Digital forensics has made it easier to solve digital crime cases in the most innovative fashion possible. Digital forensic experts deploy a host of tools and approaches to solve cases. Two of these approaches are computer and network forensics. Often, they are mistaken for one another, but are they really the same? Not quite.
What Is Computer Forensics?
Computer forensics is the investigation and analysis carried out for gathering and preserving evidence from a computing device so it is presentable in the court of law. It is a structured investigation that maintains a chain of evidence to figure out what happened and who was behind it. However, it has legal compliance guidelines that make pieces of information admissible in legal activities.
How Does It Work?
Data Collection: Digital forensic experts isolate a device to prevent any tampering. Then, a digital copy, AKA forensic image, is made. The device is locked away, so it cannot be accessed by malicious hands.
Analysis: Next, the investigators analyze the forensic image within a sterile environment. For hard drive investigations, tools like Autopsy and Wireshark are used.
Presentation: The final step is the presentation of evidence in the court. It is then used by the judges to reach a conclusion in a legal proceeding.
Computer Forensic Techniques
Reverse Steganography:
Steganography is the process of hiding important information in a digital file or a data stream. Reverse steganography is a technique used by digital forensic experts to find out whether or not the image is recovered in its original form after the extraction of data. Hashing is used to figure out similarities and differences between the original file and the copy.
Cross-Drive Analysis
In cross-drive analysis, cross-referencing and correlation are used for information found across various devices to search, analyze and preserve information that is crucial for a digital investigation.
Live Analysis
Live analysis is the process in which a device is analyzed from within the operating system while it is functioning. This analysis used volatile data, which is stored on cache or RAM.
Deleted File Recovery
This approach searches a computer system and its memory for file fragments that were once deleted but leave their traces in other places on the same machine. It is also known as file carving or data carving.
What Is Network Forensics?
Interestingly, network forensics is an offshoot of computer forensics. However, it focuses on the retrieval of information surrounding a cybercrime. Some common forensic activities include the capturing, recording, and analysis of events that have occurred on a network to establish a source of attacks. To understand the pattern of attacks, investigators must understand network protocols, email protocols, file transfer protocols, and web protocols.
Methods
- Catch Me If You Can: This method involves the capturing of all network traffic. It also guarantees that no omission of important network events takes place. It is a time-consumingprocess, and the storage efficiency tends to drop with an increase in storage volume.
- Stop, Look,and Listen: The administrators keep an eye on each data packet moving through the network, but they will only capture the ones that are suspicious. This method doesn’t need ample space, but it does need processing power.
Primary Sources
Log Files: Such files exist on active directory servers, proxy servers, web servers, intrusion detection systems, firewalls, DNS, and dynamic host control protocols. It is worth noting that logs don’t take up too much space.
Full Packet Data Capture: Full packet data capture is the direct product of the “catch it if you can” method. Bigger enterprises have bigger networks, and it can be harmful for them to keep full packet data capture for long periods.
Tools Used in Network Forensics
Email Tracker Pro:
Shows the location of the device from which the emails are sent.
Wireshark:
Captures and analyzes network traffic between different devices.
Web Historian:
Shows a record of uploaded and downloaded files on visited web pages.
Final Word
At Eclipse Forensics, we offer some of the best digital forensic services like data redaction, forensic audio/video services, and file extraction. To benefit from our services, visit our website today or call (904) 797-1866.