Introduction:

Computer forensic methodologies are crucial part of the digital forensic systems where the digital evidences are collected and are presented by advanced forensic technologies. According to the case study, the employee Zhang has downloaded all the organization sensitive data from the company network. To identify those mass movements and track the suspect’s user activities, the Live Forensic Analysis methodology can be used. 

In this methodology, the information are gathered and then data are analysed in real-time data analysis technique. Therefore, the compromised system remains functional and tools that are used to capture the running process, are quite powerful to track the live data. Those data includes the memory dumps, open network connections and other unencrypted version of encrypted files (Mohlala et al. 2017). According case study, the network logs, and suspicious activities need to be investigated through live analysis evaluation to analyse the live data status and recover the company data without any modifications. 

To perform it, the live forensic analysis methodology uses the hash value algorithm. 

Step 1:

Once the forensic investigators create the images of evidences to analyse the data, the hash value is useful to verify the authenticity and check integrity of the image. This algorithm uses MD5 process to store the data. If any modification is done on the existing file, then a new hash value will be generated for that specific file. Thus, the live forensic method calculates possible credibility according to the memory model analysis and activates the validation. 

Step 2:

The user authenticity as well as integrity of the digital images collected through the live forensic approach. Hash value MD5 is useful to run the file metadata and store the password in the encrypted format. It introduces the digital evidence and authenticity of the file. So, this proposed network analysis approach speeds up the investigation process. In that case, the live forensic model collect live data from the system and standard user interface can be used in the virtual machine analysis (Kebande and Venter, 2018). The internet browsing history can be captured by using this digital forensic methods. 

In this way, the live digital forensic methodology can improve the investigation process by supporting the electronic and digital evidences. 

In this context, the computer forensic tools have been used to investigate compromised systems to recover the lost data. Computer forensic investigation deals with data and in this case study, the forensic data are related to the organization that are downloaded by one of their employees in an illegal way. This computer forensic collects the security evidences from the digital assets. This method is applied on disk drives to analyse the information involved in criminal investigations. 

On the other hand, the network forensics and database recovery are dynamic ways to store the network traffic where the unpredictable network data and database platform accordingly (Prayudi and Riadi, 2018). Those methods cover vast areas that includes password-protected files, email communication programs, and as well as registry entries, and data modifications in the databases. 

The approaches used in the systematic computer forensic method are stated below. 

Collection: The data acquisition has been done after searching and seizing the digital evidences. 

Examinations: The forensic investigation techniques have been introduced to recognize and extract the data. 

Analysis: The required data and resources are used to prove this case. 

Report: The information needs to be gathered effectively and prepare an analysis report based on systematic approaches.