Information To Digital Forensics

Information To Digital Forensics

Computer forensics or digital forensics is a time period in computer science to acquire authorized evidence found in digital media or computers storage. With digital forensic investigation, the investigator can discover what happened to the digital media similar to emails, hard disk, logs, computer system, and the network itself. In lots of case, forensic investigation can produce how the crime might occurred and how we will defend ourselves against it next time.

Some the explanation why we have to conduct a forensic investigation: 1. To assemble evidences so that it can be utilized in court to solve authorized cases. 2. To research our network energy, and to fill the safety hole with patches and fixes. 3. To get better deleted recordsdata or any recordsdata within the occasion of hardware or software program failure

In computer forensics, the most important things that have to be remembered when conducting the investigation are:

1. The original evidence must not be altered in anyhow, and to do conduct the method, forensic investigator must make a bit-stream image. Bit-stream image is a bit by bit copy of the unique storage medium and actual copy of the original media. The difference between a bit-stream image and normal copy of the unique storage is bit-stream image is the slack area in the storage. You will not discover any slack house info on a copy media.

2. All forensic processes should follow the authorized laws in corresponding country the place the crimes happened. Every nation has different legislation suit in IT field. Some take IT guidelines very seriously, for example: United Kingdom, Australia.

3. All forensic processes can only be carried out after the investigator has the search warrant.

Forensic investigators would normally trying at the timeline of how the crimes occurred in timely manner. With that, we are able to produce the crime scene about how, when, what and why crimes may happened. In a big company, it's instructed to create a Digital Forensic Staff or First Responder Team, in order that the corporate may still preserve the proof till the forensic investigator come to the crime scene.

First Response guidelines are: 1. By no means ought to anybody, family law except Forensic Analyst, to make any attempts to get better information from any computer system or device that holds digital information. 2. Any attempt to retrieve the information by individual stated in number 1, must be averted because it could compromise the integrity of the evidence, during which became inadmissible in authorized court.

Based mostly on that rules, it has already defined the essential roles of having a First Responder Workforce in a company. The unqualified individual can solely secure the perimeter so that nobody can touch the crime scene until Forensic Analyst has come (This can be done by taking picture of the crime scene. They can additionally make notes about the scene and who had been present at that time.

Steps must be taken when a digital crimes occurred in a professional way: 1. Safe the crime scene until the forensic analyst arrive.

2. Forensic Analyst must request for the search warrant from local authorities or company's management.

3. Forensic Analyst make take an image of the crime scene in case of if there isn't any any pictures has been taken.

4. If the computer is still powered on, do not turned off the computer. Instead, used a forensic tools reminiscent of Helix to get some info that can solely be found when the computer remains to be powered on, akin to knowledge on RAM, and registries. Such tools has it's special function as not to write something back to the system so the integrity keep intake.

5. Once all live proof is collected, Forensic Analyst cant turned off the computer and take harddisk back to forensic lab.

6. All of the evidences should be documented, by which chain of custody is used. Chain of Custody hold records on the evidence, equivalent to: who has the evidence for the final time.

7. Securing the proof have to be accompanied by legal officer reminiscent of police as a formality.

8. Back in the lab, Forensic Analyst take the proof to create bit-stream image, as authentic proof must not be used. Usually, Forensic Analyst will create 2-5 bit-stream image in case 1 image is corrupted. After all Chain of Custody still used on this scenario to maintain data of the evidence.

9. Hash of the original proof and bit-stream image is created. This acts as a proof that unique proof and the bit-stream image is the precise copy. So any alteration on the bit image will result in different hash, which makes the evidences discovered grow to be inadmissible in court.

10. Forensic Analyst starts to find proof in the bit-stream image by fastidiously looking at the corresponding location will depend on what kind of crime has happened. For example: Non permanent Internet Recordsdata, Slack Area, Deleted File, Steganography files.



 +99 (557) 902-4153

 +38 (067) 333-5222 - Петр

 +99 (559) 704-3056 - Ольга

 Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра.