Uploaded byDamaineFranklinMScBE
1,045 views

Digital Forensics Assignment One UEL and Unicaf

The document is a digital forensics assignment that covers general knowledge about cybercrime, digital evidence, and various legal and ethical issues related to the field. It discusses concepts such as evidence collection, processing, and the role of law enforcement and forensic examiners, along with the use of artificial intelligence in forensic investigations. Additionally, it includes comprehension questions and answers, emphasizing the need for adherence to legal standards in the presentation of digital evidence.

Education
Related topics:
Digital Forensics

Embed presentation

Downloaded 33 times
DFranklin R2104D12054733 Digital Forensics ASSIGNMENT 1 By Damaine Franklin R2104D12054733 UNICAF - University of East London Digital Forensics UEL-CN-7019-46372 Eya Nnabuike Nnaemeka February 10th , 2024
DFranklin R2104D12054733 Table of Contents Part 1 – General Knowledge ......................................................................................................................3 Part 2 – Comprehension: Multiple Choice and Short Questions ...........................................................6 Part 2A – Comprehension: Multiple Choice ........................................................................................6 Part 2B – Comprehension: Short Questions.........................................................................................7 Part 3 – Application of Knowledge..........................................................................................................12 Question 1: Legal and Ethical Issues...................................................................................................12 Question 2 – Presentation of Evidence................................................................................................13 Question 3 – Digital Evidence Collection............................................................................................14 Question 4 – Cloud-based digital forensics.........................................................................................17 References..................................................................................................................................................19
DFranklin R2104D12054733 Part 1 – General Knowledge 1. The term cybercrime is understood to be any unlawful activities carried out by a cybercriminal or hacker that involve the malicious utilization of a computer system. Two examples of cybercrime include: a. Intellectual property theft refers to the unauthorized acquisition of an individual or organization’s copyright, trade secret or patents. b. Cyber Defamation refers to the use of a computer system and the internet as a tool to damage the reputation of an individual or organization. 2. Two common types of cyberthreats are: a. Burte-force attack refers to the use of several trial-and-error techniques used to determine the login credentials of a targeted individual, database system or software. b. Ransomware attack refers to the use of cryptographic techniques to block access to a victim’s personal data unless a ransom is paid in bitcoins. 3. Digital forensics refers to a set of methods and techniques used to investigate, identify, collect, preserve, analyze, and document digital evidence in a manner that is admissible in a court of law. It helps in cybercrime investigation by providing evidence for prosecution. 4. In digital forensics, scientific methods are used to make initial observations, create a hypothesis, testing the hypothesis through experiments, and analyzing the results to draw conclusion. 5. Digital evidence refers to data that is either stored on or transmitted through an electronic device.
DFranklin R2104D12054733 6. Digital evidence can either be volatile or non-volatile data acquired during the investigation phase. a. Volatile data: refers to data that is lost when the device is powered off such as running processes. b. Non-Volatile Data: refers to data that is retained whether the device is powered on or off such as event logs. 7. The principle of evidence exchanges states that when there is contact between two items there is an exchange of material, while evidence soundness refers to a set of guidelines to maintain digital evidence authenticity and integrity. 8. The digital forensics process: a. Preparation: Set guidelines and best practices to be followed prior to the identification stage. b. Gathering: refers to the identification, collection, and preservation of digital evidence. c. Processing: refers to the examination and analysis of digital evidence collected during the gathering stage. d. Presentation: this is the final stage of the digital forensic process which involves documenting and reporting the evidence in a manner that is admissible in court of law. 9. Roles of the following explained: a. Law enforcement: assist with search warrants and seizure of digital evidence. b. Digital forensic examiner: examines the evidence acquired and sorts the useful evidence.
DFranklin R2104D12054733 c. Legal expert: provides legal advice to the forensic investigator and all this involve in the investigation process. 10. Cyber dependent crimes are committed with the use of computers as a tool, while cyber enable crimes are initially committed without the use of computers but are enabled by computers in certain circumstances. Two examples of each are hacking, DDoS and fraud, harassment respectively. 11. The digital forensics report is structured in the following order: a. Case data b. Purpose statement c. Findings d. Conclusion 12. When a file or folder is deleted from a computer system it is not gone forever. There are methods and techniques available in Windows, Linux, MAC and android operating systems to recover deleted files.
DFranklin R2104D12054733 Part 2 – Comprehension: Multiple Choice and Short Questions Part 2A – Comprehension: Multiple Choice 1. Response to question one: Experts should be fully knowledgeable of their domain of expertise and should provide objective and unbiased opinions. a. Justification: I agree with the statement to an extent, however I disagree with the part which says, “provide objective and unbiased opinion”. In order for something to be considered objective or unbiased, it is necessary to incorporate opinions from multiple sources. 2. Response to question two: Examiner/Analyst: Responsible for examining and analyzing digital evidence at the crime scene. a. Justification: after the technician has identifies the digital evidence at the crime scene, it should be collected, preserved, and transported to the forensics laboratory for examination and analysis by the examiner/analyst. 3. Response to question three: Imaging software used for copying of images from hard drives and other storage devices. a. Justification: imaging software is used to create an identical copy of the physical hardware. Hence, stating that it is used for copying implies that the image file is readily available on the physical device.
DFranklin R2104D12054733 Part 2B – Comprehension: Short Questions 1. Response to question one: description of each knowledge level. a. General awareness: refers to anyone with the basic knowledge and understanding of the concepts and principles of digital forensics, such as the legal and ethical issues, how to identify various types of digital evidence and the best practices for preserving and handling digital evidence. b. Basic Training: refers to anyone with basic to intermediary skills and knowledge for performing digital forensic tasks, such as identifying, collecting, preserving, and analyzing digital evidense. c. Formal education: refers to anyone with advanced investigative knowledge of digital forensics processes, such as preparation, gathering, processing and report writing and presentation skills. d. Specialization: refers to anyone with expertise and proficiency in a specific field of digital forensics, such as cloud forensics, mobile forensics etc. 2. Response to question two: a. Evidence needs to be collected from a device with an operating system that the forensics examiner is unfamiliar with • In the given scenario, the evidence may be collected in a forensically unsound manner by proceeding with the evidence collection. In doing so, the forensics examiner exceeds his/her technical capabilities, thereby creating the risk of compromising the authenticity, validity, and accuracy of the digital evidence.
