Skip to main content

Introduction








Digital forensics, also known as computer forensics or cyber forensics, is the process of collecting, analyzing, and preserving electronic data in a way that is admissible as evidence in a court of law.

It involves the investigation of digital devices and networks, such as computers, mobile phones, servers, and storage media, to uncover evidence related to cybercrime, data breaches, and other forms of digital wrongdoing.


Digital forensics is an important field in today's digital age, as more and more crimes and disputes involve electronic evidence. It is used by law enforcement agencies, corporate security teams, and private investigators, among others.

When performing forensic analysis, you will often hear the word 'artifact'. Forensic artifacts are essential pieces of information that provide evidence of human activity. For example, during the investigation of a crime scene, fingerprints, a broken button of a shirt or coat, the tools used to perform the crime are all considered forensic artifacts. All of these artifacts are combined to recreate the story of how the crime was committed. 

digital forensic methods of investigation &  investigation procedures





1. Identification
It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format).

Electronic storage media can be personal computers, Mobile phones, PDAs, etc.

2. Preservation
In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.

3. Analysis
In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory.

4.Documentation
In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping.

5. Presentation
In this last step, the process of summarization and explanation of conclusions is done.


Here are some additional steps that may be involved in a digital forensics investigation:

  • Triage. This step involves quickly assessing the digital evidence to determine the most important items to focus on.
  • Data recovery. This step involves recovering deleted or damaged data.
  • Malware analysis. This step involves identifying and analyzing malware that may be present on the devices.
  • Network analysis. This step involves analyzing network traffic to identify malicious activity.
  • Cloud forensics. This step involves investigating digital evidence that is stored in the cloud.




Labels:

Comments

Post a Comment

Popular posts from this blog

Chain of Custody – Digital Forensics

  Chain of Custody – Digital Forensics Chain of Custody refers to the logical sequence that records the sequence of custody, control, transfer, analysis and disposition of physical or electronic evidence in legal cases. Each step in the chain is essential as if broke, the evidence may be rendered inadmissible. Thus we can say that preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence. The chain of custody in digital cyber forensics is also known as the paper trail or forensic link, or chronological documentation of the evidence. ·         Chain of custody indicates the collection, sequence of control, transfer and analysis. ·         It also documents details of each person who handled the evidence, date and time it was collected or transferred, and the purpose of the transfer. ·         It de...
Post a Comment
Read more

Part 1: Introduction to Computer Forensics for Windows

  Part 1: Introduction to Computer Forensics for Windows: https://tryhackme.com/room/windowsforensics1 Microsoft Windows is by large the most used Desktop Operating System right now. Private users and Enterprises prefer it, and it currently holds roughly 80% of the Desktop market share. This means that it is important to know how to perform forensic analysis on Microsoft Windows for someone interested in Digital Forensics. In this module, we will learn about the different ways we can gather forensic data from the Windows Registry and make conclusions about the activity performed on a Windows system based on this data. In computer forensics, forensic artifacts can be small footprints of activity left on the computer system. On a Windows system, a person's actions can be traced back quite accurately using computer forensics because of the various artifacts a Windows system creates for a given activity. These artifacts often reside in locations 'normal' users won't t...
Post a Comment
Read more

Step 2 : Collection & Preservation of evidence

Step 2 :  Collection  & Preservation of evidence   The collecting process in digital forensics is a critical phase of the investigation. It involves the systematic and careful acquisition of digital data from electronic devices or storage media in a manner that preserves the integrity and authenticity of the evidence. The following are the steps involved in the collecting process: Collection : This step involves the actual acquisition of the data from the device or storage media. This can be done by using a variety of techniques, including   Imaging : The first step in the collection process is to create a forensic image of the digital device or media that is being investigated. This involves creating an exact copy of the device or media, including all data, file systems, and metadata. The imaging process ensures that the original evidence is preserved and can be examined without altering it.  Live analysis: In some cases, it may be necessary to conduct...
Post a Comment
Read more