header

CYBER FORENSICS

Cyber forensics is the art and science of applying computer science to aid the legal process. With the rapid advance in technology it quickly became more than just an art though. It is more than the technological, systematic inspection of the computer system and its contents for evidence or supportive evidence of a civil wrong or a criminal act. Computer forensics requires specialized expertise and tools that goes above and beyond the normal data collection and preservation techniques available to end-users or system support personnel. Cyber forensic is primarily concerned with the systematic process of identification seizure, acquisition, authentication, analysis, documentation and preservation of digital evidence. The terms “cyber forensic”, “computer forensic” and “digital forensic” are generally used interchangeably. One definition is analogous to "Electronic Evidentiary Recovery, known also as e-discovery, requires the forensic tools and knowledge to meet the Court's criteria, whereas Cyber Forensics is simply the application of technical investigation and analysis techniques in the interests of determining potential legal evidence. Another is "a process to answer questions about digital states and events". Cyber forensic is a scientific process of examination and analysis of digital evidence in a way that is admissible in court. Cyber forensic examiners gather information from seized articles such as computers, mobiles or any other device. The whole process of cyber forensic can be divided into following parts:

  1. Identification
  2. Seizure
  3. Acquisition
  4. Authentication
  5. Analysis
  6. Documentation/Report

First two points such as Identification & Seizure are carried out at the scene of the crime by the Police. The rest of the procedures are performed in the laboratory by a cyber examiner. This process often involves the investigation and examination computer system(s), including, but not limited to the data acquisition that resides on the media within the computer. The forensic examiner renders an opinion, based upon the examination of the material that has been recovered. After rendering an opinion and report, to determine whether they are or have been used for offenders, civil or unauthorized activities. Mostly, cyber forensics experts investigate electronic data storage devices, these include but are not limited to hard drives, portable data devices (USB Drives, External drives, Micro Drives and many more). Cyber forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law. Thus, cyber forensics must be techno-legal in nature rather than purely technical or purely legal.

Source


CYBER FORENSICS BOOKS

Cyber forensic are played very important role in prosecution. Digital forensic are discovered evidences from different electronic source. It can establish relation between source & targeted systems of attack and help to understand the pattern of crime. Demonstrate an end to end way of events leading to a compromise try, success or unsuccessful. Recovered and documentation of digital evidence and leads. For better understanding of this subject, it is highly recommended to go through these following books.

  1. Computer Forensics and Cyber Crime, 3rd Edition (Source: index-of.es/Varios-2/Computer Forensics and Cyber Crime An Introduction.pdf)
  2. Hacking Exposed™ Computer Forensics, 2nd Edition (Source: index-of.es/Varios-2/Hacking Exposed Computer Forensics.pdf)
  3. Practical Digital Forensics (Source: oiipdf.com/practical digital forensics)
  4. Introduction to Digital Forensics (Source: eforensicsmag.com/download/introduction to digital forensics/)
  5. Computer Forensics A Pocket Guide (Source: dokumen.pub/computer forensics a pocket guide 978 1 84928 040 2.html)
  6. Digital Notes on Computer Forensics (Source: mrcet.com/pdf/Lab Manuals/IT/R15A0533 CF.pdf)
  7. Introduction to Computer Forensics and Digital Investigation (Source: www.academia.edu/15604771/Introduction to Computer Forensics and Digital Investigation)