SlideShare uma empresa Scribd logo

180 184

E
Editor IJARCET
Tecnologia
1 de 5
Baixar para ler offline
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 COMPREHENSIVE STUDY OF DIGITAL FORENSICS Jatinder kaur, Gurpal Singh SMCA, Thapar University, Patiala-147004, India jyoti929@gmail.com, gurpalsingh123@gmail.com  Abstract— This paper presenting the review about digital forensics, it consists of techniques as well as various tools used to accomplish the tasks in the digital forensic process. Network forensics is forensics and important technology for network security area. In this paper, we inspect digital evidence collection processes using these tools. From last few decades the Figure 1 : Shows processes to collect digital data digital forensic techniques have been improved appreciably but still we face a lack of effective forensics tools to deal with varied incidents caused by these rising technologies and the advances 2. Collect, observe & preserve. in cyber crime. This article discusses the tools used in network 3. Analyze , identify and forensics , various gaps founds in these tools, and the 4. Rebuild the evidence and verify the result every time [16]. advantages and disadvantages of these tools. In the document describe digital evidence collection process Index Terms— Forensics, Digital evidence, Network forensics, as follows: computer forensics, Cyber crime , Encase, Sleuth Kit. 1. Where is the evidence? List out the systems were involved in the incident and from which evidence will be collected. I. INTRODUCTION 2. Establish what is likely to be relevant and admissible. Forensics is use of science and technology to investigate and When in doubt err on the side of collecting too much rather establish facts in criminal and civil courts of law. Internet than not enough. Forensics includes techniques and methodologies to collect , preserve and analyze digital data on the internet for 3.For each system, obtain the relevant order of volatility. investigation purposes. It is a field of research and practice that has evolved as a 4. Remove external avenues for change. result of increasing internet usage and the move of criminal activity. It is also argued that internet forensics evolved as a 5. Following the order of volatility, collect the evidence with response to the hacker community. tools Digital forensics focuses on developing evidence pertaining to digital files that relate to a computer document, email, text, 6.Record the extent of the system's clock flow. digital photograph, software program, or other digital record 7. Question what else may be evidence as you work through which may be at issue in a legal case. It is a branch of forensic the collection steps. science to monitor, analyze and examine digital media or 8.Document each step. devices. The government and the corporate security firms dedicate significant resources to investigating the insider 9. Don't forget the people involved. Make notes of who was computer attacks that continue to plague organization a there and what were worldwide. Computer forensics process consist of they doing, what they observed and how they reacted[2]. Preparation, Acquisition , Preservation, Examination and analysis and Reporting[1] . Among these steps, Acquisition step is a procedure that investigators collect digital evidence and garauntee integrity of evidence at incident site. II. WHY WE NEED FOR DIGITAL FORENSICS? Accordingly , Acquisition step most significant step for efficient investigation. Unauthorised access : This occurs when a user/hacker Cyber Analyst performs the following tasks while working deliberately gets access into someone else’s network either with digital evidences: to monitor or data destruction purposes[3]. 1. Identify: Any digital information or artifacts that can be used as evidence Denial of service attack : It involves sending of disproportionate demands or data to the victims server 180 All Rights Reserved © 2012 IJARCET
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 beyond the limit that the server is capable to handle and 2. Access Data’s FTK hence causes the server to crash. Drive Spy is a powerful tool that recovers and analyses data on FAT 12, FAT 16, and FAT 32disks can search for altered Virus ,Worms and Trojan attacks : viruses are basically files and keywords[4]. programs that are attached to a file which then gets circulated to other files and gradually to other computers in the FTK is an easy to use GUI application for FAT 12, FAT 16, network. and FAT 32 and new technology file system (NTFS) disks Worms unlike viruses do not need a host for attachments 1. FTK Imager they make copies themselves and do this repeatedly hence 2. Registry Viewer eating up all the memory of the computer. 3. Password Recovery Toolkit III. ENABLED STRATEGIES TO COMPUTER IV. VARIOUS TECHNOLOGIES USED FOR FORENSICS : TOOLS FORENSICS Computer forensics involves the preservation, identification, A ENCASE : extraction, documentation and interpretation of computer data, in which computer forensics is defined as “an art of This tool is Used to Analyse digital Media. It performs the science using sophisticated methods and procedures to following function Data acquisition , file recovery, file preserve, identify, extract, document, examine, analyze and parsing, and hard disk format recovery. interpret digital evidence.” This methodology and basic It is a network enabled incident response system which offers principles are briefly stated as follows: immediate and complete forensic analysis of volatile and static data on compromised servers and workstations (1) Acquire the evidence without altering or damaging the anywhere on the network, without disrupting operations. It is original. used for the verification of the data after verifying it gives the hash value[6]. There are three (2) Authenticate the recovered evidence as being the same as components of Encase tool which are discussed below: the originally seized data. 1. The first of these components is the Examiner software (3) Analyze the data without modifying it. This software is installed on a secure system where Investigations and audits are performed. The computer forensics operating strategies below provide effective investigation procedures for cyber crime cases. 