DFranklin R2104D12054733 b. A set of hard disk drives (HDDs) are being transported to the digital forensics’ laboratory. • In the given scenario, the evidence may be collected in a forensically unsound manner by examining and collecting the disk drives without having the legal right to seize electronic evidence. For instance, if the forensic examiners lack the legal right to seize the disk drives, then the evidence would be ruled inadmissible in court of law. 3. Response to question three: Discuss a few of the differences a. According to Al-Hait (2014), cybercrime laws in the United States are created and enforce both at the state and federal system of government. By contrast, the United Kingdom has a centralized government system that is responsible for enforcing cybercrime laws. This system has the power to create and implement laws specifically related to cybercrime. Although the UK is a sovereign country, in some cases the Council of Europe (CoE) influences their cybercrime laws as stated by Wang (2016). 4. Response to question four: obfuscation methods used by cybercriminals: a. Data Deletion: this is one of the most unsophisticated methods used by cybercriminals. This method simply involves deleting files from the disc drive to hide or disguise data to make it harder to find the digital evidence. b. Steganography: this is a more sophisticated method used by cybercriminals to conceal sensitive data within ordinary data. For instance, cybercriminals can share sensitive information among themselves by embedding data within, video, audio or picture files to avoid detection (Simson, 2007).
DFranklin R2104D12054733 c. Encryption: this is another sophisticated method used by cybercriminals which involves the process of encrypting sensitive plaintext data with strong ciphers which is then decrypted at its intended destination. This is one of the most effective obfuscation methods used by cyber criminals (Simson, 2007). 5. Response to question 5: the concept of data volatility a. According to the RFC 3227 Guidelines for Evidence Collection and Archiving, the concept of data volatility describes the process of collecting the most volatile data first, as not all data have the same level of volatility. In context of storage device, an investigator must evaluate the order of volatility when collecting digital evidence (RFC 3227, 2002). 6. Response to question six: the process of imaging a. Imaging is the process of obtaining a clone copy of the entire physical disk drive or physical media. Imaging creates a bit-by-bit copy of the physical media, which guarantees the authenticity of the original files or data. Hashing is one method by which the data integrity of the imaging file can be verified. 7. Response to question seven: forensics tools of the trade a. A digital forensics investigator may choose his/her tools based on several factors which includes, the type of investigation, environment, or the type of evidence required for analysis. 8. Response to question eight: Network digital evidence a. Timestamp of each event: indicate when a suspicious event occurred. b. Source and destination IP addresses: identifies the origin of the sender and the target or recipient of the data packets.
DFranklin R2104D12054733 c. Source and destination IP Addresses: reveals information about the type of traffic that is being sent and received. 9. Response to question nine: forensic software evidence a. File Meta-data: reveals data about the author of a file when it was created and last modified. b. Volatile data: reveals data about active processes and services in running RAM. c. User activities: reveals data on user accounts, login/logout timestamps and account activities. 10. Response to question ten: a. The examination and analysis of data during a forensic investigation can be done using various methods. Some of which includes using a write blocker to prevent read- write access or damage to the digital evidence. Evaluate the order of volatility since not all data have the same level of volatility. Use a data recovery tool such as autopsy to examine and recover digital evidence that is relevant to the investigation. 11. Response to question eleven: a. When writing the digital forensics report, the examiner should ensure that the findings of the examination and analysis are verifiable and done in an impartial and objective manner that is void of any forensic confirmation bias. 12. Response to question twelve: a. It is important that a forensic laboratory follows set requirements and guidelines to ensure that the analysis and presentation of digital evidence is forensically sound and admissible in court (Casey, 2011).
DFranklin R2104D12054733 13. Response to question thirteen: a. There are several ways in which the preservation of digital evidence may be negatively affected in a poorly designed forensics laboratory. These include, improper storage facilities, poor ergonomics, and lack of proper forensics tools to handle digital evidence (Watson & Jones, 2013). 14. Response to question fourteen: guidelines for forensics laboratory a. To ensure that a forensics laboratory is adequately equipped and provides an environment that is conducive to a ‘forensically sound’ investigation, the following guidelines can be adopted: • Adhere to the rules of forensic soundness. • Adopt industry standards and procedures pertaining to digital forensics. • Establish specific roles and responsibilities. • Adequately design the forensics laboratory to maximize efficiency and productivity. • Procedure for transport and storage should be in place.
DFranklin R2104D12054733 Part 3 – Application of Knowledge Question 1: Legal and Ethical Issues 1. Response to question one: a. I disagree with the first statement; however, I am in total agreement with the second and third statement outlined in question one. 2. Response to question two: a. Justification 1 (Disagree): In the event that law enforcement unlawfully seized and obtained digital evidence from the cybercriminal device, I would hold a different opinion. However, I believe that once law enforcement follows legal principles, acquire a warrant or a subpoena, they are within the law to gather sufficient digital evidence to prosecute the cybercriminal under investigation. b. Justification 2 (Agree): In the given scenario, to request information from a VPN provider about a client suspected of being a cybercriminal depends on several factors, such as the legal framework in place and the jurisdiction of the VPN provider. Simply just asking is not a sufficient basis for the disclosure of a client’s confidential data. c. Justification 3 (Agree): The individual who is in possession of a secondhand computing or storage device should not be liable or convicted for criminal digital evidence. In the given scenario, the individual may not have fore knowledge regarding the computing device history. Given that the computing or storage device was utilized in the cybercrime, law enforcement must determine, with
DFranklin R2104D12054733 factual evidence, whether the newly acquired individual has any connection to the cybercrime. 3. Response to question three: a. In the given scenario, the opposing view can be justified on the basis if there is probable cause to believe that the suspect has committed a crime, law enforcement may seek a warrant to search the suspect’s device (Strom, 2023). In addition, if the suspect poses an imminent threat to national security and public safety, law enforcement may be justified in using hacking tools to prevent harm (Hennessey, 2016). Question 2 – Presentation of Evidence 1. The concept of evidence certainty. a. The concept of evidence certainty refers to the degree of confidence an expert witness has in expressing his or her opinion and conclusion on the presentation of digital evidence in a court proceeding. The expert witness may express his or her degree of certainty as either: Highly uncertain, somewhat uncertain, possible, probable, almost certain, certain (Casey, 2011). 2. Failure of the digital forensics’ examiner as an expert witness. a. The expert witness's responsibility in the given scenario is to aid the attorney by offering his/her formal opinion that is impartial and credible on issues pertaining to digital evidence in a court proceeding (Hayes, 2021). In other words, the expert witness must possess the necessary credentials and expertise in the case or report in order to articulate his or her opinion explicitly. In the given scenario, it is
DFranklin R2104D12054733 important that the expert witness considers certain factors while testifying in court. For instance, the findings of the investigation show that there is no evidence linking the ex-employee as the cybercriminal. Despite these facts, the expert witness confidently used the word “certain” which suggests that it is highly unlikely that the suspect is not the cybercriminal. The expert witness fails in fulling his/her obligations in that the opinion given is inconsistent with the evidence, which may render the case futile of inadmissible. Question 3 – Digital Evidence Collection The Advantages and Disadvantages According to Mohammed et al. (2016), the use of cloud computing and big databases for storing vast quantities of data are becoming increasingly prevalent among government and private businesses. This is due to the extensive growth of the digital world, which has resulted in the proliferation of large volumes and variety of data sets. This situation presents an opportunity for cybercriminals to exploit and poses a major challenge to digital forensics investigations. In this regard, Mohammed et al. (2016), asserts that traditional digital forensics tools struggle to manage digital cases that are heterogeneous in nature, primarily because traditional forensics analysis and examination tools were designed to work with individual or small number of devices and small volume of data. In order to address this problem, Mohammed et al. (2016), asserts that digital cases with large data sets require the use of diverse techniques and solutions such as the use data analytics tools as well as artificial intelligence (AI) to deal with big data analysis of digital evidence. Some of the key advantages and disadvantages of Artificial intelligence tools in digital forensic investigation are outlined in the subsequent sections.
DFranklin R2104D12054733 Advantages • Knowledge Repositories: As stated by Mitchell (2007), the domain of digital forensics suffers from a lack of standardization regarding the representation of information and knowledge. The author asserts that the use of artificial intelligence as a tool can help to create a standardized ontology for digital forensics. In other words, forensics investigators will have access to a formalized repository of information and knowledge regarding digital evidence and cases. Mohsin (2021) provides support for this idea by stating that an investigator can access a repository of all digital forensics case-related data from a central location. This repository would contain case-related knowledge and information from other investigators, including their methods, techniques, documentation, and findings. • Efficiency: Mohsin (2021), asserts that the use of AI in examining digital evidence is a valuable tool for managing big datasets and saves the forensic investigator a substantial amount of time when conducting an investigation. • Pattern Recognition: Digital evidence can occasionally be complicated and elusive at times, making it difficult to comprehend. As a result, Mohsin (2021), noted that forensics investigators depend on proactive measures to detect obscure patterns in digital evidence. According to the author, the use of artificial intelligence in digital forensics investigation can be used as a tool to help in pattern recognition such as detecting patterns and anomalies in data, which is valuable in identifying suspicious activities, trends, or connections that may not be immediately apparent to human investigators.
DFranklin R2104D12054733 • Automation: Other key advantages discussed by Mohsin (2021) are that artificial intelligence automates the digital forensics investigation procedures. By doing so, digital forensics investigators can distribute their time efficiently and focus on other aspects of the investigation. In addition, AI tools can also assist in the detection of anomalies and obfuscation in vast quantities of unstructured digital data. • Correlation of Evidence: In this regard, the advantage of artificial intelligence as a tool in digital forensics is to analyze and combined the evidence of an investigation to see how they are related and by linking information from various digital sources (Ganesh , 2017). The goal of correlating digital evidence is to minimize the likelihood of human error, particularly when analyzing vast amounts of data, thereby enabling the investigator to build a comprehensive view of a case. Disadvantages • Privacy Concerns: Privacy concerns might arise with regards to the gathering, transportation and retention of digital evidence which may potentially contain confidential information about the suspect under investigation. Therefore, it is crucial that the use of data analytics and AI as a tool in examining digital evidence should follow strict ethical standards and legal regulations to avoid infringing on individuals’ privacy rights. • Ethical Concerns: There may arise ethical issues regarding misuse use, including transparency and accountability. In this regard digital evidence may be inadmissible in court.
DFranklin R2104D12054733 • Generate Bias Outcome: Errors made by algorithms powered by artificial intelligence may produce biassed results, which may result in discriminatory consequences, especially for marginalized groups. • Generate Fake Evidence. Since artificial intelligence is not self-aware but follows the programming of a human instructor, issues may arise with regards to generating fake digital evidence such as images, audio, video, and documents. Additionally, artificial intelligence tools possess the capability to manipulate or tamper with digital evidence, thereby compromising its authenticity and integrity. Question 4 – Cloud-based digital forensics Comparison Between Digital Forensics and Cloud Forensics The general process of digital forensics is not the same when dealing with cloud based digital evidence collection. According to Tidmarsh (2022), cloud computing delivers on demand services to consumers via the internet. These services include servers, networking hardware, databases, and various software applications among others. Tidmarsh (2022), explained that the investigation techniques utilized in cloud environments are significantly different from those employed in digital forensics.
DFranklin R2104D12054733 Challenges of Cloud Forensics. According to Tidmarsh (2022), cloud forensics encounters distinctive challenges stemming from the distributed nature of cloud computing, in addition to several legal and technical factors. • Jurisdiction: The geographical distribution of cloud computing resources varies across various jurisdictions worldwide. The fact that every jurisdiction has its own set of laws, regulations, and policies complicates cloud forensics significantly, especially when the evidence is from a different jurisdiction. In order to gather the required evidence, the investigators have to comply with the rule of law that governs the jurisdiction where the evidence resides. • Physical Access: In most cases the cloud computing resources which contain the digital evidence are not accessible by the forensics investigator due to strict security regulations imposed by the cloud computing service provider. • Decentralization: The resources offered through cloud computing services are located across several servers to improve network redundancy, data availability, and reliability. This decentralized approach creates a challenge for forensics investigators to identify or locate the required digital evidence. • Strong Encription: The encryption of data stored in cloud computing presents a significant obstacle for forensics investigators attempting to acquire encryption keys and conduct forensic analysis of digital evidence. • Evidence Preservation: The dynamic nature of cloud computing means that critical evidence can be easily overwritten or lost. Investigators must prioritize evidence preservation by creating images of virtual machines or instances to prevent data loss during investigations
DFranklin R2104D12054733 References A-Hait, A. A., 2014. Jurisdiction in Cybercrimes: A Comparative Study. Journal of Law, Policy and Globalization , Volume 22, pp. 75-84. Casey, E., 2011. Forensic Science, Computers and the Internet. In: E. Casey, ed. Digital Evidence and Computer Crime. Waltham, MA : Elsevier Inc., pp. 49-73. Ganesh , V., 2017. Artificial Intelligence Applied to Computer Forensics. International Journal of Advance Research in Computer Science and Management Studies, 5(5), pp. 21-29. Hayes, D. R., 2021. In: 2, ed. A Practical Guide To Digital Forensics Investigation. s.l.:Pearson Education, p. 242. Hennessey, S., 2016. Lawful hacking and the case for a strategic approach to “Going Dark”. [Online] Available at: https://www.brookings.edu/articles/lawful-hacking-and-the-case-for-a-strategic-approach- to-going-dark/ [Accessed 2 February 2024]. Mitchell, . F., 2007. The Use of Artificiall Intelligence in Digital Forensics: An Introduction. Digital Evidence and Electronic Signature Law Review, Volume 7, pp. 35-41. Mohammed , H., Clarke , N. & Li , F., 2016. An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data Heterogeneous Big Data. Digital Forensics Security and Law, 11(2), pp. 137- 152. Mohsin, K., 2021. Artificial Intelligence in Forensic Science. Maharishi, India: SSRN Electronic Journal . RFC 3227, 2002. Guidelines for Evidence Collection and Archiving. s.l., s.n.
DFranklin R2104D12054733 Simson, G., 2007. Anti-Forensics: Techniques, Detection and Countermeasures. Monterey, California, Calhoun: The NPS Institutional Archive. Strom, S., 2023. Hacking Laws and Punishments. [Online] Available at: https://www.findlaw.com/criminal/criminal-charges/hacking-laws-and-punishments.html [Accessed 2 February 2024]. Tidmarsh, . D., 2022. What do you need to know about cloud forensics?. [Online] Available at: https://www.eccouncil.org/cybersecurity-exchange/computer-forensics/what-is-cloud- forensics/ [Accessed 9 Februrary 2024]. Wang , Q., 2016. A Comparative Study of Cybercrime in Criminal Law: China, US, England, Singapore and the Council of Europe. geboren te Shandong, China : s.n. Watson, D. L. & Jones, A., 2013. In: Digital Forensics Processing and Procedures : Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements. Waltham, MA: Elsevier.

