Web
site
Home
About C-DAC
Products
Downloads
Training
Contact Us
About C-DAC
CyberCheck
E-mailTracer
TrueBack
CyberInvestigator
TrueImager
TrueTraveller
Advik CDR Analyzer
Network Session Analyzer
MobileCheck
SIMXtractor
Win-LiFT
Win-LiFTAnalyzer
Win-LiFTImager
Friday, April 26, 2024
Home
>
Disk Forensics
Themes:
Default
Orange
Plain
.:: Members Area ::.
User Name:
*
Password:
*
Remember Me
Forgot Password ?
Sign Up
.:: Navigation
E-MailTracer
Procedure
Photo Gallery
.:: Featured
Press Release
Laws and Rules
FAQ
.:: Support
Help Desk
Enquiry
Request For CD
Providing Solution
Contact us
Disk Forensics
Disk forensics is the science of extracting forensic information from digital storage media like Hard disk, USB devices, Firewire devices, CD, DVD, Flash drives, Floppy disks etc.. The process of Disk Forensics are
Identify digital evidence
Seize & Acquire the evidence
Authenticate the evidence
Preserve the evidence
Analyze the evidence
Report the findings
Documenting
Identify digital storage devices
First step in Disk Forensics is identification of storage devices at the scene of crime like hard disks with IDE/SATA/SCSI interfaces, CD, DVD, Floppy disk, Mobiles, PDAs, flash cards, SIM, USB/ Fire wire disks, Magnetic Tapes, Zip drives, Jazz drives etc. These are some of the sources of digital evidence.
Seizure and Acquisition of Storage devices
Next step is seizing the storage media for digital evidence collection. This step is performed at the scene of crime. In this step, a hash value of the storage media to be seized is computed using appropriate cyber forensics tool. Hash value is a unique signature generated by a mathematical hashing algorithm based on the content of the storage media. After computing the hash value, the storage media is securely sealed and taken for further processing.
One of the cardinal rules of Cyber Forensics is “Never work on original evidence”. To ensure this rule, an exact copy of the original evidence is to be created for analysis and digital evidence collection. Acquisition is the process of creating this exact copy, where original storage media will be write protected and bit stream copying is made to ensure complete data is copied into the destination media. Acquisition of source media is usually done in a Cyber Forensics laboratory.
Authentication of the evidence
Authentication of the evidence is carried out in Cyber Forensics laboratory. Hash values of both source and destination media will be compared to make sure that both the values are same, which ensures that the content of destination media is an exact copy of the source media.
Preservation of the evidence
Electronic evidences might be altered or tampered without trace. Once the acquisition and authentication have been done, the original evidence should be placed in secure storage keeping away from highly magnetic and radiation sources. One more copy of image should be taken and it needs to be stored into appropriate media or reliable mass storage. Optical media can be used as the mass storage. It is reliable, fast, longer life span and reusable.
Verification and Analysis of the evidence
Verification of evidence before starting analysis is an important step in Cyber Forensics process. This is done in Cyber Forensics laboratory before commencing analysis. Hash value of the evidence is computed and compared it with the hash value taken at the time of acquisition. If both the values are same, there is no change in the content of the evidence. If both are different, there is some change in the content. The result of verification should be properly documented.
Analysis is the process of collecting digital evidence from the content of the storage media depending upon the nature of the case being examined. This involves searching for keywords, picture analysis, time line analysis, registry analysis, mailbox analysis, database analysis, cookies, temporary and Internet history files analysis, recovery of deleted items and analysis, data carving and analysis, format recovery and analysis, partition recovery and analysis, etc.
Reporting the findings
Case analysis report should be prepared based on the nature of examination requested by a court or investigation agency. It should contain nature of the case, details of examination requested, details of material objects and hash values, result of evidence verification, details of analysis conducted and digital evidence collected, observations of the examiner and conclusion. Presentation of the report should be in simple terms and precise way so that non-technical persons should be able to understand the content of the report.
Documentation
Documentation is very important in every step of the Cyber Forensics process. Everything should be appropriately documented to make a case admissible in a court of law. Documentation should be started from the planning of case investigation and continue through searching in scene of crime, seizure of material objects, chain of custody, authentication and acquisition of evidence, verification and analysis of evidence, collection of digital evidence and reporting, preservation of material objects and up to the closing of a case.
.:: News ::.
75 Azadi Ka Amrit Mahotsav-AKAM competition
Digital Evidence Handling during Covid-19
Training Programmes
CDAC unearthed duty-free shop scam
.:: Popular Links ::.
National Police Academy
Central Bureau of Investigation
Kerala Police
Indian Institute of Science
Directorate of Forensic Science Laboratory
.:: Downloads ::.
MobileCheck Brochure
Net Force Suite Brochure
Win-LiFT Brochure
TrueImager Brochure
TrueTraveller Brochure
Known File Hash Library
F-DAC 1.0
F-RAn 1.0
TrueBackLin
Advik CDRAnalyzer Brochure
CyberCheck Suite Brochure
PhotoExaminer Brochure
CyberCheckLite Brochure
MobileCheckPlus Brochure
.::More::.
Feedback
|
Contact Us
|
About RCCF
|Legal |For Journalists
Last Updated: THURSDAY, 25 JANUARY, 2024, © 2022 C-DAC Thiruvananthapuram. All rights reserved.
Terms of Use
|
Trademarks
|
Privacy Statement
