Cyber Forensic Investigation Techniques

 

Introduction:

What is cyber forensics?

    The practice of gathering and preserving data from a specific computer or device so that it can be used as evidence in court is known as cyber forensics. Cyber forensics uses a structured investigation and a recorded chain of evidence to try to pinpoint precisely what happened on a computer system and who was at fault.

Why cyber forensic is important?

    The use of digital evidence in both civil and criminal court proceedings is protected by cyber forensics. The importance of digital evidence—and the forensic procedures used to acquire, store, and examine it—in resolving crimes and other legal issues has grown as computers and other data-gathering tools are employed in more parts of society.

 

Types of cyber forensics:

Database Forensic: Examining information contained in databases, both data and associated metadata.

Email forensic: Recovery and analysis of emails and other information contained in email platforms such as schedules and contacts.

Malware Forensic: Scan code to identify possible malicious programs and analyse their payloads. Such programs may include Trojan horses, ransomware or various viruses.

Memory forensics: Collecting information stored in the computer's RAM and cache memory.

Mobile forensics: Examining mobile devices to obtain and analyse the information they contain, including contacts, incoming and outgoing text messages, images and video files.

Network forensics: Finding evidence by monitoring network traffic using tools such as a firewall or intrusion detection system.

 

Cybercrimes in general can be classified into four categories:

Individual cybercrimes : It includes cyber defamation, email spoofing, email spamming, cyber stalking and more.

Cybercrime Organization : This type of crime is committed by criminal teams, including hacking, virus attack, email bombing, salami attack, logic bomb, Trojan horse, data manipulation, malware attacks, and denial of service attacks.

Property cybercrime : This type targets assets such as credit card fraud, theft of internet time and intellectual property rights.

Cybercrime society : This is the most dangerous form of cybercrime as it includes cyber terrorism, counterfeiting, web jacking.

 

How does computer forensics work?

Forensic investigators typically follow standard procedures that vary depending on the context of the forensic investigation. These procedures involve the following three steps:

Data Collection: It is necessary to get electronically stored data in a way that preserves its integrity. To avoid unintentional contamination or tampering, this frequently involves physically isolating the device under inquiry. Examiners make a digital copy of the storage media of the device, often known as a forensic image, and then lock the original device in a safe or another secure container to preserve its original state. A digital copy is used for the investigation. In other situations, publicly accessible data can be used for forensic purposes, such as Facebook posts or public Bitcoin charges for the purchase of illegal items or services advertised on the Vicemo website.

Analysis: In a secure environment, investigators examine digital copies of storage media to collect data for a case. A number of instruments are utilized in this procedure, including the Wireshark network protocol analyzer and Basis Technology's Autopsy for hard disk inspection. In order to prevent the computer from going to sleep while being examined and losing non-volatile memory data that is lost when the computer turns off or loses power, a mouse shifter is helpful.

Presentation: Forensic investigators present their findings in court proceedings, where a judge or jury uses them to determine the outcome of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system.

Techniques forensic investigators use:

Investigators examine the copy they made from the infected device using a variety of methods and specialized forensic software. They look for copies of deleted, encrypted, or corrupted files in hidden folders and free drive space. In advance of court proceedings that involve discovery, depositions, or actual litigation, any evidence discovered on the digital copy is thoroughly documented in a discovery report and checked against the original device.

Reverse steganography: Data can be hidden using steganography in any kind of digital file, message, or data stream. Through analysis of the data hashing the file included, specialists in computer forensics were able to recover from the steganography attempt. The image or other digital file may appear the same before and after if a cybercriminal hides crucial information inside of it, but the underlying hash or sequence of data that the image represents will change.

Stochastic Forensic Science: Without using digital artifacts, the investigators in this case analyze and reconstruct digital activities. Data alterations that result from digital processes are called artifacts. Digital forensic evidence such as modifications applied to file characteristics during data theft is included in artifacts. In hacking investigations where the attacker is thought to be an insider who might not leave behind digital evidence, stochastic forensics is frequently used.

Cross-drive analysis: This method recovers, analyzes, and retains information important to an investigation by matching and comparing information located on multiple computer units. The information on other units is compared to suspicious events to look for patterns and give context. This is sometimes known as anomaly detection.

