SlideShare a Scribd company logo

The Adam - A process model for digital forensic practice

Dr. Richard Adams
Dr. Richard Adams

This is the process model for acquiring digital data in its basic form.

TechnologyBusiness
1 of 10
Download to read offline
The Advanced Data Acquisition Model for Digital Forensic Practice Dr Richard Adams University of Western Australia
The thesis containing the background to the ADAM as well as worked examples can be found here: http://researchrepository.murdoch.edu.au/ 14422/2/02Whole.pdf
ADAM PRINCIPLES The following overriding principles must be followed by the digital forensic practitioner: 1. The activities of the digital forensic practitioner should not alter the original data. If the requirements of the work mean that this is not possible then the effect of the practitioner’s actions on the original data should be clearly identified and the process that caused any changes justified. 2. A complete record of all activities associated with the acquisition and handling of the original data and any copies of the original data must be maintained. This includes compliance with the appropriate rules of evidence, such as maintaining a chain of custody record, and verification processes such as hashing. 3. The digital forensic practitioner must not undertake any activities which are beyond their ability or knowledge. 4. The digital forensic practitioner must take into consideration all aspects of personal and equipment safety whilst undertaking their work. 5. At all times the legal rights of anyone affected by your actions should be considered. 6. The practitioner must be aware of all organisational policies and procedures relating to their activities 7. Communication must be maintained as appropriate with the client, legal practitioners, supervisors and other team members
ADAM OPERATION GUIDE Stage 1 – Initial Planning The digital forensic practitioner:  MUST understand the requirements of the task, document the work to be performed and have this confirmed by the client or person providing the instructions to undertake the acquisition task.  MUST consider if the work can be undertaken by confirming that you have the appropriate: 1. internal authorisation and/or 2. external authorisation and/or 3. authority in law  MUST consider 1. time constraints – is the task achievable within the time allowed? 2. physical constraints – access to the data and physical/logical locations 3. data constraints – how will the potential evidence be identified, how much is there likely to be?  MUST consider safety issues  SHOULD create the Outline Plan (an exception being in-house acquisition from devices already obtained, e.g. at law enforcement computer crime laboratories)
ADAM OPERATION GUIDE Stage 2 - Creating the Onsite Plan The digital forensic practitioner:  MUST identify and address any security or safety issues  MUST secure access to all potential sources of evidence, either directly or remotely  MUST undertake a preliminary survey and document changes to the Outline Plan.  MUST consider 1. all the locations that might need to be searched 2. any issues that must be addressed relating to hardware and software 3. personnel and equipment needs for the investigation 4. whether onsite acquisition, offsite acquisition or a mixture of both is appropriate and possible
ADAM OPERATION GUIDE Stage 3 - Acquisition of Digital Data (per device) The digital forensic practitioner MUST identify the most appropriate way of acquiring potential evidence given the constraints of time, resources, potential evidentiary value and technical limitations. In order to do this the digital forensic practitioner:  MUST consider 1. The most appropriate method of shutting down system(s) if applicable 2. Write-protection method including interface, e.g. via USB/FireWire/eSATA 3. Addressing encryption issues 4. The appropriateness of undertaking live acquisition 5. Acquisition software to be used 6. Source device interface(s) – e.g. boot device on host, storage device removed and attached to acquisition system, network acquisition, operating system (live acquisition) 7. Potential volume of data 8. Target storage capacity 9. Target interface (speed-related) 10. Prioritising acquisition if more than one source  MUST maintain comprehensive notes  SHOULD consider photographing and/or sketching the equipment and storage device locations  MUST consider the requirements or benefits of an initial review of potential evidence devices and decide if it is appropriate for this to be carried out ‘live’ or write-blocked  SHOULD create a ‘working copy’ of acquired data as quickly as possible and concurrent with the creation of the master copy if possible  MUST keep all copies of acquired data secure  MUST be able to verify the integrity of acquired data
Flowcharts
Stage One – the initial plan
Stage Two – the onsite plan
Stage Three – acquiring digital data

Recommended

Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigationProf. (Dr.) Tabrez Ahmad
 

Recommended

Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigationProf. (Dr.) Tabrez Ahmad
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009University of Southern Mississippi
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Iso 17799
Iso 17799Iso 17799
Iso 17799rcm_007
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3sabtolinux
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 

More Related Content

What's hot

Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Iso 17799
Iso 17799Iso 17799
Iso 17799rcm_007
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 

What's hot (20)

Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Email Forensics
Email ForensicsEmail Forensics
Email Forensics
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Data security
Data securityData security
Data security
 
Iso 17799
Iso 17799Iso 17799
Iso 17799
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodology
 

