Digital Forensics Chapter 1 PDF

Summary

This document provides an introduction to digital forensics, exploring the concept, methodology, and various types of digital forensics. It outlines the process and steps involved, giving a concise overview of the fundamentals.

Full Transcript

Digital Forensics Chapter 1 Learning Objectives introduction to Computer Forensics: Provide general information about digit forensics, Importance in the investigation of digital crimes. the steps of forensic investigation What is Computer Forensics? Comp...

Digital Forensics Chapter 1 Learning Objectives introduction to Computer Forensics: Provide general information about digit forensics, Importance in the investigation of digital crimes. the steps of forensic investigation What is Computer Forensics? Computer forensics is the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law. Computer forensics activities Computer forensics activities commonly include: The secure collection of computer data Identifying suspicious data Examining suspicious data to determine details such as source and content Presenting computer information to courts For law Applying the laws of a country to computer practice. Basic methodology in computer forensics The basic methodology consists of the 3 As: – Acquire the evidence without altering or damaging the original – Authenticate the image – Analyze the data without modifying it What is Digital forensics Digital forensics is a branch of forensic science that focuses on identifying, acquiring, processing, analyzing, and reporting on data stored electronically. What is forensic investigation? What is forensic investigation? Forensics is the scientific method used to solve a crime. Forensic investigation is the gathering and analysis of all crime-related physical evidence to conclude ‫ استنتاج‬a suspect. To determine how a crime occurred investigators will examine blood, fluid, or fingerprints, residue ‫البقايا‬, hard drives, computers, or other technology. Process of Digital forensics Digital forensics entails the following steps: Identification Preservation Analysis Documentation Presentation Other Definition What is Digital evidence ? Digital evidence is information stored or transmitted in binary form that may be relied ‫ االعتماد عليها‬on in court. What is Digital crime Cybercrime ? Cybercrime is any criminal activity that involves a computer, networked device or a network. Process of Digital forensics Process of Digital forensics 1-Identification It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format). Electronic storage media can be personal computers, Mobile phones, PDAs, etc. Process of Digital forensics 2- Preservation In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with. ‫( ى‬ ) ‫حت ال يتم العبث فيها‬ Process of Digital forensics 3- Analysis In this step, investigation agents reconstruct ‫اعادة بناء أجزاء البيانات‬ fragments of data and draw conclusions based on evidence ‫واستخالص النتائج‬ found. Process of Digital forensics 4- Documentation In this process, a record of all the visible data must be created. It helps in recreating the crime scene ‫ مرسح الجريمة‬and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime- scene mapping. Process of Digital forensics 5- Presentation In this last step, the process of summarization and explanation of conclusions is done. Types of Digital Forensics 1. Disk Forensics: It deals with extracting data from storage media by searching active, modified, or deleted files. 2. Network Forensics: It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence. 3. Wireless Forensics: The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic. Types of Digital Forensics 4 -Database Forensics : It is a branch of digital forensics relating to the study and examination of databases and their relate metadata. 5 -Malware Forensics : This branch deals with the identification of malicious code, to study their payload ‫دراسة رتأثيها‬, viruses, worms, etc. 6 -Email Forensics : Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts. Types of Digital Forensics 7 -Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM). 8 -Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It helps to retrieve ‫اسيداد‬ ‫ ر‬phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc. Advantages of digital forensics Advantages of digital forensics 1. Allows analysis of digital evidence. 2. Helps identify criminals. 3. It can be used to recover deleted data. 4. Provides insight into how crimes are committed.‫يوفر نظرة ثاقبة حول كيفية ارتكاب الجرائم‬ 5. They can be used to prevent future crimes. Disadvantages of digital forensics Disadvantages of digital forensics 1. Time-consuming process. 2. Requires specialized skills and knowledge. 3. Can be expensive. 4. May require court order to obtain evidence. 5. Evidence can be easily destroyed or tampered‫ العبث به‬with. Examples of digital crimes Digital crimes include: Theft of computer services. Unauthorized access to protected computers. Hacking software and changing or stealing electronically stored information. Extortion committed with the help of computers.‫االبياز المرتكب بمساعدة أجهزة الكمبيوتر‬ ‫رز‬ Getting unauthorized access to records from banks, credit card companies or customer reporting agencies ‫وكاالت اإلبالغ عن العمالء‬, trading ‫ االتجار‬in stolen passwords and transmitting viruses or destructive commands. SUMMARY introduction to Computer Forensics: Provide general information about digit forensics, Importance in the investigation of digital crimes. the steps of forensic investigation

Use Quizgecko on...
Browser
Browser