The document provides an overview of cyber forensics. It discusses how cyber forensics has become important for investigations due to increasing internet crimes. It outlines the typical phases of cyber forensics investigations - identification, acquisition, analysis, and reporting. The identification phase deals with identifying evidence and preserving the chain of custody. The acquisition phase involves creating copies of digital evidence like hard disk images. The analysis phase examines the acquired evidence to find relevant pieces. Finally, the reporting phase documents the findings and conclusions. A variety of cyber forensics tools are also mentioned.
Download DOC word file from below Links:
Link 1 :http://gestyy.com/eiT4WO
Link 2: http://fumacrom.com/RQUm
Disclaimer: Above doc file is only for education purpose only
Process of Digital forensics
Identification
Preservation
Analysis
4. Presentation and Reporting:
5. Disseminating the case:
What is acquisition in digital forensics?
How to handle data acquisition in digital forensics
Types of Digital Forensics
Disk Forensics
Network Forensics
Wireless Forensics
Database Forensics
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
CYBER FORENSICS AND AUDITING
Topics Covered: Introduction to Cyber Forensics, Computer Equipment and associated storage, media Role of forensics Investigator, Forensics Investigation Process, Collecting Network based Evidence Writing, Computer Forensics Reports, Auditing, Plan an audit against a set of audit criteria, Information Security Management, System Management. Introduction to ISO 27001:2013
Download DOC word file from below Links:
Link 1 :http://gestyy.com/eiT4WO
Link 2: http://fumacrom.com/RQUm
Disclaimer: Above doc file is only for education purpose only
Process of Digital forensics
Identification
Preservation
Analysis
4. Presentation and Reporting:
5. Disseminating the case:
What is acquisition in digital forensics?
How to handle data acquisition in digital forensics
Types of Digital Forensics
Disk Forensics
Network Forensics
Wireless Forensics
Database Forensics
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
CYBER FORENSICS AND AUDITING
Topics Covered: Introduction to Cyber Forensics, Computer Equipment and associated storage, media Role of forensics Investigator, Forensics Investigation Process, Collecting Network based Evidence Writing, Computer Forensics Reports, Auditing, Plan an audit against a set of audit criteria, Information Security Management, System Management. Introduction to ISO 27001:2013
Cyber crimes are increasing day by day, so as the cyber evidences at the crime scene.
To know more about the cyber evidence, go to the link given below-
https://youtu.be/2PBoOPU9e00
Cyber forensics, also known as digital forensics, is the process of collecting, analysing, and storing digital evidence in order to investigate and prevent cybercrime. It entails the use of specialised techniques, tools, and processes to unearth critical information connected to security breaches, data theft, hacking, and other digital offences. Cyber forensics is critical in identifying culprits, reconstructing events, and producing legally admissible evidence for prosecution. It contributes to the protection of persons, organisations, and society as a whole by maintaining the integrity and security of digital environments.
Cyber forensics, or digital forensics, investigates and analyzes digital evidence related to cybercrimes. It involves collecting, preserving, and examining data from various sources like computers, mobile devices, networks, and online platforms. Cyber forensic specialists use specialized tools and techniques to identify perpetrators, reconstruct events, and provide legally admissible evidence. The field constantly evolves due to technological advancements and emerging cyber threats, requiring continuous learning and adaptation. Cyber forensics is vital for ensuring the integrity of digital environments, combating cyber crimes, and upholding the security of individuals and organizations.
https://lumiversesolutions.com/cyber-forensics/
Virtual machine has been the most one of virtualization technology used today for working and saving
hardware resources, besides as a tool conduct research on
malware, network installations etc. The wide use of
virtualization technology is becoming a new challenge for
digital forensics experts to carry out further research on the
recovery of evidence of deleted virtual machine image. This
research tries to find out whether there is evidence of
generated activity in the destroyed virtual vachine and how to
find the potential of digital evidence by using the Virtual
Machine Forensic Analysis and Recovery method. The result
showed, the virtual machine which was removed from the
VirtualBox library could be recovered and analyzed by using
autopsy tools and FTK with analytical method, 4 deleted files
in the VMDK file could be recovered and analyzed against the
digital evidence after checking the hash and metadata in
accordance with the original. However, Virtual machine image
with Windows-based and Linux-based operating systems which
was deleted using the destroy method on VirtualBox could not
be recovered by using autopsy and FTK, even though
VirtualBox log analysis, deleted filesystem analysis, and
registry analysis to recover backbox.vmdk and windows
7.vmdk does not work, due to the deletion was done using a
high-level removal method, almost similar to the method of
wipe removal of data on the hard drive.
