SlideShare a Scribd company logo

A Review on Recovering and Examining Computer Forensic Evidences

B
BRNSSPublicationHubI

AJCSE

Education
1 of 5
Download to read offline
*Corresponding Author: Dr.N.M.Elango, Email: elango.nm@vit.ac.in REVIEW ARTICLE www.ajcse.info Asian Journal of Computer Science Engineering2016; 1(2):20-24 A Review on Recovering and Examining Computer Forensic Evidences M.Elavarasi1 , N.M.Elango2* 1 Research Scholar (Part-Time), Bharathiar University, Coimbatore-641 046 2 Associate Professor, School of Information Technology & Engineering, VIT University, Vellore Received on: 15/11/2016, Revised on: 13/12/2016, Accepted on: 22/12/2016 ABSTRACT Digital forensic is the method of acquiring the data’s electronically. It is the investigation method of gathering malicious evidence from the target system or on the network. We have to collect the evidence in the way it should be admissible in the court. The forensic investigation can be performed successfully by following the evidence gathering methodologies. Computer forensics is a new field when compare to traditional forensic methods. It is an emerging field due to the increase of cyber crime committed by using the internet. In this paper, we are going to study details of recovering and examining the cyber forensic evidences and the major issues in this field. Keywords: Cyber-Forensics, Forensic tools, cyber crimes, malicious evidence INTRODUCTION In a perfect world the need for deciding out the activity conducted on a network or within a computer would not be necessary; however, this is not a perfect world and there are times when it is extremely important that the activity of a computer be watched. There should be a way for an individual to watch obey valuable things, such a computer or network, in times when possible invasion or bad behavior has happened. For this reason, computer forensic, a newly developed area of computer science, becomes a more and more important aspect daily and will be widely used in the twenty-first century[1] . Digital forensics is the use of examination and analysis ways of doing things to gather and preserve evidence from the appropriate device in a way that is good for presentation in a court of law [2] . The goal of digital forensic is to do a careful investigation while maintaining a chain of evidence to find out exactly what to be found on a appropriate device and who was blamed for it. Digital forensic tools are now used on a daily basis by examiners and analysts. Forensics analyst usually follow a general set of procedures: After physically separating the device in question to make sure it cannot be damaged, investigators make a digital copy of the device's storage media. Once the real media is copied, it has to be sealed in a safe or other secure facility to maintain its original condition. Forensic Analyst use a variety of ways of doing things and recovery software computer programs to examine the copy, searching invisible files and unloaded disk space for copies of deleted or damaged files. Digital forensic is an important tool for solving crimes attached with computers (e.g. phishing and stealing from a bank), as well as for solving crimes against people where evidence may reside on a computer (e.g. hiding illegally-gotten money and child pornography). Memory forensic is a forensic investigation of a computer's memory dump. Definition of Computer Forensic: Forensic is the process of using experimental knowledge for collecting, examining, and presenting evidence to the courts. Forensic deals basically with the recovery and analysis of evidence [3] . Evidence can be taken in many forms, for example fingerprints left on a window to DNA evidence found from blood stains to the files on a hard drive. Computer forensic is the method that combines both law and computer science to collect and analyze data from computer, computer networks, wireless transmission devices, and storage devices in a way that is allowed as evidence in a court of law [4] . The three main steps in any computer forensic analysis are
Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 21 © 2015, AJCSE. All Rights Reserved. acquiring the data, authenticating, and analyzing of the data. Collecting the data mainly involves creating a bit-by-bit copy of the hard drive. Authentication is the making sure of that the copy used to do the analysis is an exact copy of the contents of the original hard drive by comparing the checksums of the copy and the original. If deleted data could not be recovered through the use of common forensic tools, more sensitive equipment can be used to extract the data, but this is rarely done because of the high cost of the instruments. Computer forensic is the process of gathering electronic evidences during an investigation. In order to use this information to litigate a criminal act, evidences must be collected carefully and legally. Computer and Network forensic ways of doing things are used to discover evidence in a variety of crimes ranging from theft of trade secrets. The goal of computer and network forensic is to provide acceptable evidence to allow the criminal to be successfully prosecuted. Computer Forensics Needs to the present World The need for computer forensic has become more with the increase in the number of computer crimes and lawsuits in which large organizations are involved. It has become a need for organizations to either employ the services of a computer forensic agency or hire a computer forensic expert in order to protect the organization from computer events or solve cases involving the use of computers and related technologies [5] . The financial lose caused as a result of computer crimes have also added to a renewed interest in computer forensic. Computer forensic offers the following benefits to organizations:  It ensures the integrity and makes sure of the overall performance and continued existence of an organization's computer system and network infrastructure.  Helps the organization take by force important information if their computer systems or networks are damaged.  Extracts, processes, and explains the actual evidences in order to prove the attacker's actions and the organization's innocence in court.  It helps to finds computer criminals and terrorists from different parts of the world. Computer criminals and terrorists that use the Internet as a communication medium can be found and their plans known. IP addresses play a very important role in finding out the locations of the position of terrorists.  Saves the organization money and valuable time. Many managers set apart and distribute a large amount of their IT budget for computer and network security.  Tracks complicated cases such as child pornography and e-mail spamming.  A computer forensics expert secures of that the following rules are identified as correct during an investigation:  No possible evidence damaged, destroyed, or came to agreement by the forensic procedures used to investigate the computer evidences.  