Cyber Crime and Cyber Terrorism


OFFLINE (DEAD) DATA CAPTURE



Download 5,67 Mb.
Pdf ko'rish
bet69/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   65   66   67   68   69   70   71   72   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

OFFLINE (DEAD) DATA CAPTURE
This is the traditional method of data capture, through the removal of the main stor-
age unit, typically a hard drive: an exact replica is made of the data on the device and 
later analyzed.
An essential principle of forensics is that the original data, which might be used 
as evidence, is not modified. Therefore, when processing physical evidence, it is 
imperative that a write-blocker is used; a write-blocker captures and stops any re-
quests to write to the evidence. This device sits in line with the device and the analy-
sis machine. There are numerous write-blockers available that can protect various 
kinds of physical devices from being modified by the investigator. There are physi-
cal write-blockers, which are physically connected to the digital evidence and the 

64
CHAPTER 6
High-tech investigations of cyber crime 
analysis machine. There are also software-based write-blockers which interrupt the 
driver behavior in the operating system.
VERIFICATION OF THE DATA
Having captured the data the first step, as a high-tech investigator, is to confirm that
the data has not been altered. To facilitate this, the data capture has its hash value 
recalculated; this is then compared against the original hash. If these do not match 
then no further steps are performed until the senior investigating officer, or manager, 
is contacted and the situation discussed. Such an error may undermine even the most 
concrete evidence found on the exhibit. Hash mismatches can occur if the data was 
not copied correctly or there may have been a fault with the original device. The 
original exhibit may need to be revisited and a new image created. This may not be 
possible if an online, or live data capture, was performed as the data may no longer 
be available. The second the capture is made, new data may be added to the device 
and any old data may be overwritten, meaning the device will never be in the same 
state again.

Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   65   66   67   68   69   70   71   72   ...   283



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish