Week 1 - Obstacles

Question 1

What are four obstalces to digital forensic analysis?

Answer 1

Quantity of data
Passwords
Hidden Data
Deleted Data

Question 2

Explain the obstacle Quantity of data. What, why and effectiveness?

Answer 2

Devices have a lot of data on them, lots of irrelevent data. Furthermore, there are many devices to consider and analyse. e.g. Phone, PC, Console.
Lots of data means lots of time, storage and resources is required for analysis. This obstacle is effective and serious.

Question 3

Explain the obstacle Passwords. What, why and effectiveness?

Answer 3

Passwords can be strong because of encryption.

In investigations however, passwords offer no protection for data if the data can be isolated, retrieved and copied out of the host system during investigation. Thus this is not really an obstacle for digital forensics and is thus not effective.

Question 4

Explain the obstacle Hidden Data. What, why and effectiveness?

Answer 4

Data can be concealed in various ways to hide it from investigation. However, data analysis software will always correctly identify the true nature of the data. Since tools can identify true natures, its less of an obstacle and more of a tedious task. Thus, its less effective.

Question 5

What are some ways to hide data?

Answer 5

Camoflaged files
Marking files as ‘hidden’
Scattered Data (Stored in unallocated space)
Slack space (The space at the ‘end’ of files)

Question 6

What is slack space?

Answer 6

The unused space between the end of the actual file and the end of the defined data unit (cluster) in storage. When a file is written, the does not occupy the entire cluster, the remaining space is slack space.

Question 7

What is a cluster?

Answer 7

The smallest unit of storage that the opertating system can deal with.

Question 8

What is a cluster?

Answer 8

The smallest unit of storage that the opertating system can deal with. A cluster is normally only allocated to one file/data.