Digital forensics in cyber security

Hy this is Aman, and I welcome you again to my new blog, I hope you will find this useful and support my blog by sharing and commenting on it.

We provide you best articles related to Gaming, Technology, and Advanced Tech ( Soon we will providing you stock market and crypto-related blog )

Our last blog was Social Engineering Attack

So let's get started

• What is Digital Forensics ?

• Digital Forensics is the
• preservation, identification, extraction, interpretation, and documentation of computer evidence which can be used in the court of law

• Branches of Digital Forensics :
• Network Forensics
• Firewall Forensics
• Database Forensics
• Mobile Forensics

• Digital Forensics help to protect from and solve cases involving:
• Theft of intellectual property
• Financial Fraud
• System penetration
• Distribution and execution of viruses and worms

• Some Challenges faced by Digital Forensics
• Increase of PC's and Internet access has made the exchange of Information quick and inexpensive
• Easy availability of Tools
• Lack of physical evidence makes crime harder to prosecute
• The large amount of storage space available to suspects, up to over 10 TB
• Rapid technologies changes require constant upgrade or changes to solutions

• So, can say that Digital Forensics
• can be as simple as retrieving a single piece of data
• can be as complex as piecing together a trail of many digital artifacts

• Why we use Digital Forensics ? 

• To recover data in the event of a hardware or software failure
• To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did
• To gather evidence against an employee that an organization wishes to terminate
• To gain information about how computer system works for the purpose of debugging,performance optimization or reverse-engineering

Chain of Custody

• “Chain of Custody” is a fancy way of saying
  • “The ability to demonstrate who has had access to the digital information being used as evidence”
• Special measures should be taken when conducting a forensic investigation if it is desired for the results to be used in a court of law.
• One of the most important measures is to assure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator---and ultimately to the court.

5 Steps in performing Digital Forensics

• Preparation ( of the investigator, not the data)
• Collection (the data)
  • Digital Evidence can be collected from many obvious sources such as :
    • Computers
    • Cell phones
    • Digital Computers
    • Hard Drives
    • CD-ROM
    • USB Storage flash drives
• Examination
• Analysis
• Reporting

• Types of Computer Forensic Tools

Here are the main types of digital forensic tools:

• Disk Forensic Tools
• Network Forensic Tools
• Wireless Forensic Tools
• Database Forensic Tools
• Malware Forensic Tools
• Email Forensic Tools
• Memory Forensic Tools
• Mobile Phone Forensic Tools

Some Digital Forensics Tools :

1. Disk analysis: Autopsy/The Sleuth Kit

2. Image creation: FTK Imager

3. Memory forensics: Volatility

4. Windows Registry analysis: Registry Recon

5. Mobile forensics: Cellebrite UFED

6. Network analysis: Wireshark

7. Linux distributions: CAINE

8. ProDiscover Forensic

9. PALADIN

10. EnCASE

11. Registry Recon

So, there is lots of tools like these

Which are the Best Digital Forensic Software Tools?

Below are some of the best digital forensic software tools:

• ProDiscover Forensic
• Sleuth Kit
• CAINE
• PALADIN
• EnCase
• FTK Imager
• Wireshark
• Volatility Framework

Disk Forensics: It deals with extracting data from storage media by searching active, modified, or deleted files.

Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence.

Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic.

Database Forensics: It is a branch of digital forensics relating to the study and examination of databases and their related metadata.

Malware Forensics: This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc.

Email Forensics: Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.

Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump.

Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc.

Example Uses of Digital Forensics

In recent time, commercial organizations have used digital forensics in following a type of cases:

• Intellectual Property theft
• Industrial espionage
• Employment disputes
• Fraud investigations
• Inappropriate use of the Internet and email in the workplace
• Forgeries related matters
• Bankruptcy investigations
• Issues concern with the regulatory compliance

Advantages of Digital forensics

Here, are pros/benefits of Digital forensics

• To ensure the integrity of the computer system.
• To produce evidence in the court, which can lead to the punishment of the culprit.
• It helps the companies to capture important information if their computer systems or networks are compromised.
• Efficiently tracks down cybercriminals from anywhere in the world.
• Helps to protect the organization's money and valuable time.
• Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action's in the court.

Disadvantages of Digital Forensics

Here, are major cos/ drawbacks of using Digital Forensic

• Digital evidence accepted into court. However, it is must be proved that there is no tampering
• Producing electronic records and storing them is an extremely costly affair
• Legal practitioners must have extensive computer knowledge
• Need to produce authentic and convincing evidence
• If the tool used for digital forensic is not according to specified standards, then in the court of law, the evidence can be disapproved by justice.
• Lack of technical knowledge by the investigating officer might not offer the desired result

So, this is for today, hope you will find this useful

Thanks for reading,

To your success,

Aman Yadav

#forensic #forensicscience #forensics #forensicscientist #forense #crimescene #crime #cienciasforenses #criminology #criminalistica #forensiclab #forensicmedicine #science #k #forenses #forensicpathology #autopsy #forensicfiles #forensicstudy #forensicbiology #criminologia #forensictoxicology #forensicpsychology #facts #forensicanthropology #evidence #csi #perito #medicine #bhfyp

You can also connect with us on our social profile mentioned below -

• Instagram - https://www.instagram.com/its_aman_yadav/
• Twitter - https://twitter.com/its_aman_yadav
• Facebook - https://www.facebook.com/itsamansays
• Linkedin - https://www.linkedin.com/in/aman-yadav-b3a81120a/
• Youtube - https://www.youtube.com/channel/UCbX9mKeH4vjUX1in1v3Y-Lg