There are few types of investigation methods using for computer forensics
Digital forensics is investigation method used for investigating crimes which is related to digital devices such as computer, mobile phones and presenting it to the higher courts accordingly so that legal actions could be taken. Now a days mostly digital devices are using in human lives and it is part of people. These digital devices also help when it comes to find traces and evidence for crimes being held. According to the revolution digital evidences are using since 1980’s in a court to prove the criminal
Digital evidence should be authentic and reliable. The usage of digital evidence can be different according to their law. Mostly there will be defined guidelines to recover evidence it is make sure the authenticity of digital evidence.
These are the standard ways to collect evidence in digital forensics.
This is a popular techniques used in digital forensics to find evidence in embedded devices. Storage drives are using to find evidence about victim and it will be compared with other storage devices to identify related data to victim or crime scene. For an example if victim stored digital files in more than one device then all storage driver files extract and compared with other stored device files to find evidence.
Digital forensics uses several techniques to find evidence from digital devices. Various tools and software used to grab the evidence from digital devices. Finding evidence is not simple process because mostly criminal and even a computer user know the way to hide or encrypt data. Live analysis will be a difficult because of there are different ways. Investigators should know the way to extract evidence from digital devices like in a computer the information can be encrypt and deleted so here decrypting, recovering process should be the investigators’ role.
It is common techniques use in digital forensics to find evidence in digital embedded devices. Normally after using the files it will be deleted by the criminal but won’t be fully deleted. Deleted files can be recovered and carving out by using forensics software. And also operating systems and files systems are not erasing files always it can be recover by reconstructing physical disk sectors.
It is technique use to hide information behind the image or related files. It is hard to find if any picture is containing information or not because the used image file does not change. Hiding information is stored as hash so to decrypt the hash value, key file is important.
While investigating if victim PC is still on then through the PC’s RAM investigators can collect information which is not stored in hard drive. RAM temporarily stores data and it can recover before shutting down the PC. There are many software used today to recover, like Microsoft’s Coffee tool, windd and Windows SCOPE.
If power failure during finding files in RAM still there are chances in a RAM to use. RAM is storing data temporally so when power goes it will be deleted automatically but using freezing technology to RAM still we can store the data in RAM. When RAM got freeze it will stop the data by deleting automatically.
Digital forensics use different types of tools it can be change according to the investigations and crime scenes. Open source and commercial tools are using for forensics investigation but mostly manual reviewing is important like reviewing Windows registry for victim information, discovering and cracking password etc.
This is a basic method that any organization can follow before taking to outside source. It is a method that using internal staffs and resources to resolve problem. This defensive method can be used in GSD to prevent illegal access their network. Normally organizations having IT professionals to support so GSD can ask to solve their problem. IT professionals can go through with their network and system to find holes. Mostly network is major concern because hacker can attack through network to steal, delete, change and for fun. This defensive way help to maintain solve problems internally rather than getting help from outside source it will help to maintain their security within organization.
It is investigation about crime scene rather than trying to close the network and other holes in the organization. It will be continuing as investigation and digital evidences are reviewing to grab the evidence. Offensive level of investigation used to investigate like credit card fraud, illegal files transferring and confidential information sends through steganography technology are few crime scenes.
...(download the rest of the essay above)