Working and Living in a recording world
Since the WWW (World Wide Web) came into this world in 1990, fast growth is taking place in the professional, criminal and personal use of e-mails, the Internet, social networks, and computers. Those devices capture and create huge amounts of digital data which are stored in different places than most users realize. A user has less opportunity of terminating details-trails perfectly than of committing the great crime. Same as the fingerprint left on the chair adjustment of a vehicle used in the crime, a rough digital evidence (Fingerprint) always kept on speaking the truth.
What is CF (Computer Forensics)?
CF is the digital science of documenting, preserving and obtaining evidence from electronic digital storage devices like digital cameras, PDAs (Personal Digital Assistance), mobile phones and computers. All should be completed in a way designed to reserve the probative value of the indication and to guarantee its acceptability in a legal proceeding. People may think of this as the forensic science applied to a digital environment. A traditional forensic specialist may preserve and collect other physical evidence or fingerprints evidence, the digital specialist of forensics preserves and collects cyber evidence.
These collections of cyber/digital evidence should be completed through recognized procedures and carefully prescribed, therefore the probative value of the cyber evidence is preserved to make sure the acceptability of a legal procedure. Traditional forensic techniques might involve many specialties, CF equally involves a difference of professional people working get to gather to grab the analyze and preserve digital evidence.
Why do organization and individual want to pay attention to CF?
These days, more people are using devices with computing and digital capabilities. For instance, someone may receive and send electronic mail messages from devices such as PDAs or mobile phones. Playing online PC games concurrently with different game players over networks or manage their income over the Internet.
Nowadays, different personal and business transactions are conducting electronically.
- Users frequently use the world wide web for pleasure and business.
- Users keep their books, calendars, and personal addresses on PCs or PDAs.
- Business professional frequently negotiate business deals by electronic emails.
According to University of Birmingham study, 94% of all data created during 2000 was generated on computers in digital form, only 8% of data created in different media, like papers. Other than that important percentage of computer created files and documents may never be printed on paper. Different documents and messages are exchanging over the world wide web and are reading on the PC screen but are not printed out.
Typical process of CF
Phase 1: Identification
In this phase audit analysis, system monitoring and profile detection were performed.
Phase 2: Preservation
This phase is involving tasks like making sure a suitable chain of custody and configuring up an appropriate case management. In this phase will be crucial as to make sure that the information collection is free from suppression.
Phase 3: Collection
The related information is being collected based on the accepted method of utilizing different retrieval methods.
Phase 4 and 5: Analysis phase and examination phase
Tasks like evidence validation, recovery of encrypted/hidden information, evidence tracing timeline and data mining were performed.
Phase 6: Presentation
Expert testimony and documentation are the tasks related to this phase.
Use of CF in law enforcement
Searching and detecting unallocated space on the hard disk, places where an abundance of data often resides.
Finding hidden files – Files which are not accessible or visible to the user that contains previous user’s information. Frequently these processes require analyzing and reconstructing the codes of date for every file and determine when every file was last accessed, deleted, modified and created.
Deleted files recovering – Like graphics, photos, and documents.
Tracing artifacts - these tidbits of information left behind by OS. Experts know where and how to find those artifacts and most importantly evaluate the value of the data.
A string search running – For electronic mails, when no electronic email client is obvious.
Advantages of professional forensic methodology
An expert of CF professional must make sure that a subject PC and network system is carefully handled to make sure that:
- No possible PC virus is presented to a subject PC during the examination progression.
- A continuing chain of custody will be maintained and established.
- Business operation is affected by a less amount of time.
- No possible indication is destroyed, compromised or damaged by the procedure used to investigate the PC.
Steps taken by CF experts
The CF experts must take different watchful steps to attempt to retrieve and recognize possible evidence which may exist on subject's PC.
- Defend the subject PC throughout the forensic investigation from any imaginable data corruption, damage, virus introduction or alteration.
- Discover every folder on the system. This will be included deleted yet remaining files, password protected files, encrypted files, and normal files.
- Recover all discovered deleted documents.
- Reveal the content of hidden files and swap or temporary files used by the application process and the OS.
- Contact the contents of encrypted files or protected files.
- Analyze every possible information found in the critical area of the hard drive.
- Print out a final analysis of the PC and filing all possible discovered files and relevant files.
- Provide an idea of the system layout.
- Provide genius consultant or testimony.
Share this post
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.
Comments (0)
No comment