DIGITAL FORENSICS
Forensics is the use of science to investigate crimes and determine facts. With the use and spread of digital systems, such as computers and smartphones, a new branch of forensics, computer forensics, was born to investigate related crimes, which later evolved into digital forensics.
Consider the following scenario. Law enforcement officers arrive at a crime scene, but digital devices and media are also present. Desktop computers, laptop computers, digital cameras, music players, and smartphones are examples of digital devices. CDs, DVDs, USB flash memory drives, and external storage are examples of digital media. Several questions arise:
• How should law enforcement collect digital evidence, such as smartphones and laptop computers? What steps should be taken if the computer and smartphone are both turned on?
• How do I transfer digital evidence? Are there any best practises to follow when relocating computers, for example?
• How should the collected digital evidence be analysed? The storage capacity of personal devices ranges from tens of gigabytes to several terabytes; how can this be analysed?
In more formal terms, Digital forensics is the investigation of digital evidence for legal purposes using computer science. In two types of investigations, digital forensics is used:
1) Public-sector investigations are those conducted by government and law enforcement agencies. They would be involved in a criminal or civil investigation.
2) Private-sector investigations are those conducted by corporate bodies using a private investigator, either in-house or outsourced. They are triggered by violations of corporate policy.
When investigating a crime or a corporate policy violation, digital devices and digital media are often used as evidence. This is where digital forensics comes in to try to figure out what happened. It will be impossible to properly process any digital evidence without the assistance of trained digital forensics investigators.
As a digital forensics investigator, you arrive at a scene, The basic plan is as follows after obtaining the necessary legal authorization:
 Gather the evidence: Gather all digital devices, including laptops, storage devices, and digital cameras. (Note that if a laptop or computer is turned on, special handling is required; however, this is beyond the scope of this room.)
 Create a chain of custody: Fill out the relevant form correctly (Sample form). The goal is to ensure that only authorized investigators had access to the evidence and that it was not tampered with.
 Place the evidence in a secure container: You want to protect the evidence from damage. In the case of smartphones, you want to make sure they can't connect to the network and aren't remotely wiped.
 Deliver the evidence to your digital Forensic laboratory.
The procedure at the lab is as follows:
1) Take the digital evidence out of the secure container.
2) Make a forensic duplicate of the evidence: To avoid modifying the original data, the forensic copy requires advanced software.
3) Return the digital evidence to the secure container while you work on the copy. You can always make a new copy if you damage the original.
4) Begin analyzing the copy on your forensics workstation.
We discussed the identification processes and analysis part of digital forensics. Now let’s look into the challenges faced by Digital Forensics. Some of the main challenges are;
The proliferation of PCs and widespread use of internet access; the ease with which hacking tools can be obtained; and the lack of physical evidence make prosecution difficult. A large amount of storage space in Terabytes complicates this investigation; any technological changes necessitate an upgrade or changes to solutions.
Uses of Digital Forensics; examples-
Intellectual Property theft, Industrial sabotage, Employment disputes, Fraud investigations, Inappropriate use of the Internet and email in the workplace, Forgeries related matters, Bankruptcy investigations, etc.
0 Comments