Computer Forensics

Forensic science is the branch of science that deals to investigate crimes using scientific methods. Whereas digital or computer forensic is the branch of forensic science that used to investigate electronic crimes. Computer forensics involves some techniques to capture important data that would be useful in your reports and reports should be admissible evidence to court. Electronic crimes involves electronic data including money laundering, espionage, piracy theft, extortion, malware attacks, spoofing, key logging. These crimes can be investigated using scientific methods. In this book, data acquisition described, that is the first step in computer forensics. Data acquisition involves bit-streaming which means you can create an image file of your data with the same date and time because using bit-streaming you can't compromise your evidence. In this book, we described bit-streaming with advance tools and techniques. We used more than three tools to acquire data only. Here's the question, why we acquire data and why bit-streaming is important for computer forensics and investigation. When a cyber-incident happens, it is very important for a cybercrime analyst to use standard ways to response against that incident. Incident response based on logical as well as physical. When cybercrime analyst responses against cyber-attack, one thing must be understand to diagnose system states (described in this book also) and actions, what he/she must do if system is alive or dead. In this book we explained not only acquisition but we also explored advance methods to acquire data. Data acquisition is applied when you want to get whole image of suspect machine. You can also acquire data using live acquisition method or offline method. Live acquisition can be done using universal live acquisition tool Helix or using your server also. In this book we also elaborated different tools used in Helix. Helix provides flawless performance during acquisition, Helix launched by e-fence, they launched two versions, free and commercial. Offline acquisition involves offline tools that used to acquire your image when you reached at incident place and you got instructions or decision to acquire data of a suspect machine. RAM acquisition is a very crucial part of forensic data acquisition. In this book, we discussed some built-in commands to acquire data for a RAM in case of Linux operating systems; if suspect machine would be based on Windows the method is also explained. At the end of this book, the used of C.A.I.N.E also described that gives you to acquire data with number of latest options; using C.A.I.N.E we can also acquire data for mobile phones, by attaching mobile phones we can acquire data for BlackBerry phone, Apple devices, Android device, MAC devices. There are some protocols defines when we used server based acquisition that offers Helix to connect suspect machine with your server using First Responder Utility (FRU). Helix also provides Net Cat listener (NC) option to listen port to connect using this port. NC option is also useful to get initial information related to network and port connections. This is very useful feature to investigate network devices. Some port numbers and their related task defined at the end of this book. I hope you'll feel more satisfaction by reading and applying techniques that thoroughly explained in this book.Prepare Yourself ForGIAC Certifications: GSECGPE