More Related Content

PDF
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
byDamaineFranklinMScBE
 
PDF
Security Management
byDamaineFranklinMScBE
 
PPTX
Cybercrime Investigation | Cybersecurity | PPT
byCyber Security Experts
 
PPTX
Difference between Cyber and digital Forensic.pptx
byApplied Forensic Research Sciences
 
PDF
IT and Internet Law
byDamaineFranklinMScBE
 
PDF
Computer Security - Case Study
byDamaineFranklinMScBE
 
PPT
Cyber crime and forensic
bySANTANU KUMAR DAS
 
PPTX
cyber security and forensic tools
bySonu Sunaliya
 
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
byDamaineFranklinMScBE
 
Security Management
byDamaineFranklinMScBE
 
Cybercrime Investigation | Cybersecurity | PPT
byCyber Security Experts
 
Difference between Cyber and digital Forensic.pptx
byApplied Forensic Research Sciences
 
IT and Internet Law
byDamaineFranklinMScBE
 
Computer Security - Case Study
byDamaineFranklinMScBE
 
Cyber crime and forensic
bySANTANU KUMAR DAS
 
cyber security and forensic tools
bySonu Sunaliya
 

What's hot

PDF
IT & Internet Law
byDamaineFranklinMScBE
 
PDF
Case Study.pdf
byDamaineFranklinMScBE
 
PDF
Module 3-cyber security
bySweta Kumari Barnwal
 
PPTX
Internet Privacy
byKristin Briney
 
PDF
Ebay cyber attack
byDamaineFranklinMScBE
 
PDF
CIPPE_SampleQuestions_v6.0.pdf
byDusanPavlovic12
 
PPT
Data Privacy in India and data theft
byAmber Gupta
 
PPT
Credit card fraud
byNitin kumar Gupta
 
PPT
Data protection
byLewis Silkin
 
PPTX
Social Media Cyber Security Awareness Briefing
byDepartment of Defense
 
PPTX
Employee Theft
byShaikh Alamin-Khashoggi
 
PPT
Records Retention And Destruction Policies
byRichard Austin
 
PPTX
Introduction to Incident Response Management
byDon Caeiro
 
PDF
Cyber Security
byNcell
 
PPTX
Lecture 06 - Incident Management and SOC.pptx
byprasadsanjaya2
 
PPTX
Real-time Phishing Attack Detection using ML  - Abdul Ghani
byAbdul Ghani
 
PPTX
Cyber Crime
byAvinash Rajput
 
PPTX
GDPR
byGopi PD
 
PDF
Mobile Security 101
byLookout
 
PPTX
Smartphone security
byManish Gupta
 
IT & Internet Law
byDamaineFranklinMScBE
 
Case Study.pdf
byDamaineFranklinMScBE
 
Module 3-cyber security
bySweta Kumari Barnwal
 
Internet Privacy
byKristin Briney
 
Ebay cyber attack
byDamaineFranklinMScBE
 
CIPPE_SampleQuestions_v6.0.pdf
byDusanPavlovic12
 
Data Privacy in India and data theft
byAmber Gupta
 
Credit card fraud
byNitin kumar Gupta
 
Data protection
byLewis Silkin
 
Social Media Cyber Security Awareness Briefing
byDepartment of Defense
 
Employee Theft
byShaikh Alamin-Khashoggi
 
Records Retention And Destruction Policies
byRichard Austin
 
Introduction to Incident Response Management
byDon Caeiro
 
Cyber Security
byNcell
 
Lecture 06 - Incident Management and SOC.pptx
byprasadsanjaya2
 
Real-time Phishing Attack Detection using ML  - Abdul Ghani
byAbdul Ghani
 
Cyber Crime
byAvinash Rajput
 
GDPR
byGopi PD
 
Mobile Security 101
byLookout
 
Smartphone security
byManish Gupta
 

Similar to Digital Forensics Assignment One UEL and Unicaf

PPTX
unit 5 understanding computer forensics.pptx
byDimple Relekar
 
PPTX
3170725_Unit-1.pptx
byYashPatel132112
 
PPT
Lecture-2 Introduction to Digital Forensics.ppt
byamansinght675
 
PPT
Digital Forensic
byCleverence Kombe
 
PDF
Digital forensic
byChandan Sah
 
PPTX
Computer Forensics.pptx
byHappyness Mkumbo
 
PPTX
ppt for Module 5 cybersecuirty_023501.pptx
byMayuraD1
 
PDF
digital forensics-9 of cyber security.pdf
byAdyakantaSahoo
 
PPTX
Forensic Science – Digital Forensics – Digital Evidence – The Digital Forensi...
byManiMaran230751
 
PPTX
DIGITAL FORENSICS, MULTIMEDIA AND INCIDENT RESPONSE.pptx
bysreejithskumar190702
 
PPT
Lecture2 Introduction to Digital Forensics.ppt
bySurajgroupsvideo
 
PPT
L11 - Intro to Computer Forensics.ppt
byRebeccaMunasheChimhe
 
PPTX
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
PPTX
3170725_Unit-1.pptx
byBhagyasriPatel2
 
PPTX
Unit 4 -Digital Forensic Chapter for MSBTE engineering students
bygboy4529248
 
PPT
Computer forensics intro(Pendahuluan Komputer Forensik).ppt
byBudiHsnDaulay
 
PPT
Computer_forensics_ppt.ppt
byGnanavi2
 
PPTX
Review on Cyber Forensics - Copy.pptx
byVaishnaviBorse8
 
PDF
An insight view of digital forensics
byijcsa
 
PPTX
wang.pptx
bySteveIrwin25
 
unit 5 understanding computer forensics.pptx
byDimple Relekar
 
3170725_Unit-1.pptx
byYashPatel132112
 
Lecture-2 Introduction to Digital Forensics.ppt
byamansinght675
 
Digital Forensic
byCleverence Kombe
 
Digital forensic
byChandan Sah
 
Computer Forensics.pptx
byHappyness Mkumbo
 
ppt for Module 5 cybersecuirty_023501.pptx
byMayuraD1
 
digital forensics-9 of cyber security.pdf
byAdyakantaSahoo
 
Forensic Science – Digital Forensics – Digital Evidence – The Digital Forensi...
byManiMaran230751
 
DIGITAL FORENSICS, MULTIMEDIA AND INCIDENT RESPONSE.pptx
bysreejithskumar190702
 
Lecture2 Introduction to Digital Forensics.ppt
bySurajgroupsvideo
 
L11 - Intro to Computer Forensics.ppt
byRebeccaMunasheChimhe
 
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
3170725_Unit-1.pptx
byBhagyasriPatel2
 
