Definition of computer forensics

Chưa phân loại
Computer forensics are not exclusively related to cyber crime, in fact it is mostly applied in cases not involving cyber crime but in which the implicated actors used technological devices to store or share information: almost any citizen involved in legal troubles.

In 2015 an Israeli corruption network integrated by police men and top prosecutors like Ruti David was uncovered while dropping and plating fake charges against citizens who paid or refused to pay bribery. When a key policeman, Ronal Fisher, was detained his cell phone was confiscated for further research, Fisher’s phone was encrypted and the Israeli police was unable, for a long time, to unencrypt the content harming the investigation and resulting in the soon release of corrupt officers. Here is where computer forensics come into the game in order to analyze and recover any information compatible with the evidence.

The aim of computer forensics is to reconstruct events in a device in order to collect evidence or traces of it to support or deny a claim before a court. That’s why the main task computer forensic agents do is to recover data, also deleted or encrypted data. The difference between the software used by a computer forensics agent and a regular user recovering lost data is the audit log documenting the procedure and events in a legally acceptable format, in some cases the agents record the whole process in video but the task itself is among the easiest since when we delete information from a hard disk we are not removing the data but marking the sector as free to store new information, until the new information doesn’t reach the disk sector the information can be restored, to avoid this we must wipe our data rather than just removing it.

Computer Forensics is even able to recover unsaved data stored in the RAM memory, that’s why there are tools to work on device images and on live sessions, this second method is known as Live Analysis and is the first step when the device to research is turned on.

More modern methods like Stochastic Forensics allow us to know if data was leaked by identifying timestaps related to an activity like copying a file, something impossible before since instructions like copying don’t leave traces in the system.

Computer forensics are in practice mainly about recovering and decrypting data but also allows to detect compromising elements within a system such as malwares, malicious code or hacking attacks against a device.

When the Argentinian prosecutor Alberto Nisman was murdered hours before being expected to present charges against the ex president, computer forensic agents found remote intrusive connections to his personal computer leading the investigation against his own computer aide.

Kali Linux, the most popular Linux distribution for security tasks comes with the most powerful and popular tools to carry out computer forensics tasks without need for previous knowledge. Since Kali can be launched as live cd/usb it is a great option to explore these tools I will present in the next article.

I hope you found this introduction to computer forensics useful. Keep following LinuxHint for more tutorials and updates on Linux.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Install Wine on Linux Mint for Windows Compatibility

Wine is a great solution to run Windows apps on several POSIX-compliant OS, for example, Linux, macOS, and BSD, etc. It’s...

Install Portainer Docker UI Web Interface on Ubuntu 18.4

Docker is a free, open source software tool that provides an open platform to pack, ship, share and run any application...

[ KVM ] Tổng quan về Virtualization và Hypervisor

Virtualization là gì? Virtualization, hay còn gọi là ảo hóa, là một công nghệ được thiết kế để...
Bài Viết

Bài Viết Mới Cập Nhật

Sử dụng Proxy để Quản Lý Tài Khoản Quảng Cáo Ads Một Cách An Toàn

Hướng Dẫn Sử Dụng Socks5 Trên Trình Duyệt Chrome

Các tiện ích và công cụ để quản lý proxy.

Tác động của việc sử dụng proxy đến tốc độ kết nối internet của bạn.

Các cách để kiểm tra tốc độ và độ ổn định của proxy.