🕵️‍♂️Digital Forensics

 

What is Digital Forensics? Digital Forensics is the preservation, identification, extraction, interpretation and documentation of computer evidence that can be used in a court of law Branches of Digital Forensics: Network Forensics Firewall Forensics Database Forensics Mobile Forensics Digital Forensics help to protect from and solve cases involving: Theft of intellectual property Financial Fraud Hacker system penetration Distribution and execution of viruses and worms Some Challenges faced by Digital Forensics The increase of PC's and Internet access has made the exchange of Information quick and inexpensive Easy availability of Hacking Tools Lack of physical evidence makes crime harder to prosecute A large amount of storage space available to suspects, up to over 10 TB Rapid technologies changes require a constant upgrades or changes to solutions So, can say that Digital Forensics can be as simple as retrieving a single piece of data can be as complex as piecing together a trail of many digital artifacts Why do we use Digital Forensics? To recover data in the event of a hardware or software failure To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did To gather evidence against an employee that an organization wishes to terminate To gain information about how a computer system works for the purpose of debugging, performance optimization, or reverse-engineering Chain of Custody “Chain of Custody” is a fancy way of saying “The ability to demonstrate who has had access to the digital information being used as evidence” Special measures should be taken when conducting a forensic investigation if it is desired for the results to be used in a court of law. One of the most important measures is to assure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator---and ultimately to the court. 5. Steps in performing Digital Forensics Preparation ( of the investigator, not the data) Collection (the data) Digital Evidence can be collected from many obvious sources such as: Computers Cell phones Digital Computers Hard Drives CD-ROM USB Storage flash drives *Examination *Analysis *Reporting Types of Computer Forensic Tools Here are the main types of digital forensic tools: Disk Forensic Tools Network Forensic Tools Wireless Forensic Tools Database Forensic Tools Malware Forensic Tools Email Forensic Tools Memory Forensic Tools Mobile Phone Forensic Tools Some Digital Forensics Tools: 1. Disk analysis: Autopsy/The Sleuth Kit 2. Image creation: FTK Imager 3. Memory forensics: Volatility 4. Windows Registry analysis: Registry Recon 5. Mobile forensics: Cellebrite UFED 6. Network analysis: Wireshark 7. Linux distributions: CAINE 8. ProDiscover Forensic 9. PALADIN 10. EnCASE 11. Registry Recon So, there is lots of tools like these Which are the Best Digital Forensic Software Tools? Below are some of the best digital forensic software tools: ProDiscover Forensic Sleuth Kit CAINE PALADIN EnCase FTK Imager Wireshark Volatility Framework Disk Forensics: It deals with extracting data from storage media by searching active, modified, or deleted files. Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence. Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic. Database Forensics: It is a branch of digital forensics relating to the study and examination of databases and their related metadata. Malware Forensics: This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc. Email Forensics: Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts. Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc. Example Uses of Digital Forensics In recent time, commercial organizations have used digital forensics in following a type of cases: Intellectual Property theft Industrial espionage Employment disputes Fraud investigations Inappropriate use of the Internet and email in the workplace Forgeries related matters Bankruptcy investigations Issues concern with the regulatory compliance Advantages of Digital forensics Here, are pros/benefits of Digital forensics To ensure the integrity of the computer system. To produce evidence in the court, which can lead to the punishment of the culprit. It helps companies to capture important information if their computer systems or networks are compromised. Efficiently tracks down cybercriminals from anywhere in the world. Helps to protect the organization's money and valuable time. Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action's in the court Disadvantages of Digital Forensics Here, are the major cos/ drawbacks of using Digital Forensic Digital evidence accepted into court. However, it is must be proved that there is no tampering Producing electronic records and storing them is an extremely costly affair Legal practitioners must have extensive computer knowledge Need to produce authentic and convincing evidence If the tool used for digital forensics is not according to specified standards, then in a court of law, the evidence can be disapproved by justice. Lack of technical knowledge by the investigating officer might not offer the desired result To Your Success, ~Meetcipher