). The Locard’s exchange principle means that within every criminal act, there will always be something added or removed from the scene of the crime. There are many ways to ensure that a mark won’t be missed during the digital evidence collection and acquisition, including photographing the computer and the scene especially if the computer is already on, leaving the computer off if it is already turned off, documenting all device model numbers and serial numbers, and keeping all media away from magnets, radio transmitters and other elements that could be potentially dangerous (Henry, 2009). There are many digital marks that are left behind by users on the most common devices that includes a laptop, the internet, and even health and fitness trackers. The most common device is the laptop. This one device could potentially store a lot of digital marks that could be unknowingly left behind by the user. Laptops and the internet are two devices that go hand-in-hand with the risks of leaving digital marks. They may both contain fingerprints and other pieces of DNA on the device. Both passive and active digital marks may occur during the use of these two devices. You need a laptop to use the internet and the internet contains access to websites and social media sites that contains personal information. Fitness trackers utilizes applications and subscriptions to put the user at risk from potentially containing a lot of personal information (Kaspersky, 2022). Investigators can use

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version