Digital forensic can be described as a branch of forensic science surrounding the recovery as well as investigation of materials which are found within digital devices, in many occasion regarding computer crime. Originally the term was always used as a synonym for computer forensics; however it has spread out to be used in investigations of the entire devices with capability of storing digital data. Having its grounds in the personal computing revolution of the late 1970s and 1980s, this idea escalated in a disorganized way during the 1990s, but this ended in early 21st century after the emergence of national policies.
Digital forensic investigation has been associated with many applications. A widely known one is to refute or support a hypothesis in a civil or criminal courts. Private sectors may also apply forensic, like when there is internal intrusion investigation or corporate investigation. An investigation technical aspect has been categorized into different sub-branches, based on the type of the digital devices affected; forensic data analysis, network forensic, computer forensic, as well a mobile device forensics. Any typical forensic process should include: forensic imaging and analysis of digital media, seizure, and production of report on the evidence collected, (Carrier, Brian D., 2006). In addition to identifying direct evidence of a crime, the use of digital forensics can be on specific suspect evidence, such as determine intent, confirm alibis or statement, authenticate documents, or identify sources; copyright cases. Compared to other forensic analysis, digital forensic tend to cover a wide range of area always covering complex time-lines or hypotheses.
There are various sub-branches in regard to the investigation of different types of artifacts, media, or devices in digital forensics.
Computer forensics: The main aim of this forensics is to give an explanation to the present state of a digital artifact, for example the electronic document, storage medium, computer system. It always covers computers; embedded systems like digital devices that have rudimentary computing power and onboard memory, as well as static memory like USB pen drives, (Farmer, Dan, 2005). Various kind of information is used in computer forensics; from logs like the internet history all through to the real files on the drive.
Mobile device forensics: This is a sub-branch of digital forensics involving recovery of digital data or evidence from a given mobile device. It is different from computer forensics following the fact that mobile device has an inbuilt communications systems such as GSM and severally, proprietary storage mechanisms, (Jones, Andrew, 2008). Mobile device forensics concentrates on simple data like SMS/Email communications and call data but not the deeper recovery of deleted data. Through mobile devices information on location can be determined, which might be from inbuilt gps/location tracking or by means of cell site logs, capable of tracking the devices within their range.
Network Forensics: The discipline involves monitoring as well as analysis of computer network traffic locally and WAN/internet, in order to get information, collect evidence, or detect intrusion. Usually traffic is intercepted within the packet level, and can then be filtered in real time or stored for later analysis. Contrary to other areas of digital forensics, network data tend to be volatile and rarely logged, putting the discipline to be always reactionary. For example, when the United States FBI lured computer hackers, Aleksey Ivanov and Gorshkov in 2000, for a fake job interview. Through monitoring network traffic from the pair's computer, the FBI managed to identify passwords that allowed them to gather evidence directly from computers based in Russia.
Forensic data analysis: It is also a branch of digital forensics which examines structured data with the goal of discovering and analysis of patterns of fraudulent activities leading to financial crime.
Database forensics: This branch of forensics deal with databases and their metadata forensic study. Its investigation use log files, database content as well as in RAM data to build a timeline or for relevant information to be recovered.
Forensic Process
Three stages are involved in digital forensic investigations: imaging or acquisition of exhibits, analysis, and reporting. Generally acquisition revolves around establishing an exact sector level duplicate (or maybe forensic duplicate) of the media, particularly by use of a write blocking device so that modification of the original is prevented, (Sammons, John, 2012). In spite of that, expansion of the storage media as well as developments like cloud computing have resulted to further use of live acquisitions whereby a reasonable copy of the data is to be acquired instead of acquiring the entire image of the physical storage device. This acquired image and original data/media are to...
The rapid development of predictive routing algorithms that seek to anticipate security breaches are also becoming more commonplace (Erickson, 2009). Evidence acquisition through digital forensics seeks to also define preservation of all patterns of potential crime, regardless of the origination point (Irons, 2006). The collaboration that occurs in the open source forensic software industry acts as a catalyst of creativity specifically on this point. There are online communities that
Hash Values in Digital Forensics Introduction Hash values denote condensed representations of digitized or binary content within digital material; however, they offer no additional information pertaining to the contents of any material interpretable by an individual. Moreover, the hash function is algorithms that convert variable-sized text quantities into hash values (which are fixed-sized outputs). Also called “cryptographic hash functions,” they facilitate the development of digital signatures, short textual condensations, and hash tables
Digital Forensics in Criminal JusticeThere are several recovery techniques digital forensic practitioners can use when they encounter broken or damaged devices with deleted files (Daniel, 2011). File carving involves searching for specific patterns of data that match known file formats within the raw data from the disk. Even if the file system information is missing, file carving can effectively recover files. Or, data imaging can capture an exact copy of
Digital Forensics to Capture Data Sources Network Intrusion Prioritizing Data Sources Account Auditing Live System Data Intrusion Detection System Event Log Analysis Malware Installation Prioritizing data sources Activity Monitoring Integrity Checking Data Mining Insider File Deletion Prioritizing data sources Use of Uneraser program Recovers the Deleted Data Network Storage A recent advance in information technology has brought about both benefits and threats to business organizations. While businesses have been able to achieve competitive market advantages through the internet technology, the hackers are also using the opportunities
This means that no deeper view into the system and its underlying infrastructure is provided to the customer." The constant flow of information makes compiling a forensics report on any given item very difficult. Legal issues may also hamper digital forensics in dealing with cloud issues. Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence and its subsequent forensic analysis. When a savvy and
Casey Anthony Digital forensics can be a useful tool when applied in the correct manner. The recent case of Casey Anthony and her murder trial demonstrated the role that digital forensics may play in the setting of justice. The purpose of this essay is to describe the role that the digital evidence played within the not-guilty verdict of Casey Anthony nearly over two years ago. This essay will address the problems
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now