Digital Forensic Computers Forensic Forensic Models Information Technology Essay

Digital Forensic estimators Forensic Forensic Models Information Technology EssayToday the increasing number of reckoner and electronics comp sensationnts has demanded the use of Digital rhetorical showing that the digital rhetoricals back end be implemented in specialized fields of law enforcement, computing machine security, and national defense. In the breeding technology period, discipline stored in the devices ar digital as mostly the institution or organization use computer storage media as compare to paper employ by writers, scholars, scientists, musicians, and public figures. This gives new challenges to these business enterprise persons related to accessing and preserving information, information recovery and maintaining trust. In this article, review of the currently available investigating solvees, methodologies, discordent nibs used by forensics experts and finally a conclusion will be done.KeywordsDigital Forensic, Computer Forensic, Forensic Models, Comp uter Forensic Investigation, Digital Forensic Methods, Forensic Techniques, Forensic Tools originDigital forensics is the branch of forensic involving the recovery and investigation of material found in digital devices due to incident of computer crime occurrence. Digital forensic is a synonym for the computer forensic in early start but today it implicates other area of investigation bid computer, database, and network, brisk which are capable of storing digital data.Due to much advancement in various types of technology devices, media, digital forensics has defined the sub branches according to the investigation required. One of the digital forensics branches are Computer forensics, Mobile device forensics, Network forensics, Forensic data psychoanalysis and Database forensics.Computer forensics involves the examination of the digital media stored in the computers for investigation purpose, mobile forensic is recovery of digital certainty from a mobile device, network forensi c is the getting evince related to network traffic, information gathering or evidence collection of intrusion detection, forensic data analysis is check the pattern of fraudulent action development structure data while the final one is database forensic is the study of databases and their metadata including the its contents, log files and in-RAM data investigation.When the computer forensic is in consideration usually three different sets of people from Law Enforcement agencies, Military, Business labor are involved with the intention of tracking down attackers/hackers and criminals who attack the security of systems and use computers for un turn overd activities. Computer Forensic address the issues of National and Information Security, corporate Espionage, White Collar Crime, Child Pornography, Traditional Crime, Incident Response, Employee Monitoring, Privacy Issues.In the following this paper start with investigation phases, methods and techniques and tools how this inform ation helps the novice in the computer, network, mobile and database forensic.Forensic Methodologies Phases of Computer ForensicBefore discussing the forensic methodologies one should be familiar with the few terms of forensic terms. One of them is forensic evidence. A apprize overview of evidence, categorization, rules, standard guide, and its basic principles in order to ensure the chain of custody will be outlined.Evidence is any item or information garner at the scene of a crime, or at related locations, which is found to be relevant to an investigation. There are many different types of evidence, from DNA and fall a vocalism marks, to bloodstains and fingerprints Evidence should be Admissible, Authentic, Complete, Reliable and Believable. Evidence chain of custody protects its integrity. It can be categorized as primary (best type evidence using documentation), subsidiary (Oral or eye witness), direct, conclusive, circumstantial, corroborative and opinion evidence. There a re guides available for Computer Based Evidence e.g. By Association of Chief Police Officers. During evidence collection following principle should be strictly followed by investigatorThere should be no change of data on a computer or other media takenPerson should be competent while accessing original data held on a target computerAudit domiciliate or other render of all processes applied to computer-based evidence should be created and preserved.He will ensure the law and principles of possession and access to information contained in a computer.So many forensic investigation processes have been developed till now. The objective in this paper is to make the forensic investigation process or model with common phases of forensic to perform the intended investigation as compared to others model. Few models that exist are mentioned below.Computer Forensic Investigative unconscious process (1984)Abstract Digital Forensics Model (ADFM) (2002)Enhanced Digital Investigation Process Mod el (EDIP) (2004)Computer Forensics Field Triage Process Model (CFFTPM) (2006)Scientific Crime facet Investigation Model (2001)Common Process Model for Incident and Computer Forensics (2007)Network Forensic Generic Process Model (2010)Here is the generic investigation process namely the Generic Computer Forensic Investigation Model (GCFIM) proposed in this article that share the common phases with previously developed models. Figure below, march the proposed GCFIM.Model (GCFIM).JPGPre Process is the first phase of Generic Computer Forensic Investigation Model. In this phase the tasks are linked to other tasks that required to be completed before the investigating and collecting the official data. These tasks are having the required approval from concern authority, preparing and setting up of the tools to be utilized, etc.Acquisition and economy is the second phase of Generic Computer Forensic Investigation Model. In this phase tasks performed related to the acquiring and collectin g evidence in acceptable manner in which concern data is together base on the accepted methods utilizing a variety of recovery techniques, then the task is identifying the digital components from the acquired evidence, and finally in this phase the tasks are transporting, storing and preserving of data such as creating a good quality solecism management and ensuring an acceptable chain of custody. Overall, this phase is where all concern data are captured, stored and presented for the next phase.Analysis is the third phase of Generic Computer Forensic Investigation Model. This is the core and the heart of the forensic investigation process. It has the largest part of