First thanks to all respected readers. Trying to amalgamate almost models framework of forensics by this article. Welcoming your views and comments. Well,
Forensics “The application of scientific knowledge to legal problems“
So, What is Forensics (4n6) : Answer
The aim of this article is to establish a clear guideline of what steps should be followed in a forensic process. Before that must brief about network forensics.
It is capturing, recording and analysis of network events in order to discover the source of security attacks. An Investigator needs to backup these recorded data to free up recording media and to preserve the data for future analysis. The concept of network forensics deals with data found across a network connection mostly ingress and egress traffic from one host to another. Network forensics tries to analyze traffic data logged through firewalls or intrusion detection systems or at network devices like routers and switches.
Image reference: Network Forensic frameworks survey & research challenges
These steps, in turn, should enable us to clearly define a framework/mode;/methodology that can be used in a forensic investigation. There are many reasons why an investigation might not lead to a successful prosecution, but the predominant one is a lack of preparation. DFRWS proposed the first process model for digital forensics in the networked environments.
Table: Some Digital Forensics Frameworks
The concept is almost same on above proposed frameworks. This framework also sets a legal base as foundation. The reason for this is so that a clear understanding of what the legal requirements are is established right at the start of the investigation and informs each subsequent step or phase. The simple approach framework stages are illustrated in the following diagram, I P A DImage : Simple 4n6 methodology
0. DFIR : Digital Forensics Incident Response Resources
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
GRR Rapid Response is an incident response framework focused on remote live forensics. It based on client server architecture, so there’s an agent which is installed on target systems and a Python server infrastructure that can manage and communicate with the agents.
2. The Rekall Forensic and Incident Response Framework
The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.
The Rekall distribution is available from: http://www.rekall-forensic.com/ , https://github.com/google/rekall
And the best
3. Awesome Forensics: A curated list of awesome free (mostly open source) forensic analysis tools and resources.
More Details : https://github.com/cugu/awesome-forensics
List of Computer Forensics tools : Link