The first step that translates a forensic request into a forensic report entails preparation or extraction of the required data. Before starting the process, the request should contain adequate data. If sufficient data is not available, it is crucial to liaise with the requester so as to decide on the next line of action. This can be attained by sending back the package to whoever requested it, waiting for the resolution and starting over the process again (Digital forensic analysis methodology, 2007). In the event that sufficient information is available, the required system configuration should be developed by ensuring that the forensic software and hardware are established and validated.
Thereafter, the suitability of forensic data should be duplicated and verified. If integrity has been established to be proper, the process is moved to the organization and refining stage whereby forensic tools are selected. However, lack of integrity on the request pushes the process back to the first stage. Thereafter, the requested data is extracted and labeled as “data search lead” (Rahman & Khan, 2016).
The next stage is identification. Any type of unprocessed data is identified and only the relevant piece is processed further. If data search leads are generated afresh by an item, it is marked and labeled as irrelevant to the forensic process (Whitman & Mattord, 2011). Generation of new data search leads moves the process to the next level after which the requester may be advised accordingly.
The last stage before reporting is analysis. It starts if no more data analysis is required. Forensic data should be obtained and imaged if new data lead is produced. Extracted data is the general data available for forensic study. It may contain both crucial and less crucial information. It is the wholesome information submitted by a requester. On the other hand, relevant data refers to the extracted and validated information that can yield the much needed results in forensic study. Relevant data is crucial to the case at hand and can give vital leads (Sahinoglu, Stockton, Barclay, & Morton, 2016).
According to the chart, the ‘Return on Investment’ primarily refers to the stage at which the most relevant data has been identified. At the identification stage, the return on investment is relatively high because the required data must have been known. The process should be stopped as soon as relevant leads have been generated. If the process is pushed for too long, the related costs will go high and consequently lead to unnecessary expenses (Sammons, 2012).
Moreover, a diminishing trend is witnessed on the value of extra forensic analysis. This implies that the more analyses are carried out, the less is the value of the entire process.
A file containing the forensic image is imported. The latter should be the case file of the issue at hand (Digital forensic analysis methodology, 2007). A network environment can also be recreated in the process. In some instances, acquisition entails recreating a database that contains search and data source required in forensic study. This procedure is followed so that it can mimic the real, ideal or natural workplace environment. For instance, deleted items including sent and received emails can be identified and extracted as part and parcel of acquiring search and data source leads.
Second, a storage electronic media can be searched in order to establish evidence of the case being pursued. Besides, data mining is a credible method of acquiring search and data source leads (Eastton & Taylor, 2011). Using the seized database, the process of configuration can be carried out. Thereafter, the seized database is loaded and all the deleted files recovered. This procedure can go hand in hand by reviewing index drive after the recovery process is over.
References
Digital forensic analysis methodology. (2007). Web.
Eastton, C., & Taylor, J. (2011). Computer Crime, Investigation, and the Law. Boston, MA: Course Technology, Cengage Learning.
Rahman, S. & Khan, M. (2016). Digital Forensics through Application Behavior Analysis. International Journal of Modern Education & Computer Science, 8(6), 50-56.
Sahinoglu, M., Stockton, S., Barclay, R. M., & Morton, S. (2016). Metrics-Based Risk Assessment and Management of Digital Forensics. Defense Acquisition Research Journal: A Publication Of The Defense Acquisition University, 23(2), 152-177.
Sammons, J. (2012). The basics of digital forensics: the primer for getting started in digital forensics. New York: Syngress.
Whitman, M. E., & Mattord, H. (2011). Reading & Cases in Information. Security: Law & Ethics. Boston, MA: Course Technology, Cengage Learning.