QUESTION 1 (30 MARKS) In digital forensics, data acquisition refers to all steps required in obtaining digital evidence,

[answerhappygod]

Question 1 30 Marks In Digital Forensics Data Acquisition Refers To All Steps Required In Obtaining Digital Evidence 1 (81.32 KiB) Viewed 27 times

QUESTION 1 (30 MARKS) In digital forensics, data acquisition refers to all steps required in obtaining digital evidence, such as cloning and duplicating evidence from any electronic source that involve with eight main steps in the process of acquiring data for forensics as depicted in Figure 1. Step 1: Choose Acquisition Methods Step 6: Perform Acquisition Step 7: Validate Step 2: Snapshot the System Step 5: Prepare Drive Step 8: Contingency Planning Step 3: Acquire Volatile System Data Step 4: Securing and Transporting the System Figure 1: Process for Acquiring Data b) List FOUR (4) methods can be used for data acquisition in (a). a) Describe types of data acquisition that suitable for digital forensic practice. (3 marks) (4 marks) c) Explain the circumstances of the investigation concerned in determining the best acquisition method. (4 marks) d) Before shutting down a system in Step 2, forensic analyst must create a snapshot of the current run state. Explain TWO (2) most important information to snapshot and why they are important.