03: Introduction to Digital Forensics

Submit this homework using Gradescope. Do not email us your homework or bring a paper copy to class: we will not accept it.

8 points each.

  1. List an advantage and a disadvantage of working with digital evidence, as compared to physical evidence.

  2. Describe a scenario where a 4--5 pieces of digital evidence are linked together using Locard's exchange principle. For example, a non-digital version with just two pieces of evidence might read: upon entering a house, one leaves some DNA from skin cells, and take some carpet fibers. (They are linked by the suspect, whose shoes contain fibers that match those from the crime scene, and whose DNA presumably matches that found at the scene.) You can go farther with digital evidence from all the systems involved (for example: server logs; local computer caches; and so on). For each piece of evidence in your example, state whether you are able to determine class or individual characteristics.

  3. Using the hypothetical case of Anne Adams from the first few lectures, give three examples of inferred conclusions using the three types of reasoning described in Lecture 03, listing the specific assumptions you are making in each example. Don't simply repeat the examples given in lecture; generate at least one new conclusion!

  4. Find and report the title and URL for a validation report (for example, as published by the National Institute of Standards and Technology) that focuses on a digital forensics tool (software or hardware).

  5. Some examinations of cell phones for evidence use the phone's interface to gather information about the address book, recent calls, and so on. In other words, investigators simply press buttons on the phone to browse through and gather evidence from the phone book, SMS text messages application, and so on. List and explain one advantage and one disadvantage of using this approach (as opposed to, say, imaging the phone's contents and performing more in-depth forensics on the image).