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
The presentation contains: Concept of Forensic, Need & Purpose of Forensic
Computer Forensic, Role of IT for Forensic, Data Collection / Mining Tools, Data Analysis & Reporting, Fraud Detection & Auditing
Enhancements in the world of digital forensicsIAESIJAI
Currently, the rapid advancement of computer systems and mobile phones has resulted in their utilization in unlawful acts. Ensuring adequate and effective security measures poses a difficult task due to the intricate nature of these devices, thereby exacerbating the challenges associated with investigating crimes involving them. Digital forensics, which involves investigating cyber crimes, plays a crucial role in this realm. Extensive research has been conducted in this field to aid forensic investigations in addressing contemporary obstacles. This paper aims to explore the progress made in the applications of digital forensics and security, encompassing various aspects, and provide insights into the evolution of digital forensics over the past five years.
A Proactive Approach in Network Forensic Investigation ProcessEditor IJCATR
nformation Assurance and Security (IAS) is a crucial component in the corporate environment to ensure that the secrecy of
sensitive data is protected, the integrity of important data is not violated, and the availability of critical systems is guaranteed. The
advancement of Information communication and technology into a new era and domain such as mobility and Internet of Things,
its ever growing user’s base and sophisticated cyber-attacks forces the organizations to deploy automated and robust defense
mechanism to manage resultant digital security incidences in real time. Digital forensic is a scientific process that facilitates
detection of illegal activities and in-appropriate behaviors using scientific tools, techniques and investigation frameworks. This
research aims at identifying processes that facilitate and improves digital forensic investigation process. Existing digital forensic
framework will be reviewed and the analysis will be compiled toderive a network forensic investigation framework that include
evidence collection, preservation and analysis at a sensor level and in real time. It is aimed to discover complete relationship with
optimal performance among known and unseen/new alerts generated by multiple network sensors in order to improve the quality
of alert and recognize attack strategy
Ethical Hacking And Computer ForensicsShanaAneevan
Data recovery is the process in which highly trained engineers evaluate and extract data from damaged media and return it in an intact format. Many people, even computer experts, fail to recognize data recovery as an option during a data crisis, yet it is possible to retrieve files that have been deleted and passwords that have been forgotten or to recover entire hard drives that have been physically damaged.
.
Introduction:
RNA interference (RNAi) or Post-Transcriptional Gene Silencing (PTGS) is an important biological process for modulating eukaryotic gene expression.
It is highly conserved process of posttranscriptional gene silencing by which double stranded RNA (dsRNA) causes sequence-specific degradation of mRNA sequences.
dsRNA-induced gene silencing (RNAi) is reported in a wide range of eukaryotes ranging from worms, insects, mammals and plants.
This process mediates resistance to both endogenous parasitic and exogenous pathogenic nucleic acids, and regulates the expression of protein-coding genes.
What are small ncRNAs?
micro RNA (miRNA)
short interfering RNA (siRNA)
Properties of small non-coding RNA:
Involved in silencing mRNA transcripts.
Called “small” because they are usually only about 21-24 nucleotides long.
Synthesized by first cutting up longer precursor sequences (like the 61nt one that Lee discovered).
Silence an mRNA by base pairing with some sequence on the mRNA.
Discovery of siRNA?
The first small RNA:
In 1993 Rosalind Lee (Victor Ambros lab) was studying a non- coding gene in C. elegans, lin-4, that was involved in silencing of another gene, lin-14, at the appropriate time in the
development of the worm C. elegans.
Two small transcripts of lin-4 (22nt and 61nt) were found to be complementary to a sequence in the 3' UTR of lin-14.
Because lin-4 encoded no protein, she deduced that it must be these transcripts that are causing the silencing by RNA-RNA interactions.
