.

Friday, March 29, 2019

Digital Forensic Computers Forensic Forensic Models Information Technology Essay

digital forensic computers forensic rhetorical Models Information Technology EssayToday the increase number of computing device and electronics components has demanded the use of digital forensic showing that the digital forensics gutter be implemented in specialized fields of honor enforcement, computer security, and national defense. In the instruction technology period, info stored in the devices atomic number 18 digital as mostly the institution or make-up use computer computer memory media as comp be to paper utilize by writers, scholars, scientists, musicians, and public figures. This gives new ch on the wholeenges to these concern persons related to to accessing and preserving training, selective information convalescence and importanttaining trust. In this article, review of the currently available investigate operationes, methodologies, dissimilar tools utilise by forensics gifteds and concludingly a conclusion will be done.KeywordsDigital forensic, reckoner rhetorical, forensic Models, Computer Forensic Investigation, Digital Forensic Methods, Forensic Techniques, Forensic ToolsIntroductionDigital forensics is the branch of forensic involving the convalescence and probe of material found in digital devices due to incident of computer offensive occurrence. Digital forensic is a synonym for the computer forensic in early start but today it includes other country of investigation comparable computer, database, and cyberspace, ready which atomic number 18 capable of storing digital data. cod to much advancement in various types of technology devices, media, digital forensics has specify the sub branches according to the investigation required. One of the digital forensics branches argon Computer forensics, Mobile device forensics, Network forensics, Forensic data analysis and Database forensics.Computer forensics involves the examination of the digital media stored in the computers for investigation spirit, mobile foren sic is convalescence of digital evince from a mobile device, network forensic is the acquiring evidence related to network traffic, information gathering or evidence collection of intrusion detection, forensic data analysis is investigate the invention of fraudulent action exploitation structure data while the final one is database forensic is the study of databases and their metadata including the its contents, log files and in-RAM data investigation.When the computer forensic is in consideration usually three different sets of people from honor Enforcement agencies, Military, Business Industry are involved with the intention of jumper cableing plenty attackers/hackers and criminals who attack the security of system of ruless and use computers for un come mostd activities. Computer Forensic spoken language the issues of National and Information Security, Corporate Espionage, White Collar offense, Child Pornography, handed-down Crime, casualty Response, Employee Monitor ing, Privacy Issues.In the following this paper start with investigation physiques, methods and techniques and tools how this information dos the novice in the computer, network, mobile and database forensic.Forensic Methodologies Phases of Computer ForensicBefore discussing the forensic methodologies one should be familiar with the few foothold of forensic terms. One of them is forensic evidence. A brief overview of evidence, categorization, rules, standard guide, and its basic principles in order to checker the chain of custody will be out terminationd.Evidence is any item or information gathered at the scene of a crime, or at related locations, which is found to be relevant to an investigation. There are many different types of evidence, from DNA and frighten off marks, to bloodstains and fingerprints Evidence should be Admissible, Authentic, Complete, Reliable and Believable. Evidence chain of custody protects its integrity. It bath be categorized as primary (best type e vidence using documentation), secondary (Oral or eye witness), direct, conclusive, circumstantial, corroborative and opinion evidence. There are guides available for Computer Based Evidence e.g. By Association of old mr Police Officers. During evidence collection following principle should be purely followed by investigatorThere should be no change of data on a computer or other media taken soulfulness should be competent while accessing sea captain data held on a target computerAudit trail or other understand of all processes applied to computer-based evidence should be created and preserved.He will ensure the law and principles of possession and access to information contained in a computer.So many forensic investigation processes have been developed till now. The heading in this paper is to make the forensic investigation process or model with common arranges of forensic to perform the intended investigation as compared to others model. Few models that exist are mentioned b elow.Computer Forensic Investigative surgical process (1984)Abstract Digital Forensics Model (ADFM) (2002)Enhanced Digital Investigation do by Model (EDIP) (2004)Computer Forensics Field Triage Process Model (CFFTPM) (2006)Scientific Crime Scene Investigation Model (2001)Common Process Model for Incident and Computer Forensics (2007)Network Forensic generic wine Process Model (2010)hither is the generic investigation process namely the Generic Computer Forensic Investigation Model (GCFIM) proposed in this article that share the common somas with previously developed models. Figure below, demonstrate the proposed GCFIM.Model (GCFIM).JPGPre Process is the first phase of Generic Computer Forensic Investigation Model. In this phase the tasks are linked to other tasks that required to be completed before the investigating and collecting the official data. These tasks are having the required approval from concern authority, preparing and compass up of the tools to be utilized, etc.A cquisition and Preservation is the second phase of Generic Computer Forensic Investigation Model. In this phase tasks performed related to the acquiring and collecting evidence in unexceptionable manner in which concern data is together base on the accepted methods utilizing a variety of recovery techniques, then the task is identifying the digital components from the acquired evidence, and finally in this phase the tasks are transporting, storing and preserving of data such as creating a substantially quality case management and ensuring an acceptable chain of custody. Overall, this phase is where all concern data are influenced, stored and presented for the next phase.Analysis is the third phase of Generic Computer Forensic Investigation Model. This is the core and the heart of