Skip to main content

Introduction








Digital forensics, also known as computer forensics or cyber forensics, is the process of collecting, analyzing, and preserving electronic data in a way that is admissible as evidence in a court of law.

It involves the investigation of digital devices and networks, such as computers, mobile phones, servers, and storage media, to uncover evidence related to cybercrime, data breaches, and other forms of digital wrongdoing.


Digital forensics is an important field in today's digital age, as more and more crimes and disputes involve electronic evidence. It is used by law enforcement agencies, corporate security teams, and private investigators, among others.

When performing forensic analysis, you will often hear the word 'artifact'. Forensic artifacts are essential pieces of information that provide evidence of human activity. For example, during the investigation of a crime scene, fingerprints, a broken button of a shirt or coat, the tools used to perform the crime are all considered forensic artifacts. All of these artifacts are combined to recreate the story of how the crime was committed. 

digital forensic methods of investigation &  investigation procedures





1. Identification
It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format).

Electronic storage media can be personal computers, Mobile phones, PDAs, etc.

2. Preservation
In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.

3. Analysis
In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory.

4.Documentation
In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping.

5. Presentation
In this last step, the process of summarization and explanation of conclusions is done.


Here are some additional steps that may be involved in a digital forensics investigation:

  • Triage. This step involves quickly assessing the digital evidence to determine the most important items to focus on.
  • Data recovery. This step involves recovering deleted or damaged data.
  • Malware analysis. This step involves identifying and analyzing malware that may be present on the devices.
  • Network analysis. This step involves analyzing network traffic to identify malicious activity.
  • Cloud forensics. This step involves investigating digital evidence that is stored in the cloud.




Labels:

Comments

Post a Comment

Popular posts from this blog

Chain of Custody – Digital Forensics

  Chain of Custody – Digital Forensics Chain of Custody refers to the logical sequence that records the sequence of custody, control, transfer, analysis and disposition of physical or electronic evidence in legal cases. Each step in the chain is essential as if broke, the evidence may be rendered inadmissible. Thus we can say that preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence. The chain of custody in digital cyber forensics is also known as the paper trail or forensic link, or chronological documentation of the evidence. ·         Chain of custody indicates the collection, sequence of control, transfer and analysis. ·         It also documents details of each person who handled the evidence, date and time it was collected or transferred, and the purpose of the transfer. ·         It de...
Post a Comment
Read more

Part 1.2: Memory Analysis

  Part 1.2: Memory Analysis  Investigating Malware Using Memory Forensics   Memory forensics is a technique used in digital forensics that involves the analysis of a computer's volatile memory (RAM) to obtain information about running processes, open network connections, system configurations, and other valuable data. This technique is particularly useful in investigating malware, as malware often tries to hide its presence on a system, making it difficult to detect using traditional methods. When investigating malware using memory forensics, there are several steps to follow: 1.       Acquisition: The first step is to acquire the volatile memory from the infected system. This can be done using tools such as FTK Imager or Volatility. 2.       Analysis: Once the memory has been acquired, it is time to analyze it. This involves examining the memory for suspicious processes, network connections, and other indicato...
Post a Comment
Read more

Step1: Identification & Preparation

Step 1:Identification and preparation Identification involves recognizing and documenting potential digital evidence, which includes identifying devices, storage media, and files that may contain relevant information. This step often involves creating a forensic image of the storage media to preserve the data for analysis. Preparation involves ensuring that the digital evidence is collected and handled properly to maintain its integrity and admissibility in court. This includes using proper tools and techniques to collect and preserve the data, documenting the chain of custody, and ensuring that the evidence is not altered or destroyed during the collection process . Both identification and preparation are critical to the success of a digital forensic investigation, as they lay the foundation for the analysis and interpretation of the data. 1.  Identification &   Preparation : The first step is to identify the scope of the investigation and create a plan for the investi...
Post a Comment
Read more