Digital Forensics: Different types of digital forensics
INTRODUCTION
Computer Forensics is a branch of Forensic Science, it is also known as Digital OR Cyber Forensics.
Investigation of computer-related crimes with the help of scientific method in a way that is suitable for presentation in the court of law Digital forensics focused on the investigation of artifacts stored on or found on digital devices like computer, mobile devices, laptop, SD Cards, hard drives, USB etc
DEFINITION
The word “Forensic” comes from the Latin word “FORENSICS” (meaning “public”)Forensic science is a scientific method of gathering and examining information about the past.
Digital Forensics:
Forensics is the practice of investigation, identification, collection, analysis, and reporting of evidence from the crime scene in a way that is scientifically approved & legally admissible.
CONCEPT OF FORENSICS
Forensics is based on the concept of Every Contact Leave a Trace Behind (i.e Locard’s Exchange Principle) –>When two objects come into contact with each other, a cross-transfer of materials occurs, and every criminal can be connected to a crime through these trace evidence carried from the crime scene.
LOCARD’S EXCHANGE PRINCIPLE
So as according to Locard’s exchange principle says that in the physical world when perpetrators enter or leave a crime scene, they will leave something behind and take something with them. Examples include DNA, latent prints, hair, and fibers
The same holds true in digital forensics. Registry keys and log files can serve as the digital equivalent to hair and fiber.
OBJECTIVES OF FORENSIC INVESTIGATION
5WH objectives: Who, Where, What, When, Why, And How
- What: Describe the facts of what happened at the crime scene
- When: The time of the crime and other related events
- Why: The motivation for the crime and why it happened at a given time
- Who: Persons involved in the investigation (including victims, suspects & witnesses)
- Where: Location of the crime
- How: How the crime was committed
WHY KNOWLEDGE OF FORENSICS IS IMPORTANT?
Forensics plays an important role in Law & Justice, it provides justice to the victim and helps to catch & punish criminal
The knowledge or practice of forensic investigation principles, process, methods & techniques provides an Additional Benefit to the Investigator that all evidence is properly collected & gives a benefit layer to maintain the INTEGRITY, AUTHENTICATION & availability when the technical and legal forensic investigation process ignored or not followed properly then the following risks arise:
- Useful & important evidence being compromised/ lost or destroyed
- Evidence not being admissible in the court of law due to integrity and authenticity issues
- It can lead to the wrong direction
- Destroy the image of Justice System
CASE STUDY
In a murder trial, IO at the crime scene allegedly tried to unlock the mobile phone of the suspected person. similarly while doing that, he continuously entered incorrect Password/PIN and PUK codes to unlock the SIM. Without knowledge, The IO was tempering with the useful evidence and cause of this all data relevant to the case being ERASED. After this incidence defense filled a case against the IO to destroying & mishandling of the Important & critical evidence that could provide a lead to the investigation.
BRANCHES OF DIGITAL FORENSICS
Digital forensics is divided into several sub-branches relating to the investigation of various types of evidence Branches –
A) Mobile Forensics
Mobile forensics deals with evidence related to mobile phones and other mobile devices, Most importantly
Now a day’s mobile phones are the most common digital evidence found at crime scene and phones are the most useful source of evidence, Therefore Mobile phone not only use for communication but also store important information’s like images, chats, documents, contact details, and network information, etc
This information helps in the forensics investigations especially to establish a connection between crime and criminal.
B) Computer Forensics
This branch handle cases related to data stored in the computer devices. The main goal of computer forensics division is to find out and explain the current state of digital evidence stored into devices like computers, laptops, storage devices, and other electronic documents.
C) Network Forensics
Network forensics deals with cases related to computer network traffic. network traffic can be local (LAN) or the Internet (WAN). The purposes of analysis of network traffic is- information gathering, collection of evidence or intrusion detection.
D) Database Forensics
The database forensics division handles cases related to the database. A forensics database is an analysis and examination of databases and their metadata.
E) Live Forensics
Live Forensic is that branch of digital forensics that deals with the examination and analysis of cases related to a live scenario i.e. analysis of a switched a system within its original location without any change. This helps to maintain the originality of evidence without any changes and losses.
Read More at Digital Forensics Blog
For more information about Cyber Security Courses, kindly visit – www.icssindia.in
- Digital Forensics Training & Certification
- Certified Network Defender Training & Certification