***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Friday, May 27, 2022

    Cyber Forensics

    Cyber Forensics (Computer forensics) is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

    Cyber forensics is a process of extracting data as proof for a crime (that involves electronic devices) while following proper investigation rules to nab the culprit by presenting the evidence to the court. 

    The main aim of cyber forensics is to collect evidence and documentation to find out who did the crime digitally.

    Cyber forensics can do the following:

    • It can recover deleted files, chat logs, emails, etc
    • It can also get deleted SMS, Phone calls.
    • It can get recorded audio of phone conversations.
    • It can determine which user used which system and for how much time.
    • It can identify which user ran which program.

    Importance of cyber forensics:

    Computer forensic science essentially is data recovery with legal compliance guidelines to make the information admissible in legal proceedings.

    Digital (cyber) forensics starts with the collection of information in a way that maintains its integrity. Investigators then analyze the data or system to determine if it was changed, how it was changed and who made the changes.

    Apart from crime the forensic process is also used as part of data recovery processes to gather data from a crashed server, failed drive, reformatted operating system (OS) or other situation where a system has unexpectedly stopped working. 

    Forensic investigation is the gathering and analysis of all crime-related physical evidence in order to come to a conclusion about a suspect.

    Cyber Forensics Investigation

    Digital forensics is the collection, assessment and presentation of evidence gathered from digital media. Digital evidence comes from computers, mobile phones and servers. Digital forensics helps solve complicated cases that rely on evidence from electronic devices.

    Digital forensics helps investigative teams recover deleted data, discover evidence of misconduct and restore overwritten data. Digital analysts can mitigate damage, reverse system breakdowns and prove misuse of company property.

    The digital forensic process is intensive. First, investigators find evidence on electronic devices and save the data to a safe drive. Then, they analyze and document the information. Once it’s ready, they give the digital evidence to police to help solve a crime or present it in court to help convict a criminal.

    Phases of Digital Forensics

    There are nine steps that digital forensic specialists usually take while investigating digital evidence.

    1. First Response

    As soon as a security incident occurs and is reported, a digital forensic team jumps into action.

    2. Search and Seizure

    The team searches devices involved in the crime for evidence and data. Investigators seize the devices to make sure the perpetrators can’t continue to act.

    3. Evidence Collection

    After seizing the devices, professionals collect the data using forensic methods to handle the evidence.

    4. Securing of the Evidence

    Investigators store evidence in a safe environment. In the secure space, the data can be authenticated and proved to be accurate and accessible.

    5. Data Acquisition

    The forensic team retrieves electronically stored information (ESI) from the devices. Professionals must use proper procedure and care to avoid altering the data and sacrificing the integrity of the evidence.

    6. Data Analysis

    Team members sort and examine the authenticated ESI to identify and convert data that is useful in court.

    7. Evidence Assessment

    Once ESI is identified as evidence, investigators assess it in relation to the security incident. This phase is about relating the data gathered directly to the case.

    8. Documentation and Reporting

    This phase happens once the initial criminal investigation is done. Team members report and document data and evidence in accordance with the court of law.

    9. Expert Witness Testimony

    An expert witness is a professional who works in a field related to the case. The expert witness affirms that the data is useful as evidence and presents it in court.

    No comments:

    Post a Comment

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...