No possible computer harmful programs or apps is introduced to the computer being installed during the analysis process evidences. In a crime involving the use of technology, the evidences so furnished will also be in some electronic form. At times it becomes very hard to test the truthfulness of such evidences, in presence of expert. Here comes the role of computer forensic [6] . Forensic generally means the use of science and technology to establish facts in courts of law. When prefixed by the word computer, it obviously means the relation with computer space. We term them as 'electronic evidence'. They are commonly defined as collection, preservation, and analysis and court presentation of computer related evidences. The main objectives of computer forensics The overall goal of all computer forensic phases’ preservation, identification, extraction, and documentation is to detect a computer event, identify the intruder, and prosecute the criminal in a court of law. With an increase in computer crime events ranging from theft of intellectual property rights to computer terrorism, the goals of computer crimes are becoming more widespread in nature. The main goals of computer forensic can be summarized as follows:  To recover, carefully study, and preserve the computer and related materials in a manner that can be presented as evidence in a court of law  To identify the evidence in a short amount of time, guess the possible result of the malicious activity on the victim, and AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2
Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 22 © 2015, AJCSE. All Rights Reserved. evaluate the intent and identity of the criminal. Methodologies used in computer forensics Computer forensic tools and ways of doing things are major components of an organization's disaster recovery and play a clear role in overcoming and handling computer evidences. Due to the growing of computers the criminal activity also grown, there should be a proper set of ways of doing things to use in an investigation. The evidence which is received from computers is delicate and breakable and can be easily erased or changed, and the taken computer can be damaged if not handled using proper ways of doing things. The methodology involved in computer forensic may differ depending upon the procedures, resources available and also the target company. Forensic tools enable the forensic examiner to recover deleted files, hidden files, and also the temporary data that the user may not locate. A forensic investigator must focus on basic areas such as standalone computers, workstations, servers, and online channels. Investigation of standalone PC’s and workstations and other removable media can be simple. Investigation of servers and online channels, however, it is little bit complicated and tricky [7] . During investigation, logs are often not examined or audited. The investigator must understand that logs files play an important role during the investigation. They must be given due importance, as they could provide a lead in the case. Computer forensic ways of doing things consist of the following basic activities:  Preservation: The forensic investigator must preserve the integrity and integrity of the originally collected evidence. The original evidence should not be altered or damaged. The forensic examiner must make an image or a copy of the original evidence and then he should do the analysis on that image or copy. The examiner must also compare the copy with the original evidence to identify any changes or damage.  Identification: Before commencing the investigation , the forensic investigator must identify where the evidence is present and its location. For example, evidence may be contained in internal hard disks, removable storage media, or log files. Every forensic examiner must understand the difference between actual evidence and the evidence containers. Locating and identifying information and data is a challenge for the digital forensic investigator. Different examination processes such as keyword searches, log file analyses, and system checks help an investigation.  Extraction: After identifying the evidences, the forensic examiner must extract data from it. Since dangerous and unstable data can be lost at any point, the forensic investigator must extract this data from the copy made from the original evidence. This extracted data’s must be compared with the original evidence and carefully studied.  Interpretation: The most important role a forensic examiner plays during investigation is to understand what he or she has actually found. The inspection and analysis of the evidence must be understood and also explained in a clear manner.  Documentation: From the beginning of the investigation until the end evidence is presented before a court of law, forensic examiners must maintain documentation relating to the evidence. The documentation contains the chain of custody of the evidences gathered and documents relating to the evidence analysis. Testing the Evidences: After the evidence is collected, investigators do general tests on the evidence to decide the following: 1. Authenticity: The investigator must figure out the source of the evidence. 2. Reliability: The investigator must find out the evidence is reliable and perfect. Steps Involved in Forensic Investigation These are the following steps which are followed in forensic investigation they are explained below 1. The investigation process is started at the moment of computer crime was suspected 2. Immediately the investigator should gather the preliminary evidences which includes taking photograph of the scene and also marking the evidence 3. A legal court warrant should be obtained be seizure of the data’s 4. Investigator has performed first responder procedures. AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2
Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 23 © 2015, AJCSE. All Rights Reserved. 5. Evidences which are captured from the crime scene are numbered and secured safely 6. The gathered evidence should be taken carefully to the forensic laboratory 7. The evidences are created into two bit stream copies. The original disk should not be tampered 8. An hashing algorithm is used to generate checksum of the disk images 9. A report of chain of custody has o be maintained. If any change to this chain the evidence is questionable at the time of admissibility in court. 10. Original evidence has to be kept safe and secured preferably it can be kept in a location of which it cannot be accessed easily. 11. We have to analyze the image copy for evidence. 12. A detailed forensic report has to be prepared. Which includes the forensic methodology and recovery tools used? 13. The report has to be submitted to the client. 14. If it is needed the forensic investigator may attend the court and he/she has to testify as a witness. Computer forensic tools for acquiring the data: Many Digital tools are available during a digital investigation, some are specific toward forensic. The different phases from the digital forensic investigation process explained below. There are many hardware and software tools were used in forensic investigation for collecting and analyzing the data [8] . Encase Forensic Suite: This is windows based tool and also court- validated computer forensic software. The functionalities of Encase are explained below [9] : 1. Analyzing the file signatures. 2. Conditions and queries are filtered. 3. Finding deleted files and file fragments from slack space. 4. Recovering the deleted folders. 5. Analysis of log file and event log. 6. Searching file type. 7. External file viewer and registry viewer. Forensic Tool Kit(FTK): Forensic Toolkit, or FTK, is computer forensic software made by Access Data. It scans a hard drive looking for different information. It can for example locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encrypted code [10] . The toolkit also includes a standalone disk imaging program called FTK Imager. The FTK Imager is a simple but well-said tool. It saves an image of a hard disk in one file or in parts that may be later on rebuilt. It calculates MD5 hash values and confirms the integrity of the data before closing the files. The result is an image file that can be saved in multiple formats, including DD raw Win Hex Tool: It is a universal Hex editor tool which is mainly used in computer forensics for data recovery, low level editing of data. The main functionalities are explained below 1. Cloning and imaging of disk 2. Hex view of the file 3. Calculating mass Hash value of the files (MD5,SHA,SHA-1,SHA 4,MD4,RipeMD….) 4. Gathering free space, inter partition space and slack space and generic texts from images and drives 5. Creating files and directory for all computer media 6. Unifying and dividing even and odd words/bytes 7. Concatenating and splitting up of the files 8. Comparing and analyzing the files 9. Search and replacing the functions 10. Detection of NTFS and Alternate data streams(ADS) 11. Physical and logical search done at a time Digital Forensics Framework: Digital forensic framework is another popular platform dedicated to digital forensic. The tool is open source and comes under GPL License. It can be used either by professionals or non- professionals without any trouble. This tools is used for maintaining the digital chain of custody, to access the remote or local devices, forensic of Windows or Linux OS, recovery hidden of deleted files, quick search for files' meta data, and different other things. CAINE: CAINE (Computer Aided Investigative Environment is the Linux based tool created for digital forensic. It offers an atmosphere to join together an existing software tools as software modules in a user friendly manner. This tool is an open source. AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2
Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 24 © 2015, AJCSE. All Rights Reserved. List of Forensic Tools No Name of the Software Website 1 X ways Forensics 16.3 Integrated computer forensics Software www.X-ways.net. 2 WinHex 16.3 : Computer Forensics & Data Recovery software ,Hex Editor & Disk Editor www.X-ways.net. 3 Forensic Tool Kit - FTK is the industry-standard in computer forensics software used by government agencies and law enforcement for digital investigations. http://accessdata.com /products/computerfor ensics/ftk 4 Encase forensics V 7 http://www.guidance software.com 5 S tools (Stegnography tool) : text files hiding inside images. http://www.spycheck er.com/program/stool s.html. 6 Camouflage - hide your files inside a jpeg image! http://freesoftwarepr oject.weebly.com/fre e-filecamouflage.html. 7 Slueth Kit + Autopsy Browser – Forensic Tool Set http://www.sleuthkit. org. 8 Passware Kit: Password Cracking http://www.lostpassw ord.com/kitenterprise.h tm. 9 History viewer (Show all browser as well as user activities) http://www.historyvi ewer.net/index.html. 10 Child Key logger/ family Key logger – Storing key strokes http://www.familyke ylogger.com/. 11 Stegnos privacy suite -2012 provide secret safe. Deposit all your important documents, private photos and videos in Steganos Safe 2012 – out of reach for others and highly secure http://www.steg 12 Email Tracker pro – Email tracing and Spam filtering http://www.emailtrac kerpro.com. CONCLUSION It is quite important achievement for police and law enforcing officers that India has kept pace with the changing towards the technology and introduced very important changes in its laws to be controlled by the demands of technology. The only thing which needs a special and extremely important attention is the training communicated to the putting into use people in charge so that the provisions are well enough enforced. Hopefully in years to come this problem will also be redressed and the country will witness a totally new, refreshed and technically sound legal and enforcement framework. With the help of these few popular digital forensic tools used by different law enforcing agencies using in performing crime investigation. In this paper, I added all kind of tools like higher price/higher cost, free, open source, computer forensic, mobile forensic and others. If you are going to start learning digital forensic, you can download or buy these tools and start working on those. It will help you in better understanding the whole process and tools. With the increasing use of digital data and mobile phones, digital forensic has become more important. Computer crimes are also increasing day by day. So companies are also trying to launch more powerful version of the tools, and you need to be in touch of latest digital forensic news to know about recent releases. REFERENCES 1. Ramesh Babu CH. Computer Intrusion Forensics. International Journal of Emerging Technology in Computer Science & Electronics. 2014; 11(1): 15-17. 2. John JL. Digital Forensics and Preservation. DPC Technology Watch Report.2012; P:1-66. 3. Kaur M, Kaur N, Khurana S. A Literature Review on Cyber Forensic and its Analysis tools. International Journal of Advanced Research in Computer and Communication Engineering. 2016; 5(1):23-28. 4. “Computer Forensics”, US-CERT, 2008. 5. EC-Council. Computer Forensics: Investigation Procedures and Response (CHFI). Cengage Learning, 2016. P:1-208. 6. Samarth. Cyber Forensics & Electronic Evidences: Challenges In Enforcement & Their Admissibility. 2012. 7. Investigation Procedures and Response EC-Council | Press.2010.P:1-171. 8. Sindhu KK, Mesh ram BB. Digital Forensic Investigation Tools and Procedures.I.J. Computer Network and Information Security, 2012;4: 39-48. 9. http://www.WinHex.com 10. CTI Reviews. Investigating High-Tech Crime. Cram101 Textbook Reviews, 26- Sep-2016 - Education - 29 pages. AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2

