In this tutorial, you are going to learn about Basics of Digital Forensics. Let’s start from knowing what is digital forensic?
Introduction
Forensic is the art of acquiring and analyzing information obtained from a computer or smartphone in a legal way. It includes smart devices and would encompass lot in the future.
Now let’s learn about the requirement of forensics. Forensic is basically required to:
- Recover lost data – inadvertent or purposeful deletion
- To investigate cyber crimes
- Prevent cyber frauds
- Financial and IPR safeguards
- Incidence response
Why Forensics?
- Smartphones are an indispensable piece
- IoT the driving force
- Every device is becoming smart
- Huge warehouses of information
- Protection of personal data
- Law enforcement
- Data stealing malware
Areas of Forensic
The various areas of forensic which includes the following:
- Computer forensic
- Mobile device forensic
- Network forensic
- Database forensic
- IoT( internet of things ) forensic
Forensic Principle
Digital/Electronic evidence is extremely volatile. Once the evidence is contaminated it cannot be decontaminated. Chain of Custody is crucial.
When dealing with digital evidence, all of the general forensic and procedural principles must be applied. Upon seizing digital evidence, actions taken should not change the evidence.
All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review. Forensic analysis should be performed on the cloned suspect drive instead of original suspect drive.
History of Digital Forensics
- Hans Gross (1847 -1915): First use of scientific study to head criminal investigations.
- FBI (1932): Set up a lab to offer forensics services to all field agents and other law authorities across the USA.
- In 1978 the first computer crime was recognized in the Florida Computer Crime Act.
- Francis Galton (1982 - 1911): Conducted first recorded study of fingerprints.
- In 1992, the term Computer Forensics was used in academic literature.
- 1995 International Organization on Computer Evidence (IOCE) was formed.
- In 2000, the First FBI Regional Computer Forensic Laboratory established.
- In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first book about digital forensic called "Best practices for Computer Forensics".
- In 2010, Simson Garfinkel identified issues facing digital investigations.
Summary of Digital Forensics
- Digital Forensics is the preservation, identification, extraction, and documentation of computer evidence which can be used in the court of law.
- Process of Digital forensics includes: Identification, Preservation, Analysis, Documentation and Presentation.
- Different types of Digital Forensics are Disk Forensics, Network Forensics, Wireless Forensics, Database Forensics, Malware Forensics, Email Forensics, Memory Forensics, etc.
- Digital Forensic Science can be used for cases like: Intellectual Property theft, Industrial espionage, Employment disputes, Fraud investigations, etc.
This article on Basics of Digital Forensics is written by Vishal Vaibhab (BTech Chemical, IIT BHU). If you like TheCode11, then do follow us on Facebook, Twitter and Instagram.