Explain the process used to preserve the verifiable integrity of digital evidence. How does this ensure that data is preserved unmodified? How can an analyst show that the original proof is modified?
In the criminal justice department, preserving digital evidence is considered as one of the most important aspects to consider. Data stored on a physical device does not move electronically. This is different from data on an operational network. To uphold the validity of digital evidence after its analysis by a forensic investigator, it is essential to ensure a chain of custody and how the evidence is handled and stored is critical in a forensic process. Documentation of digital evidence is vital. When conducting an investigation, forensic experts should use write blocker to avoid the alteration of the files. MD5 hash can be used by the forensic experts to verify which data have been altered and those yet to be altered when conducting an investigation. At the same time, a byte by byte copy of the original media can as well be used. As a result of this, the original information can still be traced if it is accidentally altered.
2. What is a firewall? Identify and explain some of the functions of a firewall. What are its limitations?
A firewall is considered as a network security device which monitors outgoing and incoming network traffic and chooses to preventor allowspecifictraffic based on an outlined set of security standards. They establish a block between secured and non-controlled internal networks such as the internet. A firewall can be software, hardware or both. The function of firewalls includes defending resources, validating access, managing and controlling network traffic, recording and reporting events, and acting as an intermediary.
A firewall is an integral part of security your network and is created to address the issues of traffic authentication, the integrity of data, and confidentiality of the internal system. But it has some limitations. For instance, it cannot block attackers or users with modems from dialing in or out of the internal network, thereby bypassing the firewall’s protections. It is also not capable of enforcing your passwordpolicy or preventsmisuse of passwords.