Guide to Digital Forensics

Laptop forensics or digital forensics could be a term in computer science to get legal proof found in digital media or computers storage. With digital forensic investigation, the investigator can notice what happened to the digital media like emails, arduous disk, logs, laptop system, and therefore the network itself. In several case, forensic investigation can turn out how the crime may happened and the way we will shield ourselves against it next time.
Some reasons why we want to conduct a forensic investigation:
1. To assemble evidences so that it will be utilized in court to resolve legal cases.
2. To analyze our network strength, and to fill the safety hole with patches and fixes.
3. To recover deleted files or any files within the event of hardware or software failure
In pc forensics, the most important things that require to be remembered when conducting the investigation are:
1. The first evidence must not be altered in anyways, and to try to to conduct the method, forensic investigator must build a bit-stream image. Bit-stream image may be a bit by bit copy of the initial storage medium and actual copy of the original media. The distinction between a bit-stream image and traditional copy of the initial storage is bit-stream image is that the slack space in the storage. You may not notice any slack space info on a replica media.
2. All forensic processes must follow the legal laws in corresponding country where the crimes happened. Each country has different law suit in IT field. Some take IT rules very seriously, as an example: United Kingdom, Australia.
3. All forensic processes can solely be conducted when the investigator has the search warrant.
Forensic investigators would normally looking at the timeline of how the crimes happened in timely manner. With that, we have a tendency to will manufacture the crime scene about how, when, what and why crimes might happened. In a huge company, it's suggested to form a Digital Forensic Team or 1st Responder Team, thus that the company may still preserve the proof till the forensic investigator return to the crime scene.
Initial Response rules are:
1. Below no circumstances ought to anyone, apart from Forensic Analyst, to make any attempts to recover info from any computer system or device that holds electronic information.
2. Any try to retrieve the info by person said in variety 1, ought to be avoided as it could compromise the integrity of the proof, in which became inadmissible in legal court.
Based mostly on that rules, it's already explained the important roles of getting a 1st Responder Team during a company. The unqualified person can solely secure the perimeter so that no one can touch the crime scene until Forensic Analyst has come (This can be done by taking photo of the crime scene. They can conjointly build notes regarding the scene and who were gift at that time.
Steps need to be taken when a digital crimes occured in a professional manner:
1. Secure the crime scene till the forensic analyst arrive.
2. Forensic Analyst should request for the search warrant from native authorities or company's management.
3. Forensic Analyst build take a image of the crime scene in case of if there is no any photos has been taken.
4. If the pc is still powered on, don't turned off the computer. Instead, used a forensic tools such as Helix to urge some information which will solely be found when the computer remains powered on, such as data on RAM, and registries. Such tools has it's special function as not to jot down anything back to the system so the integrity keep intake.
5. Once all live evidence is collected, Forensic Analyst cant turned off the computer and take harddisk back to forensic lab.
6. All the evidences should be documented, in that chain of custody is used. Chain of Custody keep records on the proof, like: who has the evidence for the last time.
7. Securing the evidence must be amid legal officer such as police as a formality.
8. Back within the lab, Forensic Analyst take the proof to make bit-stream image, as original evidence should not be used. Normally, Forensic Analyst can produce a pair of-five bit-stream image in case one image is corrupted. In fact Chain of Custody still employed in this case to keep records of the evidence.
9. Hash of the original evidence and bit-stream image is created. This acts as a symbol that original proof and the bit-stream image is the exact copy. Thus any alteration on the bit image can result in different hash, which makes the evidences found become inadmissible in court.
10. Forensic Analyst starts to find proof in the bit-stream image by fastidiously looking at the corresponding location depends on how much crime has happened. For instance: Temporary Internet Files, Slack Space, Deleted File, Steganography files.
11. Every proof found must be hashed additionally, thus the integrity stay intake.
12. Forensic Analyst will create a report, normally in PDF format.
13. Forensic Analyst send the report back to the company together with fees.

Article Source: http://www.gambling-articles.org

Adam has been writing articles online for nearly 2 years now. Not only does this author specialize in Guide to Digital Forensics You can also check out his latest website about FISH POND FILTERS Which reviews and lists the best Garden Pond Filters

Please Rate this Article

5 out of 54 out of 53 out of 52 out of 51 out of 5 

Not yet Rated