Live analysis: Using system tools on the computer, the computer is analyzed from the operating system while the computer or device is in use. Analysis is concentrated on volatile data, which is frequently kept in RAM or cache. In order to maintain the credibility of the chain of evidence, several tools used to retrieve volatile data demand that the computer be in a forensics lab.

Deleted file recovery: This method involves searching through the computer's memory and operating system for parts of files that have been partially erased in one location but have remains in another. This is sometimes known as file carving or data carving.

Top 12 cybercrime investigation and forensic tools :

  1. SIFT Workstation
  2. The Sleuth Kit
  3. X-Ways Forensics
  4. CAINE
  5. PALADIN
  6. ProDiscover Forensic
  7. Digital Forensics Framework
  8. Oxygen Forensic Detective
  9. Open Computer Forensics Architecture
  10. Bulk Extractor
  11. Exif Tool
  12. SurfaceBrowser™

 Discussion/Conclusion:

    Investigating cybercrime is not a simple science. It requires the right knowledge combined with various techniques and tools to jump into the digital crime scene effectively and productively. Investigating officer should be update his/her knowledge or tools/techniques for analyse case/data. Once you have all this in hand, you can properly analyse the data and investigate the root cause as well as track down the perpetrators behind different types of cybercrime.


References:

  1. https://www.techtarget.com/searchsecurity/definition/computer-forensics
  2. https://cybertalents.com/blog/what-is-cyber-crime-types-examples-and-prevention
  3. https://securitytrails.com/blog/cyber-crime-investigation
  4. https://www.cybernx.com/b-5-benefits-of-digital-forensics

Comments

Post a Comment

Popular posts from this blog

The Vital Role of Forensic Science in Modern Criminal Investigations

Image
               Depicted frequently in popular crime shows and novels, forensic science plays a crucial role in contemporary criminal investigations. This captivating discipline merges scientific precision with legal procedures to reveal the truth behind crimes. Let's explore the significance of forensic science and its contribution to the quest for justice. What is Forensic Science ?     Forensic science involves the application of scientific principles and techniques to solve crimes and support legal investigations. It encompasses a variety of disciplines, including biology, chemistry, physics, and digital technology, to analyze evidence collected from crime scenes. The goal is to provide objective, reliable, and scientifically validated information for court use. Key Techniques in Forensic Science:      DNA Analysis : DNA profiling is one of the most powerful tools in forensic science. By analyzing genetic materi...
Read more

Forensic Linguistics : Where Language meets Law

Image
Introduction      Forensic Linguistics is the study of how words, speech and writing can provide clues in investigation of criminal as well as civil cases. It is the analysis of given evidence such as anonymous letters, suicide notes or other things like emails to determine authorship, speaker or interpretation of legal documents. The admissibility of forensic linguistic evidence in court depends on the reliability, relevance and scientific validity. Only the qualified experts and evidence with proper chain of custody are preferred. Different countries have different legal standards.      Gibbons (2001) : Forensic linguistics is the study of language in legal contexts, examining written and spoken communication to assist law enforcement, courts, and legal practitioners.   Background :      The term ‘‘forensic linguistics’’ was coined by Jan Svartvik in 1968 after analyzing the Timothy Evans case. He identified the difference...
Read more

Indians in forensics: A brief walk through time

Image
  Since the time of the ancient Indians, forensics has been a topic of curiosity. Numerous academics have discussed the numerous facets of forensics and its applications, which are still relevant today. These academics achieved such fame that their names will live on in legal history. In comparison to experts in other countries, many forensic scientists in India are not as well recognized. The following list includes some of the forensics minds.   Sushruta:      Known as the ‘Father of Surgery’, He lived in India sometime between 1000 and 800 BC. Sushruta also had a helping hand in the field of forensics. In the book “Samudra Sashtra”, it is mentioned that poisons have a deleterious effect on human body, both internally and externally, deaths by plant poisons, animals’ poisons, and even manmade poisons with their symptoms before and after death were observed by him. Whorls, loops, and arch patterns are among the three main types of ridge patterns according...
Read more