Scribd
Upload
72 views17 pages

Introduction To Digital Forensics

Digital forensics is the process of identifying, preserving, analyzing, and presenting digital evidence to investigate cybercrimes and data breaches. The process involves six key steps: identification, preservation, collection, examination, analysis, and reporting, and encompasses five categories: computer, mobile device, network, cloud, and memory forensics. Challenges include encryption, anti-forensic tools, large data volumes, and legal delays, while tools like FTK, EnCase, OSForensics, Magnet Forensics, and Sleuth Kit are commonly used in the field.

Uploaded by

aamalnayaba001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
72 views17 pages

Introduction To Digital Forensics

Digital forensics is the process of identifying, preserving, analyzing, and presenting digital evidence to investigate cybercrimes and data breaches. The process involves six key steps: identification, preservation, collection, examination, analysis, and reporting, and encompasses five categories: computer, mobile device, network, cloud, and memory forensics. Challenges include encryption, anti-forensic tools, large data volumes, and legal delays, while tools like FTK, EnCase, OSForensics, Magnet Forensics, and Sleuth Kit are commonly used in the field.

Uploaded by

aamalnayaba001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Introduction to Digital

Forensics
What is Digital Forensics?

 Digital forensics is the process of identifying, preserving, analyzing,


and presenting digital evidence.

 It is used to investigate cybercrimes, data breaches, fraud, and


unauthorized data access.

 Example:
Recovering deleted emails from a suspect's computer in a financial
fraudcase.
Digital Forensics Process
 1. Identification
Devices and data sources that may contain evidence are located.
 2. Preservation
Data is protected to prevent alteration or corruption.
 3. Collection
Relevant data is gathered using legal and forensically sound methods.
 4. Examination
Data is filtered and organized to find useful information.
 5. Analysis
Relationships and patterns are analyzed to build conclusions.
 6. Reporting
Findings are documented clearly for court or investigation use.
Example:
A company suspects an employee of stealing data:
 Identify the employee's laptop and USB activity. (Identification)
 Preserve the system by creating a disk image. (Preservation)
 Collect USB access logs and file transfers. (Collection)
 Examine timestamps and file metadata. (Examination)
 Analyze data movement and correlate with CCTV logs. (Analysis)
 Report findings in a formal report for HR/legal team. (Reporting)
Categories of Digital Forensics
Following are the five categories of Digital Forensics

 Computer Forensics
 Mobile Device Forensics
 Network Forensics
 Cloud Forensics
 Memory Forensics
Computer Forensics
Deals with examining data on computers or storage devices to find
relevant digital evidence.

 Example: Recovering browser history and documents from a formatted


hard drive.
 Investigating computers and storage devices
 Hard drives
 SSDs
 Removable media
 File recovery and analysis
 Malware detection and analysis
Mobile Device Forensics
Focuses on extracting and analyzing data from mobile phones and tablets.

 Example: Retrieving deleted WhatsApp messages to investigate a


cyberbullying case.
 Extracting data
 Analysis of data
 Call logs & texts
 App data
 GPS and location data
 Data recovery from damaged devices
Network Forensics
Involves monitoring and analyzing network traffic to detect suspicious
activities.

 Example: Analyzing logs to trace unauthorized access to a secure server.


 Monitoring network traffic
 Analyzing network traffic
 Packet capture and analysis
 Intrusion detection and prevention
 Identifying unauthorized access and data breaches
Cloud Forensics
Cloud forensics is a crucial part of modern digital investigations, especially
with the
increasing use of cloud services.
It involves the investigation and analysis of digital evidence within cloud
environment.

 Example: Examining access logs from a cloud storage account used for
data exfiltration.
Cloud forensics investigates digital crimes and security incidents within
cloud
environments.
Memory Forensics

 Memory forensics is a digital forensics technique that examines a


computer's volatile memory (RAM) to uncover evidence of
cyberattacks, malware, and other malicious activities. It's valuable
because RAM stores the current state of a system and may contain
information not found on hard drives, such as running processes,
network connections, and even encryption keys.

 Examples: Recovering Deleted Data: Memory forensics can help


recover deleted files, user credentials, or other data that may still be
present in memory, even after a system is rebooted
Challenges in Digital Forensics

1. Encryption & Passwords –


Secured data is hard to access without the right key.
 Example: A suspect’s encrypted WhatsApp messages can’t be
read even if police seize their phone.

2. Anti-Forensic Tools –
Criminals use software to hide or destroy digital evidence.
 Example: A hacker uses a file-wiping tool to permanently delete
incriminating documents.
Challenges in Digital Forensics

3. Huge Data Volumes –


Too much data slows down investigations.
 Example: A 1TB hard drive full of files takes weeks to search for
clues.

4. Cloud & Legal Delays –


Evidence stored online may be in another country, requiring legal
approval.
 Example: Police need a court order to access a suspect’s Google
Drive files stored in Europe.
Tools Used in Digital Forensics

1. FTK(Forensic Toolkit):
 Developed by AccessData company.
 This tool allows you to:
 Recover deleted files.
 Check system Registry settings.
 Use special filters to find specific types of files.
 Mostly used by law enforcement (like the police).
 FTK also offers tools for mobile phone analysis.
 It's a powerful tool, but it can be expensive.

Example: If someone deletes illegal photos from their computer, FTK can recover
those deleted photos and use them as evidence.
2. EnCase:
 Developed by Guidance Software.
 Similar to FTK and considered its direct competitor.
 With EnCase, you can:
 Create drive images (copies).
 Recover deleted files.
 Examine Registry and system information.
 It’s also quite expensive.

Example: If a company employee deletes confidential office data, EnCase can


help recover the files and prove what happened.
3. OSForensics:
 This tool is low-cost and easy to use.
 Features include:
 Recovering deleted files.
 Checking the system Registry.
 Searching through drives.
 A free trial version is available.

Example: A small company noticed some important files missing. Using


OSForensics, they found out when and who deleted the files.
4. Magnet Forensics:
 An all-in-one tool for:
 Both PC and mobile forensics.
 Popular because it handles both types of devices in one tool.

Example: In a case, the police got a suspect’s phone and laptop.


Magnet Forensics was used to analyze data from both devices in one
place.
5. Sleuth Kit:
 A set of open-source (free) forensic tools.
 Very powerful, but:
 Requires using command line or terminal.
 Can be difficult for beginners.

Example: A cyber expert used Sleuth Kit in Linux terminal to investigate a


hacked hard drive and found traces of the hacker.

You might also like