Author : Khushal Srivastav
A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format.
—Dr. H.B. Wolfe
The History of Forensics
Forensics has been around since the dawn of justice. Cavemen had justice in rules set to protect home and hearth. Francis Galton (1822–1911) made the first recorded study of fingerprints, Leone Lattes (1887–1954) discovered blood groupings (A, B, AB, and 0), Calvin Goddard (1891–1955) allowed firearms and bullet comparison for solving many pending court cases, Albert Osborn (1858–1946) developed essential features of document examination, Hans Gross (1847–1915) made use of scientific study to head criminal investigations. And in 1932, the FBI set up a lab to provide forensic services to all field agents and other law authorities across the country. When you look back at these historic forensic events, you see patterns of confidence in the forensic information recovered and analyzed. You will see in this study guide, Today’s Computer forensics is clearly a new pattern of confidence, acceptance, and analysis.
The Objectives of Computer Forensics
The ultimate goal of a computer forensic investigator is to determine the nature and events concerning a crime and to locate the perpetrator by following a structured investigative procedure
Types of Cyber Crimes
Ø Theft of intellectual property: This pertains to any act that allows access to patent, trade secrets, customer data, sales trends, and any confidential information.
Ø Damage of company service networks: This can occur if someone plants a Trojan horse, conducts a denial of service attack, installs an unauthorized modem, or installs a back door to allow others to gain access to the network or system.
Ø Financial fraud: This pertains to anything that uses fraudulent solicitation to prospective victims to conduct fraudulent transactions.
Ø Hacker system penetrations: These occur via the use of sniffers, root-kits, and other tools that take advantage of vulnerabilities of systems or software.
Ø Distribution and execution of viruses and worms: These are some of the most common forms of cyber crime.
Forensics Techniques
A number of techniques are used during computer forensics investigations.
1. Cross-drive analysis
A forensic technique that correlates information found on multiple hard drives. The process, still being researched, can be used to identify social networks and for perform anomaly detection
2. Live analysis
The practice is useful when dealing with Encrypting File Systems, for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged (known as a live acquisition) before the computer is shut down.
3. Deleted files
A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Most operating systems and file systems do not always erase physical file data, allowing investigators to reconstruct it from the physical disk sectors. File carving involves searching for known file headers within the disk image and reconstructing deleted materials.
4. Steganography
One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. This process is often used to hide pornographic images of children as well as information that a given criminal does not want to have discovered. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image (if available.) While the image appears exactly the same, the hash changes as the data changes.