phases including the tasks such as evidence tracing and validation, recovery of hidden or encrypted data, data mining, and timeline etc. Different types of analysis are performed on the acquired data using the appropriate tools and techniques to recognize the source of crime and eventually discovering the person accou ntable of the crime.Presentation is the fourth phase of Generic Computer Forensic Investigation Model. The purpose from analysis phase are documented and presented to the authority with expert testimony. The documentation presented also includes the adequate and acceptable evidence in order to understand by the concern party easily. The final outcome from this phase is either to prove or disprove the alleged criminal acts.Post-Process is the last phase of Generic Computer Forensic Investigation Model. This phase concerns only the appropriate finishing of the investigation work. Digital and physical evidence should be appropriately handed over to the authorize owner and kept in secure place, if required. Finally but not the last, if there is a exact to review the investigative process in apiece phase it should be done for the perfection of the future investigations.Challenges during Forensic InvestigationThere are some technical, legal, resource as well as familiar and specific c hallenges during the investigators face. Technical challenges are faced in finding the criminals over the internet legal challenges are the result of not competitive with the currently technology, well-disposed environment and structure while the challenges in resources that the support should be available in all levels. The challenges that are faced during computer forensic in familiar and specific are the tools or techniques limitation from the private sector, no standard definition and agreements of computer crime, no proper background availability to perform testing, grand number of Operating System platforms and file formats due to which unavailability of experts with true titles. Other than these challenges during investigation it may take large space of memory from Gigabytes to Terabytes or even may require the storage area network. For computer forensic expert it is also challenging to have the expertise in RAID level, introduce system along with Network and Grid computi ng.Forensic ToolsNow in the following few of the forensic tools in the domain of computer, network, mobile, database and some others are before long described.Reason for Using Computer Forensics ToolsThere are multiple reasons for choosing the computer forensics tools like systems utilized by the defendants and litigants, to recover the lost data in case of hardware or software malfunction, to investigate about the computer usage in case of employee termination or when the system is attacked by an intruder.To investigate computer crimes different computer forensic tools like disk imaging software for the file structure and hard disk content can be used, for comparing the data between original and copy Hashing tools can be used which assigns unique number for violation verification and for recovery the lost data or deleted data recovery programs can be used. Similarly software and hardware write tools can be used to reconstruct the hard drive microchip by bit as these tools genera te the copy of hard disk. Encase is well know commercial tool that can perform various tasks like disk imaging and verification and analysis of data while PC Inspector File Recovery is a desolate tool helps in revealing and recovering the contents stored in any type of storage media that is connected with the computer even if the content is deleted.Network forensicsNetwork forensics deals with the capture, recording or analysis of network events in order to discover evidential information about the source of security attacks in a court of law.There is a tool known as eMailTrackerPro that can track down the sender message by detecting the IP address in the header. If there is a need to view all information like IP address, country information or domain information SmartWhoIs can be used as free available network utility. To perform the web forensic famously known tool Mandiant Web Historian can help forensic examiner to ascendency how the intruders looked into the different sites by reviewing the history files of web site. Other tool Index.dat can be used to view the browsing history, the cookies and the cache as it gives the critical information about a cookie like its key- treasure pair, the website address associated with the cookie, the date/time the cookie was first created and last accessed and etc.Ethereal is network parcel of land analyzer, WinPcap is the packet capture tool used to capture the packets and AirPcap is the packet capture tool for the IEEE 802.11b/g Wireless LAN interfaces.Mobile ForensicsMobile forensics as the name implies is to investigate data from mobile device for evidence purpose regardless of the mobile system of GSM / GPRS / WIFI technology. Investigator concentrate on either call data or SMS/Email data with the help of different commercial, non commercial, open source, command line or physical mobile forensic tools. The forensics process for mobile devices differ in these three main categories seizure, acquisition, and exami nation/analysis while other aspects of the computer forensic process still apply. Some Commercial Forensic Tools include AccessDatas MPE+, FINALMobile Forensics by FINALDATA, Oxygen Forensic Suite, while Open source tools include iPhone Analyzer, the Mobile Internal Acquisition Tool, and TULP2G plug-ins. Performing mobile forensic using command line System commands, AT modem commands and Unix command dd can be used.Database ForensicTools used for database forensic are ACL, Idea and Arbutus as it is the forensic study of databases and their metadata. These tools record action in the documented form about the forensic expert on the database as he uses database contents, log files and in-RAM data. Still there is need to do research in this field to perform database forensic that demands skill experts.ConclusionThe information provided in this article helps the reader with basic understanding of digital forensic and its branches with the aim to do further research in specific area of th is field. Different Forensic methodologies are outlined in order to give the choice to forensic expert to choose this methodology or design his own process model. Further the different tools especially the open source one can enhance the forensic expert skills. Today the technology is advancing very rapidly and developing skills in multiple areas enhances the professional career and money value of the individual.