Forensics concerns the application of a systematic investigation technique Reconstruction of a sequence of events Most people are now familiar with the concept of forensics From TVs and movies, "CSI (crime scene investigation)" is one of the most popular. Forensic Science was for a long time - and still is actually - most associated with forensic pathology - Find out how people died. The forensic record was only on this topic In 1248, a Chinese book, Hsi DuanYu (Wrong Wash) was published. this It has been told in the book how to tell whether someone is drowned or strangled.
Digital Forensics is a bit less messy and a little less famous. It is the art of rebuilding What happened in the digital device. In the past, it was limited to computers only, but Now all digital devices like mobile phones, digital cameras and even GPS 2 are included equipment. It has been used to catch killers, hijackers, fraudsters, mafia owners and many others. Other definitely unfriendly people
Forensic Principles
There are many basic principles that are necessary regardless of your Computer or zombies are investigating. This section is a quick summary of these states.
Avoid Contamination
On TV, you see that forensic testers wear a white suit wearing gloves Proof with tweezers and put in sealed plastic bags. To stop all this "Contamination". This is where evidence is tainted, for example, being connected by fingerprints Pick someone with a knife handle (think that fugitive if you have seen it ... see What happened to him in this! )
Act Methodically
Whatever you do, when (if?) You go to court, then you will need to justify all the tasks Which you have taken. If you work in a scientific and methodical way, carefully create notes What is it that you are doing and how you do it, this just becomes very easy. this Allows someone else to follow your steps and verify that you have not made any mistake Which can put the value of your evidence in doubt?
Chain of Evidence
You should retain something called "chain of evidence". This means that any time The point from the seizure of evidence until you make the final presentation in the court, which you can Who has access to it, and where is it? It tells the rule of possibility Someone has tampered with it, or in some way, it has been misconstrued,
Conclusion
Keep these things in mind, and even if you are not taking your work to court, You will be able to maximize your abilities as a forensic tester.
Stand-alone Forensics
This section is about the forensic examination of a personal machine. For a better wish Term, we call it "stand-alone forensic". This is probably the most common part of Computer Forensic - Its main role is to find out what has been done using a particular computer. Forensic testers may be looking for evidence of fraud, such as financial Spreadsheet, proof of communication with someone else, e-mail or an address book, or Evidence of a particular nature, such as pornography.
Hard Drive and Storage Media Basics
There are several components that make an average computer. The processor is Memory, graphics card, CD drive and more. One of the most important components is the Hard disk (hard drive). This is where most information is needed for the computer Is stored to operate. Operating system (OS) such as Windows or Linux remains here, together With user applications such as word processor and game It is also important Through the process of saving a file, either intentionally, the amount of data is stored Incidentally, through the use of temporary files and caches. This allows the forensic tester Reconfirm tasks that a computer user has made on the computer, which are files have been accessed and much, much more.
There are several levels on which you can check the hard disk. for the purposes of Exercise, we are only going to see the file system level. Although it is worth noting that Professionals are able to determine a great level of detail on a disk to expand Is included - even if it has been overwritten multiple times
The file system is a computer implementation of a filing cabinet. Contains drawers (Files), files (directories) and different pieces of paper (files). Files and directories can It is hidden, however, it is only a superficial thing and it can be easily removed.
Working through the following exercises should give you a better understanding The basics of disk storage.
Encryption, decryption, and file format
Many files that come to you will not be read immediately. Many programs
Have their own proprietary file formats, while others use standard formats - for example
Standard Picture Format - gif, jpeg, etc. Linux provides an excellent utility to help you
Determine what the given file is. This is called a file.
An example of the use of file commands is shown below:
This allows you to start some effort to read a certain type of file. There one
The number of file conversion utilities available to you under Linux, and even more
Many file viewers for the internet, as well as various formats. Sometimes it may be necessary
More than one step to reach one place where you can actually work with data - try to think
Playback!
Occasionally, you will come across files that have been encrypted or password protected.
The complexity that this presents is different from the encryption, which easily breaks that stuff.
Even NSA (or GCHQ or whatever your local government agency may have)
Headache can happen. There are many tools available on the internet again that you can
Use to try to break the encryption on file. It pays to check the surrounding area
Well, can be written somewhere nearby. Common options for password include:
Pets, relatives, dates (wedding, birth date), telephone number, car registration, and
Other simple additions (123456, ABCDF, QWERTY, etc.). People are also reluctant to use
One or more passwords for everything, so if you can reverse engineer on a password
One file or application, try it on others. It is highly likely to be similar.
Finding a Needle in a Headstock
Commercial forensic software includes powerful search tools that allow you to search
Permutations of multiple combinations and factors. Without this expensive commercial equipment
You need a little more resource. Linux offers you plenty of scopes to build
Similar tools using standard utilities The following text explains the use of search, grep and strings,
And then describes the use of pipes to combine them.
Search
[Path ...] Find [expression]
Search is used to locate files that meet certain criteria within the operating system. This is not
Designed to look within the files. There should be a million permutations of expression
Can be added to search for a file.
Grapes
grep is a very powerful tool. It is used to find some lines within a file. It allows you
Quickly find files that contain some things within a directory or file system. Also allows
Search on regular expressions. There are search patterns that allow you to specify criteria
That search should match. For example: Finding all the strings in a dictionary that starts with "S"
And finish with "T" to help make a crossword.
grep ^ s. * t $ / usr / share / dictatorship / term
Wire
The wire is another useful utility. It will search for human-readable via any type of file
Wire. It can return a lot of information about a specific file, often provides
Information about the application that created it, author, original creation time and so on
AWK
Awk is a programming language designed to work with strings. It is used to remove
Information about feeding on one command to another, For example, just to run
With ps command program, you will use the following:
Ps | awk '{print $ 4}'
Pipe "|"
All of the above tools are easily combined using the UNIX "Pipe" command. Shown with
"|" Symbol This allows you to take the output of a command and feed it under a pipe
For another order. The current directory that contains mpg files, to find all files, use
Following:
ls | grep mpg
Using Other Sources
There are many other interesting ways to check how computers are used. Every app that goes away will record some additional data beyond the file
Directly moves in or holds files. This can include processing, temporary files of lists The history of last accessed files or web-browser.
What is Network Forensic
Network Forensics is used to determine where the computer is located and to prove whether a
The special file was sent from a particular computer. While the network forensics can be very
Complex, we will cover some basic things that can be implemented in everyday life.
Firewall Log
Who is joining me? Firewall is a utility that can choke the connection between the two Points in a network There are many types of firewalls available. Regardless of type and job Firewall, this is a firewall log that gives you details. By using only logs, you can find Attacks and abuse patterns on your firewall
Related:
Related:
No comments:
Post a Comment