 |
| Computer Forensics |
Computer forensics is a field of technology that uses investigative techniques to identify and store evidence from a computer device. Often, computer forensics is used to uncover evidence that could be used in a court of law. Computer forensics also encompasses areas outside of investigations. Computer forensics can be an essential facet of modern investigations. When a crime is committed and an investigation is started, one of the more common places to look for clues is the computer or cell phone of a suspect. This is where a computer forensics professional enters the picture. When a suspect has been identified and their personal computer or cell phone taken into evidence, a computer forensics professional goes searching for data that is relevant to the investigation. When searching for information, they need to be careful to follow detailed procedures that allow their findings to be used as evidence. The information they uncover, whether it be documents, browsing information or even metadata, may then be used by prosecution to create a compelling case against the suspect.
 |
Network Forensics
|
Network forensics is a science that centers on the discovery and retrieval of information surrounding a cybercrime within a networked environment. Common forensic activities include the capture, recording and analysis of events that occurred on a network in order to establish the source of cyber-attacks.” Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions. Two systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.
 |
Database Forensics
|
Database forensics is a branch of digital forensic science relating to the forensic study of databases and their related metadata. The discipline is similar to computer forensics, following the normal forensic process and applying investigative techniques to database contents and metadata. A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud. Software tools can be used to manipulate and analyze data. These tools also provide audit logging capabilities which provide documented proof of what tasks or analysis a forensic examiner performed on the database. Currently many database software tools are in general not reliable and precise enough to be used for forensic work as demonstrated in the first paper published on database forensics. There is currently a single book published in this field, though more are destined. Additionally, there is a subsequent SQL Server forensics book by Kevvin Fowler named SQL Server Forensics which is well regarded also .The forensic study of relational databases requires a knowledge of the standard used to encode data on the computer disk. A documentation of standards used to encode information in well-known brands of DB such as SQL Server and Oracle has been contributed to the public domain. Others include Apex Analytix. Because the forensic analysis of a database is not executed in isolation, the technological framework within which a subject database exists is crucial to understanding and resolving questions of data authenticity and integrity especially as it relates to database users.
 |
| Mobile device Forensics |
Mobile forensics is the process of recovering digital evidence from mobile devices using accepted methods. Unlike traditional digital forensics processes, mobile forensics solely focuses on retrieving information from mobile devices such as smartphones, androids, and tablets. it can also relate to any digital device that has both internal memory and communication ability, including PDA devices, GPS devices and tablet computers. Some of the mobile companies had tried to duplicate the model of the phones which is illegal. So, We see so many new models arriving every year which is the forward step to the further generations. The Process of cloning the mobile phones/devices in crime was widely recognized for some years, but the forensic study of mobile devices is a relatively new field, dating from the late 1990s and early 2000s. A proliferation of phones (particularly smartphones) and other digital devices on the consumer market caused a demand for forensic examination of the devices, which could not be met by existing computer forensics techniques. Mobile devices can be used to save several types of personal information such as contacts, photos, calendars and notes, SMS and MMS messages. Smartphones may additionally contain video, email, web browsing information, location information, and social networking messages and contacts.
 |
Memory Forensics
|
Memory forensics is a vital form of cyber investigation that allows an investigator to identify unauthorized and anomalous activity on a target computer or server. This is usually achieved by running special software that captures the current state of the system's memory as a snapshot file, also known as a memory dump. Memory forensics can be thought of as a current snapshot of a system that gives investigators a near real time image of the system while in use. Hard drive forensics is normally focused on data recovery and decryption, usually made from an image of the drive-in question. One can think of memory forensics as a live response to a current threat, while hard drive forensics can be seen as more of a postmortem of events that have already transpired. Memory forensics is time sensitive, as the information that is required is stored in volatile system memory, and if the system is restarted or powered off, then that information is flushed from system memory. Hard drives, on the other hand, are a non-volatile form of computer storage. There are some volatile elements to hard drives, such as cache and buffer stores, so this also needs to be taken into account by the forensic investigator. Depending on the nature of the investigation, either technique can be used to gain further information about the system in question. Likewise, both methods can be used on the same system if necessary, and investigators will have to use their discretion and select the appropriate action where necessary.
