Explore BrainMass

Cyber Forensic Investigation Stages and Investigative Techniques

This content was COPIED from BrainMass.com - View the original, and get the already-completed solution here!

1) Provide detailed descriptions of each of the following 6 stages

- Preserve
- Locate
- Select
- Analyse
- Validate
- Present Evidence

2) Provide detailed descriptions for each of the following 5 investigation techniques

- File Structure
- Steganography
- Live Analysis
- Dead Analysis
- Cross Drive Analysis

Do provide me the list of URLs which information is gained or sourced or citied.

© BrainMass Inc. brainmass.com March 21, 2019, 10:16 pm ad1c9bdddf

Solution Preview

Please refer to the attached file for the response.


In this phase, the aim is to protect the computer system in such as way that tampering, data corruption, damage, and viruses are avoided. This stage also ensures that the computer system is not destroyed. Without securing or protecting the computer system, evidence obtained may not be admissible.
In this stage, the basic objective is to maintain the original data as well as to make the corresponding certified copies of the evidence.

During this stage, discovering all possible data needed that may take the form of hidden, deleted, encrypted, and password protected files is made. This phase also requires accessing or finding of relevant data. At this stage, the examiner must be aware of the types of information in the computer system and how they may be retrieved. The researcher decides on the most appropriate method of how to go about data gathering.

At this stage, the examiner/researcher applies his discretion in determining the information that will be used in the investigation. Hence this involves gathering important data fragments that are prevalent over the system. In this stage, the examiner or investigator uses his judgment in determining data that would be of significant use in the investigation. However, selection of data as well as data sources must be done in the most objective manner.


At this stage, data found are analyzed and printout of the overall analysis is made. During this phase, an overview of the computer system is made. All the information gathered are scrutinized in such a way that correct interpretation is made.
The examiner must be alert in detecting possible patterns that may surface. This could help in further explaining some aspects investigated.
In the analysis, data obtained are given meanings, ...

Solution Summary

The expert examines cyber forensic investigate stages and investigative techniques.