Types of RNAi ( non coding RNA)
MiRNA
Length (23-25 nt)
Trans acting
Binds with target MRNA in mismatch
Translation inhibition
Si RNA
Length 21 nt.
Cis acting
Bind with target Mrna in perfect complementary sequence
Piwi-RNA
Length ; 25 to 36 nt.
Expressed in Germ Cells
Regulates trnasposomes activity
MECHANISM OF RNAI:
First the double-stranded RNA teams up with a protein complex named Dicer, which cuts the long RNA into short pieces.
Then another protein complex called RISC (RNA-induced silencing complex) discards one of the two RNA strands.
The RISC-docked, single-stranded RNA then pairs with the homologous mRNA and destroys it.
THE RISC COMPLEX:
RISC is large(>500kD) RNA multi- protein Binding complex which triggers MRNA degradation in response to MRNA
Unwinding of double stranded Si RNA by ATP independent Helicase
Active component of RISC is Ago proteins( ENDONUCLEASE) which cleave target MRNA.
DICER: endonuclease (RNase Family III)
Argonaute: Central Component of the RNA-Induced Silencing Complex (RISC)
One strand of the dsRNA produced by Dicer is retained in the RISC complex in association with Argonaute
ARGONAUTE PROTEIN :
1.PAZ(PIWI/Argonaute/ Zwille)- Recognition of target MRNA
2.PIWI (p-element induced wimpy Testis)- breaks Phosphodiester bond of mRNA.)RNAse H activity.
MiRNA:
The Double-stranded RNAs are naturally produced in eukaryotic cells during development, and they have a key role in regulating gene expression .
Cyber crimes are increasing day by day, so as the cyber evidences at the crime scene.
To know more about the cyber evidence, go to the link given below-
https://youtu.be/2PBoOPU9e00
Cyber forensics, also known as digital forensics, is the process of collecting, analysing, and storing digital evidence in order to investigate and prevent cybercrime. It entails the use of specialised techniques, tools, and processes to unearth critical information connected to security breaches, data theft, hacking, and other digital offences. Cyber forensics is critical in identifying culprits, reconstructing events, and producing legally admissible evidence for prosecution. It contributes to the protection of persons, organisations, and society as a whole by maintaining the integrity and security of digital environments.
Cyber forensics, or digital forensics, investigates and analyzes digital evidence related to cybercrimes. It involves collecting, preserving, and examining data from various sources like computers, mobile devices, networks, and online platforms. Cyber forensic specialists use specialized tools and techniques to identify perpetrators, reconstruct events, and provide legally admissible evidence. The field constantly evolves due to technological advancements and emerging cyber threats, requiring continuous learning and adaptation. Cyber forensics is vital for ensuring the integrity of digital environments, combating cyber crimes, and upholding the security of individuals and organizations.
https://lumiversesolutions.com/cyber-forensics/
Virtual machine has been the most one of virtualization technology used today for working and saving
hardware resources, besides as a tool conduct research on
malware, network installations etc. The wide use of
virtualization technology is becoming a new challenge for
digital forensics experts to carry out further research on the
recovery of evidence of deleted virtual machine image. This
research tries to find out whether there is evidence of
generated activity in the destroyed virtual vachine and how to
find the potential of digital evidence by using the Virtual
Machine Forensic Analysis and Recovery method. The result
showed, the virtual machine which was removed from the
VirtualBox library could be recovered and analyzed by using
autopsy tools and FTK with analytical method, 4 deleted files
in the VMDK file could be recovered and analyzed against the
digital evidence after checking the hash and metadata in
accordance with the original. However, Virtual machine image
with Windows-based and Linux-based operating systems which
was deleted using the destroy method on VirtualBox could not
be recovered by using autopsy and FTK, even though
VirtualBox log analysis, deleted filesystem analysis, and
registry analysis to recover backbox.vmdk and windows
7.vmdk does not work, due to the deletion was done using a
high-level removal method, almost similar to the method of
wipe removal of data on the hard drive.
