NAME: borboran, Vladimhir DATE :

YR. & SEC : SCORE :

ACTIVITY NO. 5
DIGITAL INVESTIGATIVE PLAN

PART 1 : METHODOLOGICAL MEDOLS OF DFP

Objective : At the end of the activity, the students are able to differentiate the different models used in digital forensics.
Instructions : Define and Identify the steps needed for each model.

Kruse and Haisser Model
1. ACQUIRE- In this stage they need to acquire something (data
evidence). It falls here the issuing of search warrant
2. AUTHENTICATION- it needs to authenticate if it is the
original evidence or data (the validity of it)
3. ANALYZE- then the final stage is to analyze the data keeping
intact the data integrity and validity.

Yale University Model 1. PRELIMINARY CONSIDERATION-

2. PLANNING
3. RECOGNITION
4. PRESERVATION AND DOCUMENTATION
5. CLASSIFICATION, COMPARISON, AND
INDIVIDUALIZATION

Rodney McKemmish 1. IDENTIFICATION-

Model 2. PRESERVATION
3. ANALYZE
4. PRESENTATION

Five Step Model 1. IDNTIFICATION- identify the storage media and what data
or information could be recovered in investigation.
2. ACQUISITION- this is physical or remotely obtaining
possession of the computer data from the original storage
through digital forensic imaging process.
3. EXAMINATION/ANALYSIS- evaluate the information or
data that was recovered from storage media evidence.
4. REPORTING- it can be a written report, oral testimony, or
same condition of the two.
5. COURT PRESENTATION- and the last step is to present
the evidence in court.
 PART 2 : DEFINITION OF TERMS
Objective : At the end of the activity, the students are able to identify the meaning of the different term use in Digital
Forensic
Instructions : Define and explain each term.

Acquisition this is physical or remotely obtaining possession of the computer

data from the original storage through digital forensic imaging
process.

Forensic Image Multi-function tools that support with hard disk drive to duplicate or to
have forensic imaging and verification.

Write Blocker Device that allows investigator to examine the media while preventing
data write from occurring on the subject media.

Hash Value Mathematical algorithm produces a unique digital fingerprint and verify
that binary content of an acquired forensic image is the same as the
source media.

Web Email Cache copies of your emails locally on your computer

Temporary Internet Files files that your browser automatically saves (caches) on your storage drive
when you visit a website.

Pre-search Phase the conceptional stage of the research lifecycle. Enable searchers
connects between their topic, question, or information needed and their
prior knowledge.

Incident Response process by which an organization handles a data breach or cyberattack,

including the way the organization attempts to manage the consequences
of the attack or breach (the “incident”).

Intelligence Gathering system through which information about a particular entity is collected
for the benefit of another with more than one, inter-related source

Cable Tags used in both indoor and outdoor applications and are typically attached
to a wire or cable bundle with cable ties.

Chain of Custody tracking record beginning with detailed scene notes that describe where
the evidence was received or collected.

Antistatic Bags used for storing electronic components, which are prone to damage
caused by electrostatic discharge (ESD)

Dumpster Diving In I.T. it is a technique used to retrieve information that could be used to
carry out an attack or gain access to a computer network from disposed
items.

Cloud Storage mode of computer data storage in which digital data is stored on servers
in off-site locations.