Digital forensics deals with the recovery of data and following the trails left by criminals in order to decode a crime or any activity. It requires a lot of natural instincts and skills to analyse a situation and act accordingly.
Network forensics ,Mobile device forensics,forensic data analysis are some of the sub disciplines under digital forensics.Initially,the term computer forensics was used since the field,solely concentrated on recovery of data only from computer devices.
But later on it covered all the devices that involved storage of data hence the term digital forensics emerged.And now it plays an important role in this cyber world for helping cops and other government officials to decode cyber frauds and recover precious information that serves as a lead for cyber crime cases.
digital Forensics involves three main process:
- Acquisition.
- Analysis.
- Reporting.
Acquisition involves capturing an image of the computer’s volatile memory (RAM) and creating an exact forensic duplicate or sector duplicate of the media, often using a write blocking device to prevent modification of the original data.
The growth in size of storage media,number of users and technologies such as cloud computing and big data have led to live acquisitions where a logical copy of the data is made rather than a complete image of the physical storage device.
Both the original and the copy of data are hashed in order to check whether the copy is an exact clone of the original data to avoid misinterpretation.
During the analysis phase an investigator recovers evidence material using a number of different methods and tools.The actual process of analysis may vary, but common methodologies include conducting keyword searches across the media , recovering deleted files and extraction of information from registry.
The evidence acquired will be in pieces and may be distort. so the next phase is to reconstruct the original data by logical methods and finally a report is prepare.
In this process, a record of all the data must be build. It helps in recreating the crime scene. It Involves documentation of the crime scene along with photographs, sketching, and crime-scene reconstruction.
Network Forensics
Network forensics is one of the subdomains of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information.
Network traffic is transmitted and then lost after a while, hence network forensics is mostly a simulative investigation.
There are two main scopes in network forensics, the first one relating to security, involves monitoring a network for anonymous traffic and identifying intrusions. Hackers might be able to erase all files on a vulnerable host, network-depende evidence might therefore be the only evidence available for forensic analysis.
The second one relates to law enforcement. In this case analysis of captured network traffic can include phases such as reassembling transferred files, searching for keywords and parsing information such as emails or chats.
Forensics systems used to collect data for use will come in two forms:
- “Catch-it-as-you-can” : This is where all packets passing through a certain traffic point are capture and write to storage where analysis is complete subsequently in batch mode. This requires large storage.
- “Stop, look and listen” : Here each packet is analyze in a simple way in memory and only certain information save for future analysis. This approach requires a faster processor to keep up with the traffic.
Mobile Device Forensics
Mobile device forensics is a subdomain of digital forensics relating to recovery of evidence or data from a mobile device. The phrase mobile device refers to mobile phones, however, it can also relate to any device that has both internal memory and communicating ability, including PDA devices, GPS devices and tablets.
After the boom of digital devices,the mobile phone market has become a huge magnet for criminals too.Mobile phone has then become an important gadget possessed by everyone irrespective of their occupation or operational knowledge.
It contains images,audio files,documents,contacts,SMS,MMS,etc.,which will be very much useful while tracking a criminal.Mobile device forensics helps government personnels to recover the deleted data.
Since the usage of mobile phones has increased exponentially,leakage of data and rumors in social media,false accusations.
There are alot of other subdomains in which forensics in applied:
#Database
#Wireless
#Malware
#Disc Forensics
#Memory Forensics.
Written By: D.Hari Haran
Reviewed By: Sayan Chatterjee
If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs