Title unit4 ✅

UNIT IV Digital Forensics  Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law.  It is a science of finding evidence from digital media like a computer, mobile phone, server, or network.  It provides the forensic team with the best techniques and tools to solve complicated digital-related cases.  Digital Forensics helps the forensic team to analyses, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices. Types of Digital Forensics The types of digital forensics are:  Disk Forensics: It deals with extracting data from storage media by searching active, modified, or deleted files.  Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence.  Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic.  Database Forensics: It is a branch of digital forensics relating to the study and examination of databases and their related metadata.  Malware Forensics: This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc.  Email Forensics: Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.  Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump.  Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc. Advantages of Digital forensics Here, are pros/benefits of Digital forensics  To ensure the integrity of the computer system.  To produce evidence in the court, which can lead to the punishment of the culprit.  It helps the companies to capture important information if their computer systems or networks are compromised.  Efficiently tracks down cybercriminals from anywhere in the world.  Helps to protect the organization's money and valuable time.  Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action's in the court. Disadvantages of Digital Forensics Here, are major cos/ drawbacks of using Digital Forensic  Digital evidence accepted into court. However, it is must be proved that there is no tampering  Producing electronic records and storing them is an extremely costly affair  Legal practitioners must have extensive computer knowledge  Need to produce authentic and convincing evidence  If the tool used for digital forensic is not according to specified standards, then in the court of law, the evidence can be disapproved by justice.  Lack of technical knowledge by the investigating officer might not offer the desired result Example Uses of Digital Forensics In recent time, commercial organizations have used digital forensics in following a type of cases:

Both the methods are interdependent and a clear-cut classification is not possible. The following discusses the software forensic and the different hardware forensics techniques in use and the theory underlying it. Software forensics is the science of analysing software source code or binary code to determine whether intellectual property infringement or theft occurred. It is the centrepiece of lawsuits, trials, and settlements when companies are in dispute over issues involving software patents, copyrights, and trade secrets. Software forensics tools can compare code to determine correlation, a measure that can be used to guide a software forensics expert. Hardware Forensics  Rule of forensics - The golden rule of forensics states that we cannot work on the suspect device. It should be copied and any analysis should be done on the copy of the original one. The data should be copied at the earliest. There should not be any tampering of the suspect device. Hence design of any forensic tool should take into consideration these factors.  A Drive Lock Scenario - An important requirement in forensics is a drive lock. This device should lock the suspect drive as to avoid any contamination of data. Software locking is possible by blocking any write operations. This requires a PC or a laptop running the software to be carried along with the investigator every time. An improper functioning of the software can cause difficulty in acquiring. Hardware methods that substitute the software techniques will be compact and easy to use. The device will be powered from the source or from the suspect machine itself. The hardware into the development should have all possible connectors available.  Hard Disk Scenario - Acquihiring a hard disk using software methods depend on a software running on a PC. The computation speed of the device depends on the processing capability of the processor. The acquiring of an 80 GB hard disk takes roughly 4 hours. The processing capacity of processors has increased with shrinkage in sizes. This can be taken into advantage for the design of speedy acquisition devices. A portable unit would be a better ease to the investigator. So, development of an embedded acquisition device will be an advantage in time and cost for the investigator.  Sim Card scenario - GSM Mobile phones use Sim Cards as an important agent in connecting to the network. Details on the network and connections can be obtained from the Sim Card. There need to be device to read out the details in the Sim Card. This requires a combination of hardware and software. Sim Card details should be also copied and replicated further for analysis. Advantages of hardware tools in forensics 1. Embedded development is done which saves the space and time. 2. The products will be portable. 3. Speedy acquisition of digital datas can be done. Need of Computer Forensic Science Here are the essential objectives of using Computer forensics:  It helps to recover, analyse, and preserve computer and related materials in such a manner that it helps the investigation agency to present them as evidence in a court of law.  It helps to postulate the motive behind the crime and identity of the main culprit.  Designing procedures at a suspected crime scene which helps you to ensure that the digital evidence obtained is not corrupted.  Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to extract the evidence and validate them.  Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the malicious activity on the victim  Producing a computer forensic report which offers a complete report on the investigation process.  Preserving the evidence by following the chain of custody.