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
The presentation contains: Concept of Forensic, Need & Purpose of Forensic
Computer Forensic, Role of IT for Forensic, Data Collection / Mining Tools, Data Analysis & Reporting, Fraud Detection & Auditing
Enhancements in the world of digital forensicsIAESIJAI
Currently, the rapid advancement of computer systems and mobile phones has resulted in their utilization in unlawful acts. Ensuring adequate and effective security measures poses a difficult task due to the intricate nature of these devices, thereby exacerbating the challenges associated with investigating crimes involving them. Digital forensics, which involves investigating cyber crimes, plays a crucial role in this realm. Extensive research has been conducted in this field to aid forensic investigations in addressing contemporary obstacles. This paper aims to explore the progress made in the applications of digital forensics and security, encompassing various aspects, and provide insights into the evolution of digital forensics over the past five years.
A Proactive Approach in Network Forensic Investigation ProcessEditor IJCATR
nformation Assurance and Security (IAS) is a crucial component in the corporate environment to ensure that the secrecy of
sensitive data is protected, the integrity of important data is not violated, and the availability of critical systems is guaranteed. The
advancement of Information communication and technology into a new era and domain such as mobility and Internet of Things,
its ever growing user’s base and sophisticated cyber-attacks forces the organizations to deploy automated and robust defense
mechanism to manage resultant digital security incidences in real time. Digital forensic is a scientific process that facilitates
detection of illegal activities and in-appropriate behaviors using scientific tools, techniques and investigation frameworks. This
research aims at identifying processes that facilitate and improves digital forensic investigation process. Existing digital forensic
framework will be reviewed and the analysis will be compiled toderive a network forensic investigation framework that include
evidence collection, preservation and analysis at a sensor level and in real time. It is aimed to discover complete relationship with
optimal performance among known and unseen/new alerts generated by multiple network sensors in order to improve the quality
of alert and recognize attack strategy
Ethical Hacking And Computer ForensicsShanaAneevan
Data recovery is the process in which highly trained engineers evaluate and extract data from damaged media and return it in an intact format. Many people, even computer experts, fail to recognize data recovery as an option during a data crisis, yet it is possible to retrieve files that have been deleted and passwords that have been forgotten or to recover entire hard drives that have been physically damaged.
.
Introduction:
RNA interference (RNAi) or Post-Transcriptional Gene Silencing (PTGS) is an important biological process for modulating eukaryotic gene expression.
It is highly conserved process of posttranscriptional gene silencing by which double stranded RNA (dsRNA) causes sequence-specific degradation of mRNA sequences.
dsRNA-induced gene silencing (RNAi) is reported in a wide range of eukaryotes ranging from worms, insects, mammals and plants.
This process mediates resistance to both endogenous parasitic and exogenous pathogenic nucleic acids, and regulates the expression of protein-coding genes.
What are small ncRNAs?
micro RNA (miRNA)
short interfering RNA (siRNA)
Properties of small non-coding RNA:
Involved in silencing mRNA transcripts.
Called “small” because they are usually only about 21-24 nucleotides long.
Synthesized by first cutting up longer precursor sequences (like the 61nt one that Lee discovered).
Silence an mRNA by base pairing with some sequence on the mRNA.
Discovery of siRNA?
The first small RNA:
In 1993 Rosalind Lee (Victor Ambros lab) was studying a non- coding gene in C. elegans, lin-4, that was involved in silencing of another gene, lin-14, at the appropriate time in the
development of the worm C. elegans.
Two small transcripts of lin-4 (22nt and 61nt) were found to be complementary to a sequence in the 3' UTR of lin-14.
Because lin-4 encoded no protein, she deduced that it must be these transcripts that are causing the silencing by RNA-RNA interactions.
Types of RNAi ( non coding RNA)
MiRNA
Length (23-25 nt)
Trans acting
Binds with target MRNA in mismatch
Translation inhibition
Si RNA
Length 21 nt.
Cis acting
Bind with target Mrna in perfect complementary sequence
Piwi-RNA
Length ; 25 to 36 nt.
Expressed in Germ Cells
Regulates trnasposomes activity
MECHANISM OF RNAI:
First the double-stranded RNA teams up with a protein complex named Dicer, which cuts the long RNA into short pieces.
Then another protein complex called RISC (RNA-induced silencing complex) discards one of the two RNA strands.
The RISC-docked, single-stranded RNA then pairs with the homologous mRNA and destroys it.
