I’m looking for someone to answer two students forum discussion post. Response has to be at ;east 150 words.
1. Explain the process used to preserve the verifiable integrity of digital evidence. How does this ensure that data is preserved unmodified? How can an analyst show that the original evidence is modified?
Computer forensics investigators utilize a number of tools when investigating a computer-based crime in order to perform their tasks on a system without modifying or compromising the data or evidence. Investigators implement these tools that allow them to mount the devices read only via write blockers. Once the devices are mounted, checksums are performed to get a hash that can be compared to copies of the devices. As you can guess, making bit by bit images of the devices is performed next. These are the working copies, the original evidence is never utilized to perform forensics as any modification can cause the evidence to be inadmissible in court. Each image has a hash function run on it and the hash should exactly match the original device. This can prove in court that the original evidence is intact and unmodified data was utilized.
2. What is a firewall? Identify and explain some of the functions of a firewall. What are its limitations?
A firewall is a networking device, or a host-based software package, that limits the data that is allowed to ingress or egress the information system. A network based firewall typically protects the information systems network boundaries from attackers infiltrating the network or exfiltrating data from the information system. A host-based firewall is generally utilized to protect the individual host it is installed on. Individual rules are configured on a firewall that limit where the packets are allowed to or from and what ports and protocols are authorized, this is true whether you are discussing network or host-based firewalls.
There are next generation firewalls now that perform a host of additional features such as malware and zero day protection, deep packet inspection, and intrusion protection/prevention technologies.
Have a great week 7 class and professor, I look forward to your responses!