In this tutorial, you are going to learn about Stages of Forensic.
Talking about Stages of Forensic it includes – Identification, Seizure , Acquisition, Analysis, Preservation and Reporting.
Identification
The very first step is to identify the evidence as per system details and through various other peripheral devices that basically identifies all those compromised systems that constitutes computer and mobile device. It also take the note of the OS details and HDD details and identifies those peripheral devices.
Seizure
Seizure are usually carried out in the crime scene. Well talking about systems, the very first priority is when the system is switched off, you should never boot it. Then you have to take RAM dump of the system and check if it is in live or switch on condition. Also you have to check the other peripheral of the system. Then, directly pull the power cable of the system and take the RAM dump and all other protected files. Fill the chain of custody form then and bring out the system to the forensic lab.
What is “Chain of Custody”?
The term “Chain of Custody” actually states all the documentation which basically identifies all changes in the control, handling, possession, ownership or custody that could be a piece of evidence.
Basically, you need to find a path or a way that could trace and lead you to the evidence from the moment you started collecting it and the time is limited, until it is presented in the court of law.
A documentation of date, time, case number, HDD details, RAM dump and other device information details is done. It is done to check the integrity of the evidence.
Acquisition
The acquisition process includes all those processes that consists of creating a bit by bit copy of the digital media evidences. Suspect drive cloning and capture of the hash value can also be stated as acquisition.
Analysis
Analysis depends on the specific of the jobs that a person holds. Each job has its own analysis. There are basically two types of analysis that are static analysis and dynamic analysis.
Various tools are used in analysis which includes encase, Autopsy and other recovery tools such as (data recovery and Stellar phoenix). Analysis of peripheral devices are mostly used in modems, mobiles, etc.
Reporting
Reporting is a basic way to prepare a report with all the evidence that has been found during the process of the analysis. These include placing all evidences with snapshots.
It can be further determined as presenting the findings in a technical and simplistic manner.
This post is written by Raunak Kumar (BTech Civil, Sharda University). If you like TheCode11, then do follow us on Facebook, Twitter and Instagram.