THE RISC COMPLEX:
RISC is large(>500kD) RNA multi- protein Binding complex which triggers MRNA degradation in response to MRNA
Unwinding of double stranded Si RNA by ATP independent Helicase
Active component of RISC is Ago proteins( ENDONUCLEASE) which cleave target MRNA.
DICER: endonuclease (RNase Family III)
Argonaute: Central Component of the RNA-Induced Silencing Complex (RISC)
One strand of the dsRNA produced by Dicer is retained in the RISC complex in association with Argonaute
ARGONAUTE PROTEIN :
1.PAZ(PIWI/Argonaute/ Zwille)- Recognition of target MRNA
2.PIWI (p-element induced wimpy Testis)- breaks Phosphodiester bond of mRNA.)RNAse H activity.
MiRNA:
The Double-stranded RNAs are naturally produced in eukaryotic cells during development, and they have a key role in regulating gene expression .
A brief information about the SCOP protein database used in bioinformatics.
The Structural Classification of Proteins (SCOP) database is a comprehensive and authoritative resource for the structural and evolutionary relationships of proteins. It provides a detailed and curated classification of protein structures, grouping them into families, superfamilies, and folds based on their structural and sequence similarities.
Seminar of U.V. Spectroscopy by SAMIR PANDASAMIR PANDA
Spectroscopy is a branch of science dealing the study of interaction of electromagnetic radiation with matter.
Ultraviolet-visible spectroscopy refers to absorption spectroscopy or reflect spectroscopy in the UV-VIS spectral region.
Ultraviolet-visible spectroscopy is an analytical method that can measure the amount of light received by the analyte.
Professional air quality monitoring systems provide immediate, on-site data for analysis, compliance, and decision-making.
Monitor common gases, weather parameters, particulates.
Richard's aventures in two entangled wonderlandsRichard Gill
Since the loophole-free Bell experiments of 2020 and the Nobel prizes in physics of 2022, critics of Bell's work have retreated to the fortress of super-determinism. Now, super-determinism is a derogatory word - it just means "determinism". Palmer, Hance and Hossenfelder argue that quantum mechanics and determinism are not incompatible, using a sophisticated mathematical construction based on a subtle thinning of allowed states and measurements in quantum mechanics, such that what is left appears to make Bell's argument fail, without altering the empirical predictions of quantum mechanics. I think however that it is a smoke screen, and the slogan "lost in math" comes to my mind. I will discuss some other recent disproofs of Bell's theorem using the language of causality based on causal graphs. Causal thinking is also central to law and justice. I will mention surprising connections to my work on serial killer nurse cases, in particular the Dutch case of Lucia de Berk and the current UK case of Lucy Letby.
Richard's entangled aventures in wonderlandRichard Gill
Since the loophole-free Bell experiments of 2020 and the Nobel prizes in physics of 2022, critics of Bell's work have retreated to the fortress of super-determinism. Now, super-determinism is a derogatory word - it just means "determinism". Palmer, Hance and Hossenfelder argue that quantum mechanics and determinism are not incompatible, using a sophisticated mathematical construction based on a subtle thinning of allowed states and measurements in quantum mechanics, such that what is left appears to make Bell's argument fail, without altering the empirical predictions of quantum mechanics. I think however that it is a smoke screen, and the slogan "lost in math" comes to my mind. I will discuss some other recent disproofs of Bell's theorem using the language of causality based on causal graphs. Causal thinking is also central to law and justice. I will mention surprising connections to my work on serial killer nurse cases, in particular the Dutch case of Lucia de Berk and the current UK case of Lucy Letby.
1. Review on Cyber Forensics
Presented by:
Vaishnavi Borse, M.Sc. I yr.
2. I. Introduction:
Computing devices has become an integral part of our lives.
This device with the Internet, have given predators a new tool
with which to pursue their evil purpose.
Due to the steady increase in instances of cyber terrorism,
Internet fraud, and constantly evolving viruses, computer
forensics has, and will increasingly, become more of a focal
point for government and law enforcement.
There are several steps and procedures that must be taken to
reduce the risk of becoming a victim.
There is also a tools available for use by trained
individuals in the field of computer forensics
One such way is Cyber forensics, a unique process of
identifying, preserving, analyzing and presenting digital
evidence in a manner that is legally accepted.