Recommended

A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
Samantha Vargas
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
ibraheem ogundele
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
Surajgroupsvideo
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
Johnson Ubah
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Anne ndolo
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
gamemaker762
 

Recommended

A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
Samantha Vargas
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
ibraheem ogundele
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
Surajgroupsvideo
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
Johnson Ubah
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Anne ndolo
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
gamemaker762
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
rahulmonikasharma
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
AliAshraf68199
 
Computer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics servicesComputer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics services
ICFECI
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
YashPatel132112
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
Mayank Diwakar
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
Atul Rai
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
BhagyasriPatel2
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
Kolluru N Rao
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)
CA.Kolluru Narayanarao
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
Sweta Kumari Barnwal
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
Happyness Mkumbo
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
Applied Forensic Research Sciences
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
smile790243
 
Anti-Forensic Techniques and Its Impact on Digital Forensic
Anti-Forensic Techniques and Its Impact on Digital ForensicAnti-Forensic Techniques and Its Impact on Digital Forensic
Anti-Forensic Techniques and Its Impact on Digital Forensic
IRJET Journal
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
CSCJournals
 
Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics Investigation
Universitas Pembangunan Panca Budi
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
Mohammed Mahfouz Alhassan
 
Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
BRNSSPublicationHubI
 
Prediction of Neurological Disorder using Classification Approach
Prediction of Neurological Disorder using Classification ApproachPrediction of Neurological Disorder using Classification Approach
Prediction of Neurological Disorder using Classification Approach
BRNSSPublicationHubI
 

More Related Content

Similar to A Review on Recovering and Examining Computer Forensic Evidences

Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
rahulmonikasharma
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
Kolluru N Rao
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
smile790243
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
CSCJournals
 
Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics Investigation
Universitas Pembangunan Panca Budi
 

Similar to A Review on Recovering and Examining Computer Forensic Evidences (20)

Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
Computer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics servicesComputer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics services
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
 
Anti-Forensic Techniques and Its Impact on Digital Forensic
Anti-Forensic Techniques and Its Impact on Digital ForensicAnti-Forensic Techniques and Its Impact on Digital Forensic
Anti-Forensic Techniques and Its Impact on Digital Forensic
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
 
Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics Investigation
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
 

More from BRNSSPublicationHubI

Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
BRNSSPublicationHubI
 
Prediction of Neurological Disorder using Classification Approach
Prediction of Neurological Disorder using Classification ApproachPrediction of Neurological Disorder using Classification Approach
Prediction of Neurological Disorder using Classification Approach
BRNSSPublicationHubI
 
On increasing of the Density of Elements of Field-effect Heterotransistors Fr...
On increasing of the Density of Elements of Field-effect Heterotransistors Fr...On increasing of the Density of Elements of Field-effect Heterotransistors Fr...
On increasing of the Density of Elements of Field-effect Heterotransistors Fr...
BRNSSPublicationHubI
 
On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...
On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...
On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...
BRNSSPublicationHubI
 
The Optimization-based Approaches for Task Scheduling to Enhance the Resource...
The Optimization-based Approaches for Task Scheduling to Enhance the Resource...The Optimization-based Approaches for Task Scheduling to Enhance the Resource...
The Optimization-based Approaches for Task Scheduling to Enhance the Resource...
BRNSSPublicationHubI
 
Contactless Real-Time Vital Signs Monitoring Using a Webcam
Contactless Real-Time Vital Signs Monitoring Using a WebcamContactless Real-Time Vital Signs Monitoring Using a Webcam
Contactless Real-Time Vital Signs Monitoring Using a Webcam
BRNSSPublicationHubI
 
Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...
Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...
Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...
BRNSSPublicationHubI
 
A Survey on Secure Routing Protocol for Data Transmission in ad hoc Networks
A Survey on Secure Routing Protocol for Data Transmission in ad hoc NetworksA Survey on Secure Routing Protocol for Data Transmission in ad hoc Networks
A Survey on Secure Routing Protocol for Data Transmission in ad hoc Networks
BRNSSPublicationHubI
 
FPGA Hardware Design of Different LDPC Applications: Survey
FPGA Hardware Design of Different LDPC Applications: SurveyFPGA Hardware Design of Different LDPC Applications: Survey
FPGA Hardware Design of Different LDPC Applications: Survey
BRNSSPublicationHubI
 
Design and Implementation of Smart Air Pollution Monitoring System Based on I...
Design and Implementation of Smart Air Pollution Monitoring System Based on I...Design and Implementation of Smart Air Pollution Monitoring System Based on I...
Design and Implementation of Smart Air Pollution Monitoring System Based on I...
BRNSSPublicationHubI
 
Smart Monitoring System for Substation’ Parameters and Automatic under Freque...
Smart Monitoring System for Substation’ Parameters and Automatic under Freque...Smart Monitoring System for Substation’ Parameters and Automatic under Freque...
Smart Monitoring System for Substation’ Parameters and Automatic under Freque...
BRNSSPublicationHubI
 
An Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: SurveyAn Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: Survey
BRNSSPublicationHubI
 
Manifolds and Catastrophes for Physical Systems
Manifolds and Catastrophes for Physical SystemsManifolds and Catastrophes for Physical Systems
Manifolds and Catastrophes for Physical Systems
BRNSSPublicationHubI
 
Explore the Influencing Variables of Personality Traits on Motives of Adaptin...
Explore the Influencing Variables of Personality Traits on Motives of Adaptin...Explore the Influencing Variables of Personality Traits on Motives of Adaptin...
Explore the Influencing Variables of Personality Traits on Motives of Adaptin...
BRNSSPublicationHubI
 
Use of Digital Health Technologies in HealthCare Organization: A System Persp...
Use of Digital Health Technologies in HealthCare Organization: A System Persp...Use of Digital Health Technologies in HealthCare Organization: A System Persp...
Use of Digital Health Technologies in HealthCare Organization: A System Persp...
BRNSSPublicationHubI
 
