Glimpse Of Digital Forensics

5 min readAug 20, 2023

What Is Digital Forensics?

As the name suggests, it is a branch of forensic science whose main aim is to investigate the crimes that occur over digital platforms. There are many tools available over the internet that help experts identify/find loopholes or malicious files within the system. The primary goal is to find clues and then capture the criminals (who think that they can do whatever they want on the Internet freely) and help prevent it from happening in the future.

Impact Of Study Of Digital Forensics On Cyber Crimes

Nowadays, the internet is full of everything. You can find anything to learn; with this, there is a growth of cybercrimes accompanying the expansion of the internet. To control these situations, there is a dire need for this branch, with like-minded people who want to help others with their computing knowledge. For that reason, this branch evolved within a short period of time. Digital forensics is not just much, but it proves effective in controlling cybercrimes. The below data from India demonstrates how effective this digital forensics branch is.

Approaches to Managing a Compromised System

Step 1: Acquisition or Imaging of Evidence

In this initial stage, an image of the computer’s volatile memory (RAM) is captured. Simultaneously, an exact sector-level duplicate, often referred to as a “forensic duplicate,” is created for the media in question. To ensure accuracy, the original media and data are hashed using algorithms like SHA-1 or MD5. A comparison of the generated hash values is carried out to verify the accuracy of the duplicate copy.

Step 2: Analysis

The analysis phase primarily involves the recovery of deleted files and the extraction of registry information. This could encompass tasks such as listing user accounts or identifying attached USB devices. Moreover, a thorough investigation is conducted to determine the root cause behind the system’s compromise.

Step 3: Reporting

Following the analysis, a comprehensive report is generated, detailing the identified causes of compromise and related findings. By sharing this report, others can gain insights into what went wrong and take preventive measures to avert similar incidents in the future.

Utilizing Digital Forensics Tools

Autopsy: This graphical user interface (GUI) tool plays a significant role in investigating compromised disks and files.

2. To initiate Autopsy, input sudo autopsy in your terminal, followed by entering your password. This will lead you to a screen similar to the one below:

3. Click the link to access the Autopsy localhost server.

4. Upon reaching the server, you’ll be presented with three options. Select the most appropriate choice; in my case, I’m opting for the “New Case” option.

5. Essential investigation details need to be filled in at this stage. After providing the information, click “Next.”

6. Now, it’s time to add an image. Select “Add Image.”

7. Input the file location. For this case study, I’ve already downloaded a test image file from the internet. After filling in the necessary file details, click “Next.”

8. Having successfully added the image, click “OK.”

9. The ensuing screen offers a comprehensive image overview. To commence the investigation, select “Analyze.”

10. A new window displays that the file system is NTFS. This window allows us to discover deleted files and examine their ASCII and hex values.

Additional Tools for Digital Forensics

Scalpel
Guymager
Recuva (for data recovery), among many others.

Conclusion

In conclusion, digital forensics plays a pivotal role in analyzing attacks and malware. Overall, its importance lies in ensuring data integrity, safeguarding individuals and businesses against cybercrime, and facilitating justice in legal cases.