DEV Community

Lightning Hero
Lightning Hero

Posted on

Introduction to Digital Forensics

What is Digital Forensics?

  • Digital Forensics compromises techniques and procedures for finding digital evidence that can be presented in a court of law.

  • It is can be correctly defined as a collection, examination, analysis, and documentation by using scientifically proven methods to investigate a digital crime and present it before the court.

  • Digital forensics encompasses much more than laptops and computers. Mobile devices, Networks, and cloud systems are very much within the scope of this domain. It also includes the analysis of audio, videos, and images.

Process Of Digital Forensics:

  • Identification: This is the first step that any investigator takes at the crime location is to identify the purpose of the investigation and collect the potential digital artifacts.

  • Preservation: After finding the artifacts the investigator has to make sure that the evidence has not tampered.

  • Collection: This step involves the collection of the artifacts without causing any harm to the evidence.

  • Examination: This step involves careful inspection of the artifacts prior to any analysis.

  • Analysis: The most crucial step of all, in this step the investigator, carries out crucial things like retrieving the deleted files, determine if the system has any malicious file or not, crack passwords, etc.

  • Interpretation: This step involves concluding the investigation found.

  • Documentation: This generally involves creating a detailed report of the enter investigation.

Types of Digital Forensics:

Any object having an Ip address may have a chance of getting compromised. So anything having Ip address can come under
the domain of Digital Forensics.

  • Computer Forensics: In this type of Forensics the Investigator is responsible for investigating Hard Drives, OS configuration, User Controls, CD/DVDs, etc.

  • Network Forensics: In this type of Forensics the Investigator is responsible for investigating network logs, Data packets, etc.

  • Multi-media Forensics: This type of forensics involves the investigation of the audio and video files.

  • Memory Forensics: It is the forensic investigation of the memory or ram dump of the system to find out volatile memory like chat history, clipboard history, browser history, etc.

Why Should We Learn Digital Forensics??

  • The skill sets allows you to more effectively:
    • Understand malware
    • Understand how attackers steal data
    • Create better defensive IT architectures
    • Maintain Current systems for optimal performance Design and Implement Security Policy

Types Of Tools:

  • Open-source: Open-source tools are available for free for the usage of the entire community.
  • Commercial: These types of tools are paid and are commercially available.
  • Self-Created: Created by the investigator and the time of investigation for automating some tasks.

Hence, I have covered the basic understanding and requirements for Digital Forensic Investigation.

Top comments (0)