A Predictive Model for Novel Corona Virus Detection with Support Vector Machine
A Predictive Model for Novel Corona Virus Detection with Support Vector MachineA Predictive Model for Novel Corona Virus Detection with Support Vector Machine
A Predictive Model for Novel Corona Virus Detection with Support Vector Machine
BRNSSPublicationHubI
 
A Survey on Non-Contact Heart Rate Estimation from Facial Video
A Survey on Non-Contact Heart Rate Estimation from Facial VideoA Survey on Non-Contact Heart Rate Estimation from Facial Video
A Survey on Non-Contact Heart Rate Estimation from Facial Video
BRNSSPublicationHubI
 
Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...
Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...
Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...
BRNSSPublicationHubI
 
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
BRNSSPublicationHubI
 
Investigating the Relationship Between Teaching Performance and Research Perf...
Investigating the Relationship Between Teaching Performance and Research Perf...Investigating the Relationship Between Teaching Performance and Research Perf...
Investigating the Relationship Between Teaching Performance and Research Perf...
BRNSSPublicationHubI
 

More from BRNSSPublicationHubI (20)

Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
Computational Dual-system Imaging Processing Methods for Lumbar Spine Specime...
 
Prediction of Neurological Disorder using Classification Approach
Prediction of Neurological Disorder using Classification ApproachPrediction of Neurological Disorder using Classification Approach
Prediction of Neurological Disorder using Classification Approach
 
On increasing of the Density of Elements of Field-effect Heterotransistors Fr...
On increasing of the Density of Elements of Field-effect Heterotransistors Fr...On increasing of the Density of Elements of Field-effect Heterotransistors Fr...
On increasing of the Density of Elements of Field-effect Heterotransistors Fr...
 
On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...
On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...
On Optimization of Manufacturing of Field-effect Transistors to Increase Thei...
 
The Optimization-based Approaches for Task Scheduling to Enhance the Resource...
The Optimization-based Approaches for Task Scheduling to Enhance the Resource...The Optimization-based Approaches for Task Scheduling to Enhance the Resource...
The Optimization-based Approaches for Task Scheduling to Enhance the Resource...
 
Contactless Real-Time Vital Signs Monitoring Using a Webcam
Contactless Real-Time Vital Signs Monitoring Using a WebcamContactless Real-Time Vital Signs Monitoring Using a Webcam
Contactless Real-Time Vital Signs Monitoring Using a Webcam
 
Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...
Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...
Secure and Energy Savings Communication of Flying Ad Hoc Network for Rescue O...
 
A Survey on Secure Routing Protocol for Data Transmission in ad hoc Networks
A Survey on Secure Routing Protocol for Data Transmission in ad hoc NetworksA Survey on Secure Routing Protocol for Data Transmission in ad hoc Networks
A Survey on Secure Routing Protocol for Data Transmission in ad hoc Networks
 
FPGA Hardware Design of Different LDPC Applications: Survey
FPGA Hardware Design of Different LDPC Applications: SurveyFPGA Hardware Design of Different LDPC Applications: Survey
FPGA Hardware Design of Different LDPC Applications: Survey
 
Design and Implementation of Smart Air Pollution Monitoring System Based on I...
Design and Implementation of Smart Air Pollution Monitoring System Based on I...Design and Implementation of Smart Air Pollution Monitoring System Based on I...
Design and Implementation of Smart Air Pollution Monitoring System Based on I...
 
Smart Monitoring System for Substation’ Parameters and Automatic under Freque...
Smart Monitoring System for Substation’ Parameters and Automatic under Freque...Smart Monitoring System for Substation’ Parameters and Automatic under Freque...
Smart Monitoring System for Substation’ Parameters and Automatic under Freque...
 
An Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: SurveyAn Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: Survey
 
Manifolds and Catastrophes for Physical Systems
Manifolds and Catastrophes for Physical SystemsManifolds and Catastrophes for Physical Systems
Manifolds and Catastrophes for Physical Systems
 
Explore the Influencing Variables of Personality Traits on Motives of Adaptin...
Explore the Influencing Variables of Personality Traits on Motives of Adaptin...Explore the Influencing Variables of Personality Traits on Motives of Adaptin...
Explore the Influencing Variables of Personality Traits on Motives of Adaptin...
 
Use of Digital Health Technologies in HealthCare Organization: A System Persp...
Use of Digital Health Technologies in HealthCare Organization: A System Persp...Use of Digital Health Technologies in HealthCare Organization: A System Persp...
Use of Digital Health Technologies in HealthCare Organization: A System Persp...
 
A Predictive Model for Novel Corona Virus Detection with Support Vector Machine
A Predictive Model for Novel Corona Virus Detection with Support Vector MachineA Predictive Model for Novel Corona Virus Detection with Support Vector Machine
A Predictive Model for Novel Corona Virus Detection with Support Vector Machine
 
A Survey on Non-Contact Heart Rate Estimation from Facial Video
A Survey on Non-Contact Heart Rate Estimation from Facial VideoA Survey on Non-Contact Heart Rate Estimation from Facial Video
A Survey on Non-Contact Heart Rate Estimation from Facial Video
 
Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...
Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...
Impact of Classification Algorithms on Cardiotocography Dataset for Fetal Sta...
 
