Cyber Forensics (Computer forensics) is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
Cyber forensics is a process of extracting data as proof for a crime
(that involves electronic devices) while following proper investigation rules
to nab the culprit by presenting the evidence to the court.
The main aim of cyber forensics is to collect evidence and documentation
to find out who did the crime digitally.
Cyber forensics can do the following:
- It can
recover deleted files, chat logs, emails, etc
- It can
also get deleted SMS, Phone calls.
- It can
get recorded audio of phone conversations.
- It can
determine which user used which system and for how much time.
- It can
identify which user ran which program.
Importance of cyber
forensics:
Computer forensic science essentially is data recovery with legal
compliance guidelines to make the information admissible in legal proceedings.
Digital (cyber) forensics starts with the collection of information in a
way that maintains its integrity. Investigators then analyze the data or system
to determine if it was changed, how it was changed and who made the changes.
Apart from crime the forensic process is also used as part of data
recovery processes to gather data from a crashed server, failed drive,
reformatted operating system (OS) or other situation where a system has
unexpectedly stopped working.
Forensic investigation is the gathering and analysis of all crime-related
physical evidence in order to come to a conclusion about a suspect.
Cyber Forensics
Investigation
Digital forensics is the collection, assessment and presentation of
evidence gathered from digital media. Digital evidence comes from computers,
mobile phones and servers. Digital forensics helps solve complicated cases that
rely on evidence from electronic devices.
Digital forensics helps investigative teams recover deleted data,
discover evidence of misconduct and restore overwritten data. Digital analysts
can mitigate damage, reverse system breakdowns and prove misuse of company
property.
The digital forensic process is intensive. First, investigators find
evidence on electronic devices and save the data to a safe drive. Then, they
analyze and document the information. Once it’s ready, they give the digital
evidence to police to help solve a crime or present it in court to help convict
a criminal.
Phases of Digital
Forensics
There are nine steps that digital forensic specialists usually take while
investigating digital evidence.
1. First Response
As soon as a security incident occurs and is reported, a digital forensic
team jumps into action.
2. Search and Seizure
The team searches devices involved in the crime for evidence and data.
Investigators seize the devices to make sure the perpetrators can’t continue to
act.
3. Evidence Collection
After seizing the devices, professionals collect the data using forensic
methods to handle the evidence.
4. Securing of the
Evidence
Investigators store evidence in a safe environment. In the secure space,
the data can be authenticated and proved to be accurate and accessible.
5. Data Acquisition
The forensic team retrieves electronically stored information (ESI) from
the devices. Professionals must use proper procedure and care to avoid altering
the data and sacrificing the integrity of the evidence.
6. Data Analysis
Team members sort and examine the authenticated ESI to identify and
convert data that is useful in court.
7. Evidence Assessment
Once ESI is identified as evidence, investigators assess it in relation
to the security incident. This phase is about relating the data gathered
directly to the case.
8. Documentation and
Reporting
This phase happens once the initial criminal investigation is done. Team
members report and document data and evidence in accordance with the court of
law.
9. Expert Witness
Testimony
An expert witness is a professional who works in a field related to the
case. The expert witness affirms that the data is useful as evidence and
presents it in court.
No comments:
Post a Comment