Unit 4 -Digital Forensic Chapter for MSBTE engineering students
bygboy4529248
 
Computer forensics intro(Pendahuluan Komputer Forensik).ppt
byBudiHsnDaulay
 
Computer_forensics_ppt.ppt
byGnanavi2
 
Review on Cyber Forensics - Copy.pptx
byVaishnaviBorse8
 
An insight view of digital forensics
byijcsa
 
wang.pptx
bySteveIrwin25
 

More from DamaineFranklinMScBE

PDF
Interpreting the References to Jesus’ Brothers and Sisters in Scripture
byDamaineFranklinMScBE
 
PDF
Internet of Things IoT Incomplete Thesis.pdf
byDamaineFranklinMScBE
 
PDF
Security Management
byDamaineFranklinMScBE
 
PDF
Formative Task 3: Social Engineering Attacks
byDamaineFranklinMScBE
 
PDF
Classical Cryptography and Digital Encryption
byDamaineFranklinMScBE
 
PDF
Identity, Authentication, and Access Control
byDamaineFranklinMScBE
 
PDF
ebay_data_breach
byDamaineFranklinMScBE
 
PDF
Is online education an effective replacement for traditional classroom teaching?
byDamaineFranklinMScBE
 
PDF
What is The Role of Students in Online Courses?
byDamaineFranklinMScBE
 
Interpreting the References to Jesus’ Brothers and Sisters in Scripture
byDamaineFranklinMScBE
 
Internet of Things IoT Incomplete Thesis.pdf
byDamaineFranklinMScBE
 
Security Management
byDamaineFranklinMScBE
 
Formative Task 3: Social Engineering Attacks
byDamaineFranklinMScBE
 
Classical Cryptography and Digital Encryption
byDamaineFranklinMScBE
 
Identity, Authentication, and Access Control
byDamaineFranklinMScBE
 
ebay_data_breach
byDamaineFranklinMScBE
 
Is online education an effective replacement for traditional classroom teaching?
byDamaineFranklinMScBE
 
What is The Role of Students in Online Courses?
byDamaineFranklinMScBE
 

Recently uploaded

PDF
To synthesis and submit Benzamide synthesis.pdf
byPradeep Swarnkar
 
PPTX
ANTISEPTICS AND DISINFECTANTS CHAPTER NO.05.pptx
byGanu Gavade
 
DOCX
COMMUNITY HEALTH NURSING OSCE CHECKLIST.docx
byGeetha S R
 
PDF
19 January 2026 Andreas Schleicher Digital Education Outlook 2026.pdf
byEduSkills OECD
 
PPTX
Electric Charges and Fields 25.pptx notes of lecture 25 by lakshay neet 2026 2.0
byhh3360156
 
PPTX
STERILITY INDICATOR Pharmaceutical microbiology
byChetana Wagh
 
PPTX
Palta Utsav Open Quiz Prelims Answer.pptx
bySourav Kr Podder
 
PDF
BÀI GIẢNG POWERPOINT CHÍNH KHÓA PHIÊN BẢN AI TIẾNG ANH 6 CẢ NĂM, THEO TỪNG BÀ...
byNguyen Thanh Tu Collection
 
PDF
Fanatics of LDM a Time Capsule By LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PPTX
Ethiopian soil types , degradation and conservation
byMahlet
 
PDF
Agents in Artificial Intelligence: Types, Architecture and Real-World Examples
byARTHIDEVARANIP
 
PPTX
Complete Overview of Roles in Odoo 18 Planning
byCeline George
 
PDF
PULSE according to Physiology special pdf for all medical sectors students & ...
byhttps://www.facebook.com/profile.php?id=61578457231735
 
PPTX
ANTI-TUSSIVE CHAPTER NO.05 PHARMACOGNOSY
byGanu Gavade
 
PPTX
How to Create SMS Marketing Campaigns in Odoo 18
byCeline George
 
PPTX
THEORIES OF LEARNING Shilpa Hotakar.pptx
bySHILPA HOTAKAR
 
PPTX
Introduction of Carbohydrates - Dr.M.Jothimuniyandi
byJothimuniyandi
 
PPTX
Complete and Detailed Overview of Odoo 18 Contact
byCeline George
 
PPTX
Blood, Blood Composition, Blood Groups, Disorders of Blood.pptx
byAshish Umale
 
PDF
The Unique Wildlife of Ethiopia: From the Simien to the Bale Mountains
byfirtunagebremicheal
 
To synthesis and submit Benzamide synthesis.pdf
byPradeep Swarnkar
 
ANTISEPTICS AND DISINFECTANTS CHAPTER NO.05.pptx
byGanu Gavade
 
COMMUNITY HEALTH NURSING OSCE CHECKLIST.docx
byGeetha S R
 
19 January 2026 Andreas Schleicher Digital Education Outlook 2026.pdf
byEduSkills OECD
 
Electric Charges and Fields 25.pptx notes of lecture 25 by lakshay neet 2026 2.0
byhh3360156
 
STERILITY INDICATOR Pharmaceutical microbiology
byChetana Wagh
 
Palta Utsav Open Quiz Prelims Answer.pptx
bySourav Kr Podder
 
BÀI GIẢNG POWERPOINT CHÍNH KHÓA PHIÊN BẢN AI TIẾNG ANH 6 CẢ NĂM, THEO TỪNG BÀ...
byNguyen Thanh Tu Collection
 
Fanatics of LDM a Time Capsule By LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Ethiopian soil types , degradation and conservation
byMahlet
 
Agents in Artificial Intelligence: Types, Architecture and Real-World Examples
byARTHIDEVARANIP
 
Complete Overview of Roles in Odoo 18 Planning
byCeline George
 
PULSE according to Physiology special pdf for all medical sectors students & ...
byhttps://www.facebook.com/profile.php?id=61578457231735
 
ANTI-TUSSIVE CHAPTER NO.05 PHARMACOGNOSY
byGanu Gavade
 
How to Create SMS Marketing Campaigns in Odoo 18
byCeline George
 
THEORIES OF LEARNING Shilpa Hotakar.pptx
bySHILPA HOTAKAR
 
Introduction of Carbohydrates - Dr.M.Jothimuniyandi
byJothimuniyandi
 
Complete and Detailed Overview of Odoo 18 Contact
byCeline George
 
Blood, Blood Composition, Blood Groups, Disorders of Blood.pptx
byAshish Umale
 
The Unique Wildlife of Ethiopia: From the Simien to the Bale Mountains
byfirtunagebremicheal
 

