Importance of Digital Forensics

Digital Forensics branching out from forensic science is scientific advancement for unraveling hidden mysteries from a digital device. Digital era has playing it hard on law enforcements with producing considerable amount of crimes and misuse on digital technologies. Digital technologies are incorporated in all the kinds of domains that are existing. Some of those domains of considerations are

Figure 1 : Digital Forensic categories (Gilchrist, 2014)

Tendencies to break the rules is in nature of living organs and firewalls, honey pots, passwords, multi factor authentication and etc can be compromised within a matter of seconds due to high amount of resources, processing and also the common mistakes due to human error. Avoiding or identifying the source of attack or what gave up the system is considered under digital forensics. This post will focus on how a general process of uncovering the trails and origins of such a compromising in the systems should be laid off.

Quick and Fast Recovery for Business

Robbins (2011) has considered on eight primary elements to consider following a possible digital crime scenario. They are

1. Protect the subject from further exploitation 
2. Discover all files which are being compromised 
3. Recover as much as possible 
4. Reveal the files which are not there 
5. Access all the content 
6. Analyze all possibly relevant data for changes 
7. Print out an overall analysis 
8. Provide expert consultation and/or testimony 

These measurements can be taken when the considerations are on the side of the affected party to reestablish their businesses and processes which are depending on compromised technology. This will save the affected party from suffering a lengthy recovery time and avoid financial losses. The person who is involved in this process should also look at verify that there is no longer the threat existing in the system. In order to find the person or the group responsible the forensic personnel should also look into the aspects of forensic evidence collection.

Process of digital forensics

Along with the quick recovery of the system it is important to find the source of origin or the cause of the problem. To do so the forensic personnel mostly follow steps of their own. Here I would like to express on some general steps which are used by Gilchrist (2014) and Edecision4u.com (2014).

Figure 2 : Steps in digital forensics (Gilchrist, 2014)

Preparation and Identification

For a proper execution of collecting evidence the team has to prepare with a proper identification of what needs to be addressed and what is the problem. If it is related to hardware devices taking them into custody so that they can be kept secured avoiding unauthorized access to the devices.

Preservation and collection

There are certain information definitely left in the devices and also dispersed among several places which may provide evidence therefore clear identification of possible sources and getting the data collected and also preserving what are already there is the next step of concern.

As an example in a case of network penetration there may be evidence residing on ISP servers about the potential routes the attacker has gone through and also internal log records will also contain traces.

Processing, Review and Analysis

Following collection comes to the part where all those preparations come into action. Then the data is processed, Hardware are analyzed and the reports are reviewed in order to identify the possible violation of law. This will be performed with the motivation towards producing at a court of law.

Production and Presentation

Preparation of proof of investigation and preparations for taking further custodies on hardware till the court cases is over should be prepared. Also the presentation of evidences should planned and has to be material that can be accepted by the existing frame of law and regulations in the context of the country it is been produced.

Usage of Evidence

According to Robbins (2011) the major parties who are involved with putting these evidence into action are

• Criminal Prosecutors use computer evidence in a variety of crimes where incriminating documents can be found: homicides, financial fraud, drug and embezzlement record-keeping, and child pornography.
• Civil litigations can readily make use of personal and business records found on computer systems that bear on: fraud, divorce, discrimination, and harassment cases.
• Insurance Companies may be able to mitigate costs by using discovered computer evidence of possible fraud in accident, arson, and workman's compensation cases.
• Corporations often hire computer forensics specialists to ascertain evidence relating to: sexual harassment, embezzlement, theft or misappropriation of trade secrets and other internal/confidential information.
• Law Enforcement Officials frequently require assistance in pre-search warrant preparations and post-seizure handling of the computer equipment. 
• Individuals sometimes hire computer forensics specialists in support of possible claims of: wrongful termination, sexual harassment, or age discrimination.

Conclusion

As it is in all other activities even in the digital forensics field we find that there can be certain measures taken in a process. This keeps the digging process more focused and organized therefore the person who is responsible can focus on the whole scenario. Also this will keep the material produce as a result also to be kept in the standards that will enhance them with the ability to produce at any situation

Reference

• Edecision4u.com, (2014). Network Packet Forensics analysis Training Course. [online] Available at: http://www.edecision4u.com/network-forensics/NPFAT/npfat.html [Accessed 27 Sep. 2014].
• Gilchrist, M. (2014). Digital Forensics – A Branch of Forensic Science. [Blog] Technical Information - Everything You Need To Know. Available at: http://tech-solution-info.blogspot.com/2014/06/what-is-digital-forensics.html [Accessed 27 Sep. 2014].
• Robbins, J. (2011). An Explanation of Computer Forensics. [Blog] homelandforensics. Available at: http://homelandforensics.com/forensics.htm [Accessed 27 Sep. 2014].