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
 
Investigating the Relationship Between Teaching Performance and Research Perf...
Investigating the Relationship Between Teaching Performance and Research Perf...Investigating the Relationship Between Teaching Performance and Research Perf...
Investigating the Relationship Between Teaching Performance and Research Perf...
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Recently uploaded (20)

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationBasic Intentional Injuries Health Education
Basic Intentional Injuries Health Education
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
latest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answerslatest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answers
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 

A Review on Recovering and Examining Computer Forensic Evidences

  • 1. *Corresponding Author: Dr.N.M.Elango, Email: elango.nm@vit.ac.in REVIEW ARTICLE www.ajcse.info Asian Journal of Computer Science Engineering2016; 1(2):20-24 A Review on Recovering and Examining Computer Forensic Evidences M.Elavarasi1 , N.M.Elango2* 1 Research Scholar (Part-Time), Bharathiar University, Coimbatore-641 046 2 Associate Professor, School of Information Technology & Engineering, VIT University, Vellore Received on: 15/11/2016, Revised on: 13/12/2016, Accepted on: 22/12/2016 ABSTRACT Digital forensic is the method of acquiring the data’s electronically. It is the investigation method of gathering malicious evidence from the target system or on the network. We have to collect the evidence in the way it should be admissible in the court. The forensic investigation can be performed successfully by following the evidence gathering methodologies. Computer forensics is a new field when compare to traditional forensic methods. It is an emerging field due to the increase of cyber crime committed by using the internet. In this paper, we are going to study details of recovering and examining the cyber forensic evidences and the major issues in this field. Keywords: Cyber-Forensics, Forensic tools, cyber crimes, malicious evidence INTRODUCTION In a perfect world the need for deciding out the activity conducted on a network or within a computer would not be necessary; however, this is not a perfect world and there are times when it is extremely important that the activity of a computer be watched. There should be a way for an individual to watch obey valuable things, such a computer or network, in times when possible invasion or bad behavior has happened. For this reason, computer forensic, a newly developed area of computer science, becomes a more and more important aspect daily and will be widely used in the twenty-first century[1] . Digital forensics is the use of examination and analysis ways of doing things to gather and preserve evidence from the appropriate device in a way that is good for presentation in a court of law [2] . The goal of digital forensic is to do a careful investigation while maintaining a chain of evidence to find out exactly what to be found on a appropriate device and who was blamed for it. Digital forensic tools are now used on a daily basis by examiners and analysts. Forensics analyst usually follow a general set of procedures: After physically separating the device in question to make sure it cannot be damaged, investigators make a digital copy of the device's storage media. Once the real media is copied, it has to be sealed in a safe or other secure facility to maintain its original condition. Forensic Analyst use a variety of ways of doing things and recovery software computer programs to examine the copy, searching invisible files and unloaded disk space for copies of deleted or damaged files. Digital forensic is an important tool for solving crimes attached with computers (e.g. phishing and stealing from a bank), as well as for solving crimes against people where evidence may reside on a computer (e.g. hiding illegally-gotten money and child pornography). Memory forensic is a forensic investigation of a computer's memory dump. Definition of Computer Forensic: Forensic is the process of using experimental knowledge for collecting, examining, and presenting evidence to the courts. Forensic deals basically with the recovery and analysis of evidence [3] . Evidence can be taken in many forms, for example fingerprints left on a window to DNA evidence found from blood stains to the files on a hard drive. Computer forensic is the method that combines both law and computer science to collect and analyze data from computer, computer networks, wireless transmission devices, and storage devices in a way that is allowed as evidence in a court of law [4] . The three main steps in any computer forensic analysis are
  • 2. Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 21 © 2015, AJCSE. All Rights Reserved. acquiring the data, authenticating, and analyzing of the data. Collecting the data mainly involves creating a bit-by-bit copy of the hard drive. Authentication is the making sure of that the copy used to do the analysis is an exact copy of the contents of the original hard drive by comparing the checksums of the copy and the original. If deleted data could not be recovered through the use of common forensic tools, more sensitive equipment can be used to extract the data, but this is rarely done because of the high cost of the instruments. Computer forensic is the process of gathering electronic evidences during an investigation. In order to use this information to litigate a criminal act, evidences must be collected carefully and legally. Computer and Network forensic ways of doing things are used to discover evidence in a variety of crimes ranging from theft of trade secrets. The goal of computer and network forensic is to provide acceptable evidence to allow the criminal to be successfully prosecuted. Computer Forensics Needs to the present World The need for computer forensic has become more with the increase in the number of computer crimes and lawsuits in which large organizations are involved. It has become a need for organizations to either employ the services of a computer forensic agency or hire a computer forensic expert in order to protect the organization from computer events or solve cases involving the use of computers and related technologies [5] . The financial lose caused as a result of computer crimes have also added to a renewed interest in computer forensic. Computer forensic offers the following benefits to organizations:  It ensures the integrity and makes sure of the overall performance and continued existence of an organization's computer system and network infrastructure.  Helps the organization take by force important information if their computer systems or networks are damaged.  Extracts, processes, and explains the actual evidences in order to prove the attacker's actions and the organization's innocence in court.  It helps to finds computer criminals and terrorists from different parts of the world. Computer criminals and terrorists that use the Internet as a communication medium can be found and their plans known. IP addresses play a very important role in finding out the locations of the position of terrorists.  