cyberforensics: concepts and types

 Goal of Cyber-forensics:-

1. Identify, Analyze and re-construct past events or activities.

2. Present admissible evidence to court

First Computer forensics suite called The Coroners Toolkit 

Computer Forensics - Gathering and Analyzing data in a manner as free from distortion or bias as possible to reconstruct data or what has happened in the past on a system. - Farmer and Venema, 1999

A science and process of collecting, preserving, analyzing and reporting legally admissible evidence to the court. 

Types of Computer Forensics Technology- 1. System Forensics (Linux, windows etc) 2. Memory forensics 3. Mobile Device Forensics 4. Network forensics 5. Internet and cloud forensics

digital forensics - meant to discover information about illegal activities of a user

Anti-digital forensics- Designed to thwart discovery of information about illegal activities of a user. To manipulate, erase or obfuscate digital data. To make its examination difficult, time consuming or virtually impossible.

ADF technologies can be categorized based on their intended actions or the effect they have- Overwriting data or metadata (WPING), HIDING/OBFUSCATING data (Steganography, cyptography, and low-tech methods), exploiting bugs in forensic tools.

Forensic procedures and technologists are the two most important aspects in cyber forensics.

If we turn of the machine we will loose volatile data such as the computer memory, tcp connections, logged in users, running processes. 

Hackers have rootkits installed which might erase files on a graceful shutdown.

Not graceful shutdowns can help prevent loss of evidence by root toolkits