Skip to main content

What is Digital Forensics ?

 Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network

It provides the forensic team with the best techniques and tools to solve complicated digital-related cases. 

 Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices.

 

 So now a question arises that why digital forensics is important and what are its objects.

 

Objectives of Digital Forensics

1. It helps to recover, analyze, and preserve computer and related materials in such a manner that it helps the investigation agency to present them as evidence in a court of law


2. Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the malicious activity on the victim  

3. Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to extract the evidence and validate them   

4. Producing a computer forensic report which offers a complete report on the investigation process

5. Designing procedures at a suspected crime scene which helps you to ensure that the digital evidence obtained is not corrupted

 

Now as we know what are actual objectives of digital forensics, so now a person will think how this is done and what is the process they follow to do this !!!

 

 


 

Process of Digital forensics

 Digital forensics entails the following steps:

  1. Identification
  2. Preservation
  3. Analysis
  4. Documentation
  5. Presentation                          

 

 

Now lets see these steps in detail :) 

 

Identification

It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format).

 

Preservation

In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.

 

Analysis

In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory. 

 

Documentation

In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping. 

 

Presentation

In this last step, the process of summarisation and explanation of conclusions is done.

However, it should be written in a layperson's terms using abstracted terminologies. All abstracted terminologies should reference the specific details.

 

 So there are some interesting facts about digital forensics, that everyone should know :)

 

 


 

1. Intel Is Your Friend

When you begin a new case, do not be afraid to ask your client a lot of questions. The more information you have at your disposal, the easier your job as an investigator becomes. What type of programs does your client use on a regular basis? Do they make a habit of encrypting their files? Does your client have an email server on site, or do they used web-based email? Try to gather enough information to make a rough infrastructure map in your head. These details will allow you to make informed decisions throughout the case and to help your client in the most efficient manner possible.

 

2. Hit A Dead End? Think Again

As with any type of investigation, sometimes a lead turns out to be a dead end, and the same is true in the digital forensics field. A good digital investigator will always have several methods to approach and investigate a dataset. For example, if you are trying to reconstruct an email message and one of your tools isn’t handling the email properly, don’t be afraid to try another tool.

 

3. Know Your Tools

There are hundreds of computer forensic products available to a digital investigator. A good digital investigator knows the strengths and weakness of the tools and software at his or her disposal. Some tools excel at processing and handling email, while others are mainly used for recovering deleted information from a hard drive. Think about it: you wouldn’t use a wrench to drive a nail into a wall.

 

4. The Scientific Method Is Your Friend

While there are many sources of good information about computer forensic software available on the internet, it never hurts to do some independent research and testing of your own. You can do this by creating a control dataset and testing the different variables in the software. You may be required to prove your findings to a client or jury, and you will be much more confident in them if you know how your tools and software work. Always test your tools and software to ensure they are working the way you intend and that you are getting accurate results.

 

5. You Can’t Win ‘Em All

Sometimes the “smoking gun” or crucial piece of evidence that a client would like you to find simply does not exist. In fact, this happens more often than not. As a digital investigator, this is your reality, and you will have to learn to manage your client’s expectations accordingly.

 

Till now we talk about a lot of things but there is a important information that everyone should aware of .i.e Types Of Digital Forensics.



Types of Digital Forensics

Three types of digital forensics are:

Disk Forensics:

It deals with extracting data from storage media by searching active, modified, or deleted files.

Network Forensics:

It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence.

Wireless Forensics:

It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic.

Database Forensics:

It is a branch of digital forensics relating to the study and examination of databases and their related metadata.

Malware Forensics:

This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc.

Email Forensics

Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.

Memory Forensics:

It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump.

Mobile Phone Forensics:

It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc. 

 

 

Digital Forensics investigators have their special tools for the investigation and other purposes from which they conduct whole process as mentioned above, now we have reached a end of this article but before going, i will like to share some more points are would enhance your knowledge. Now i will let the all major points that a person should remember, its like a summary :)

 

 SUMMARY


• Digital Forensics is the preservation, identification, extraction, and documentation of computer evidence which can be used in the court of law


• Process of Digital forensics includes 1) Identification, 2) Preservation, 3) Analysis, 4) Documentation and, 5) Presentation


• Different types of Digital Forensics are Disk Forensics, Network Forensics, Wireless Forensics, Database Forensics, Malware Forensics, Email Forensics, Memory Forensics, etc.


• Digital forensic Science can be used for cases like 1) Intellectual Property theft, 2) Industrial espionage 3) Employment disputes, 4) Fraud investigations.

 

 Stay tuned for the best content, free and exiting material and more interesting articles..............don't miss it and stay tuned :)

Comments

Post a Comment

Popular posts from this blog

Configuring ModSecurity Web Application Firewall

ModSec is an open-source web application firewall which was designed for the apache server initially but now can be used for other different servers as well.ModSecurity is also known as ModSec and can filter HTTP requests and responses based on defined filtering rules. We will use the OWASP ModSecurity CORE RULE SET (CRS) here. We can also define our custom rules but that is a different topic.  Here is an illustration of how to configure a ModSec firewall using apache2. I have just created a simple PHP page that will be used to verify credentials. Put this page in /var/www/html/login.php Here is the page login.php: <html> <body> <?php if(isset($_POST[‘login’])) { $username = $_POST[‘username’]; $password = $_POST[‘password’]; $connection = mysqli_connect(‘localhost’,’root’,’test’,’testdb’); $result = mysqli_query($connection, “SELECT * FROM `users` WHERE username=’$username’ AND password=’$password’”); if(mysqli_num_rows($result) == 0) echo ‘Wrong Credentia
Post a Comment
Read more

What Is Cryptography ?

  Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. The prefix "crypt-" means "hidden" or "vault" -- and the suffix "-graphy" stands for "writing."   Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography not only protects data from theft or alteration, but can also be used for user authentication. Modern cryptography concerns itself with the following four objectives:   •  Confidentiality : the information cannot be understood by anyone for whom it was unintended •  Integrity : the information cannot be altered in storage or transit between sender and intended receiver without the alterati
Post a Comment
Read more

How Internet Works ?

what is a protocol? A protocol is a set of rules specifying how computers should communicate with each other over a network. For example, the Transport Control Protocol has a rule that if one computer sends data to another computer, the destination computer should let the source computer know if any data was missing so the source computer can re-send it. Or the Internet Protocol which specifies how computers should route information to other computers by attaching addresses onto the data it sends.   What’s a packet? Data sent across the Internet is called a message. Before a message is sent, it is first split in many fragments called packets. These packets are sent independently of each other. The typical maximum packet size is between 1000 and 3000 characters. The Internet Protocol specifies how messages should be packetized.   What’s a packet routing network? It is a network that routes packets from a source computer to a destination computer. The Internet is made up of a massive ne
Post a Comment
Read more