the forensic investigation process. It has the largest part of phases including the tasks such as evidence tracing and validation, recovery of hidden or encrypted data, data mining, and timeline etc. Di fferent types of analysis are performed on the acquired data using the appropriate tools and techniques to recognize the source of crime and eventidetually discovering the person accountable of the crime.Presentation is the fourth phase of Generic Computer Forensic Investigation Model. The finding from analysis phase are documented and presented to the authority with well(p) testimony. The documentation presented also includes the adequate and acceptable evidence in order to understand by the concern political party easily. The final outcome from this phase is either to prove or refute the alleged criminal acts.Post-Process is the last phase of Generic Computer Forensic Investigation Model. This phase concerns only the appropriate finishing of the investigation work. Digital and physical evidence should be appropriately handed over to the authorize owner and kept in secure place, if required. Finally but non the last, if there is a conduct to review the investigative process i n each phase it should be done for the perfection of the future investigations.Challenges during Forensic InvestigationThere are some technical, legal, resource as healthful as general and specific challenges during the investigators face. Technical challenges are face in finding the criminals over the internet legal challenges are the result of not competitive with the currently technology, social environment and structure while the challenges in resources that the support should be available in all levels. The challenges that are faced during computer forensic in general and specific are the tools or techniques limitation from the private sector, no standard definition and agreements of computer crime, no proper background availability to perform testing, huge number of operate System platforms and file formats due to which unavailability of ables with true titles. Other than these challenges during investigation it may take large space of memory from Gigabytes to Terabytes or even may require the storage area network. For computer forensic expert it is also challenging to have the expertise in RAID level, implant system along with Network and Grid computing.Forensic ToolsNow in the following few of the forensic tools in the domain of computer, network, mobile, database and some others are briefly described.Reason for Using Computer Forensics ToolsThere are sixfold reasons for choosing the computer forensics tools exchangeable systems utilized by the defendants and litigants, to recover the lost data in case of hardware or software malfunction, to investigate about the computer usage in case of employee termination or when the system is attacked by an intruder.To investigate computer crimes different computer forensic tools like track eternalise imaging software for the file structure and hard disk content can be utilise, for comparing the data between original and copy Hashing tools can be used which assigns unique number for encroachment verifica tion and for recovery the lost data or deleted data recovery programs can be used. Similarly software and hardware write tools can be used to reconstruct the hard drive bit by bit as these tools generate the copy of hard disk. Encase is healthy know commercial tool that can perform various tasks like disk imaging and verification and analysis of data while PC Inspector File Recovery is a free tool helps in revealing and recovering the contents stored in any type of storage media that is connected with the computer even if the content is deleted.Network forensicsNetwork forensics deals with the capture, written text or analysis of network events in order to discover significant information about the source of security attacks in a judiciary of law.There is a tool known as eMailTrackerPro that can track down the sender message by detecting the IP forebode in the header. If there is a need to view all information like IP address, country information or domain information SmartWhoI s can be used as free available network utility. To perform the web forensic famously known tool Mandiant weathervane Historian can help forensic examiner to verify how the intruders looked into the different sites by reviewing the history files of web site. Other tool Index.dat can be used to view the browsing history, the cookies and the cache as it gives the critical information about a cookie like its key-value pair, the website address associated with the cookie, the date/time the cookie was first created and last accessed and etc.Ethereal is network piece of ground analyzer, WinPcap is the packet capture tool used to capture the packets and AirPcap is the packet capture tool for the IEEE 802.11b/g Wireless LAN interfaces.Mobile ForensicsMobile forensics as the name implies is to investigate data from mobile device for evidence purpose regardless of the mobile system of GSM / GPRS / WIFI technology. Investigator concentrate on either call data or SMS/Email data with the help of different commercial, non commercial, open source, command line or physical mobile forensic tools. The forensics process for mobile devices differ in these three main categories seizure, acquisition, and examination/analysis while other aspects of the computer forensic process still apply. Some Commercial Forensic Tools include AccessDatas MPE+, FINALMobile Forensics by FINALDATA, type O Forensic Suite, while Open source tools include iPhone Analyzer, the Mobile essential Acquisition Tool, and TULP2G plug-ins. Performing mobile forensic using command line System commands, AT modem commands and Unix command dd can be used.Database ForensicTools used for database forensic are ACL, Idea and Arbutus as it is the forensic study of databases and their metadata. These tools record action in the documented form about the forensic expert on the database as he uses database contents, log files and in-RAM data. Still there is need to do research in this field to perform database forensic t hat demands dexterity experts.ConclusionThe information provided in this article helps the reader with basic intelligence of digital forensic and its branches with the aim to do further research in specific area of this field. Different Forensic methodologies are outlined in order to give the choice to forensic expert to choose this methodology or design his own process model. Further the different tools oddly the open source one can enhance the forensic expert skills. Today the technology is advancing very rapidly and developing skills in multiple areas enhances the professional career and money value of the individual.

No comments:

Post a Comment