Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
95 views

Computer Forensics Fundamentals

Uploaded by

Utkarsh Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
95 views

Computer Forensics Fundamentals

Uploaded by

Utkarsh Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Computer Forensics

Fundamentals
What is Computer Forensics

Also known as digital forensics.

It involves identification,collection,examination and analysis of data while


preserving the integrity of the information.

OR

Digital forensics is used to retrieve the data from computer hard drive or
other storage media.
Types of Digital Forensics

1. Disk Forensics
2. Network Forensics
3. Database Forensics
4. Mobile Forensics
5. Memory Forensics
6. Email Forensics
7. Malware Forensics
Disk Forensics

The Art of extracting digital information from digital device such as hard
drive , USB devices , CD ,DVD , Flash Drives

TOOLS USED IN DISK FORENSICS


1. Xplico
2. Forensic Toolkit
3. Votality
4. Wireshark
NETWORK FORENSICS

A branch of digital forensics which deals with monitoring and analysis of


computer network traffic for the purpose of information gathering.

TOOLS USED FOR NETWORK FORENSICS


1. TCP dump
2. Wireshark
3. Nmap
4. Forensic Toolkit
DATABASE FORENSICS

It is a subset of forensic science which deals with preservation and analysis of


relational and nonrelational database platform.
Tools used for Database Forensics
1. Forensic toolkit for SQLite
2. Log analyzer for SQL
3. SQLite Forensic Explorer
4. dbResponder
Mobile Forensics

It is a subtype of digital forensics which is concerned with retrieving data from electronic
source . The recovery of data from mobile devices is focus of mobile forensics.

3 main categories of mobile forensics

1. Seizure
2. Acquisition
3. Analysis

Tools used in Mobile Forensics

1. Android Data Extractor Lite(ADEL)


2. Autopsy etc
Memory Forensics

It is a branch of computer forensics which deals with analysis of volatile data


stored in the memory of a computer system.

Tools used in Memory Forensics

1. Varc: open-source tool that collects snapshot of volatile data


from the system.
2. Volatility: open-source tool it is widely used by incident responder
and forensic investigator.
Email Forensics

The study of source and content of the email as an evidence to trace the
sender of the message , along with other information such as date ,time and
actual sender .

It is used to detect incidents such as phishing,spoofing , data breach, or


unauthorized access.

Tools used for Email Forensics

1. Mailpro+
2. Xtractor
3. Autopsy
Malware Forensics

It is the way of finding , analyzing , investigating malware to seek out the culprit and the reason
of attack.

This includes tasks like checking out malicious code, determining its entry ,method of
propagation , impact on the system , ports it tries to use etc.

Tools used in Malware Forensics

1. PeStudio
2. ProcDot
3. Fiddler
4. Wireshark
Characteristics of Computer Forensics

1. Identification
2. Preservation
3. Analysis
4. Documentation
5. Presentation
Identification :

● Identification of location of evidence(where evidence is stored)


● Identification of format of evidence

Preservation :

● Data is isolated , secure and preserved


● This doesn’t allow any unauthorized user to tamper the evidence.

Analysis:

● Forensics lab personnel reconstructs data and draws conclusions based on evidence.

Documentation:

● A record of all the findings as well as the analysis is well documented for future reference.

Presentation:

● All the documented evidence/findings are then produced in the court of law for further
investigation.
THANK YOU!

You might also like