What is Computer Forensics?
Forensic Computing: Analysis techniques
Can be seen as a branch of forensic science – related with digital proofs discovered in digital storage supports. It is described as the usage of varied investigation and analysis techniques- forensic- to identify, gather, examine and preserve some type of digital information, having as main objective, to report proofs of a certain type of activity, so that finally, those can be used to different ends, involving court or not, in order to explain the actual state of the determined digital proof.
That digital information can be supported by many devices, including hard drives, USB’s, PDA’s, Cellphones, CD’s, DVD’s, etc. Data Recover Center as a company with large knowledge in the area of recovering data, practical experience and a specialized laboratory, to assure you the best final results in Computer Forensics investigation.
Why computer forensics?
Nowadays, most communications throughout the world are digital, as well as most information’s are stored digitally. It isn’t common for information to be stored non-digitally.
When problems related to security, crimes or incident exist, it’s necessary to:
- Understand what happened;
- What motivated it;
- How it reached the current situation;
- What consequences it brought;
- What can you do to avoid them from happening again;
Once every situation is a different case, there is no unique method or application to analyze every existing case. It all depends on the scenario, when different circumstances imply different methods including the use of different apps.
Some common circumstances where you can apply computer forensics – Enterprise Network Intrusion – Malware – Espionage – Industrial Activities by collaborators – Theft banking information – Identity theft – Computer crime (e.g. piracy). Data Recover Center as a company with wide experience in data recovery area, has extensive practical knowledge and a specialized laboratory, afforded the best final results. Are used several technologically advanced tools to forensic practice as for example write blockers, dedicated workstations and commercial applications and developed to measure. For a forensic investigation must be borne in mind all of the following procedures, for there isn’t exists violation of the personal data privacy and because there are some problems with the digital evidence, because these are very volatile, are easily concealable and manipulable. Data Recover Center takes care to be updated and use cutting edge technology, once developments in technology area are very rapid and are very constant and rapid, producing easily new scenarios or circumstances types.
Forensic Investigation Metodology
A process of computer forensics follows a specific methodology, normally divided in 4 stages:
- Incident Analysis;
- Gather of Proofs;
- Proofs Analysis;
- Preparation of Reports and Conclusions;
Through a computer forensics service of Data Recover Centre, the client can have access to specialized reports on problems related to loss of data and other matters connected to your information’s security.
We put at client’s disposal deep studies on any incident related to computer supports: fraud usage of equipment’s, piracy, deleted data by co-workers, hidden files and more.
Using advanced technology at the service of computer forensics, Data Recover Centre certifies the content of a hard drive or the absence of the same, as well as the motive that provoked that variation.
This service can also be useful in cases of suspects of informatics offenses that led to loss of data, or if planning cautionary measures, to prevent these losses.
- Incident Analysis
In first place, once the forensic investigation is accepted, it’s analysed the incident that occurred. It is received an information the incident, followed by a verification of the same, remaining important to prove the fonts of information. A timeline of occurrences should be established, because it is important to know what happened between the incident and the moment when the proofs where received. A scenario is build up with the given circumstances.
- Gathering of Digital Proofs
On a second stage, digital proofs are gathered – any type of device containing digital information is considered digital proof.
Like any other type of investigation. It is necessary to present proofs of what we intend to prove. To a case of Computer forensics it is important to guarantee credibility and integrity of digital proofs, becoming critical to know how to handle them.
For a digital proof to be validated, it is necessary to demonstrate that it is valid and wasn’t previously manipulated, because conclusions of a case will depend much on evidences.
The preservation of digital proofs, according to specific methods, is an important rule, because the first happenings after that is an attempt to discredit the existing proofs. For all the forensic investigation process there are actions to be avoided, so that proofs don’t be compromised.
- Don’t execute any tipe of application that may change files data;
- Don’t use any conventional imagery/cloning application;
- Don’t use HDD without write blockers.
In trial presented cases, the chain of custody is crucial. That term, becomes important to understand the whole process of forensic investigation. The chain custody determines how digital proofs and their storage were used.
This concept determines:
- Who, when and where the proofs were gathered;
- Who, when and where the proofs were analysed;
- Who and for how long possessed the proofs;
- When and between who the proofs where transmitted;
- Digital Proof analysis
On a third stage, for analysis, there are some procedures to follow that depend a lot on the type of scenario designed previously or in any type of evidence to be looked up for.
Some of the analysis may be:
- Definition of a timeline
- Keywords analysis;
- Analysis of file headers;
- Analysis of Hash values;
- Analysis of hidden or erased information;
- Analysis of processes;
- Analysis of malwares;
- Analysis of Logs
- Analysis of system registration;
- Steganography; – Analysis of electronic mail;
- Analysis of web pages;
- Analysis of information modification- Between others.
Finally, reports are set with the conclusions of the analysis. In this stage all the report is done together with the client or attorney of the same, in a way to fundament in the best way possible the proofs gathered, and support the resolution of the process.
In some cases, Data Recover Centre may do a second inspection, with the chance to refute arguments or means of proof in a process. On the other hand may also need the help of technic consultants to enlighten varied questions with technologies of information, along the whole case.
To conclude and, assuming todays digital information has a critical role, it will be necessary a documentation of digital proofs, even more when it’s useful to resort the services of a company with specialized know-how, pointing for the necessary support in the resolution of these processes.