Introduction Of Digital Forensic

Published Date: 02 Nov 2017

Abstract

In current world, computers have become part of our daily lives where each of us required to use the computer to do our daily activities as such purchasing online items, surfing internet, access email, online banking transaction etc. In the business context, companies are required to do computer to perform their daily tasks as such access account information, managing customer information, online trade stock, inventing new item online and services. As things has been getting more problems when computer crimes are starting to increase due to certain percentage of reported cases result in conviction in law where peoples misuse it. The process which used methods and approach to start initiate a digital forensics investigation to identify the outcome of the incident case. Hence, any mistakes which overlooked in identify the evidences or any steps which does wrong path will caused the outcome result to be wrong. A suspected culprit who involved with computer crime may able to escape or even innocent suspects will be found guilty on adequate on sentence given. As per below, we will be introducing the information on digital forensics and how digital forensic process works in model to derive the answers to present in the court evidences.

Venansius Baryamureeba and Florence Tushabe

http://www.forensicfocus.com/Content/pid=56/page=1/

James Tetteh Ami-Narh and Patricia A H Williams

http://igneous.scis.ecu.edu.au/proceedings/2008/forensics/Ami-Narh%20and%20Williams%20Digital%20Forensics%20and%20the%20legal%20system.pdf

Introduction of Digital Forensic

As introduce Digital forensics, how to define Digital Forensic in terms of methods towards approach as labelled in six process steps which are preservation evidences gather from the scene, collection of clues and finding compound in various type, validation whether the information are correct, identification whether is belongs to the suspect culprit, interpretation understand the process of the data gather and how presentation of evidences found from the information which gathered and reconstruct the evidences, where suspect could be a criminal or could be assisting other people to use unauthorized actions to be achieve some operation plans. These steps could helped us to gather more evidences where peoples such as computer forensic investigator and forensic auditors are trying to use commonly in forensic investigation, so that they able to present in court to verify the judgement of the civil actions and also disciplinary actions on the suspects.

International Journal of Computer Science and Security (IJCSS), Volume (5) : Issue (1) : 2011

Ankit Agarwal, Megha Gupta, Saurabh Gupta & Prof. (Dr.) S.C. Gupta

http://www.cscjournals.org/csc/manuscript/Journals/IJCSS/volume5/Issue1/IJCSS-438.pdf

(Baryamureeba & Tushabe, 2006; Carrier & Spafford, 2003; Whitcomb, 2002)

http://researchrepository.murdoch.edu.au/3716/1/digital_evidence.pdf

Key Principle of Cyber Forensics

Standardization - which is no changing of the data gather

Evidence Gathering - who only competent persons should able to examine the digital evidence

Evidence Handling - how this information can be used in documentation in evidences

Evidence Access - who does access to take the ownership protecting the evidences

Standardization

With the current situation where computer forensics teams are required to work any cross borders to track down the information to capture the cyber criminals. This has been always find difficulties in legislation which covered digital evidences compare with jurisdictions. So currently with the joining force with Law enforcement group peoples able to cooperate with them, working together and also the helped from the government across the world to standardized the principles as well as the best practices of computer forensics.

Evidence Gathering

One of the core principle of computer forensics analysis techniques for collecting digital evidences where needed to be carefully preserve the original files, this is because computer forensics practitioner basically will work on the preserve digital evidences, this is to ensure that there is be not cause any contaminated data and also tampered or alter with the evidences to prove the original of the data which they collected from. So that, when during the court, the digital evidences present to the prosecutor, the proof of the data integrity must be intact as the original where they collected from.

Evidence Handling

When digital evidences collected from various locations, it will deliver through to many investigating agencies hands for analysis the information. Handle carefully and documenting all the information gathered from the evidences is very important key factors in computer forensics. Each of the expertise of the investigating team member must know no matter how, they need to be work together to ensure original of the documents handling carefully no missing digital evidences, all the investigating analysis and also the testing of the evidences which they gathered are properly documented.

