FORENSICS FRAMEWORKS/MODELS

First thanks to all respected readers. Trying to amalgamate almost models framework of forensics by this article. Welcoming your views and comments.

Well,

Forensics “The application of scientific knowledge to legal problems“

4.jpg

So, What is Forensics (4n6) : Answer

The aim of this article is to establish a clear guideline of what steps should be followed in a forensic process. Before that must brief about network forensics.

It is capturing, recording and analysis of network events in order to discover the source of security attacks. An Investigator needs to backup these recorded data to free up recording media and to preserve the data for future analysis. The concept of network forensics deals with data found across a network connection mostly ingress and egress traffic from one host to another. Network forensics tries to analyze traffic data logged through firewalls or intrusion detection systems or at network devices like routers and switches.

Untitled.pngImage reference: Network Forensic frameworks survey & research challenges 

These steps, in turn, should enable us to clearly define a framework/mode;/methodology that can be used in a forensic investigation. There are many reasons why an investigation might not lead to a successful prosecution, but the predominant one is a lack of preparation. DFRWS proposed the first process model for digital forensics in the networked environments.
Screenshot_2Table: Some Digital Forensics Frameworks  

The concept is almost same on above proposed frameworks. This framework also sets a legal base as foundation. The reason for this is so that a clear understanding of what the legal requirements are is established right at the start of the investigation and informs each subsequent step or phase. The simple approach framework stages are illustrated in the following diagram, I P A DScreenshot_1.pngImage : Simple 4n6 methodology 

Other Frameworks 

     0. DFIR : Digital Forensics Incident Response Resources

  1. Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

GRR Rapid Response is an incident response framework focused on remote live forensics. It based on client server architecture, so there’s an agent which is installed on target systems and a Python server infrastructure that can manage and communicate with the agents.
Details: https://github.com/google/grr 

   2. The Rekall Forensic and Incident Response Framework
The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.
The Rekall distribution is available from: http://www.rekall-forensic.com/  , https://github.com/google/rekall 

And the best

3. Awesome Forensics: A curated list of awesome free (mostly open source) forensic analysis tools and resources.

More Details : https://github.com/cugu/awesome-forensics  

List of Computer Forensics tools : Link

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s