Information To Digital Forensics

Information To Digital Forensics

Computer forensics or digital forensics is a term in computer science to acquire authorized proof present in digital media or computers storage. With digital forensic investigation, the investigator can discover what occurred to the digital media corresponding to emails, hard disk, logs, computer system, and the network itself. In lots of case, forensic investigation can produce how the crime could occurred and the way we can defend ourselves towards it next time.

Some explanation why we have to conduct a forensic investigation: 1. To gather evidences in order that it may be used in court docket to unravel authorized cases. 2. To investigate our network power, and to fill the security hole with patches and fixes. 3. To get well deleted files or ipad any recordsdata within the occasion of hardware or software failure

In computer forensics, a very powerful issues that need to be remembered when conducting the investigation are:

1. The original proof must not be altered in anyhow, and to do conduct the process, forensic investigator must make a bit-stream image. Bit-stream image is a little by little copy of the original storage medium and actual copy of the original media. The distinction between a bit-stream image and regular copy of the original storage is bit-stream image is the slack space within the storage. You will not discover any slack space data on a copy media.

2. All forensic processes must comply with the authorized legal guidelines in corresponding nation the place the crimes happened. Each nation has totally different regulation suit in IT field. Some take IT guidelines very significantly, for instance: United Kingdom, Australia.

3. All forensic processes can only be performed after the investigator has the search warrant.

Forensic investigators would usually looking on the timeline of how the crimes happened in well timed manner. With that, we can produce the crime scene about how, when, what and why crimes might happened. In an enormous company, it is recommended to create a Digital Forensic Crew or First Responder Workforce, so that the company could nonetheless preserve the evidence until the forensic investigator come to the crime scene.

First Response rules are: 1. In no way should anybody, except Forensic Analyst, to make any makes an attempt to recover data from any computer system or system that holds electronic information. 2. Any try to retrieve the info by particular person stated in number 1, must be avoided because it could compromise the integrity of the proof, during which grew to become inadmissible in authorized court.

Based mostly on that rules, it has already explained the necessary roles of getting a First Responder Crew in a company. The unqualified person can only safe the perimeter so that nobody can touch the crime scene till Forensic Analyst has come (This may be done by taking photo of the crime scene. They can also make notes in regards to the scene and who have been current at that time.

Steps should be taken when a digital crimes happenred in an expert method: 1. Secure the crime scene until the forensic analyst arrive.

2. Forensic Analyst must request for the search warrant from local authorities or company's management.

3. Forensic Analyst make take a picture of the crime scene in case of if there isn't any any pictures has been taken.

4. If the computer remains to be powered on, do not turned off the computer. Instead, used a forensic instruments resembling Helix to get some info that can only be found when the computer remains to be powered on, similar to knowledge on RAM, and registries. Such tools has it is particular function as not to write something back to the system so the integrity keep intake.

5. As soon as all live proof is collected, Forensic Analyst cant turned off the computer and take harddisk back to forensic lab.

6. All the evidences should be documented, in which chain of custody is used. Chain of Custody keep data on the evidence, similar to: who has the proof for the last time.

7. Securing the proof should be accompanied by authorized officer equivalent to police as a formality.

8. Back in the lab, Forensic Analyst take the evidence to create bit-stream image, as authentic proof should not be used. Normally, Forensic Analyst will create 2-5 bit-stream image in case 1 image is corrupted. After all Chain of Custody nonetheless used on this scenario to maintain information of the evidence.

9. Hash of the original evidence and bit-stream image is created. This acts as a proof that unique evidence and the bit-stream image is the precise copy. So any alteration on the bit image will lead to totally different hash, which makes the evidences found grow to be inadmissible in court.

10. Forensic Analyst begins to seek out proof within the bit-stream image by carefully trying at the corresponding location relies on what kind of crime has happened. For instance: Short-term Internet Files, Slack Area, Deleted File, Steganography files.

Sollazzo Refrigerazioni

Sollazzo Rerigerazione

via del mare, 188

87020 Santa Maria del Cedro (CS)

Tel 3297322772

e-mail :