People are increasingly using the internet and other technology. Every day, there are more and more instances of cybercrime. So, using digital forensics, we may gather electronic data, evaluate the evidence discovered, and present it in court, following all legal procedures.
so in this article I have tried explaining various tools that are been used in Digital Forensics during the investigation process.
Types of Digital Forensics
There are a few types of digital forensics that include below:
Disk Forensics: It will deal with acquiring evidence from digital storage media such as USB devices, DVDs, CDs, and so on, as well as changing or deleting contents.
Network Forensics: is a subset of digital forensics that involves monitoring and detecting system network activity in order to extract critical data for any legal evidence to be presented in court.
Database Forensics: It's a subset of digital forensics that deals with the investigation and gathering of databases and their associated metadata. It uses investigative tactics to obtain evidence by querying the database.
Malware Forensics: This branch of forensics is responsible for detecting harmful code and investigating malware issues relating to their workload, trojans, viruses, and other threats.
Email Forensics: This forensic division is in charge of recovering lost data and analysing the contents of emails, including deleted emails, calendars, and contacts in the email.
Memory Forensics: It's a type of forensic investigation that captures data from a computer's cache memory or RAM dump and then gathers evidence from it.
PHASES OF CYBER FORENSICS
1. Identification
First, find the evidence, noting where it is stored.
2. Preservation
Next, isolate, secure, and preserve the data. This includes preventing people from possibly tampering with the evidence.
3. Analysis
Next, reconstruct fragments of data and draw conclusions based on the evidence found.
4. Documentation
Following that, create a record of all the data to recreate the crime scene.
5. Presentation
Lastly, summarize and draw a conclusion.
CYBER FORENSICS TOOLS
TRUECRYPT : Free encryption program that is open source and easily accessible for download also runs on various platforms. It may encrypt a partition or a whole storage device, or it can create a virtual encrypted disc within a file.
Truecrypt supports "on-the-fly" encryption, which eliminates the need to wait for a large file to decode after inputting the passphrase. The key is created using a variety of encryption and hashing techniques. Truecrypt never stores decrypted data to disc, preferring to preserve it in RAM for a limited time. When you restart Windows or switch off your computer, the volume will be destroyed and the contents saved on it will be unavailable.
DFF (DIGITAL FORENSICS FRAMEWORK) : This is also and open source framework. Bath scripts can be used by investigators to automate repetitious tasks. DFF is commonly used to recover files after a crash or error. The source code is written in C++ and Python, ensuring great performance and versatility, and it can be run on both Linux and Windows.
LastActivityView : Allows you to see what actions a user has made and what system events have occurred. Any actions taken by the user, such as launching an executable file, accessing a file or folder in Explorer, experiencing an application or system crash, or installing software, will be recorded.
This data may be saved as a csv, xml, or html file.
When you need to show that a user did anything, this tool comes in handy.
However, it has certain limitations in that it only records the most recent action. For example, if a user accesses two documents with the same.pdf extension, only the most recent document seen would be recorded by this tool.
DSi USB Write Blocker : The DSi USB Write Blocker is a software-based write blocker that stops USB devices from being accessed for writing. This is critical in an investigation to avoid tampering with
metadata or timestamps, which would invalidate the evidence.When you start DSi USB Write Blocker, a window appears in which you may enable or disable the USB Write Blocker.
CONCLUSION
In the present trend, cyber forensics is a developing field.
So we looked at a few different computer forensics definitions and phases of cyber forensics and forensics technique in this article. and each step was investigated with its own set of instruments.
Because of the considerable increase in the number of Internet users throughout the world, the frequency of digital assaults has increased.
As a result, to identify these dangers in a timely way, effective methodologies and efficient technologies are necessary.
