Email: Tél: (+225) 58 40 80 48 / (+225) 02 78 11 80
Information To Digital Forensics

Information To Digital Forensics

Computer forensics or digital forensics is a time period in computer science to acquire authorized evidence found in digital media or computers storage. With digital forensic investigation, the investigator can find what occurred to the digital media resembling emails, hard disk, logs, computer system, and the network itself. In lots of case, forensic investigation can produce how the crime could occurred and how we are able to defend ourselves towards it next time.

Some explanation why we need to conduct a forensic investigation: 1. To collect evidences in order that it may be used in court to resolve authorized cases. 2. To investigate our network energy, and to fill the security hole with patches and fixes. 3. To recuperate deleted files or any information in the event of hardware or software program failure

In computer dfi forensics, the most important issues that should be remembered when conducting the investigation are:

1. The unique evidence must not be altered in in any case, and to do conduct the process, forensic investigator must make a bit-stream image. Bit-stream image is a little by little copy of the original storage medium and actual copy of the original media. The difference between a bit-stream image and regular copy of the original storage is bit-stream image is the slack space in the storage. You will not find any slack area info on a copy media.

2. All forensic processes should follow the authorized laws in corresponding nation the place the crimes happened. Every nation has completely different law suit in IT field. Some take IT guidelines very seriously, for example: United Kingdom, Australia.

3. All forensic processes can only be conducted after the investigator has the search warrant.

Forensic investigators would normally looking at the timeline of how the crimes happened in timely manner. With that, we are able to produce the crime scene about how, when, what and why crimes could happened. In an enormous firm, it is instructed to create a Digital Forensic Team or First Responder Team, so that the company might still protect the evidence till the forensic investigator come to the crime scene.

First Response guidelines are: 1. Not at all ought to anybody, excluding Forensic Analyst, to make any attempts to get better information from any computer system or machine that holds digital information. 2. Any attempt to retrieve the data by person mentioned in number 1, should be averted as it could compromise the integrity of the evidence, wherein grew to become inadmissible in legal court.

Primarily based on that rules, it has already defined the essential roles of having a First Responder Team in a company. The unqualified particular person can only secure the perimeter in order that nobody can contact the crime scene until Forensic Analyst has come (This may be executed by taking picture of the crime scene. They'll also make notes concerning the scene and who had been current at that time.

Steps must be taken when a digital crimes occurred in knowledgeable method: 1. Secure the crime scene until the forensic analyst arrive.

2. Forensic Analyst must request for the search warrant from local authorities or company's management.

3. Forensic Analyst make take an image of the crime scene in case of if there isn't a any pictures has been taken.

4. If the computer is still powered on, do not turned off the computer. As a substitute, used a forensic tools resembling Helix to get some info that may solely be discovered when the computer remains to be powered on, reminiscent of information on RAM, and registries. Such tools has it is particular operate as to not write something back to the system so the integrity keep intake.

5. Once all live evidence is collected, Forensic Analyst cant turned off the computer and take harddisk back to forensic lab.

6. All the evidences should be documented, during which chain of custody is used. Chain of Custody hold data on the proof, resembling: who has the proof for the last time.

7. Securing the proof must be accompanied by legal officer similar to police as a formality.

8. Back within the lab, Forensic Analyst take the evidence to create bit-stream image, as unique evidence must not be used. Usually, Forensic Analyst will create 2-5 bit-stream image in case 1 image is corrupted. After all Chain of Custody nonetheless used in this state of affairs to keep records of the evidence.

9. Hash of the unique proof and bit-stream image is created. This acts as a proof that original evidence and the bit-stream image is the exact copy. So any alteration on the bit image will result in completely different hash, which makes the evidences discovered grow to be inadmissible in court.

10. Forensic Analyst starts to search out evidence within the bit-stream image by rigorously looking on the corresponding location will depend on what sort of crime has happened. For instance: Short-term Internet Information, Slack Space, Deleted File, Steganography files.

Espace de Connexion


Nos contacts

Adresse: Koumassi Rue VGE non loin du camp commando

Tél: (+225) 58 40 80 48 / (+225) 02 78 11 80

E-Mail: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.