Network-Based Acquisition Practices, Essay Example

Digital Evidence, most commonly referred as Computer Evidence, during the early years of computing, accompany a testimony made by computer expert. Today, it is highly voluminous and difficult, with a continuous acceleration and growth. Understanding the difference of digital evidence with other types and ways of acquiring it is highly pertinent to minimize the associated issues such as volatility, easy-modification and un-detectability. Amongst the numerous mobile phone locations used for acquiring digital evidence, the spread sheets, word applications, messaging, call and web service, enhanced messaging service (EMS), short message service (SMS) and multimedia messaging service (MMS) are the most common ones (Volonino et al., 2007). Use of these services allows in offering large amount of information at the time of prosecution and court. However, EMS, MMS and SMS are different digital acquisition practices, which allow in collecting instant messages and illegal proofs. In addition, the Personal Digital Assistant (PDA) and cell phone seizure software (such as Device Seizure 4.5) provide enhanced forensic data acquisition and analysis for detecting cell phones, GPS and other PDA devices. Evaluating the data and objects acquired through MMS, SMS and EMS, a form of unique content data to the court, is highly crucial as any inconsistencies may result in possible criminal prosecution and case loss. Besides, the Personal Information Management (PIM), the practice of studying the individual activities allow in acquiring, organizing, maintaining, retrieving and using of information on tasks of individual. The differences with respect to degradation, ownership and, originality offer a unique position to digital evidence with a standard of determining the authenticity. The creation of associated files during the mobile forensic process allow in offering a representation of the internal memory. The data acquisition devices developed by National Instruments allow in offering high performance, supplied with industry leading technologies and software-driven productivity gains. The use of these devices with the patented hardware and software technologies, enable in delivering flexibility as well as, performance, besides offering set of standards for accuracy, ease of utilization from PCI to PXI and other systems to wireless. By working faster with the graphical interventions, the National Instrument DAQ devices start immediately and create professional interface in a fraction of seconds.

Acquisition and case files, a form of snapshots created by the investigator allow in capturing the information from the mobile device. The inclusion of case number, agency and the identification details enable the investigator in carrying out a logical acquisition by bit-by-bit copy of different files and cell directories. Online transactions carried out phone support investigators in obtaining digital evidence. However, prior investigation on all spheres is highly essential to prevent the complexities faced through Internet and Phone. Different transactions carried out across the main personal computer and, mobile phones may allow in developing the intentions and motives of criminal subject. The study of relevant interfaces, storage media, digital operations and hardware, ensure the investigator in acquiring the needed data both within the devices as well as peripherals associated at the time of mobile phone usage. Furthermore, the suspicious network traffic can also be acquired through different data capture tools and practices. These tools work by ensuring the investigator about whether appropriate actions separating the threat and recovery had carried out. A highly specialized Intrusion Detection System (IDS) allow in performing the recognition of any suspected traffic (Casey, 2011). Besides, it flags such traffic and ensure about notification of this activity through the use of “Alert Data”. The consolidated report alerts the investigator about the completion of inspection through suspicious traffic tool detection. As the traffic is not commonly held within the pertaining standards (more usually network transmission standards), the technical determinants offer alerts for the investigator. Although, IDS allow the network user in exercising different benefits, it fails in offering data on the questionable standard. A much sophisticated Intrusion Protection System (IPS), empower in detecting complete data content, alert and threats. Additionally, it offers alters and isolates threats, besides preventing them from spending across the network.

Within the field of computer networking, hub can be considered as a minimal, easy and inexpensive device, which joins different, multiple computers together. Numerous network hubs available in today’s world support the standard of Ethernet. To acquire data using Ethernet Hubs, group of computers need to be connected from an Ethernet cable to the network interface card (NIC). Numerous standard Ethernet cables and Hubs work and acquire the data by accepting RJ-45 connectors. These easiest and highly flexible ways of, gaining access, to the network traffic, enable an investigator in visualizing the packets travelling through the hub. Hubs usually vary in speed (the bandwidth and network data rate) they support. Four to Five port hubs, mostly visualized in home networks, vary relatively in size with that of eight and sixteen port ones found in office environments. Although deafening, the newer devices developed over the recent years are smaller, developed for mobility are mostly noiseless. As a reason of their half-duplex nature, the speed of packet transfer remains to be lower. Nonetheless, Hubs can be useful for temporary replacement of a broken network switch, when its performance is considerably lower and highly critical on the network (Goel, 2010).

Taps on the other side, offer the investigator with the means of accessing, traffic amongst network devices. These devices help in optimizing the ability of IT professionals in easy and passive manner. Normally, positioned amongst two network devices, like routers, switches and firewalls, Taps offer the network professionals in monitoring devices and play a crucial role in duplicating the traffic on the link by receiving the similar inline traffic. However, these devices fail in introducing delay or altering content and data structure. In addition, these are ineffective in opening themselves, to enable continued flow of traffic amongst network devices in the events of the device or power loss.

In contrast to Taps, the utilization of Span ports (Switch Port Analyzers) in monitoring the network necessitate an engineer in configuring different switch or switches. These devices introduce mechanisms on ingress ports for removing corrupted packets or minimal sized ones. The complexity with these devices is that, monitoring them usually captures data within the egress segment. Whilst, Taps pass the necessary information on a link, by capturing everything needed for required trouble shooting, the Span Ports drop the layer 1 and chose layer 2, relying on what may be deemed as high priority. Nevertheless, the use of Taps and Span Ports, allow in optimizing the network as well as personnel resources. Device monitoring may be easily deployed at needed times, preventing engineers in re-cabling to the network link for configuration of switches. By simultaneously capturing from numerous links to a single monitoring unit, Taps and Span ports aggregate and eliminate the need of network and security teams (Volonino et al., 2007).

Inline devices are custom-built machines, which allow the network investigators in performing and bridging the data from one interface to another. Multiple network interface cards used in combination with inline devices help in obtaining custom solutions. Eventually, this may allow an interface to the network, besides bridging function. These devices may be used commonly for accessing control enforcement. In addition, they enable the network traffic in getting towards the management station. These devices collect the user computer-specific application information, processing instructions, rule sets in the data path amongst the user computer and the server. It minimizes the web server complexity, improves the failure of server handling, increase the overall scalability and system performance.

Thus, the underlying rules of collecting evidence need to be always made applicable for the acquisition of digital evidence. The evidence gathered should be associated to the concerned case at hand with the carried out procedures ensuring admissibility from the series of custody to evidence logs. The witnesses and physical evidence must support the validity and reliability of collected data from the mobile device by undergoing authentication. Such evidence needs to be preserved through anti-static, write blocking and other relevant practices. Following the data acquisition, necessary actions need to be taken for preserving and preventing alteration of mobile device digital data. Nevertheless, the different activities carried out in relation to storage, acquisition and eventual transfer need to be documented, protected and developed for court reporting in future.

Please go through the information provided on the data acquisition practices and let us know for any queries.

Thanks and Regards

References

Goel, S. (2010). Digital Forensics and Cyber Crime: First International ICST Conference. United States of America: McGraw Hill Publishers.

Casey, E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. United States of America: Palgrave Macmillan Publishers.

Volonino, L., Anzaldua, R and Godwin, J. (2007). Computer Forensics Principles and Practices. Upper Saddle River, New Jersey: Prentice Hall Publishers.