3. As a digital forensics expert, you are asked to help survey the scene of a ch

Question

3. As a digital forensics expert, you are asked to help survey the scene of a child pornography bust. The lead detective wants to know what equipment is important and what is not important. The suspect appears to be very tech savvy, but this detective is a street detective with no technical capability whatsoever. a. What do you advise him or her to collect? b. Once he or she knows what to collect, what should you advise him or her to do with it? c. Once the equipment is returned to the station and put into evidence, what procedures will you take if you are asked to examine it? d. What kind of an image will you make of the storage devices?

Explanation / Answer

a. As given, the suspect is very tech savvy, and the lead detective conducting the forensic survey is a street detective with no technical capability. We can advise him/her to collect the technical information stores like the Hard-drive of the machine(laptop or desktop whatever present on the situation). Many information related to the situation can be found in the storage space. Collect any external storage devices like pen-drive or external hard disk drive. The next thing the detective need to collect is network related devices that the suspect was using like Modem, Routers. As, many illegal acts and their content as related to pornography are shared online illegally, using proxies IP and illegal peer-to-peer sharing of the illicit content. We need to get information of the Web history of the suspect that might lead to required information.

b. After collecting all the items, the job of the detective will be to gather all the information from it, that needs technical genius and experts to fetch the relevant information. The hard drives will be first of all password encrypted, to decrypt and open, computer engineers/experts are required. And, then filtering of data is also required as there will be millions of files on the hard drive. Then, comes the network devices, router and modem contain the logs of the network accessed by the person using those. With the help of network experts, we can gather the URL accessed by the suspect and the content shared that leads to the more information that helps us in the further investigation.

c. If asked to examine, for hard drive, I and my team will start decrypting the drive and filter out the junk files and operating system's related files, and we will use the recent places section to track the last used places to track further. For network related devices like modem and router, my team will take out the logs from the devices and process the logs and fetch the details of the IP used and links accessed.

d. As apart of the forensic image, we will take help of software available with us to create the image of the storage devices like the hard disk drive, or pen drive, or memory card, or any external hard disk drives whosoever present.

Related Questions

Navigate

• Browse (All)
• Browse 3
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.