Digital Forensics

Mon
18
Jul

How to Conduct Forensic Analysis of MAC System?

How to Conduct Forensic Analysis of MAC System?

Macintosh is an Operating system of Apple manufactured computers and workstations. According an estimate currently around 1 billion MAC and iOS devices are in use. Due to the increased use of Macintosh based systems/devices MAC Forensic Analysis has become a distinct sub-section of Digital Forensic Analysis. The MAC Operating system has evolved through different stages and versions and latest variant MAC operating system is OS X (version OS X El Capitan). MAC OS is based on Hierarchical File System (HFS/HFS+) which consists of a group of folders and subfolders in which data is stored. HFS+ Data Structures have five special files that define the HFS+ file system including

Mon
07
Mar

Why E-Discovery is important to Organizations?

Why E-Discovery is important to Organizations?

Electronic Discovery (E-Discovery) as a practice is becoming more critical in the Litigation portfolio of an Organization in the recent times due to the increased regulatory requirements, data privacy issues and legal disputes inherent to business.

Discovery in Legal terminology refers to a process in a Civil Litigation by which relevant information is sought, acquired, processed and presented to the required parties.  Electronic Discovery is the discovery of the Electronically Stored Information (ESI) of an Organization. The ESI of an organization can be in multiple forms such as emails, instant messages, word processing documents, spreadsheets, shared drive data, business applications data, voice data, media files, voice recordings, data on cloud and virtual environment and various other forms of unstructured data.

Wed
24
Feb

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

The recent Malware attacks on banks, financial institutions, and payment processors are a validation of the increasing technical expertise of cyber-criminals and their ability to cause significant damage while orchestrating remotely. From mobile malware to banking Trojans, and point-of-sale (POS) and retail breaches, the threat landscape continues to evolve.  According to anti-malware product vendors, the average time to resolve a malware attack ranges from 18-26 days, resulting huge business down-time. In addition, the average cost of cleanup, cost of investigation, increased manifold.  The two reasons for this pathetic situation are:

Tue
17
Nov

Forensic Artifacts from a Linux Machine

Forensic Artifacts from a Linux Machine

As per net market share’s October 2015 statistics on Desktop share, 1.57% of desktop market is owned by Linux.  Whereas windows owns 90% of desktop market share. The market share of Linux is very less compared to windows market, but companies who do not want to invest more on their IT infrastructure prefers to make use of open source operating systems like Linux operating systems. We can find most of the researchers prefers to perform Research & Development activities with open source products. A company who has a strong information security policy would like to provide exceptions to these assets by isolating them from standard operating environment. There are more threats like data leakage, malware infection for this set of assets. So Carrying forensic analysis of such devices/ environment needs special attention of forensic examiner in developing specialized skill set of analysis of operating systems.

Wed
04
Nov

Mobile Forensics - Data Acquisition Methods

Mobile Forensics - Data Acquisition Methods

Forensics is a well-known technique in current trends, it has different phases in its existence, and Digital forensics is one of them. Digital forensics is the process of uncovering electronic data. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital evidence for the purpose of reconstructing past events. The context is most often for usage of data in a court of law, though digital forensics can be used in other instances.

The different branches of Digital forensics involves in dealing with Cyber forensics, Malware forensics, Incident Response, Mobile device forensics, and database forensics.

Mobile forensics

Mon
14
Sep

Are you Prepared for Incident Response?

Are you Prepared for Incident Response?

Tools Are Weapons – Only If Configured Properly

Forensic Readiness Assessment

Introduction:

                Every corporate is a victim of direct or indirect information security threat that happens around them it may be a corporate espionage, financial fraud, insider threat, ipr issues and many more for any of these threats the end target is your digital data. Protecting them most advanced techniques like encryption and all will protect the data but is that data stored and can it be retrieved whenever required safely by experts. Now-a-days most of the corporates is undergoing in investigating the threat happened, but the time and cost that they keep in investigation is more. To help to complete investigation more effectively in reduced time with reduced cost Forensic Readiness Assessment can be implemented.

Objective:

Mon
31
Aug

Digital Evidence - Is it protected in your network

Digital Data to Digital Evidence
“Digital Evidence is not just a piece of information it’s a trace of an incident happened”
If you are working on or maintaining a digital device network be cautious, because you are working on a digital evidence and not just the digital data, but what is this digital data and digital evidence and how is it different?
 
Any information that is stored and transmitted in binary format is your Digital Data. Identifying such information and following the methods to submit that information as a supporting data in the court of law / to the management makes it important Digital Evidence. 
 
Tue
21
Jul

Digital Forensics 101: Undeleting a file

Digital Forensics 101: Undeleting a file

Ever wondered why it takes more time to create/copy a file on the storage device than delete it?
If you were to write on a paper with a pencil, and then erase it, the erasing task should take about the same effort and time as the writing task did. Whereas, in a computer, when you copy a movie of 700MB to the disk, it would take some minutes for the task to complete. When you select this file and delete it, it’s gone in seconds.
The reason forensic analysts can "undelete" a file is because of the above anomaly. When a computer is asked to delete a file it does not get down to erase the entire content of the file from the hard disk. What it does instead is remove the entry of the file from the table that tracks the existence of the file.
Analogy:

Pages

Subscribe to RSS - Digital Forensics