Computer Forensics Investigation Process

17-11-2020, 18:54:08

#1
Açık Profil bilgileri

Özel Mesaj Gönder

tarafından gönderilen tüm mesajları bul

'ı arkadaş olarak ekle
Forensic investigation steps should be well known because it can open new doors for people to be blamed for easy reasons. It's easier to leave or delete evidence in virtual environments.

Computer Forensics investigation is a process and it has 4 main ways.

Definition
Examination
Analysis
Reporting

Definition

Forensic Informatics review identification period begins with the identification and collection of potential data storage resources (digital evidence) to be examined.

Typical data sources: computer hard drives, CD, DVD, USB disks, flash disks, memory cards, mobile phones. etc.

Examination

It is the research process to make exact copies of the collected data sources. It is essential that the evidence examined here preserves data integrity. In other words, the proof should be preserved from the moment the evidence is seized.

Analysis

in this process, the data about the subject is extracted from the exact copy of the examined evidence.

Reporting

The information is presented. The reporting should be clear and should include evaluations rather than claims.

Hardware and Software Used in Examinations

Encase Forensic Software

It's one of the most used software in the world. It's paid software commercially released by the company Guidance Software and it runs on windows

With Encase Forensic software;

In addition to e-evidence such as hard disk, usb memory, RAM, file, folder, server; Forensic copies of smartphones and tablets can be taken and examined,

It can calculate hash on e-evidence and forensic copy,

It can recover data,

It can work with the password finding/cracking software called "Passware Kit Forensic"

It can show the e-mail content without the need for an external program

In addition to previewing files with various extensions, external file viewers can also be added to the program.

Forensic Toolkit (FTK) software

It is a paid software commercially released by AccessData Software company.
With Forensic Toolkit software

Password of more than 100 applications can be recovered,

Automatic analysis can be done,

Control options such as stopping, pausing and resuming ongoing processes are available

Editable reports,

Comprehensive data analysis,

It is designed in such a way that the operations on the database will continue non-stop in case the FTK program stops working with an error

SQLite database

It has the ability to find/crack passwords of encrypted domains such as Credant, SafeBoot, Utimaco, SafeGuard Enterprise and Easy, EFS, PGP, GuardianEdge, Pointsec and S/MIME.

Cellebrite UFED Touch Ultimate

it receives suitable data from gps devices, tablets, computers, sim cards and some music players for forensic examination

if it supports the model:

it can get physical forensic copy

it can get logical forensic copy

it can extract the current file content,

it can extract files such as existing or deleted applications, passwords, e-mails, messages, contacts, gps information etc.

XRY

XRY hardware can be used with the program installed on the Windows

with the XRY, content extraction can be performed on the model which have 3 different inputs at the same time.

Source: https://www.turkhackteam.org/adli-bi...azilimlar.html
Translator @Gauloran