Digital Forensics Assignment One UEL and Unicaf

  • 1.
    DFranklin R2104D12054733 Digital Forensics ASSIGNMENT1 By Damaine Franklin R2104D12054733 UNICAF - University of East London Digital Forensics UEL-CN-7019-46372 Eya Nnabuike Nnaemeka February 10th , 2024
  • 2.
    DFranklin R2104D12054733 Table ofContents Part 1 – General Knowledge ......................................................................................................................3 Part 2 – Comprehension: Multiple Choice and Short Questions ...........................................................6 Part 2A – Comprehension: Multiple Choice ........................................................................................6 Part 2B – Comprehension: Short Questions.........................................................................................7 Part 3 – Application of Knowledge..........................................................................................................12 Question 1: Legal and Ethical Issues...................................................................................................12 Question 2 – Presentation of Evidence................................................................................................13 Question 3 – Digital Evidence Collection............................................................................................14 Question 4 – Cloud-based digital forensics.........................................................................................17 References..................................................................................................................................................19
  • 3.
    DFranklin R2104D12054733 Part 1– General Knowledge 1. The term cybercrime is understood to be any unlawful activities carried out by a cybercriminal or hacker that involve the malicious utilization of a computer system. Two examples of cybercrime include: a. Intellectual property theft refers to the unauthorized acquisition of an individual or organization’s copyright, trade secret or patents. b. Cyber Defamation refers to the use of a computer system and the internet as a tool to damage the reputation of an individual or organization. 2. Two common types of cyberthreats are: a. Burte-force attack refers to the use of several trial-and-error techniques used to determine the login credentials of a targeted individual, database system or software. b. Ransomware attack refers to the use of cryptographic techniques to block access to a victim’s personal data unless a ransom is paid in bitcoins. 3. Digital forensics refers to a set of methods and techniques used to investigate, identify, collect, preserve, analyze, and document digital evidence in a manner that is admissible in a court of law. It helps in cybercrime investigation by providing evidence for prosecution. 4. In digital forensics, scientific methods are used to make initial observations, create a hypothesis, testing the hypothesis through experiments, and analyzing the results to draw conclusion. 5. Digital evidence refers to data that is either stored on or transmitted through an electronic device.
  • 4.
    DFranklin R2104D12054733 6. Digitalevidence can either be volatile or non-volatile data acquired during the investigation phase. a. Volatile data: refers to data that is lost when the device is powered off such as running processes. b. Non-Volatile Data: refers to data that is retained whether the device is powered on or off such as event logs. 7. The principle of evidence exchanges states that when there is contact between two items there is an exchange of material, while evidence soundness refers to a set of guidelines to maintain digital evidence authenticity and integrity. 8. The digital forensics process: a. Preparation: Set guidelines and best practices to be followed prior to the identification stage. b. Gathering: refers to the identification, collection, and preservation of digital evidence. c. Processing: refers to the examination and analysis of digital evidence collected during the gathering stage. d. Presentation: this is the final stage of the digital forensic process which involves documenting and reporting the evidence in a manner that is admissible in court of law. 9. Roles of the following explained: a. Law enforcement: assist with search warrants and seizure of digital evidence. b. Digital forensic examiner: examines the evidence acquired and sorts the useful evidence.
  • 5.
    DFranklin R2104D12054733 c. Legalexpert: provides legal advice to the forensic investigator and all this involve in the investigation process. 10. Cyber dependent crimes are committed with the use of computers as a tool, while cyber enable crimes are initially committed without the use of computers but are enabled by computers in certain circumstances. Two examples of each are hacking, DDoS and fraud, harassment respectively. 11. The digital forensics report is structured in the following order: a. Case data b. Purpose statement c. Findings d. Conclusion 12. When a file or folder is deleted from a computer system it is not gone forever. There are methods and techniques available in Windows, Linux, MAC and android operating systems to recover deleted files.
  • 6.
    DFranklin R2104D12054733 Part 2– Comprehension: Multiple Choice and Short Questions Part 2A – Comprehension: Multiple Choice 1. Response to question one: Experts should be fully knowledgeable of their domain of expertise and should provide objective and unbiased opinions. a. Justification: I agree with the statement to an extent, however I disagree with the part which says, “provide objective and unbiased opinion”. In order for something to be considered objective or unbiased, it is necessary to incorporate opinions from multiple sources. 2. Response to question two: Examiner/Analyst: Responsible for examining and analyzing digital evidence at the crime scene. a. Justification: after the technician has identifies the digital evidence at the crime scene, it should be collected, preserved, and transported to the forensics laboratory for examination and analysis by the examiner/analyst. 3. Response to question three: Imaging software used for copying of images from hard drives and other storage devices. a. Justification: imaging software is used to create an identical copy of the physical hardware. Hence, stating that it is used for copying implies that the image file is readily available on the physical device.
  • 7.
    DFranklin R2104D12054733 Part 2B– Comprehension: Short Questions 1. Response to question one: description of each knowledge level. a. General awareness: refers to anyone with the basic knowledge and understanding of the concepts and principles of digital forensics, such as the legal and ethical issues, how to identify various types of digital evidence and the best practices for preserving and handling digital evidence. b. Basic Training: refers to anyone with basic to intermediary skills and knowledge for performing digital forensic tasks, such as identifying, collecting, preserving, and analyzing digital evidense. c. Formal education: refers to anyone with advanced investigative knowledge of digital forensics processes, such as preparation, gathering, processing and report writing and presentation skills. d. Specialization: refers to anyone with expertise and proficiency in a specific field of digital forensics, such as cloud forensics, mobile forensics etc. 2. Response to question two: a. Evidence needs to be collected from a device with an operating system that the forensics examiner is unfamiliar with • In the given scenario, the evidence may be collected in a forensically unsound manner by proceeding with the evidence collection. In doing so, the forensics examiner exceeds his/her technical capabilities, thereby creating the risk of compromising the authenticity, validity, and accuracy of the digital evidence.
  • 8.
    DFranklin R2104D12054733 b. Aset of hard disk drives (HDDs) are being transported to the digital forensics’ laboratory. • In the given scenario, the evidence may be collected in a forensically unsound manner by examining and collecting the disk drives without having the legal right to seize electronic evidence. For instance, if the forensic examiners lack the legal right to seize the disk drives, then the evidence would be ruled inadmissible in court of law. 3. Response to question three: Discuss a few of the differences a. According to Al-Hait (2014), cybercrime laws in the United States are created and enforce both at the state and federal system of government. By contrast, the United Kingdom has a centralized government system that is responsible for enforcing cybercrime laws. This system has the power to create and implement laws specifically related to cybercrime. Although the UK is a sovereign country, in some cases the Council of Europe (CoE) influences their cybercrime laws as stated by Wang (2016). 4. Response to question four: obfuscation methods used by cybercriminals: a. Data Deletion: this is one of the most unsophisticated methods used by cybercriminals. This method simply involves deleting files from the disc drive to hide or disguise data to make it harder to find the digital evidence. b. Steganography: this is a more sophisticated method used by cybercriminals to conceal sensitive data within ordinary data. For instance, cybercriminals can share sensitive information among themselves by embedding data within, video, audio or picture files to avoid detection (Simson, 2007).
