Digital Forensics

One solution to identify direct evidence of a crime

Digital Forensics

KNOW MORE ABOUT Digital Forensics

Forensics Insight

Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage media. Computer forensics is also known as digital forensics.

The goal of computer forensics is to explain the current state of a digital artifact. The term digital artifact can include a computer system, a storage medium (such as a hard disk or CD-ROM), an electronic document (e.g. an email message or JPEG image) or even a sequence of packets moving over a computer network. The explanation can be as straightforward as “what information is here?” and as detailed as “what is the sequence of events responsible for the present situation?”

There are many reasons to employ the techniques of computer forensics:

  • In legal cases, computer forensic techniques are frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
  • To recover data in the event of a hardware or software failure.
  • To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did.
  • To gather evidence against an employee that an organization wishes to terminate.
  • To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.

Network forensics is the process of capturing information that moves over a network and trying to make sense of it in some kind of forensics capacity.  A network forensics appliance is a device that automates this process.

Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.

Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form of Network forensics relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.

Digital Forensics Definition

Digital forensics(sometimes Digital forensics science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term was originally used as a synonym for computer forensics but has expanded to cover other devices capable of storing digital data.

There are three types of forensic tools:

  1. Computer Forensics Tools – addressing data at rest – imaging hard-drives, searching, previewing, analyzing and recovery of deleted data;
  2. Network Forensics Tools – addressing data in motion – capturing and reconstructing entire sessions, searching capabilities, previewing of sent/received data, as well as alerting and reporting features.
  3. Mobile Forensics Tools.

As well as identifying direct evidence of a crime, digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example, in copyright cases) or authenticate documents. Investigations are much broader in scope than other areas of forensic analysis (where the usual aim is to provide answers to a series of simpler questions) often involving complex time-lines or hypothesis.

Forensic Tools can help in dealing with the increasing number of illegal or inappropriate activity, document discovery, discovering data leakage or for recovery of deleted data. Investigators, either internal or external, can use such solutions to collect and analyze data in a forensically manner.

By use of such tools, the time required for investigations is being reduced from weeks or months to just hours. Investigators can now use a dedicated solution instead of tens of different software designed to address specific requirement and they can present the results of the investigation in a legally accepted way.

Internal investigative capabilities allow corporate investigators to quickly and inexpensively respond to allegations of inappropriate activities within the IT infrastructure, enabling organizations to effectively enforce their policies and control illegal activities.