Digital Forensics Lecture 1
Digital Forensics Lecture Overview
Instructor: Dr. Subhrani Das, Assistant Professor, School of Computer Science, UPES University.
Contents
Forensic Definitions
Digital Evidence
Digital Forensic Model
Digital Forensic Process
Needs and Benefits of Digital Forensics
Applications of Digital Forensics
Required Skills and Challenges in Digital Forensics
Digital Forensic Software Tools
Conclusion
Definition of Digital Forensics
Digital forensics: The collection and analysis of digital evidence using scientific tests or techniques.
Purpose: To establish facts against crimes and present findings in legal proceedings.
Forensic science involves scientific methods to gather and examine information about the past for use in court.
Digital Forensics Characteristics
Uses scientifically derived and proven methods.
Involves steps such as:
Preservation
Collection
Validation
Identification
Analysis
Interpretation
Documentation
Presentation of digital evidence from devices.
Facilitates reconstruction of criminal events or anticipates unauthorized actions.
Branches of Digital Forensics
Technical aspects are divided into several sub-branches related to types of digital devices:
Computer Forensics
Firewall Forensics
Database Forensics
Network Forensics
Forensic Data Analysis
Mobile Device Forensics
Typical forensic process includes:
Seizure
Forensic imaging and analysis
Production of evidence reports.
Digital Evidence
Evidence: Information supporting a conclusion.
Digital Evidence: Data recorded or preserved on digital devices, which can be understood or read by humans or systems.
Forms of digital evidence include:
E-mails
Computer memory contents
Digital photographs
ATM transaction logs
GPS tracks
Logs from electronic door locks.
Characteristics of Evidence
Admissibility: Must conform to law.
Authenticity: Should link data to specific individuals/events.
Fragility: Must be preserved to prevent alteration.
Accuracy: Should be consistent and believable.
Completeness: Presents a full story.
Convincing: Must be compelling to juries.
Types of Digital Evidence
Persistent Data: Remains intact when devices are off (e.g., hard drives).
Volatile Data: Loss occurs when devices are off (e.g., deleted files, registry).
Digital Forensic Models
Digital forensics lacks standardization across courts and industries.
Basic Digital Forensics Model:
Acquire
Authenticate
Analyze
Present evidence.
Common models include:
Computer forensic process (4 phases)
Generic investigative process (7 classes)
Abstract model of digital forensic procedures (9 processes).
Need for Digital Forensics
Ensure integrity of digital systems.
Respond to high-tech crimes, such as tracking terrorists.
Provide court-valid evidence leading to criminal convictions.
Applications of Digital Forensics
Protect and solve:
Intellectual Property Theft: Unauthorized access to patents and confidential data.
Financial Fraud: Fraudulent solicitation leading to fraudulent transactions.
Hacker System Penetration: Exploiting vulnerabilities in systems.
Virus Distribution: Common cybercrime causing significant damage.
Challenges in Digital Forensics
Increased PCs and internet access accelerate information exchange.
Easy access to hacking tools complicates offense response.
Lack of physical evidence hampers prosecution.
Large storage capacities create investigative difficulties.
Rapid technological changes require constant updates to forensic solutions.
Required Skills for Digital Forensics
Programming and computer experience.
Strong understanding of operating systems, applications, and computer science fundamentals.
Analytical skills and system administration knowledge.
Familiarity with cryptography and evidence handling.
Ability to act as an expert witness in court.
Tools for Digital Forensics
BACKTRACK 5R3: Linux OS equipped with extensive forensic tools.
Kali Linux: Debian-based distribution for forensic analysis and penetration testing, succeeding Backtrack 5.