Development and Various Critical Testing Operational Frameworks in Data Acquisition for Cyber Forensics

Common Data Acquisitions Considerations

Broadly classification of data acquisition can be done into two categories

• 1.

  Static Acquisition: In this environment, data is copied from a hard drive from a powered-off system. The normal procedure is taking out the evidence form the suspected computer, by using any of the write blockers is attached to the investigating system, which makes copies/images of the original files. With the help of different tools various type of analysis is done on this evidence and try to find out the proof for any type of unethical breach (Ayers D., 2009).

• 2.

  Live Acquisition: In this type of environment, the tools are directly included in the system, which runs various background processes on the suspected system. From the live stream, images are created and different analysis is applied on online mode and the targeted system are being protected from any type of threat. This type of Acquisition is used most nowadays because shutting down the servers or websites is nowadays being not possible. For Live Acquisition, write blockers are in use at the various level of data acquisition. Mainly these devices are used to monitor the commands given to hard disk. They never allow data to be written or copied to any other device. Even they don’t allow the disk packs to be mounted on the system with write access on them, only read-only permission is given. Write protectors works in both of the hardware as well as software type of protection (Benredjem D., 2007). Host Protected Area and Device Configuration Overlay are used to enable the write Blockers. Hardware writes blocker's example are Tableau T3458is Forensic SATA/SCSI/IDE/USB Combo Bridge, Tableau T35es-R2 Forensics eSATA/IDE Bridge, UltraBlock Firewire - The First Portable Firewire Hardware Write Blocker, etc.

Data Acquisitions is described and discuss different techniques or methodology obtain the data, facts, and figures from different resource and at a different level of the system. It describes some contingency planning for data acquisition and explains how to use some basic acquisition tools. Figure 1 is discussing the different data acquisition consideration which may be the basis of classification of these techniques also. Here it will be discussed how it can be used for remote networks and how the different tools will work and used in the remote networks. It will also be required to see how different RAID levels will be the different methodologies to use the acquisition techniques. So, when we are looking at the different types of storage formats. explained the best type of technique for acquiring that data (Beebe N. L., 2014). So, before starting the acquisition techniques it is required to know various storage format which may come across while discussing and acquiring data from places. Data in forensic acquisition tools are stored as an image file; which can be of three different formats that can be used as digital.