OT Odio - шаблон joomla Joomla
joomla

Товары компании

Связаться с нами

contact
 Республика Казахстан

Акмолинская область

020000, г. Кокшетау

ул. Уалиханова, 197А, офис 4

 +7 777 110 23 10

 +7 777 034 19 62

 +7 701 221 95 86

  Этот адрес электронной почты защищен от спам-ботов. У вас должен быть включен JavaScript для просмотра.
  Этот адрес электронной почты защищен от спам-ботов. У вас должен быть включен JavaScript для просмотра.
Guide To Digital Forensics

Guide To Digital Forensics

Computer forensics or digital forensics is a time period in computer science to acquire legal proof found in digital media or computers storage. With digital forensic investigation, the investigator can discover what happened to the digital media equivalent to emails, hard disk, logs, computer system, and the network itself. In lots of case, forensic investigation can produce how the crime could happened and the way we will shield ourselves in opposition to it subsequent time.

Some reasons why we need to conduct a forensic investigation: 1. To gather evidences so that it can be used in court to resolve authorized cases. 2. To investigate our network strength, and to fill the safety gap with patches and fixes. 3. To recover deleted recordsdata or any information in the occasion of hardware or software program failure

In computer forensics, the most important issues that have to be remembered when conducting the investigation are:

1. The original evidence must not be altered in in any case, and to do conduct the method, forensic investigator must make a bit-stream image. Bit-stream image is a little by little copy of the original storage medium and actual copy of the original media. The difference between a bit-stream image and normal copy of the unique storage is bit-stream image is the slack area within the storage. You'll not discover any slack space info on a copy media.

2. All forensic processes must follow the legal legal guidelines in corresponding country the place the crimes happened. Each nation has different law suit in IT field. Some take IT rules very seriously, for instance: United Kingdom, Australia.

3. All forensic processes can only be carried out after the investigator has the search warrant.

Forensic investigators would normally looking at the timeline of how the crimes occurred in timely manner. With that, we are able to produce the crime scene about how, when, what and why crimes might happened. In an enormous company, it's instructed to create a Digital Forensic Staff or First Responder Staff, so that the corporate may still protect the evidence till the forensic investigator come to the crime scene.

First Response guidelines are: 1. Certainly not ought to anybody, except for Forensic Analyst, to make any makes an attempt to recuperate information from any computer system or machine that holds electronic information. 2. Any try and retrieve the data by person stated in number 1, kelowna ought to be avoided as it could compromise the integrity of the proof, wherein grew to become inadmissible in legal court.

Based on that rules, it has already explained the important roles of getting a First Responder Workforce in a company. The unqualified individual can solely safe the perimeter in order that nobody can touch the crime scene until Forensic Analyst has come (This can be accomplished by taking photo of the crime scene. They can additionally make notes in regards to the scene and who have been present at that time.

Steps should be taken when a digital crimes happenred in knowledgeable manner: 1. Safe the crime scene till the forensic analyst arrive.

2. Forensic Analyst should request for the search warrant from local authorities or company's management.

3. Forensic Analyst make take a picture of the crime scene in case of if there isn't any any images has been taken.

4. If the computer remains to be powered on, do not turned off the computer. As a substitute, used a forensic instruments akin to Helix to get some information that may solely be discovered when the computer continues to be powered on, such as knowledge on RAM, and registries. Such instruments has it is special operate as not to write anything back to the system so the integrity stay intake.

5. Once all live proof is collected, Forensic Analyst cant turned off the computer and take harddisk back to forensic lab.

6. All the evidences have to be documented, by which chain of custody is used. Chain of Custody preserve records on the proof, similar to: who has the evidence for the last time.

7. Securing the evidence have to be accompanied by authorized officer such as police as a formality.

8. Back in the lab, Forensic Analyst take the proof to create bit-stream image, as unique proof must not be used. Normally, Forensic Analyst will create 2-5 bit-stream image in case 1 image is corrupted. In fact Chain of Custody still used on this state of affairs to maintain records of the evidence.

9. Hash of the unique proof and bit-stream image is created. This acts as a proof that authentic evidence and the bit-stream image is the exact copy. So any alteration on the bit image will end in different hash, which makes the evidences found become inadmissible in court.

10. Forensic Analyst starts to find evidence within the bit-stream image by fastidiously wanting at the corresponding location depends on what sort of crime has happened. For instance: Momentary Internet Information, Slack Area, Deleted File, Steganography files.