Forensics, or forensic science, is the application of scientific methods to resolve or shed light on legal issues. It has a number of subdivisions; forensic medicine involves the examination of the human body (living or dead) for purposes of answering legal questions or gathering evidence for a criminal or civil action. Forensic accounting involves the examination of financial records for the same purpose. And computer forensics, as the name indicates, involves the examination of computer systems and data for legal purposes.
What is Cyber Forensics?
Cyber Forensics is the scientific processes of identification, seizure, acquisition, authentication, analysis, documentation and preservation of digital evidence
There is multiple definitions but the core is same:
- Scientific answers to legal questions.
- A field of electronic investigation that seeks to identify the content and activity of a digital device, and where possible the intent of the user.
- Science for the examination and analysis of digital trace evidence.
- scientific discipline combination of standards, law and computer science to analysis reporting that should be accepted by the court of law or any law.
Cyber Forensics Cases:
- Intellectual Property Theft cases (Agricultural, Designing, aviation, e-commerce)
- Banking Financial Fraud, Suspicious fraud transaction
- Money Laundering
- Smartphone Social Media
- Online Fraud and Forgery
- Derogative defamatory comments/blogs
- Ransomware cases
- Email cases
- CCTV, Data Recovery cases
- Cyber Crime
What is a computer forensics investigator?
Computer forensics investigators, also known as computer forensics specialists or analysts, are experts in recovering material from computers and other electronic storage devices, particularly when the data has been corrupted or deleted. These specialists work within the law enforcement industry and apply their skills to investigations, attempting to recover information that can be used as evidence in civil and criminal trials. Computer forensics investigators must record the data retrieval process and may be required to present their findings during the trial.
What qualifications does it require?
There are several ways to go about becoming a computer forensics investigator. It is recommended that anyone interested in this IT career path earn a computer science degree and undergo law enforcement training or earn experience in the field. Some law enforcement agencies may also have their own computer forensics investigator training programs. Either way, specialists must develop an extensive amount of computer science, IT security and operating systems expertise. Basics are very important, networking cyber security and hacking.
List of Some Forensic tools
- Digital Intelligence Ultrablock
- Logicube Falcon
- FTK Imager
- Magnet axiom
- CDAC (CyberCheck, FRAT)
- UFED Cellebrite touch/4pc
- UFED Physical analyzer
- CellDek Logicube
- Encase smartphone
- Dr. fone
- Adroit Photo
- Paraben E-mail Examiner
- Tableau password recovery
- Linux Distros (Caine, Kali, Parrot, SIFT, Deft)
- File Scavenger
For complete list of tools: https://d3pakblog.wordpress.com/2016/12/27/computer-forensic-tools/
Open Source and VAPT Tools: https://d3pakblog.wordpress.com/2016/12/27/open-source-vapt-dfir-tools/
Glossary in short
Collection, analysis & presentation of Electronically Stored Information (ESI) from computers for the purpose of presentation as evidence in legal or other proceedings.
CLOUD COMPUTING/THE CLOUD
Cloud computing refers to the delivery of computing as a service rather than a range of products. Resources, software, and information are delivered to computers and other devices via the internet. Users access cloud-based applications by logging in via a web browser/light weight desktop/mobile app while the software and data are stored on remote servers.
Digital forensics is possible with data contained in ‘the cloud’, however, encryption can present barriers.
An umbrella term referring to forensics involving digital devices, including computer and network forensics. Refers to the evolution of computers into networks, mobile phones, PDA, GPS, etc.
An exact copy of a storage device.
The act of attaining a forensic image of a device.
E-DISCOVERY / E-DISCLOSURE
The discovery and disclosure of information stored in electronic form, for the purpose of obtaining evidence.
ELECTRONICALLY STORED INFORMATION / ESI
Any information created or stored on an electronic device, including word processing documents, emails, voice messages, SMS, accounting ledgers, databases, etc.
Collection, analysis & presentation of digital communications between digital devices, such as computers, mobile phones, etc., for the purpose of presentation as evidence in legal or other proceedings.
Collection, analysis & presentation of Electronically Stored Information (ESI) from mobile and smart phones for the purpose of presentation as evidence in legal or other proceedings.
Storage using the Universal Serial Bus. A standard for attaching digital devices to computers, often used for external storage of ESI. Also, known as “Thumb Drive”, “Pen Drive” or “Flash Drive
For Complete detailed list: https://d3pakblog.wordpress.com/2017/01/24/glossary-computer-email-forensics
DFIR Resources: https://d3pakblog.wordpress.com/2017/01/13/dfir-resources/