Category: Ethical Hacking

Posted on

What is Digital Forensics? History, Process, Types, Challenges




What is Digital Forensics? History, Process, Types, Challenges

What is Digital Forensics?

Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which may be employed by the court of law. it’s a science of finding evidence from digital media sort of a computer, mobile, server, or network. It provides the forensic team with the simplest techniques and tools to unravel complicated digital-related cases.

Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various sorts of electronic devices.

History of Digital forensics:

Here, are important landmarks from the history of Digital Forensics:

* Hans Gross (1847 -1915): First use of scientific study to go criminal investigations
* FBI (1932): found out a lab to supply forensics services to all or any field agents and other law authorities across the USA.
* In 1978 the primary computer crime was recognized within the Florida Computer Crime Act.
* Galton (1982 – 1911): Conducted first recorded study of fingerprints
* In 1992, the term Computer Forensics was utilized in academic literature.
* 1995 world organization on Computer Evidence (IOCE) was formed.
* In 2000, the primary FBI Regional Computer Forensic Laboratory established.
* In 2002, the Scientific working party on Digital Evidence (SWGDE) published the primary book about digital forensic called “Best practices for Computer Forensics”.
* In 2010, Simson Garfinkel recognized issues facing digital investigations.

Objectives of computer forensics:

Here are the essential objectives of using Computer forensics:




* It helps to recover, analyze, and preserve computer and related materials in such a fashion that it helps the investigation agency to present them as evidence during a court of law.
* It helps to postulate the motive behind the crime and identity of the most culprit.
* Designing procedures at a suspected crime scene which helps you to make sure that the digital evidence obtained isn’t corrupted.
* Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to extract the evidence and validate them.
* Helps you to spot the evidence quickly, and also allows you to estimate the potential impact of the malicious activity on the victim
* Producing a computer forensic report which offers an entire report on the investigation process.
* Preserving the evidence by following the chain of custody.

Process of Digital forensics:

Digital forensics entails the subsequent steps:

* Identification
* Preservation
* Analysis
* Documentation
* Presentation

* Identification:

It is the primary step within the forensic process. The identification process mainly includes things like what evidence is present, where it’s stored, and lastly, how it’s stored (in which format).
Electronic storage media are often personal computers, Mobile phones, PDAs, etc.



*Preservation:

In this stage, data is isolated, secured, and preserved. It includes preventing people from using the digital device in order that digital evidence isn’t tampered with.

*Analysis:

In this step, investigation agents reconstruct fragments of knowledge and draw conclusions supported evidence found. However, it’d take numerous iterations of examination to support a selected crime theory.

*Documentation:

In this procedure, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It requires proper documentation of the crime scene alongside photographing, sketching, and crime-scene mapping.

*Presentation:

In this last step, the method of summarization and explanation of conclusions is completed.

However, it should be written during a layperson’s terms using abstracted terminologies. All abstracted terminologies should reference the precise details.

Types of Digital Forensics:

Three sorts of digital forensics are:

Disk Forensics:

It deals with extracting data from storage media by searching active, modified, or deleted files.

Network Forensics:

It is a sub-branch of digital forensics. it’s associated with monitoring and analysis of network traffic to gather important information and legal evidence.

Wireless Forensics:

It is a division of network forensics. the most aim of wireless forensics is to offers the tools got to collect and analyze the info from wireless network traffic.

Database Forensics:

It is a branch of digital forensics concerning the study and examination of databases and their related metadata.

Malware Forensics:

This branch deals with the identification of malicious code, to review their payload, viruses, worms, etc.

Email Forensics:

Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.

Memory Forensics:

It deals with collecting data from system memory (system registers, cache, RAM) in a raw form then carving the info from the Raw dump.

Mobile Phone Forensics:

It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc.

Challenges faced by Digital Forensics:

Here, are major challenges faced by the Digital Forensic:

* The rise of PC’s and extensive use of internet access
* Easy availability of hacking tools
* Lack of physical evidence makes prosecution difficult.
* The massive amount of space for storing into Terabytes that creates this investigation job difficult.
* Any technological changes need an upgrade or changes to solutions.

Example Uses of Digital Forensics

In recent time, commercial organizations have used digital forensics in following a kind of cases:




* Intellectual property theft
* Industrial espionage
* Employment disputes
* Fraud investigations
* Inappropriate use of the web and email within the workplace
* Forgeries related matters
* Bankruptcy investigations
* Issues concern with the regulatory compliance

Advantages of Digital forensics

Here, are pros/benefits of Digital forensics

* To make sure the integrity of the pc system.
* to supply evidence within the court, which may cause the punishment of the culprit.
* It helps the businesses to capture important information if their computer systems or networks are compromised.
* Efficiently tracks down cybercriminals from anywhere within the world.
* Helps to guard the organization’s money and valuable time.
* Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action’s within the court.




Disadvantages of Digital Forensics

Here, are major cos/ disadvantages of using Digital Forensic

* Digital evidence accepted into court. However, it’s must be proved that there’s no tampering
* Producing electronic records and storing them is a particularly costly affair
* Legal practitioners must have extensive computer knowledge
* got to produce authentic and convincing evidence
* If the tool used for digital forensic isn’t consistent with specified standards, then within the court of law, the evidence is often disapproved by justice.
* Lack of technical knowledge by the investigating officer won’t offer the specified result