Free Investigation Essay Sample
The investigator will be trying to find the connection between the fires and Patrick R. Kasey who could be hired by people to start fires on their behalf so that they can be compensated by the insurance company. Encase is a product of computer forensics that is used for analyzing media that is digitalized. The information that is of use in order to study this case is the fire. The cause of the fire is also looked at. Evidence acquired needs to be protected so that it is not interfered with, there needs to be information or evidence showing that Mr. Patrick Kasey is indeed the one behind the local fires and the arson events. Evidence on the Encase could have been obtained using the surveillance cameras. The evidence needs to be protected by producing another copy of the same, just in case the original one gets interfered with. It can also be protected by ensuring that it does not get into many hands.
The Encrypting File System (EFS) is best suited to encrypt the files on the Encase. The Encrypting File System is built in so that it can enable the recovery of data. The process of recovering data adds users to a file that is encrypted. To continue with the arson case, I would first retrieve data on the Small Computer System Interface (SCSI) to see if it contains any information that can be of help with the investigation (Solomon & Barret, 2004). The following are the options of accessing information in the Small Computer System Interface. The first option is that of restarting windows and then after that try to access the Small Computer System Interface for information. The other option is to install drivers for the Small Computer System Interface and ensure that they are working properly. This is done by adding a new wizard for new hardware. Also I can troubleshoot by removing any driver that is causing any conflicts, after removing it I can then install it again (Wiles & Cardwell, 2007). The Forensic Toolkit Imager (FTK) is software that is used to access data in forensic imaging. Forensic Toolkit Imager supports files that are stored in disks that are formatted in Encase. In order not to interfere with the hard drive of the suspects in the event of being attached to a computer, it is important to ensure that hardware being used has a device for write blocking (Kaufmann & English, 2004).
The images on the Encase during verification checks end information and not the original information. During conversion of files from encase to DD format, files are copied from one sector to another. The data is initially located into a file. The media into which the data is being carried to has to be formatted. When the data is being converted from Encase to DD format the Forensic Toolkit Imager opens the DD and it is assembled again so that the drive can view it like it is raw or as a clone. The compression of files by the Encase makes the conversion possible and easier.
However, there is no imaging tool that is perfect and also they have different ways of dealing with errors. In the event that I find evidence that is incriminating, I should keep it safe from being hacked into and hence become corrupted by ensuring that the original information is not tampered with in any way (Worthington, 2000). An investigation which has been fully done needs proper documentation in order to show clearly the manner in which the arson attacks were conducted. The information can be saved on an external disk or a network that is safe. Also I would ensure that the computers I am using, to retrieve this information are using programs and software's with the latest security measures (Shinder & Cross, 2008).