Lecture 9 - Digital Forensics Basics Flashcards
What is digital forensics?
A digital investingation that focuses on digital devices e.g. laptops , mobile phones. It is a process where hypothesis are developed and tested to answer questions about digital events. Within the process we acquire and go through (analyse) data found in digital devices.
What are the goals of digital forensics?
- prevention of further intrusion on digital device (s) - make sure the event doesn’t happen again
- assess the damage on the system - can it be used safely again
- recontruct the timeline of incident (s) , typically to prosecute criminals and for interal organizational proceedings
What kind of events are analysed with digital forensics?
- computer intrusion
- generic criminal activity (e.g. using the device to look up information used in later crime -> crime doesn’t have to be digital, but related to information used)
- device as a direct instrument of crime e.g. using phone to set off a bomb, email scam , fraud , intrusion on other systems
Our hypothesis for digital forensics has to be backed up with …
evidence found from the process
When doing digital forensics what to do we need to follow?
The procedural (how we come up with evidence) and legal notion (defined by rules of evidence , differs by legislation)
Can hear say be used as evidence?
No, it is procedurally evidence, but cannot be used as legal evidence
What are the 4 types of digital forensics?
- computer forensics
- network forensics
- mobile forensics
- forensic data analysis
What is computer forensics?
is the procedure of acquiring
a snapshot of the internal state of a computer system (cloning the hard drive/memory) and moving on in analysing the acquired copy
When are forensics procedures normally applied?
Most of the time these practices are used in digital crime investigations and the goal is to lead into successful prosecution.
What is network forensics?
is focusing on the communication aspect of the device and it
captures the traffic as data for further analysis -> helps in intrusion detection.
What is mobile forensics?
Mobile Forensics is representing practices employed for recovering data from a mobile device
What is forensic data analysis?
another branch which
focuses on structured data analysis relevant to financial crimes
Who should be aware of digital forensics (practices , evidence , notions etc. )?
- Those involved in the legal proceedings that might use the digital evidence -> judges , prosecutors etc.
- those involved in system administration e.g. system admins , network admins , security officers
- those writing system procedures
Why is digital forensics important?
- to be able to recover data
- to be able to discover malicious activies and hence prosecute criminals
