Cyber Forensic Investigation Stages and Investigative Techniques

Solution Preview

Please refer to the attached file for the response.

CYBER FORENSIC INVESTIGATION: STAGES AND TECHNIQUES

STAGES
Preserve
In this phase, the aim is to protect the computer system in such as way that tampering, data corruption, damage, and viruses are avoided. This stage also ensures that the computer system is not destroyed. Without securing or protecting the computer system, evidence obtained may not be admissible.
In this stage, the basic objective is to maintain the original data as well as to make the corresponding certified copies of the evidence.

Locate
During this stage, discovering all possible data needed that may take the form of hidden, deleted, encrypted, and password protected files is made. This phase also requires accessing or finding of relevant data. At this stage, the examiner must be aware of the types of information in the computer system and how they may be retrieved. The researcher decides on the most appropriate method of how to go about data gathering.

Select
At this stage, the examiner/researcher applies his discretion in determining the information that will be used in the investigation. Hence this involves gathering important data fragments that are prevalent over the system. In this stage, the examiner or investigator uses his judgment in determining data that would be of significant use in the investigation. However, selection of data as well as data sources must be done in the most objective manner.

Analyse

At this stage, data found are analyzed and printout of the overall analysis is made. During this phase, an overview of the computer system is made. All the information gathered are scrutinized in such a way that correct interpretation is made.
The examiner must be alert in detecting possible patterns that may surface. This could help in further explaining some aspects investigated.
In the analysis, data obtained are given meanings, ...