Digital forensic analysis is used to review and investigate data collected through digital communications and computer networks. The National Institute for Standards and Technology (NIST) has defined four fundamental phases for forensic analysis: collection, examination, analysis, and reporting. You will learn more about these concepts as you navigate throughout the steps of this project and read the literature and links found in each step.
There are four steps that will lead you through this project. Begin with Step 1: “Methodology.” The deliverables for this project are as follows:
1. Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
2. In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab.
Step 1: Methodology
The methodology for digital forensics follows a systems process. Identify the requirements, purpose, and objectives of the investigation. Click the links below to review information that will aid in conducting and documenting an investigation:
• secure programming fundamentals
• forensics fundamentals
Learn about the investigation methodology. Consider secure programming fundamentals. Define the digital forensics analysis methodology and the phases of the digital forensics fundamentals and methodology, including the following:
1. preparation
2. extraction
3. identification
4. analysis
This information will help you understand the process you will use during an investigation.

Step 2: Tools and Techniques
Select the following links to learn about forensics analysis tools, methods, and techniques:
1. forensics analysis tools
2. web log and session analysis
3. hash analysis
Step 3; LAB

Step 4: Digital Forensics Research Paper
Now that you have learned the basics of digital forensics analysis and methodology, and have experienced one of the common forensic tools, use the material presented in this project as well as research you have conducted outside of the course materials to write a research paper that addresses the following:
1. digital forensics methodology
2. the importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase)
3. hashing in the context of digital forensics
4. How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in court?
The deliverables for this project are as follows:
1. Digital Forensics Research Paper: This should be a six-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
2. In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab.

review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
• 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
• 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response.
• 8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement.

Sample Solution

Step 2: Collection
In this step, the team collects evidence from a source. Evidence collection is an important part of digital forensics analysis since it helps to determine the origin and purpose of the collected data. It also establishes trustworthiness for later stages of investigation. Review information about evidence collection methods before completing this step.
Consider what to collect, where to obtain it from, and how it can be preserved in order to remain admissible as evidence in court. Determine which tools will be used and how they should be configured for each specific case. The most commonly used tool is EnCase Forensic software by Guidance Software Inc., but other free or commercial solutions are available as well depending on your needs (e.g.: FTK Imager).