Digital Forensics

Home » News » Digital Forensics
Posted by: adham saad Comments: 0 Post Date: July 16, 2022

What is Digital Forensics?

Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network. It provides the forensic team with the best techniques and tools to solve complicated digital-related cases.

Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices.

History of Digital forensics

Here, are important landmarks from the history of Digital Forensics:

  • Hans Gross (1847 -1915): First use of scientific study to head criminal investigations
  • FBI (1932): Set up a lab to offer forensics services to all field agents and other law authorities across the USA.
  • In 1978 the first computer crime was recognized in the Florida Computer Crime Act.
  • Francis Galton (1982 – 1911): Conducted first recorded study of fingerprints
  • In 1992, the term Computer Forensics was used in academic literature.
  • 1995 International Organization on Computer Evidence (IOCE) was formed.
  • In 2000, the First FBI Regional Computer Forensic Laboratory established.
  • In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first book about digital forensic called “Best practices for Computer Forensics”.
  • In 2010, Simson Garfinkel identified issues facing digital investigations.

Why is cyber forensics important?

in todays technology driven generation, the importance of cyber forensics is immense. Technology combined with forensic forensics paves the way for quicker investigations and accurate results. Below are the points depicting the importance of cyber forensics:

  • Cyber forensics helps in collecting important digital evidence to trace the criminal.
  • Electronic equipment stores massive amounts of data that a normal person fails to see. For example: in a smart house, for every word we speak, actions performed by smart devices, collect huge data which is crucial in cyber forensics.
  • It is also helpful for innocent people to prove their innocence via the evidence collected online.
  • It is not only used to solve digital crimes but also used to solve real-world crimes like theft cases, murder, etc.
  • Businesses are equally benefitted from cyber forensics in tracking system breaches and finding the attackers

Process of Digital forensics

  • Identification
  • Preservation
  • Analysis
  • Documentation
  • Presentation

Identification

It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format).

Electronic storage media can be personal computers, Mobile phones, PDAs, etc.

Preservation

In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.

Analysis

In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory.

Documentation

In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping.

Presentation

In this last step, the process of summarization and explanation of conclusions is done.

However, it should be written in a layperson’s terms using abstracted terminologies. All abstracted terminologies should reference the specific details

Types of Digital Forensics

Disk Forensics:

It deals with extracting data from storage media by searching active, modified, or deleted files.

Network Forensics:

It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence.

Wireless Forensics:

It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic.

Database Forensics:

It is a branch of digital forensics relating to the study and examination of databases and their related metadata.

Malware Forensics:

This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc.

Email Forensics

Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.

Memory Forensics:

It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump.

Mobile Phone Forensics:

It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc.

Techniques that cyber forensic investigators use

Cyber forensic investigators use various techniques and tools to examine the data and some of the commonly used techniques are:

  • Reverse steganography: Steganography is a method of hiding important data inside the digital file, image, etc. So, cyber forensic experts do reverse steganography to analyze the data and find a relation with the case.
  • Stochastic forensics: In Stochastic forensics, the experts analyze and reconstruct digital activity without using digital artifacts. Here, artifacts mean unintended alterations of data that occur from digital processes.
  • Cross-drive analysis: In this process, the information found on multiple computer drives is correlated and cross-references to analyze and preserve information that is relevant to the investigation.
  • Live analysis: In this technique, the computer of criminals is analyzed from within the OS in running mode. It aims at the volatile data of RAM to get some valuable information.
  • Deleted file recovery: This includes searching for memory to find fragments of a partially deleted file in order to recover it for evidence purposes.

Example Uses of Digital Forensics

In recent time, commercial organizations have used digital forensics in following a type of cases:

  • Intellectual Property theft
  • Industrial espionage
  • Employment disputes
  • Fraud investigations
  • Inappropriate use of the Internet and email in the workplace
  • Forgeries related matters
  • Bankruptcy investigations
  • Issues concern with the regulatory compliance

Author

Leave a Reply

Your email address will not be published. Required fields are marked *