With that being said, the purpose of writing this document will aide in helping to train patrol officers in how to do a complete analysis when collecting and analyzing digital evidence. The document that I have written for the training division includes the following types of computer forensic concepts which are write blocking, bit-by-bit or bitstream copying, hashing or hash valves, forensic analysis, indexing process and the recovering of deleted and encrypted files. These concepts are performed once all the material has been collected, documented, photographed, labeled and …show more content…
The third concept Hashing is basically “the mathematical analysis of the data that generates the drives unique string of characters that are based on files and the structure of the drive.”(Knetzger&Muraski,2008). Hashing can also be used on single files in order to check for identical ones. The standard hash software utility is known as the Message Digests 5 or MD5 which refers to analgorithm where it generates 128 bit string of characters and when performed on suspect’s disk then both the string of character and the string from the cloning drive must match and if the match this produces an exact bit-by-bit match.(Knetzger&Muraski,2008). Here’s an example of an MD5 valve for a single file; b017e028a96ca4fbb536e30f1cb834f8. The fourth concept Forensic Analysis is the process when all evidence is turned over to the forensic specialist who will then capture clones, recovers and analyzes all the data that has been seized from the suspect’s hard disk or any other data device that was seized and in addition making absolutely sure that there has been