3. According to Arfid (i),
Computer forensics involves the identification,
documentation, and interpretation of computer media for
using them as evidence and/or to rebuild the crime scenario.
According to Garber (ii),
Computer forensics defined as the process of
identifying, collecting, preserving, analyzing and presenting
the computer- related evidence in a manner that is legally
acceptable by court.
4. A. Importance of computer forensics
Computer forensics has become an important part of the
judicial process in recent months, the media reported
numerous cyber attacks by criminals who know how
hacking technique in computer network systems, with this
in mind electronic evidence plays a more vital role in court
to prove or disprove the actions of an individual in order to
obtain a conviction.
However, obtaining electronic evidence can be difficult and
there may be problems of authenticity, digital evidence
must be provided in a way that is admissible in a court of
law.
Phishing, corporate fraud, intellectual property disputes, theft,
breach of contract and asset recovery.
Ability to search and analyze a large amount of information
quickly and efficiently and to identify key pieces of data that can
be used to assist in the formation of a legal case.
Valuable data that has been lost, deleted by offenders can
be recovered and used to form substantial evidence in
court
5. Oliver et al, (iii),
Network forensics involves collection and
analysis of network events in order to
discover the sources of security attacks.
Cyber forensics focuses on real- time,
online evidence gathering. Forensics
analysis deals with identification,
extraction and reporting on data
obtained from a computer system.
System
forensics is
performed on
standalone
machines. N
. Data forensics
majorly focuses on
analysis of volatile and
non-volatile data
Digital forensic deals with examination and
analysis of material found in digital
devices,
6. B . Overview of Cyber Forensics
Cyber forensics becoming as a source of investigation
because human expert witnesses are important since
courts will not recognize software tools such as Encase,
Pasco, Ethereal as an expert witness [Meyers and Rogers,
(iv) ].
Cyber forensics is useful for many professionals like
military, private sector and industry, academia, and
law. These areas have many needs including data
protection, data acquisition, imaging, extraction,
interrogation, normalization, analysis, and reporting.
Albert and Robert (ix), focused the cyber forensics
international guidelines, related key terms, and tools in their
field manual.
The objective of Cyber forensics is to identify digital
evidence for an investigation with scientific method to draw
conclusions.
7. II. Phases of Cyber Forensics
[Cole, (viii)]
1. Identification Phase
2. Acquisition Phase
3. Analysis Phase
4. Reporting Phase
5. Forensics Methodology
The identification phase mainly deals with incident identification,
evidence collection and checking of the evidence. The acquisition
phase saves the state of a computer system that can be further
analyzed. The analysis phase collects the acquired data and
examines it to find the pieces of evidences. The reporting phase
comprises of documentation and evidence retention.
8. 1. Identification Phase
• The process of identifying evidence material and its
probable location.
• Evidence should be handled properly. Basic
requirement in evidence collection is evidence must be
presented without alteration. This requirement applies
to all the phases of forensics analysis
• At the time of evidence collection, there is a need of
thorough check of system logs, time stamps and security
monitors.
• Chain of custody is a vital part of computer forensics and
the legal system and goal is to protect the integrity of
evidence, so evidence should be physically secured in a
safe place along with a detailed log.
[McQuade and Samuel, (vii) ]
9. 2. Acquisition Phase
The goal of this phase is to save all digital values.
A copy of hard disk is created, which is commonly called as
an image.
Kruse and Heiser (vi), described the different methods of
acquiring data and their relative advantages and
disadvantages.
Three types of forensic acquisition:
i. Mirror image.
ii. Forensics duplication.
iii. Live acquisition.
10. i. Mirror image:
A Mirror image, bit-for-bit copy, involves the backups of entire hard
disk. The purpose of having mirror image is evidence available in the
case of original system need to be restarted for further analysis
ii. Forensic Duplication :
Sector-by-sector.
An advanced method that makes a copy of every bit without leaving
any single bit of the evidence.
The resultant may be single large file and must be an exact
representation of the original drive at bitstream level.
Forensic tool kit (ftk) imager, unix dd command, or encase, access
data’s ftk.
iii. Live acquisition:
Capturing RAM
This information may not be recorded in a file system or image
backups and it may hold clues related to attacker
All currently running processes, open sockets, currently logged users,
recent connections etc, are available in volatile information.
