insDetail the types of forensics tools that can be used to uncover the data. – Dante

undefined

Any collecting of data from a crime or potential crime is the first and most important part of an investigation. An investigation can be easily compromised if the data is collected or stored incorrectly. After the data is collected, stored, and transferred back to the office to be analyzed, the data will be placed in a static-free work area. The tool used to analyze the data is Autopsy+.

undefined

Autopsy+ is a graphic user interface that analyzes data from different platforms, such as UNIX and Linux, and different storage media devices like smartphones, USB, and CD drivers. Autopsy+ allows multiple users to access the same investigation or set up as an individual one. Subramanian (2020) writes in An Overview of Autopsy: Open Source Digital Forensic Platform that “Autopsy is the chief open-source digital forensics platform that is anything but difficult to utilize, quick, and usable in every computerized examination. It analyzes hard drives, smartphones, media cards etc. It is primarily developed for Microsoft Windows, but there is minimal support for running on Linux and macOS.” (para. 1) Autopsy+ makes collecting digital forensics routine for any user, amateur or professional.

undefined

While in multiuser mode, Autopsy+ makes it so all the users have access to the directories such as Autopsy+.db, export folder, report folders, and module output folders. Autopsy+ focuses on three areas of collecting data. They are as follows:

undefined

• Disk imaging – making a byte-for-byte copy of a hard drive and/or storage media devices. This includes disk image analysis, file and volume system analysis, and orphan files.
• Local Drives – can analyze local drives without needing to make an image of it, this includes USB.
• Logical Files – can analyze files and folders without needing to make an image of it. Files and folders can be added to a local drive.

undefined

Discuss warrants and privacy rights. – Dante

undefined

When collecting data for forensic purposes, the information found is collected for one of two purposes. It is either an internal or a criminal investigation. Their difference is as follows:

undefined

• Internal – there has been a breach in the organization and the company wants to know the who, what, when, why, and how to make sure it does not happen again and to assure appropriate actions are taken against the violator. Actions can be criminal charges, depending on policies set forth by the organization. This investigation is run by the organization.
• Criminal – there has been a possible crime committed and the appropriate authorities need to handle the investigations. This investigation is run by a law enforcement organization.

undefined

When it comes to the rights of the accused, they are slim to none because of the workplace disclosure signed at hiring. Nelson, Phillips, and Steuart examine in Guide to Computer Forensics and Investigations that “To investigate employees suspected of improper use of company digital assets, a company policy statement about the misuse of digital assets allows corporate investigators to conduct covert surveillance with little or no cause and access company computer systems and digital devices without a warrant, which is an advantage for corporate investigators. Law enforcement investigators can’t do the same, however, without sufficient reason for a warrant.” (p. 145, para. 3) One of determining factors of law enforcement involvement is how the organization wants to handle the breach. Some organizations chose not to use law enforcement because of the embarrassment to them and their clients.

undefined

Add a conclusion that discusses a plan to share your investigation with law enforcement. – Dante and other members

undefined

There are over 4 billion users of the internet every day. Most of them have good intentions. But there are the ones who use it to defraud a person or organization. When this happens, law enforcement is called in to run the investigations. Before law enforcement can gather any data, they must prove to a judge that a crime has been committed. This can be hard to prove because the computer and/or storage media devices are the evidence. Once a judge signs off on a warrant, then the data can be gathered from the devices. Unlike with a workplace computer that can be confiscated at any time the organization chooses.

undefined

Organizations build their reputation on the security of their network and the privacy of their customers. We have seen very popular companies come forward about data breaches and the reactions from their customers. Data breaches affect everyone. But with great forensic tools and proper procedures and steps assure the internal or investigations run by law enforcement should run smoothly.

undefined
undefined

References

undefined

Bill Nelson, A. P. (2016). Guide to Computer Forensics and Investigations. Boston: Cengage Learning. Retrieved from https://aiu.vitalsource.com/#/books/9781305840614/…

undefined

Subramanian, B. (2020, May 14). An Overview of Autopsy: Open Source Digital Forensic Platform. Retrieved from Data Science Foundation: https://datascience.foundation/sciencewhitepaper/a…truction: Add 1-2 paragraphs on the conclusion part of this group project.