Saves the organization money and valuable time. Many managers set apart and distribute a large amount of their IT budget for computer and network security.  Tracks complicated cases such as child pornography and e-mail spamming.  A computer forensics expert secures of that the following rules are identified as correct during an investigation:  No possible evidence damaged, destroyed, or came to agreement by the forensic procedures used to investigate the computer evidences.  No possible computer harmful programs or apps is introduced to the computer being installed during the analysis process evidences. In a crime involving the use of technology, the evidences so furnished will also be in some electronic form. At times it becomes very hard to test the truthfulness of such evidences, in presence of expert. Here comes the role of computer forensic [6] . Forensic generally means the use of science and technology to establish facts in courts of law. When prefixed by the word computer, it obviously means the relation with computer space. We term them as 'electronic evidence'. They are commonly defined as collection, preservation, and analysis and court presentation of computer related evidences. The main objectives of computer forensics The overall goal of all computer forensic phases’ preservation, identification, extraction, and documentation is to detect a computer event, identify the intruder, and prosecute the criminal in a court of law. With an increase in computer crime events ranging from theft of intellectual property rights to computer terrorism, the goals of computer crimes are becoming more widespread in nature. The main goals of computer forensic can be summarized as follows:  To recover, carefully study, and preserve the computer and related materials in a manner that can be presented as evidence in a court of law  To identify the evidence in a short amount of time, guess the possible result of the malicious activity on the victim, and AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2
  • 3. Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 22 © 2015, AJCSE. All Rights Reserved. evaluate the intent and identity of the criminal. Methodologies used in computer forensics Computer forensic tools and ways of doing things are major components of an organization's disaster recovery and play a clear role in overcoming and handling computer evidences. Due to the growing of computers the criminal activity also grown, there should be a proper set of ways of doing things to use in an investigation. The evidence which is received from computers is delicate and breakable and can be easily erased or changed, and the taken computer can be damaged if not handled using proper ways of doing things. The methodology involved in computer forensic may differ depending upon the procedures, resources available and also the target company. Forensic tools enable the forensic examiner to recover deleted files, hidden files, and also the temporary data that the user may not locate. A forensic investigator must focus on basic areas such as standalone computers, workstations, servers, and online channels. Investigation of standalone PC’s and workstations and other removable media can be simple. Investigation of servers and online channels, however, it is little bit complicated and tricky [7] . During investigation, logs are often not examined or audited. The investigator must understand that logs files play an important role during the investigation. They must be given due importance, as they could provide a lead in the case. Computer forensic ways of doing things consist of the following basic activities:  Preservation: The forensic investigator must preserve the integrity and integrity of the originally collected evidence. The original evidence should not be altered or damaged. The forensic examiner must make an image or a copy of the original evidence and then he should do the analysis on that image or copy. The examiner must also compare the copy with the original evidence to identify any changes or damage.  Identification: Before commencing the investigation , the forensic investigator must identify where the evidence is present and its location. For example, evidence may be contained in internal hard disks, removable storage media, or log files. Every forensic examiner must understand the difference between actual evidence and the evidence containers. Locating and identifying information and data is a challenge for the digital forensic investigator. Different examination processes such as keyword searches, log file analyses, and system checks help an investigation.  Extraction: After identifying the evidences, the forensic examiner must extract data from it. Since dangerous and unstable data can be lost at any point, the forensic investigator must extract this data from the copy made from the original evidence. This extracted data’s must be compared with the original evidence and carefully studied.  Interpretation: The most important role a forensic examiner plays during investigation is to understand what he or she has actually found. The inspection and analysis of the evidence must be understood and also explained in a clear manner.  Documentation: From the beginning of the investigation until the end evidence is presented before a court of law, forensic examiners must maintain documentation relating to the evidence. The documentation contains the chain of custody of the evidences gathered and documents relating to the evidence analysis. Testing the Evidences: After the evidence is collected, investigators do general tests on the evidence to decide the following: 1. Authenticity: The investigator must figure out the source of the evidence. 2. Reliability: The investigator must find out the evidence is reliable and perfect. Steps Involved in Forensic Investigation These are the following steps which are followed in forensic investigation they are explained below 1. The investigation process is started at the moment of computer crime was suspected 2. Immediately the investigator should gather the preliminary evidences which includes taking photograph of the scene and also marking the evidence 3. A legal court warrant should be obtained be seizure of the data’s 4. Investigator has performed first responder procedures. AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2
