Cyber forensics is an electronic discovery technique used to determine and reveal technical criminal evidence. It often involves electronic data storage extraction for legal purposes.
–First step in Disk Forensics is identification of storage devices at the scene of crime like hard disks with IDE/SATA/SCSI interfaces, CD, DVD, Floppy disk, PDAs, flash cards, SIM, USB/ Fire wire disks, Magnetic Tapes, Zip drives, Jazz drives etc. These are some of the sources of digital evidence.
–A forensic image, sometimes referred to as a mirror image or hard drive clone, is a fundamental aspect of data preservation and digital forensics. …
Thus, before any data analysis occurs, it usually makes sense to create an exact,
bit-for-bit copy of the original storage media.
Mobile forensics is a branch of digital forensics related to the recovery of digital evidence from mobile devices. Forensically sound is a term used extensively in the digital forensics community to qualify and justify the use of articular forensic technology or methodology.
The nature of data which can be gathered and analyzed from mobile devices to get right digital evidence will include:
1. Social media analysis e.g. WhatsApp, Facebook, LinkedIn etc.
2. Call logs and contacts
3. E-mails
4. Passwords
5. SMS
6. Instant messenger chats and logs
7. Pictures, Audio and video files
8. Data from smart apps installed
9. Documents, files, presentations stored
10. System files, logs
11. Deleted data or hidden data for the above areas
Database forensics is a branch of digital forensic science relating to the forensic study of databases and their related metadata. The discipline is similar to computer forensics, following the normal forensic process and applying investigative techniques to database contents and metadata.
Importance of Database Forensic
–Critical Sensitive information in database, e.g. bank account data,
documents data, health data
–Loss caused by security incidents, corporate governance
Aims Database forensics
–To find out what happened when
–To revert any unauthorized data manipulation operations
Things to Consider
–How to gain access to system
–Live vs. dead system
–Integrity
–Images
–Data Encription
What is E-mail investigation?
“E-mail investigation is a digital forensics process of finding out evidences from suspect emails that allows investigator to examine, preserve, and reveal digital evidence”(branch of forensics science).
Vital Roles of E-mail Forensics
1. Examine. 2. Preserve. 3. Carve Evidence. 4. Report.
Requirements of E-mail Investigation
1. To carve evidence. 2. To ensure the reliability of e-mails. 3. To pointing on illegal acts and intertwine them. 4.Presenting an evidence in front of legal authorities.
Goal of E-mail Forensics
E-mail investigation contains the wealth of mails that’s why E-mail forensics investigator must not only investigate but also retrieve the kind of evidence from mails which is presentable and leads to legal action taken on the crime.
Types of E-mail Crimes
1. Email spoofing.
2.Email frauds.
3. Email bombing.
4. Sending threatening emails.
5.Defamatory emails.
6. Sending malicious codes through email
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information.
What is network forensics used for?
Law enforcement will use network forensics to analyze network traffic data harvested from a network suspected of being used in criminal activity or a cyber attack. Analysts will search for data that points towards human communication, manipulation of files…
What is cloud forensics?
Cloud Forensics is cross-discipline between Cloud Computing and Digital Forensics. Cloud Forensics is actually an application within Digital Forensics which oversees the crime committed over the cloud and investigates on it. Cloud computing is based on huge network, which spreads globally
Why are network policies important?
The goal of these network security policies is to address security threats and implement strategies to mitigate IT security vulnerabilities, as well as defining how to recover when a network intrusion occurs. Furthermore, the policies provide guidelines to employees on what to do and what not to do.
A generic Network forensic examination includes the following steps:
Identification, preservation, collection, examination, analysis, presentation and Incident Response.
The following is a brief overview of each step:
Identification: recognizing and determining an incident based on network indicators. This step is significant since it has an impact in the following steps.
Preservation: securing and isolating the state of physical and logical evidences from being altered, such as, for example, protection from electromagnetic damage or interference.
Collection: Recording the physical scene and duplicating digital evidence using standardized methods and procedures.
Examination: in-depth systematic search of evidence relating to the network attack. This focuses on identifying and discovering potential evidence and building detailed documentation for analysis.
Analysis: determine significance, reconstruct packets of network traffic data and draw conclusions based on evidence found.
Presentation: summarize and provide explanation of drawn conclusions.
Incident Response: The response to attack or intrusion detected is initiated based on the information gathered to validate and assess the incident.
What is CCTV forensics?
CCTV forensic refers to the use of still and moving images from a CCTV system that has single or multiple cameras attached to it. The expert will capture all footage within the period of interest from as many CCTV systems or cameras as possible.
Malware analysis is the practice of determining the functionality, source and possible impact of a given malware such as a virus, worm, Trojan horse, rootkit, or backdoor. The rapidly emerging significance of malware in digital forensics and the rising sophistication of malicious code has motivated advancement in tools and techniques for performing concentrated analysis on malware. As more investigation relies on indulgent and counteracting malware, the demand for formalization and supporting documentation has also grown which is done in malware analysis process.
Malware analysis involves two fundamental techniques: static analysis and dynamic analysis
1.Static Malware Analysis
2.Dynamic Malware Analysis
When malware is the source of a breach, knowledge of its capabilities and behavior are crucial to effective incident response. … It can identify any changes the malware may have made to affected systems, and it can provide preliminary host- and network- based indicators for detection signatures.
Worms. Worms are spread via software vulnerabilities or phishing attacks. …
Viruses. Unlike worms, viruses need an already-infected active operating system or program to work. …
Bots & Botnets. …
Trojan Horses. …
Ransomware. …
Adware & Scams. …
Spyware. …
Spam & Phishing.