JS Travel Kit - шаблон joomla Новости
Guide To Digital Forensics

Guide To Digital Forensics

Computer forensics or digital forensics is a time period in computer science to acquire authorized proof found in digital media or computers storage. With digital forensic investigation, the investigator can find what occurred to the digital media akin to emails, hard disk, logs, computer system, and the network itself. In lots of case, forensic investigation can produce how the crime may occurred and the way we are able to defend ourselves in opposition to it subsequent time.

Some reasons why we have to conduct a forensic investigation: 1. To assemble evidences so that it may be utilized in courtroom to solve legal cases. 2. To analyze our network energy, and to fill the security gap with patches and fixes. 3. To get better deleted files or any recordsdata in the occasion of hardware or software program failure

In computer forensics, a very powerful things that should be remembered when conducting the investigation are:

1. The original evidence must not be altered in anyways, and to do conduct the process, forensic investigator should make a bit-stream image. Bit-stream image is a bit by bit copy of the original storage medium and actual copy of the original media. The difference between a bit-stream image and normal copy of the original storage is bit-stream image is the slack house in the storage. You'll not find any slack space info on a duplicate media.

2. All forensic processes should comply with the legal laws in corresponding nation the place the crimes happened. Each nation has different regulation suit in IT field. Some take IT rules very significantly, for example: United Kingdom, Australia.

3. All forensic processes can only be carried out after the investigator has the search warrant.

Forensic investigators would normally looking on the timeline of how the crimes happened in timely manner. With that, we will produce the crime scene about how, when, what and why crimes may happened. In a giant firm, it is advised to create a Digital Forensic Crew or First Responder Workforce, in order that the corporate might still protect the evidence till the forensic investigator come to the crime scene.

First Response rules are: 1. Certainly not should anybody, aside from Forensic Analyst, to make any makes an attempt to recuperate info from any computer system or gadget that holds electronic information. 2. Any try to retrieve the information by person said in number 1, must be averted because it might compromise the integrity of the proof, in which became inadmissible in legal court.

Primarily based on that guidelines, it has already explained the important roles of having a First Responder Staff in a company. The unqualified person can solely secure the perimeter in order that no one can touch the crime scene till Forensic Analyst has come (This can be achieved by taking picture of the crime scene. They will also make notes concerning the scene and who had been present at that time.

Steps must be taken when a digital crimes happenred in knowledgeable approach: 1. Secure the crime scene until the forensic analyst arrive.

2. Forensic Analyst must request for the search warrant from native authorities or firm's management.

3. Forensic Analyst make take an image of the crime scene in case of if there isn't any any images has been taken.

4. If the computer continues to be powered on, surrey do not turned off the computer. As a substitute, used a forensic instruments resembling Helix to get some info that can solely be discovered when the computer remains to be powered on, comparable to data on RAM, and registries. Such instruments has it is special operate as not to write anything back to the system so the integrity keep intake.

5. Once all live proof is collected, Forensic Analyst cant turned off the computer and take harddisk back to forensic lab.

6. All of the evidences must be documented, through which chain of custody is used. Chain of Custody maintain records on the evidence, similar to: who has the evidence for the final time.

7. Securing the proof must be accompanied by legal officer such as police as a formality.

8. Back in the lab, Forensic Analyst take the evidence to create bit-stream image, as original evidence should not be used. Usually, Forensic Analyst will create 2-5 bit-stream image in case 1 image is corrupted. Of course Chain of Custody still used on this state of affairs to keep records of the evidence.

9. Hash of the unique evidence and bit-stream image is created. This acts as a proof that original evidence and the bit-stream image is the precise copy. So any alteration on the bit image will end in completely different hash, which makes the evidences found grow to be inadmissible in court.

10. Forensic Analyst begins to seek out proof within the bit-stream image by carefully wanting on the corresponding location is dependent upon what kind of crime has happened. For example: Temporary Internet Files, Slack Area, Deleted File, Steganography files.


WALTOUR Travel & Business 
Tours and Executive Services
Bases em Lisboa e Guimarães
RNAAT 274/2017



Ligue para nós e ficará
surpreso com o que podemos
sugerir e preparar para sua viagem.
Lisboa (Walter)
+351 916 699 309
 WhatsApp and Viber
This email address is being protected from spambots. You need JavaScript enabled to view it.
This email address is being protected from spambots. You need JavaScript enabled to view it.



Ligue para nós e surpreenda-se com nossos serviços

Guimarães (Rui)
+351 938 072 425
This email address is being protected from spambots. You need JavaScript enabled to view it.