


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
IMAT4042 Introduction to Computer Forensics Assignment
Typology: Assignments
1 / 4
This page cannot be seen from the preview
Don't miss anything!



Assignment Name: Poon Suet Ying Student ID: 20217817
Base on the scenario, Chan Tai Man discovered a powered-on computer which appeared to be relevant to the case. (1) However, he proceeded to unplug the power supply without conducting further checks since the computer’s monitor displayed a dark screen. This may cause that the computer may activate destructive programs at shutdown or the data that is contained in the memory chips is lost when the computer is shut down. He should perform a live forensic investigation in that moment. He can capture and preserve the physical memory or volatile data before turning off the computer. (2) Also, Chan Tai Man has carefully removed the hard drive disk (HDD) from the computer, placed it in a non-woven bag, and securely sealed it with tamper-proof evidence tape. Removing the hard disk can ensure the preservation of evidence. However, removing the hard drive disk may tamper with potential timestamps and alter the state of the system. Moreover, place it in a non-woven bag is not suitable that may affect the status of the hard drive disk. For suggestion, Chan Tai Man should use the faraday bag to ensure the hard drive's integrity during removal. He should also document and photograph the hard drive's physical condition and connections before removal. (3) For the computer case, keyboard, monitor, and mouse, Chan Tai Man placed them inside a large paper box. Storing computer components in a paper box could potentially expose them to physical damage and other contamination during transportation. In suggestion, Chan Tai Man should use tamper-resistant evidence tape over the power port and edge of computer case and pack it using anti-static bag with seal. He should also keep the evidence away from magnetic sources such as radio transmitters, speaker magnets, and heated seats.
The assumption made is that sequential number for the parts of the computer is B for the HDD. The evidence label of the HDD should be look like below: Label: Evidence Number: ctm/20240214/0001/B Evidence: Hard Drive Disk (HDD) Case Number: #SPACE-A Date / Time: February 14, 2024 14: Location: SPACE Entertainment office Collected by: CHAN Tai Man Description: Hard Drive Disk (HDD) removed from a computer at the SPACE Entertainment office