Cyber Forensics : Cyber forensics can be defined as using varied technical, professional and analytical skills to investigate, collect and store evidences from a particular computing device (e.g.- hard disk, pen drive, memory card etc) in a manner that is suitable for presentation in a law court. Electronic evidence is fragile and can be modified easily. In addition to this cyber thieves, criminals, dishonest and even honest employees hide, wipe, disguise, cloak, encrypt and destroy evidence from storage media using a variety of shareware, freeware and commercially available utility programs. It's aim is to perform a systematic investigation while maintaining a documented sequence of proves to find out exactly what happened on a computing device and who was the factor behind it. It can also be considered as the process of extracting data and information from computer storage media which is manipulated. The major aim to actually find the data, gather it, store it, and present it in a manner acceptable in a court of law as said earlier.
In this process of grabbing the required information forensic investigators follow a set of procedures:
- Firstly the device is physically isolated.
- To make sure that the device cannot be accidentally contaminated, forensic investigators create a
digital copy of the device's storage media.
- Once the original data has been copied, it is locked
in a safe or other secure facility to protect it and to maintain its pristine condition.
- All the investigation is performed on
the digital copy of the data.
- Investigators use varied techniques and proprietary forensic applications to
examine the copy, searching hidden folders and unallocated disk space for copies of deleted,
encrypted, or damaged files.
- Any proof found on the digital copy is carefully documented in a report called
"finding report" and verified with the original in preparation for legal proceedings that involve
discovery, depositions, or actual litigation.
No comments:
Post a Comment