  • 9.
    DFranklin R2104D12054733 c. Encryption:this is another sophisticated method used by cybercriminals which involves the process of encrypting sensitive plaintext data with strong ciphers which is then decrypted at its intended destination. This is one of the most effective obfuscation methods used by cyber criminals (Simson, 2007). 5. Response to question 5: the concept of data volatility a. According to the RFC 3227 Guidelines for Evidence Collection and Archiving, the concept of data volatility describes the process of collecting the most volatile data first, as not all data have the same level of volatility. In context of storage device, an investigator must evaluate the order of volatility when collecting digital evidence (RFC 3227, 2002). 6. Response to question six: the process of imaging a. Imaging is the process of obtaining a clone copy of the entire physical disk drive or physical media. Imaging creates a bit-by-bit copy of the physical media, which guarantees the authenticity of the original files or data. Hashing is one method by which the data integrity of the imaging file can be verified. 7. Response to question seven: forensics tools of the trade a. A digital forensics investigator may choose his/her tools based on several factors which includes, the type of investigation, environment, or the type of evidence required for analysis. 8. Response to question eight: Network digital evidence a. Timestamp of each event: indicate when a suspicious event occurred. b. Source and destination IP addresses: identifies the origin of the sender and the target or recipient of the data packets.
  • 10.
    DFranklin R2104D12054733 c. Sourceand destination IP Addresses: reveals information about the type of traffic that is being sent and received. 9. Response to question nine: forensic software evidence a. File Meta-data: reveals data about the author of a file when it was created and last modified. b. Volatile data: reveals data about active processes and services in running RAM. c. User activities: reveals data on user accounts, login/logout timestamps and account activities. 10. Response to question ten: a. The examination and analysis of data during a forensic investigation can be done using various methods. Some of which includes using a write blocker to prevent read- write access or damage to the digital evidence. Evaluate the order of volatility since not all data have the same level of volatility. Use a data recovery tool such as autopsy to examine and recover digital evidence that is relevant to the investigation. 11. Response to question eleven: a. When writing the digital forensics report, the examiner should ensure that the findings of the examination and analysis are verifiable and done in an impartial and objective manner that is void of any forensic confirmation bias. 12. Response to question twelve: a. It is important that a forensic laboratory follows set requirements and guidelines to ensure that the analysis and presentation of digital evidence is forensically sound and admissible in court (Casey, 2011).
  • 11.
    DFranklin R2104D12054733 13. Responseto question thirteen: a. There are several ways in which the preservation of digital evidence may be negatively affected in a poorly designed forensics laboratory. These include, improper storage facilities, poor ergonomics, and lack of proper forensics tools to handle digital evidence (Watson & Jones, 2013). 14. Response to question fourteen: guidelines for forensics laboratory a. To ensure that a forensics laboratory is adequately equipped and provides an environment that is conducive to a ‘forensically sound’ investigation, the following guidelines can be adopted: • Adhere to the rules of forensic soundness. • Adopt industry standards and procedures pertaining to digital forensics. • Establish specific roles and responsibilities. • Adequately design the forensics laboratory to maximize efficiency and productivity. • Procedure for transport and storage should be in place.
  • 12.
    DFranklin R2104D12054733 Part 3– Application of Knowledge Question 1: Legal and Ethical Issues 1. Response to question one: a. I disagree with the first statement; however, I am in total agreement with the second and third statement outlined in question one. 2. Response to question two: a. Justification 1 (Disagree): In the event that law enforcement unlawfully seized and obtained digital evidence from the cybercriminal device, I would hold a different opinion. However, I believe that once law enforcement follows legal principles, acquire a warrant or a subpoena, they are within the law to gather sufficient digital evidence to prosecute the cybercriminal under investigation. b. Justification 2 (Agree): In the given scenario, to request information from a VPN provider about a client suspected of being a cybercriminal depends on several factors, such as the legal framework in place and the jurisdiction of the VPN provider. Simply just asking is not a sufficient basis for the disclosure of a client’s confidential data. c. Justification 3 (Agree): The individual who is in possession of a secondhand computing or storage device should not be liable or convicted for criminal digital evidence. In the given scenario, the individual may not have fore knowledge regarding the computing device history. Given that the computing or storage device was utilized in the cybercrime, law enforcement must determine, with
  • 13.
    DFranklin R2104D12054733 factual evidence,whether the newly acquired individual has any connection to the cybercrime. 3. Response to question three: a. In the given scenario, the opposing view can be justified on the basis if there is probable cause to believe that the suspect has committed a crime, law enforcement may seek a warrant to search the suspect’s device (Strom, 2023). In addition, if the suspect poses an imminent threat to national security and public safety, law enforcement may be justified in using hacking tools to prevent harm (Hennessey, 2016). Question 2 – Presentation of Evidence 1. The concept of evidence certainty. a. The concept of evidence certainty refers to the degree of confidence an expert witness has in expressing his or her opinion and conclusion on the presentation of digital evidence in a court proceeding. The expert witness may express his or her degree of certainty as either: Highly uncertain, somewhat uncertain, possible, probable, almost certain, certain (Casey, 2011). 2. Failure of the digital forensics’ examiner as an expert witness. a. The expert witness's responsibility in the given scenario is to aid the attorney by offering his/her formal opinion that is impartial and credible on issues pertaining to digital evidence in a court proceeding (Hayes, 2021). In other words, the expert witness must possess the necessary credentials and expertise in the case or report in order to articulate his or her opinion explicitly. In the given scenario, it is
  • 14.
    DFranklin R2104D12054733 important thatthe expert witness considers certain factors while testifying in court. For instance, the findings of the investigation show that there is no evidence linking the ex-employee as the cybercriminal. Despite these facts, the expert witness confidently used the word “certain” which suggests that it is highly unlikely that the suspect is not the cybercriminal. The expert witness fails in fulling his/her obligations in that the opinion given is inconsistent with the evidence, which may render the case futile of inadmissible. Question 3 – Digital Evidence Collection The Advantages and Disadvantages According to Mohammed et al. (2016), the use of cloud computing and big databases for storing vast quantities of data are becoming increasingly prevalent among government and private businesses. This is due to the extensive growth of the digital world, which has resulted in the proliferation of large volumes and variety of data sets. This situation presents an opportunity for cybercriminals to exploit and poses a major challenge to digital forensics investigations. In this regard, Mohammed et al. (2016), asserts that traditional digital forensics tools struggle to manage digital cases that are heterogeneous in nature, primarily because traditional forensics analysis and examination tools were designed to work with individual or small number of devices and small volume of data. In order to address this problem, Mohammed et al. (2016), asserts that digital cases with large data sets require the use of diverse techniques and solutions such as the use data analytics tools as well as artificial intelligence (AI) to deal with big data analysis of digital evidence. Some of the key advantages and disadvantages of Artificial intelligence tools in digital forensic investigation are outlined in the subsequent sections.
