Digital Forensic Analysis

522 Words2 Pages

In conclusion, I understand in digital forensics when copying a bit by bit of a hard drive the examiner must use a write blocker, either software or hardware to avoid possibility of accidentally damaging the evidence contents. After imaging is completed the forensic examiner will have a generated hash value of the bit by bit copy of the evidence hard drive. This hash value (dіgitаl fіngerprіnt) is important to digital forensic because it shows the integrity of all evidence is maintained and to avoid tampering or spoliation. So my question is this, how can we say the integrity of the client's forensic image evidence is not tainted when we know for a fact that the client's computer was filled with malware infections (Trojan)? In my opinion by the time the examiner started investigating the client's hard drive all the …show more content…

or How do you prove that machine/user is really guilty in the first place? Almost every computer these days is connected to the Internet or at least to some internal network. As anyone in the field knows, a remote hacker can execute arbitrary code on such a computer in a variety of ways. The hacker can add, remove, or modify files, change the date on files, and do everything with that computer that the local user can, and without the local user’s knowledge. These are many issues of digital forensics today, especially if we are dealing with Trojan malware that exist in the hard drive. Trojan malwares are designed to be anti-digital forensic and this is where the investigators must embrace a necessary shift in thinking. In fact, one of the reasons for the success of cyber criminals today has been the limited and unimaginative approach by computer forensic professionals to gather

More about Digital Forensic Analysis

Open Document