Evidence Access

In the computer world society environment, any potential (criminal) people will have motives to do something with digital evidence, where they may do unauthorised access (possibly hacking or cracking to in the system getting the information viewing, get the copy of the information, delete the information of the data in order to gain some good deals outside, or set some viruses attack to the files in network service attacks. As above statement, we need to ensure protecting of digital evidences is well keep from tampering of evidences as well as unauthorized access is definitely important. This is to help the prosecutor able to justify the real facts to capture the criminals. Hence, there will be process follow where digital evidences are kept in the stored secure area environment. The important key factor is that computer forensics is only personnel team expertise is able to access the original copy of the digital evidence during the analysis of the data as well as after analysis the data.

Alastair Irons. Records Management Journal. Bradford: 2006. Vol. 16, Iss. 2; pg. 102

http://noormansah.blogspot.sg/2010/05/computer-forensics-and-records.html

By Adrian Grahams, eHow Contributor

http://www.ehow.com/info_8035487_four-principles-computer-forensics.html

Investigation Process

Preserve

The first step to do is to preserve the evidence where the investigation group and also could be overseen by the business partner group who actually failed to do the jobs on taking care of the digital evidences as well as the standard correct process steps to avoid information or data contaminated or even missing of evidences. When peoples unintentionally on handling of evidences such as damaged, contaminated will caused the evidences became not stable which data or information is not given correct. (Ashcroft, 2001; Carrier, & Spafford, 2003). Based on the digital evidences, it is required to collect the evidences to be original as possible so that when performed analysis or examination checking, the evidences will still be in the preserved stated for investigation (Carrier, 2005).

During the seized of the evidences, proof are to be important in this kind of scenarios as this is to verify all the information collect from the crime scene where the analysis and investigation will start to do. It because each of the possible items that seized during the time frame need to be present during the court presentation (Stephenson, 2000; Tapper, 2004). Basically is commonly referred as Chain of Custody, where the history of chain could lead any of the evidences that became unimportant item during the court, if the item is not useful the value of it. (Stephenson, 2000; Association of Chief Police Officers, 1999; Whitcomb, 2002). Example the computer crime, where suspect culprit could store an image of the evidences during the act in the storage devices, hence when presenting to court the evidences must be preserved in such a way that it must be original. If the chain of custody is broken, this happen will let the jury to decide whether these evidences carry the weight of the proof to examine the suspect culprit. (Marcella & Greenfield, 2002), (Casey, 2000).

When presenting digital evidence in court, sometime is hard to collect the information where evidence are being altered or various forensic tool to examine the data. This is where some challenge where debating on the digital evidence is not original copy, hence if during the court, there is be assurance that the chain of custody still applied to it regardless of court personnel, or opposing legal team who might verify on the digital evidences. (Tapper, 2004), (Whitcomb, 2002).

Hence preserved the digital evidences, is very important to such a way data must be original data without any modification on the live image or dead image to find out the facts on the computer where the suspect might do on the machine. Investigators team always tried to do live analysis on the computer where possible the digital evidences stored inside and keep on running. After which, they will examine the system to search the possible finding evidences in life setting (Carrier, 2005). There will disadvantage when using live running capture, because data might be lost or overwrite the setting or even setting up a trap to destroy the evidences (Carrier, 2005). What is the different from live analysis to dead analysis? Dead analysis required the system to shut down and trust forensics application tools to captured the digital evidences, is may prevent booby trap system stored in the machine (Adelstein, 2006; Carrier). Hence nowadays, when during the capturing the evidences in live image system, the court has always been questioning regarding the digital forensics image whether is image is live or dead, are there any contaminated data during the analysis investigation, is due to subjective from the evidence collected and recorded by the investigator, where he/she submit to the court to decide whether given from the explanation provided by court personnel to judge (Carrier, 2005).

Locate

Select

Analyse

Validate

Present