Definition of computer forensics

29/12/2020
Chưa phân loại
Computer forensics are not exclusively related to cyber crime, in fact it is mostly applied in cases not involving cyber crime but in which the implicated actors used technological devices to store or share information: almost any citizen involved in legal troubles.

In 2015 an Israeli corruption network integrated by police men and top prosecutors like Ruti David was uncovered while dropping and plating fake charges against citizens who paid or refused to pay bribery. When a key policeman, Ronal Fisher, was detained his cell phone was confiscated for further research, Fisher’s phone was encrypted and the Israeli police was unable, for a long time, to unencrypt the content harming the investigation and resulting in the soon release of corrupt officers. Here is where computer forensics come into the game in order to analyze and recover any information compatible with the evidence.

The aim of computer forensics is to reconstruct events in a device in order to collect evidence or traces of it to support or deny a claim before a court. That’s why the main task computer forensic agents do is to recover data, also deleted or encrypted data. The difference between the software used by a computer forensics agent and a regular user recovering lost data is the audit log documenting the procedure and events in a legally acceptable format, in some cases the agents record the whole process in video but the task itself is among the easiest since when we delete information from a hard disk we are not removing the data but marking the sector as free to store new information, until the new information doesn’t reach the disk sector the information can be restored, to avoid this we must wipe our data rather than just removing it.

Computer Forensics is even able to recover unsaved data stored in the RAM memory, that’s why there are tools to work on device images and on live sessions, this second method is known as Live Analysis and is the first step when the device to research is turned on.

More modern methods like Stochastic Forensics allow us to know if data was leaked by identifying timestaps related to an activity like copying a file, something impossible before since instructions like copying don’t leave traces in the system.

Computer forensics are in practice mainly about recovering and decrypting data but also allows to detect compromising elements within a system such as malwares, malicious code or hacking attacks against a device.

When the Argentinian prosecutor Alberto Nisman was murdered hours before being expected to present charges against the ex president, computer forensic agents found remote intrusive connections to his personal computer leading the investigation against his own computer aide.

Kali Linux, the most popular Linux distribution for security tasks comes with the most powerful and popular tools to carry out computer forensics tasks without need for previous knowledge. Since Kali can be launched as live cd/usb it is a great option to explore these tools I will present in the next article.

I hope you found this introduction to computer forensics useful. Keep following LinuxHint for more tutorials and updates on Linux.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Kubernetes Ingress

Kubernetes has a lot of moving parts. This is to be expected from any model meant for distributed computing. To explore...
29/12/2020

Ubuntu 18.04 LTS Beta 1 Released for All Ubuntu Derivatives

OMG Ubuntu has pointed out that Betas are now available for all major Ubuntu derivative platforms!  Get started with...
28/12/2020

Blind SQL Injection Techniques Tutorial

What is SQL Injection? SQL Injection is a type of database attack in which an attacker tries to steal information from...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Check proxy trên trang nào chuẩn nhất❓
01/11/2023

Thuê Proxy chạy Google Ads / Cần chú ý gì khi chọn proxy và email chạy G.G ads?
12/10/2023

Thuê proxy 4G ở đâu uy tín, giá rẻ, chất lượng?
05/10/2023

Vì sao cần thuê proxy xoay? Địa chỉ cung cấp proxy xoay uy tín
05/10/2023

Thuê proxy v6 kéo view Youtube ở đâu uy tín, chất lượng?
05/10/2023