Computer Forensics versus Mobile Device Forensics Data Collection (Essay Sample)

Collecting Data
Name
Institution
Collecting Data
Introduction
Computer forensics, network forensics, and mobile devices forensics are all part of digital forensic science. Computer forensics examines digital media to identify, preserve, analyze, and present facts about digital information. Network forensics, on the other hand, monitors and analyses computer network traffic to gather legal evidence or to detect any form of intrusion. Mobile devices forensics aims at recovering digital evidence from mobile phones (Sammons, 2012).
Computer Forensics versus Mobile Device Forensics
One significant difference between the two is the device under inspection. In mobile device forensics, cell phones, PDAs, and tablet computers are the gadgets that are in use. All these are portable devices. For computer forensics, the devices are less mobile. These include desktop computers and laptops.
Additionally, the hardware used in mobile devices cannot be compared to those employed in computers. Those of cell phones and laptops are advanced regarding the kind of hardware they use, storage media, and interfaces. For that reason, retrieving data from a PDA, for example, is a more complicated than obtaining the same from a laptop. Forensic investigators are faced with challenges when they interact with mobile devices (Sammons, 2012).
Network Forensics versus Computer Forensics
The volatility of network forensics makes it stand out from the rest. Data in the former field changes rapidly. Additionally, rarely this data is rarely logged. For these reasons, network forensics is a very reactionary discipline. It requires investigators to intercept traffic at the packet level so that it can be analyzed later unlike in computer forensics where the interception is unnecessary (Sammons, 2012).
Acquisition of Forensic Data from Computers
A bit-by-bit copy of the drive to a set of digital forensic images is created after which the number of storage devices in the computer is determined. Additionally, the forensic team may ascertain the type of storage devices available on the network. This process is followed by the removal of the hard drive from the desktop for recording its type, brand, model, and serial number. The drive is then connected to a high-speed forensic imaging device that reveals any hidden areas of the hard disk. The last step is the verification of the digital forensic image against the original hash value. The internal clock and calendar of the desktop are then noted, and the hard drive is reinstalled back to the desktop.
Acquisition of Forensic Data from Mobile Devices
A bit by bit copy of the drive is created. The phone is inspected for the existence of internal storage, SIM card, and flash storage. The SIM card is cloned while flash storages are removed and imaged. In cases where the SIM card does not exist, the phone is placed inside a container so that wireless signals cannot reach it. The phone is then imaged, and the images are compared with the original hash values (Sammons, 2012).
Acquisition of Forensic Data from Networks
A forensically sound bit by bit copy of the drive to a set of digital forensic images is created. It is followed by determination of a RAID type. The hard drives are removed from the server one at a time. The drivers are then imaged one at ...