  • 4. Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 23 © 2015, AJCSE. All Rights Reserved. 5. Evidences which are captured from the crime scene are numbered and secured safely 6. The gathered evidence should be taken carefully to the forensic laboratory 7. The evidences are created into two bit stream copies. The original disk should not be tampered 8. An hashing algorithm is used to generate checksum of the disk images 9. A report of chain of custody has o be maintained. If any change to this chain the evidence is questionable at the time of admissibility in court. 10. Original evidence has to be kept safe and secured preferably it can be kept in a location of which it cannot be accessed easily. 11. We have to analyze the image copy for evidence. 12. A detailed forensic report has to be prepared. Which includes the forensic methodology and recovery tools used? 13. The report has to be submitted to the client. 14. If it is needed the forensic investigator may attend the court and he/she has to testify as a witness. Computer forensic tools for acquiring the data: Many Digital tools are available during a digital investigation, some are specific toward forensic. The different phases from the digital forensic investigation process explained below. There are many hardware and software tools were used in forensic investigation for collecting and analyzing the data [8] . Encase Forensic Suite: This is windows based tool and also court- validated computer forensic software. The functionalities of Encase are explained below [9] : 1. Analyzing the file signatures. 2. Conditions and queries are filtered. 3. Finding deleted files and file fragments from slack space. 4. Recovering the deleted folders. 5. Analysis of log file and event log. 6. Searching file type. 7. External file viewer and registry viewer. Forensic Tool Kit(FTK): Forensic Toolkit, or FTK, is computer forensic software made by Access Data. It scans a hard drive looking for different information. It can for example locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encrypted code [10] . The toolkit also includes a standalone disk imaging program called FTK Imager. The FTK Imager is a simple but well-said tool. It saves an image of a hard disk in one file or in parts that may be later on rebuilt. It calculates MD5 hash values and confirms the integrity of the data before closing the files. The result is an image file that can be saved in multiple formats, including DD raw Win Hex Tool: It is a universal Hex editor tool which is mainly used in computer forensics for data recovery, low level editing of data. The main functionalities are explained below 1. Cloning and imaging of disk 2. Hex view of the file 3. Calculating mass Hash value of the files (MD5,SHA,SHA-1,SHA 4,MD4,RipeMD….) 4. Gathering free space, inter partition space and slack space and generic texts from images and drives 5. Creating files and directory for all computer media 6. Unifying and dividing even and odd words/bytes 7. Concatenating and splitting up of the files 8. Comparing and analyzing the files 9. Search and replacing the functions 10. Detection of NTFS and Alternate data streams(ADS) 11. Physical and logical search done at a time Digital Forensics Framework: Digital forensic framework is another popular platform dedicated to digital forensic. The tool is open source and comes under GPL License. It can be used either by professionals or non- professionals without any trouble. This tools is used for maintaining the digital chain of custody, to access the remote or local devices, forensic of Windows or Linux OS, recovery hidden of deleted files, quick search for files' meta data, and different other things. CAINE: CAINE (Computer Aided Investigative Environment is the Linux based tool created for digital forensic. It offers an atmosphere to join together an existing software tools as software modules in a user friendly manner. This tool is an open source. AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2
  • 5. Elavarasi and Elango / A Review on Recovering and Examining Computer Forensic Evidences 24 © 2015, AJCSE. All Rights Reserved. List of Forensic Tools No Name of the Software Website 1 X ways Forensics 16.3 Integrated computer forensics Software www.X-ways.net. 2 WinHex 16.3 : Computer Forensics & Data Recovery software ,Hex Editor & Disk Editor www.X-ways.net. 3 Forensic Tool Kit - FTK is the industry-standard in computer forensics software used by government agencies and law enforcement for digital investigations. http://accessdata.com /products/computerfor ensics/ftk 4 Encase forensics V 7 http://www.guidance software.com 5 S tools (Stegnography tool) : text files hiding inside images. http://www.spycheck er.com/program/stool s.html. 6 Camouflage - hide your files inside a jpeg image! http://freesoftwarepr oject.weebly.com/fre e-filecamouflage.html. 7 Slueth Kit + Autopsy Browser – Forensic Tool Set http://www.sleuthkit. org. 8 Passware Kit: Password Cracking http://www.lostpassw ord.com/kitenterprise.h tm. 9 History viewer (Show all browser as well as user activities) http://www.historyvi ewer.net/index.html. 10 Child Key logger/ family Key logger – Storing key strokes http://www.familyke ylogger.com/. 11 Stegnos privacy suite -2012 provide secret safe. Deposit all your important documents, private photos and videos in Steganos Safe 2012 – out of reach for others and highly secure http://www.steg 12 Email Tracker pro – Email tracing and Spam filtering http://www.emailtrac kerpro.com. CONCLUSION It is quite important achievement for police and law enforcing officers that India has kept pace with the changing towards the technology and introduced very important changes in its laws to be controlled by the demands of technology. The only thing which needs a special and extremely important attention is the training communicated to the putting into use people in charge so that the provisions are well enough enforced. Hopefully in years to come this problem will also be redressed and the country will witness a totally new, refreshed and technically sound legal and enforcement framework. With the help of these few popular digital forensic tools used by different law enforcing agencies using in performing crime investigation. In this paper, I added all kind of tools like higher price/higher cost, free, open source, computer forensic, mobile forensic and others. If you are going to start learning digital forensic, you can download or buy these tools and start working on those. It will help you in better understanding the whole process and tools. With the increasing use of digital data and mobile phones, digital forensic has become more important. Computer crimes are also increasing day by day. So companies are also trying to launch more powerful version of the tools, and you need to be in touch of latest digital forensic news to know about recent releases. REFERENCES 1. Ramesh Babu CH. Computer Intrusion Forensics. International Journal of Emerging Technology in Computer Science & Electronics. 2014; 11(1): 15-17. 2. John JL. Digital Forensics and Preservation. DPC Technology Watch Report.2012; P:1-66. 3. Kaur M, Kaur N, Khurana S. A Literature Review on Cyber Forensic and its Analysis tools. International Journal of Advanced Research in Computer and Communication Engineering. 2016; 5(1):23-28. 4. “Computer Forensics”, US-CERT, 2008. 5. EC-Council. Computer Forensics: Investigation Procedures and Response (CHFI). Cengage Learning, 2016. P:1-208. 6. Samarth. Cyber Forensics & Electronic Evidences: Challenges In Enforcement & Their Admissibility. 2012. 7. Investigation Procedures and Response EC-Council | Press.2010.P:1-171. 8. Sindhu KK, Mesh ram BB. Digital Forensic Investigation Tools and Procedures.I.J. Computer Network and Information Security, 2012;4: 39-48. 9. http://www.WinHex.com 10. CTI Reviews. Investigating High-Tech Crime. Cram101 Textbook Reviews, 26- Sep-2016 - Education - 29 pages. AJCSE, Nov-Dec, 2016, Vol. 1, Issue 2