ISSC451 APU Digital Forensics and Information Security discussion

Hello,

I’m looking for someone to answer two students forum discussion post. Response has to be at ;east 150 words.

First student

1. Explain the process used to preserve the verifiable integrity of digital evidence. How does this ensure that data is preserved unmodified? How can an analyst show that the original evidence is modified?

Computer forensics investigators utilize a number of tools when investigating a computer-based crime in order to perform their tasks on a system without modifying or compromising the data or evidence. Investigators implement these tools that allow them to mount the devices read only via write blockers. Once the devices are mounted, checksums are performed to get a hash that can be compared to copies of the devices. As you can guess, making bit by bit images of the devices is performed next. These are the working copies, the original evidence is never utilized to perform forensics as any modification can cause the evidence to be inadmissible in court. Each image has a hash function run on it and the hash should exactly match the original device. This can prove in court that the original evidence is intact and unmodified data was utilized.

2. What is a firewall? Identify and explain some of the functions of a firewall. What are its limitations?

A firewall is a networking device, or a host-based software package, that limits the data that is allowed to ingress or egress the information system. A network based firewall typically protects the information systems network boundaries from attackers infiltrating the network or exfiltrating data from the information system. A host-based firewall is generally utilized to protect the individual host it is installed on. Individual rules are configured on a firewall that limit where the packets are allowed to or from and what ports and protocols are authorized, this is true whether you are discussing network or host-based firewalls.

There are next generation firewalls now that perform a host of additional features such as malware and zero day protection, deep packet inspection, and intrusion protection/prevention technologies.

Have a great week 7 class and professor, I look forward to your responses!

Rick

Second student

Good evening class,

1. Explain the process used to preserve the verifiable integrity of digital evidence. How does this ensure that data is preserved unmodified? How can an analyst show that the original evidence is modified?

From what I understand, digital evidence can be easily dismissed in court due to simple things such as using illegal software or an analyst not being able to properly articulate and understand the process of analysis for evidence in the court of law. This can be a problem because in some cases, “IT experts” are self taught and are incapable of putting out a presentable and convincing courtroom presentation. The process used to verify the integrity of digital evidence is called hashing. Hashing basically gives the digital evidence a one of a kind serial number that will never be reproduced and can be verified by matching the software identity with the evidence file with the correct numbers.

2. What is a firewall? Identify and explain some of the functions of a firewall. What are its limitations?

A firewall, in a lack of better terms can be seen as a vehicle checkpoint or kind of like Customs and Border Protection. Whenever a vehicle (data) tries to enter or leave it has to meet a strict set of rules, if the data doesn’t meet these strict requirements to enter it gets denied access into that entry point. Firewalls are not perfect and cannot protect us from every threat that tries to enter and they must be continually managed in order to protect from as many threats as possible because of the ever evolving strategies used by potential threats.

Kelsea

 

"Is this question part of your assignment? We Can Help!"