Digital Evidence India

Digital Evidence India

Digital Evidence India

Types of digital evidence India

  • Digital Evidence India
    • The Court and Rule of Evidence – Digital Evidence  Rules of Procedure (Data compaction, Data Duplication/Authentication by Expert
      • Data Compilation
      • Information Discoverable
      • Verification/validation, Standard followed
  • Digital Forensic Science tool, technique, Approach, analysis and Process the digital evidence
    • These evidence help reconstruct the Incident
    • Proof in court of Law
  •  Types of file systems forensics
    • Disk file systems
    • Flash file systems
    • Database file systems
    • Transactional file systems
    • Network file systems
    • Shared disk file systems
    • Special purpose file systems
  • File systems available in India for forensics
    • FAT, ExFAT, NTFS, EFS
    • ISO 9660, Universal Disk Format (UDF)
    • ext2, ext3, ext4, ReiserFS, Reiser4
    • Hierarchical File System (HFS), HFS+
    • Unix Filing System (UFS)
    • Logical Volume Management (LVM)
    • Next3 file system
  • Data File – Active Data, Archival data, Backup Data, Residual Data (Free Space, File Slack, RAM Slack, Swap Files, Temp File, Unallocated Space, E-Mail, Background Data (Audit Trail, Access control, Metadata)

Active Data

    • word, spreadsheet, database
    • Photographs, calendar
  • Archival Data
    • Not an active data but is stored in fee Space on HDD, media
  • Backup data
    • Data copied in safe area/media
    • Win95/98 – c:-5.cab
    • WinNT/XP/2K – c:setting.dat
    • Win7 “Backup & Restore”
  • Residual Data
    • May be deleted file on file structure
    • RAM, File Slack (unallocated cluster space), swap file (hidden), temp file, unallocated space
  • Rules of Digital Evidence
    • (1) Digital Information can be recovered including deleted files
    • (2) Expert must be allowed to retrieve the recoverable files
    • (3) Duplicate of digital evidence is admissible as long as someone knowledgeable can authenticate it
  • Different types of Data Files
  1. (a) Active Data || Readily available  eg word,spreadsheets, web pages
  2. (b) Archival Data Files that have been sent for storage as that data is not used frequently
  3. (c) Back Up Data||copied to safe area to ensure recovery in case of system failure
  4. (d) Residual Data ||Not visible to end user but recoverable from digital media
    • (1) Free Space
    • (2) File Slack
    • (3) RAM Slack
    • (4) Swap Files
    • (5) Temp Files
    • (6) Unallocated Space
  • Data Files
  1. MetaData||data points such as date, time, author and relevant details of document author
  2. Electronic Mail
  3. Background Data|| such as audit trails, system logs, ACL records

 

Digital Forensics
Digital Forensics

Digital Forensic Protocols :- The protocol spells out necessary guidelines and methodologies to ensure reliability, consistency,   integrity/accuracy/precision of data in an investigation. This approach ascertains that evidential information acquired or   analyzed as a course of examination are admissible in the court of law with reasonable assurance about its   authenticity/origin.

  • Forensic Science – The Application of Science to law
  • It utilized for Identifying, recovering, reconstructing or analyzing evidence during a criminal and civil investigation.
  • It diverges from traditional area because of rate of advancement of technologies
  • Analyze available evidence Create hypothesis,Perform test This process will lead to Strong possibility about what have occurred
  • Cardinal Rules of Digital forensic
    • Never mishandled Evidence
    • Never work on original evidence
    • Never trust the system Document
    • Document all action.
  • Alpha 5
    • Assessment
    • Acquisition
    • Authentication – may use MD5, SHA1
    • Analysis & Reporting
    • Archives
  • Keyword search is the most important aspect of digital forensic
  • Examine executable files & run suspicious application in a standalone environment
  • Digital Forensics
    • The four guiding principles of any examination are:
      • Safe handling of evidences to ensure they are intact.
      • The originating evidence/suspect should not be tampered or worked upon.
      • The suspect host OS should not be trusted, as it may have rootkits, malicious software installed likeanti-forensic.
      • All the audit trails of examination should be retained and recorded in substantiating documents

Types of digital evidence  in India

Types of digital evidence India
Types of digital evidence India
  • Physical Evidence
    • Large Scale Digital Evidence
      • Computers
        • Desktops
        • Laptops
        • Servers
        • Tablets
        • Netbooks
      • Grids
      • Clusters
    • Small Scale Digital Evidence
      • Mobile phones
      • PDAs
      • Digital Music Players
      • Smart Phones
      • Embedded Devices
      • GPS Devices
      • Storage Devices
        • USB Thumb Drives
        • External Hard drives
      • Digital Cameras
    • Network Devices
      • Routers
      • Switches
      • Hubs
      • Firewalls
      • IDS
      • Wireless AP
    • Peripherals
      • Printers
      • Scanners
      • Copiers
    • Storage Media Evidence
      • Magnetic
        • Floppy
        • Tapes
      • Optical
        • CD
        • DVD
        • Blu-ray
      • Transistor
        • Memory Cards
        • Smart Cards
        • RFID Tags
      • Obscure Evidance
        • Gaming Devices
          • Xbox
          • PlayStation
          • Wii
          • PSP
        • Recording Devices
          • Camcorders
          • Audio recorders
          • Surveillance cameras
        • Network enabled appliances
      • Logical Evidance
        • Operating Systems
          • Registry
          • System Logs
          • System Files
          • Printer Spool
          • Swap files
        • Applications
          • Application Logs
            • Security Logs
            • Browser History
          • Application Files
            • Cookies
            • Configuration Files
            • Executables
          • File Systems
            • Files
              • Images
              • Data
              • Documents
              • Audio
              • Video
            • File metadata
              • MAC-times
              • Permissions
            • Memory
              • RAM
              • Cache
              • Virtual Memory
            • External
              • Telecom network
                • Phone Records
                • Internet logs
              • Internet
                • Clouds
                  • Online Storage
                  • Cloud Apps
                • Domain Name records
                • Social networks
                • Webpages
              • Access Control Systems
                • Passport control logs
                • Building security logs
              • Electronic Commerce Services
                • Credit Card comany logs
                • Bank logs
                • E-payment logs
                • Webshop logs

Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image