Tiêu đề Module 02: Computer Forensics Investigation Process ✅

Module 02: Computer Forensics Investigation Process Objective The objective of this lab is to provide expert knowledge about the tools used in the forensic investigation process. This includes knowledge of the following tasks: ● Recovering deleted file from the evidence ● Generating hashes and checksum files ● Calculating the MD5 value of the selected file ● Viewing files of various formats ● Handling evidence data ● Creating a disk image file of a hard disk partition Scenario The rapid increase of cyber-crimes has led to development of various laws and standards that define cyber-crimes, digital evidence, search and seizure methodology, evidence recovery and investigation process. The investigators must follow a forensics investigation process that comply with local laws and established precedents; any deviation from the standard process may jeopardize the complete investigation. As digital evidence are fragile in nature, a proper and thorough forensic investigation process that ensures the integrity of evidence is critical to prove a case in a court of law. The investigators must follow a repeatable and well documented set of steps such that every iteration of analysis gives the same findings, else the findings of the investigation can be invalidated during the cross examination in a court of law. Hence, as a computer forensic investigator, you need to have knowledge of the process involved during a forensic investigation, such as collecting the digital evidence, building a computer forensics lab, recovering the deleted data, etc. Exercise 1: Recovering Data Using the EaseUS Data Recovery Wizard Scenario


Commands --> Paste menu. 3. To install EaseUS Data Recovery Wizard, click File Explorer icon on the taskbar. Once the File Explorer window opens, click This PC on the left-hand side and navigate to Z:\CHFIv9 Module 02 Computer Forensics Investigation Process\Data Recovery Tools\EaseUS Data Recovery Wizard, double-click drw_free.exe, select a language (English) then click OK and follow the wizard-driven installation steps to install the application. For the demonstration purpose we have deleted some folders from drive E:. If User Account Control pop-up appears, click Yes.