Thursday, 23 May 2013

Computer Forensic : Introduction

Hello again, today my blog post is about Computer Forensic, one of my favourite subject in computer security world. What is Computer Forensic? Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Computer forensics involves the preservation, identification, extraction, interpretation, and documentation of computer evidence.

So, what is the differences between Computer Forensic and Digital Forensic? Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data.

There are 4 phases of Digital Forensic :
1. Identification (Crime scene) --> identify all of the digital evidences

2. Collecting (Lab)
  a. Chain of custody --> collecting, labeling and documenting all of the digital evidences
  b. Acquisition --> make clones of digital evidences
  c. Fingerprint --> create hash file

3. Analysis (Lab)
  a. Chain of Custody --> change permisssion of digital evidence to read-only
  b. Analysis --> perform analysis from the clone of  digital evidences
  c. Collecting --> summarize the results found
  d. Reconstruction --> construct the case into timeframe

4. Presentation (Court / Law)

There are 2 conditions when performing forensic activity :
1. Live : when the digital evidences still alive/turn on. In this case the investigator can also clone the RAM
2. Dead : when the digital evidences have been torned off.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)