Similar to The Adam - A process model for digital forensic practice

Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3sabtolinux
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentjenito21
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaDavid Kearney
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdfComputer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdffeetshoemart
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxsmile790243
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 

Similar to The Adam - A process model for digital forensic practice (20)

Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic Concepts
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic Procedures
 
9780840024220 ppt ch12
9780840024220 ppt ch129780840024220 ppt ch12
9780840024220 ppt ch12
 
R.a 1
R.a 1R.a 1
R.a 1
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-ilta
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdfComputer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdf
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Itet3 its forensics
Itet3 its forensicsItet3 its forensics
Itet3 its forensics
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
CF.ppt
CF.pptCF.ppt
CF.ppt
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

The Adam - A process model for digital forensic practice

  • 1. The Advanced Data Acquisition Model for Digital Forensic Practice Dr Richard Adams University of Western Australia
  • 2. The thesis containing the background to the ADAM as well as worked examples can be found here: http://researchrepository.murdoch.edu.au/ 14422/2/02Whole.pdf
  • 3. ADAM PRINCIPLES The following overriding principles must be followed by the digital forensic practitioner: 1. The activities of the digital forensic practitioner should not alter the original data. If the requirements of the work mean that this is not possible then the effect of the practitioner’s actions on the original data should be clearly identified and the process that caused any changes justified. 2. A complete record of all activities associated with the acquisition and handling of the original data and any copies of the original data must be maintained. This includes compliance with the appropriate rules of evidence, such as maintaining a chain of custody record, and verification processes such as hashing. 3. The digital forensic practitioner must not undertake any activities which are beyond their ability or knowledge. 4. The digital forensic practitioner must take into consideration all aspects of personal and equipment safety whilst undertaking their work. 5. At all times the legal rights of anyone affected by your actions should be considered. 6. The practitioner must be aware of all organisational policies and procedures relating to their activities 7. Communication must be maintained as appropriate with the client, legal practitioners, supervisors and other team members
  • 4. ADAM OPERATION GUIDE Stage 1 – Initial Planning The digital forensic practitioner:  MUST understand the requirements of the task, document the work to be performed and have this confirmed by the client or person providing the instructions to undertake the acquisition task.  MUST consider if the work can be undertaken by confirming that you have the appropriate: 1. internal authorisation and/or 2. external authorisation and/or 3. authority in law  MUST consider 1. time constraints – is the task achievable within the time allowed? 2. physical constraints – access to the data and physical/logical locations 3. data constraints – how will the potential evidence be identified, how much is there likely to be?  MUST consider safety issues  SHOULD create the Outline Plan (an exception being in-house acquisition from devices already obtained, e.g. at law enforcement computer crime laboratories)
  • 5. ADAM OPERATION GUIDE Stage 2 - Creating the Onsite Plan The digital forensic practitioner:  MUST identify and address any security or safety issues  MUST secure access to all potential sources of evidence, either directly or remotely  MUST undertake a preliminary survey and document changes to the Outline Plan.  MUST consider 1. all the locations that might need to be searched 2. any issues that must be addressed relating to hardware and software 3. personnel and equipment needs for the investigation 4. whether onsite acquisition, offsite acquisition or a mixture of both is appropriate and possible
  • 6. ADAM OPERATION GUIDE Stage 3 - Acquisition of Digital Data (per device) The digital forensic practitioner MUST identify the most appropriate way of acquiring potential evidence given the constraints of time, resources, potential evidentiary value and technical limitations. In order to do this the digital forensic practitioner:  MUST consider 1. The most appropriate method of shutting down system(s) if applicable 2. Write-protection method including interface, e.g. via USB/FireWire/eSATA 3. Addressing encryption issues 4. The appropriateness of undertaking live acquisition 5. Acquisition software to be used 6. Source device interface(s) – e.g. boot device on host, storage device removed and attached to acquisition system, network acquisition, operating system (live acquisition) 7. Potential volume of data 8. Target storage capacity 9. Target interface (speed-related) 10. Prioritising acquisition if more than one source  MUST maintain comprehensive notes  SHOULD consider photographing and/or sketching the equipment and storage device locations  MUST consider the requirements or benefits of an initial review of potential evidence devices and decide if it is appropriate for this to be carried out ‘live’ or write-blocked  SHOULD create a ‘working copy’ of acquired data as quickly as possible and concurrent with the creation of the master copy if possible  MUST keep all copies of acquired data secure  MUST be able to verify the integrity of acquired data
  • 8. Stage One – the initial plan
  • 9. Stage Two – the onsite plan
  • 10. Stage Three – acquiring digital data