11. 3. Analysis phase
Forensic analysis is the process of understanding, re-creating,
and analyzing arbitrary events that have gathered from digital
sources [Caloyannides, (v)].
There are three types of examinations; limited, partial or full
examination
Limited examination covers the data areas that are specified
by legal documents. Least time consuming and most common
type.
Partial examination deals with prominent areas. Key areas like
log files, registry, cookies, E-mail folders and user directories
etc.
Full examination requires the examiner to look each and every
possible bit of data to find the root causes of the incident. File
slack inspection is done in this examination
12. 4. Reporting Phase
The reporting phase comprises of documentation and
evidence retention.
The scientific method is used in this phase to draw
conclusions based on the gathered evidence.
Based on the Cyber laws and presents the conclusions for
corresponding evidence from investigation.
Need of good policy for how long evidence from an incident
should be retention.
Factors to be considered in this process are prosecution, data
retention and cost.
To meet the retention requirements there is a need of maintaining
log archival.The archived logs must be protected to maintain
confidentiality and integrity of logs.
13. 5. Forensics Methodology
The International Association of Computer Investigative Specialists
(IACIS) has developed a forensic methodology which can be
summarized as follows:
Protect the Crime Scene, power shutdown for the computer and
document the hardware configuration and transport the computer
system to a secure location.
Bit Stream backup of digital media, use hash algorithms to
authenticate data on all storage devices and document the system
date and time .
Search keywords and check file space management (swap file, file
slack evaluation, unallocated space).
Evaluate program functionality, document findings/results and
retain Copies of software.
14. III. Cyber forensic tools:
Albert and Robert (ix), described various cyber forensics tools and
their description:
(1) The Coroner’s Toolkit (TCT), is an open source set of forensic
tools designed to conduct investigation UNIX systems.
(2) The Forensic Toolkit (FTK) is very powerful tool but not simple to
use.
(3) I2Analyst is a different type of analysis tool from those
information security professionals are used to.
(4) LogLogic’s LX 2000 is powerful and distributed log analysis tool.
(5) NetWitness, security intelligence, is a network traffic security
analyzer tool.
(6) ProDiscover Incident Response (IR) is a complete IT forensic
tool that can access computers over the network to study the
network behavior.
(7) The Sleuth Kit is one of network forensics tools used to find file
15. IV. Conclusion
When analyzing cyber forensics, the process of doing so is
different than the traditional forensics.
The various phases of Cyber forensics have been
discussed and each phase explored with their respective
tools.
16. References:
i. Arfid, 2005 , “Have You Been Hacked”? A Primer to Cyber Security and Cyber
Forensics”, The Chartered Accountant. [Accessed date: 16-02-2022]
ii. Garber, 2021, “Computer Forensics: HighTech Law Enforcement”, IEEE Computer
Society’s Computer Magazine, 34 (1). [Accessed date: 18-02-2022]
iii. Oliver et al, 2019, “E-Mail Authorship Attribution for Computer Forensics”, Applications
of Data Mining in Computer Security, Springer. [Accessed date: 19-02-2022]
iv. Meyers and Rogers, 2004, “Computer Forensics: the Need for Stand Ardization and
Certification”, International Journal of Digital Evidence. [Accessed date: 19-02-2022]
v. Caloyannides, 2001, “Computer Forensics and Privacy”. Artech House. [Accessed
date: 18-02-2022]
vi. Kruse and Heiser, 2002, “Computer Forensics Incident Response Essentials”, Addison
Wesley Pearson Education. [Accessed date: 18-02-2022]
vii. McQuade and Samuel, 2016, “Understanding and Managing Cybercrime” Pearson
Education. [Accessed date: 19-02-2022]
viii. Cole, 2010, “Network Security: Bible”, Wiley India Pvt. Ltd. [Accessed date: 20-02-
2022]
ix. Albert and Robert, 2018, “Cyber Forensics: A Field Manual for Collecting, Examining
and Preserving Evidence of Computer Crimes”, Taylor & Francis Group. [Accessed
date: 19-02-2022]
x. Whitman and Herbert, 2010, “Principles and Practices of Information Security”,