  • 15.
    DFranklin R2104D12054733 Advantages • KnowledgeRepositories: As stated by Mitchell (2007), the domain of digital forensics suffers from a lack of standardization regarding the representation of information and knowledge. The author asserts that the use of artificial intelligence as a tool can help to create a standardized ontology for digital forensics. In other words, forensics investigators will have access to a formalized repository of information and knowledge regarding digital evidence and cases. Mohsin (2021) provides support for this idea by stating that an investigator can access a repository of all digital forensics case-related data from a central location. This repository would contain case-related knowledge and information from other investigators, including their methods, techniques, documentation, and findings. • Efficiency: Mohsin (2021), asserts that the use of AI in examining digital evidence is a valuable tool for managing big datasets and saves the forensic investigator a substantial amount of time when conducting an investigation. • Pattern Recognition: Digital evidence can occasionally be complicated and elusive at times, making it difficult to comprehend. As a result, Mohsin (2021), noted that forensics investigators depend on proactive measures to detect obscure patterns in digital evidence. According to the author, the use of artificial intelligence in digital forensics investigation can be used as a tool to help in pattern recognition such as detecting patterns and anomalies in data, which is valuable in identifying suspicious activities, trends, or connections that may not be immediately apparent to human investigators.
  • 16.
    DFranklin R2104D12054733 • Automation:Other key advantages discussed by Mohsin (2021) are that artificial intelligence automates the digital forensics investigation procedures. By doing so, digital forensics investigators can distribute their time efficiently and focus on other aspects of the investigation. In addition, AI tools can also assist in the detection of anomalies and obfuscation in vast quantities of unstructured digital data. • Correlation of Evidence: In this regard, the advantage of artificial intelligence as a tool in digital forensics is to analyze and combined the evidence of an investigation to see how they are related and by linking information from various digital sources (Ganesh , 2017). The goal of correlating digital evidence is to minimize the likelihood of human error, particularly when analyzing vast amounts of data, thereby enabling the investigator to build a comprehensive view of a case. Disadvantages • Privacy Concerns: Privacy concerns might arise with regards to the gathering, transportation and retention of digital evidence which may potentially contain confidential information about the suspect under investigation. Therefore, it is crucial that the use of data analytics and AI as a tool in examining digital evidence should follow strict ethical standards and legal regulations to avoid infringing on individuals’ privacy rights. • Ethical Concerns: There may arise ethical issues regarding misuse use, including transparency and accountability. In this regard digital evidence may be inadmissible in court.
  • 17.
    DFranklin R2104D12054733 • GenerateBias Outcome: Errors made by algorithms powered by artificial intelligence may produce biassed results, which may result in discriminatory consequences, especially for marginalized groups. • Generate Fake Evidence. Since artificial intelligence is not self-aware but follows the programming of a human instructor, issues may arise with regards to generating fake digital evidence such as images, audio, video, and documents. Additionally, artificial intelligence tools possess the capability to manipulate or tamper with digital evidence, thereby compromising its authenticity and integrity. Question 4 – Cloud-based digital forensics Comparison Between Digital Forensics and Cloud Forensics The general process of digital forensics is not the same when dealing with cloud based digital evidence collection. According to Tidmarsh (2022), cloud computing delivers on demand services to consumers via the internet. These services include servers, networking hardware, databases, and various software applications among others. Tidmarsh (2022), explained that the investigation techniques utilized in cloud environments are significantly different from those employed in digital forensics.
  • 18.
    DFranklin R2104D12054733 Challenges ofCloud Forensics. According to Tidmarsh (2022), cloud forensics encounters distinctive challenges stemming from the distributed nature of cloud computing, in addition to several legal and technical factors. • Jurisdiction: The geographical distribution of cloud computing resources varies across various jurisdictions worldwide. The fact that every jurisdiction has its own set of laws, regulations, and policies complicates cloud forensics significantly, especially when the evidence is from a different jurisdiction. In order to gather the required evidence, the investigators have to comply with the rule of law that governs the jurisdiction where the evidence resides. • Physical Access: In most cases the cloud computing resources which contain the digital evidence are not accessible by the forensics investigator due to strict security regulations imposed by the cloud computing service provider. • Decentralization: The resources offered through cloud computing services are located across several servers to improve network redundancy, data availability, and reliability. This decentralized approach creates a challenge for forensics investigators to identify or locate the required digital evidence. • Strong Encription: The encryption of data stored in cloud computing presents a significant obstacle for forensics investigators attempting to acquire encryption keys and conduct forensic analysis of digital evidence. • Evidence Preservation: The dynamic nature of cloud computing means that critical evidence can be easily overwritten or lost. Investigators must prioritize evidence preservation by creating images of virtual machines or instances to prevent data loss during investigations
  • 19.
    DFranklin R2104D12054733 References A-Hait, A.A., 2014. Jurisdiction in Cybercrimes: A Comparative Study. Journal of Law, Policy and Globalization , Volume 22, pp. 75-84. Casey, E., 2011. Forensic Science, Computers and the Internet. In: E. Casey, ed. Digital Evidence and Computer Crime. Waltham, MA : Elsevier Inc., pp. 49-73. Ganesh , V., 2017. Artificial Intelligence Applied to Computer Forensics. International Journal of Advance Research in Computer Science and Management Studies, 5(5), pp. 21-29. Hayes, D. R., 2021. In: 2, ed. A Practical Guide To Digital Forensics Investigation. s.l.:Pearson Education, p. 242. Hennessey, S., 2016. Lawful hacking and the case for a strategic approach to “Going Dark”. [Online] Available at: https://www.brookings.edu/articles/lawful-hacking-and-the-case-for-a-strategic-approach- to-going-dark/ [Accessed 2 February 2024]. Mitchell, . F., 2007. The Use of Artificiall Intelligence in Digital Forensics: An Introduction. Digital Evidence and Electronic Signature Law Review, Volume 7, pp. 35-41. Mohammed , H., Clarke , N. & Li , F., 2016. An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data Heterogeneous Big Data. Digital Forensics Security and Law, 11(2), pp. 137- 152. Mohsin, K., 2021. Artificial Intelligence in Forensic Science. Maharishi, India: SSRN Electronic Journal . RFC 3227, 2002. Guidelines for Evidence Collection and Archiving. s.l., s.n.
  • 20.
    DFranklin R2104D12054733 Simson, G.,2007. Anti-Forensics: Techniques, Detection and Countermeasures. Monterey, California, Calhoun: The NPS Institutional Archive. Strom, S., 2023. Hacking Laws and Punishments. [Online] Available at: https://www.findlaw.com/criminal/criminal-charges/hacking-laws-and-punishments.html [Accessed 2 February 2024]. Tidmarsh, . D., 2022. What do you need to know about cloud forensics?. [Online] Available at: https://www.eccouncil.org/cybersecurity-exchange/computer-forensics/what-is-cloud- forensics/ [Accessed 9 Februrary 2024]. Wang , Q., 2016. A Comparative Study of Cybercrime in Criminal Law: China, US, England, Singapore and the Council of Europe. geboren te Shandong, China : s.n. Watson, D. L. & Jones, A., 2013. In: Digital Forensics Processing and Procedures : Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements. Waltham, MA: Elsevier.