2. The second component is called SAFE, which stands for Secure Authentication of EnCase. SAFE is a server 1.Preserve the evidence : Digital evidence can be changed at any time by striking the keyboard or clicking the mouse. If which is used to authenticate users, administer access the evidence is not handled properly, it could result in rights, maintain logs of EnCase transactions, and evidence damage, inaccessible data, inability to prove that provide for secure data transmission. the suspect committed the crime, or even a possibility of having no evidence. Therefore, the first step upon arrival at 3. The final component is Servlet, an efficient the scene of the cyber-crime is to properly control the scene and begin to record the time, carry out the investigation and component installed on network workstations and collect all significant digital evidence. servers to establish connectivity between the Examiner, Digital evidence is, by its very nature, fragile[5]. SAFE, and the networked workstations, servers, or services being investigated. 2. Examine the evidence: After obtaining the evidence from the scene, the next step is to analyze it. Common computer documents, pictures and sounds can be examined by many ENCASE WORKING SNAPSHOTS: different software programs. However, the biggest problem is deleted documents, sometimes having been deleted by the How to recover the hard disk format data with the help of suspect, which could be the most important evidence of all. Encase tool. In these snapshots the working of the tool is Thus, slack space in the hard drive must also be scanned; this is one of the main reasons for using the bit-stream-copy discussed below : method. A software tool must be used here to do string searching and document rebuilding. (3) Evidence analysis: After examination and analysis of the evidence is to recover data from deleted files, files fragments, complete files. Tools used for this process are: 1. Digital intelligence’s Drive spy 181
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 B. FTK Explorer  Developer : Access Data  Operating System : Windows  Type : Computer Forensics Main purpose of this toolkit is to Locate deleted e-mails. Disk imaging program called FTK Imager. FTK Imager saves an image of a hard disk in one file that may be later on reconstructed. Through this toolkit the Figure:2 Interface of Encase tool recovery of password can be constructed. With the help of this tool from Winzip, WinRar, Gzip and compressed file This is the main screen of the encase tool. In this we data is automatically extracted. will first select the option new and then after FTK processes data faster than any other computer forensics selecting the case option and save this new case by solution. It delivers true distributed processing, allowing you giving the name as your choice. to divide your processing across four workers. Furthermore, FTK is the only computer forensics solution to fully leverage multithreaded, multi-core computers. So while common forensics tools waste the potential of modern hardware solutions, FTK will fully utilize anything you throw at it[5]. • Faster more efficient processing • Cancel/Pause/Resume functionality • Better real-time processing status • CPU resource throttling • Email notification upon processing completion. FTK delivers advanced memory and volatile analysis to aid forensic investigators and incident responders. Memory Analysis: Enumeration of all running Processes( Including those Figure:3 Interface working of tool hidden) 1. DLL list 2. Network Sockets 3. Drivers loaded in memory 4. Device driver layering identification 5. Handles 6. Enumeration and hook detection of 7. SCT,IDT and IRP 8. Devices 9. Registry enumeration 10. VAD tree Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated and dump the corresponding item[6]. Figure:4 In this figure there is case folder presented by this screenshot . Choose the drive from which you want to recover the data. After that click next and it will recover the deleted drive and the content of that hard drive successfully by this tool. These are the steps of Encase tool which we can use to recover hard disk deleted data. 182 All Rights Reserved © 2012 IJARCET
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 TSK is a collection command line tools that provides media management and forensics analysis functionality. The autopsy forensic browser is a GUI front end for the TSK product. SLEUTH KIT CORE TOOLS 1. File System Layer 2. File Name Layer 3. Meta Data Layer 4. Data Unit Layer 5. Media Management 6. hfind 7. mactime 8. sorter AUTOPSY BROWSER ADDS TO TSK 1. Dead Analysis 2. Live Analysis Figure:7 FTK interface 3. Case Management 4. Even Sequencer FTK runs in windows operating system and provides a very 5. Notes powerful tool set to acquire and examine electronic media. 6. Image Integrity 7. Reports C. SLEUTH KIT 8. Logging Sleuth kit runs on windows and Unix system. It is the file system tool allow you to examine file systems of a suspect V. CONCLUSION computer in a non-intrusive fashion. Because thetools do not rely on the operating system to process the file systems, Sleuth Kit along with Autopsy Browser has been selected as deleted and hidden content is shown. the best tool to implement for hands on training. The purpose The Sleuth Kit is written in C and Perl . With these tools, you of this paper is to introduce the aforementioned concepts in the cyber-crime investigations domain and the suitability of can identify where partitions are located and extract them so the underlying tools is studied Furthermore, a variety of that they can be analyzed with file system analysis tools. digital forensics tools include digital evidence bag, The Sleuth Kit has been tested on[6]: automated logging – network tools in particular – which • Linux could be interfaced with the proposed system. By doing this, • Mac OS X a more specialised system equipped with the appropriate • Windows (Visual Studio ) semantics would allow further exploration of the efficiency and effectiveness of the tool.By comparing the features of these given tools in this paper in future we will give a new design and implementation framework of network forensics system for these tools with efficient results to collect the digital evidence. VI. REFERENCES [1] Kenneally, E.K., “The Internet is the Computer: the role of forensics in bridging the digital and physical divide”, Digital Investigation, Vol. 2, Issue 1, 2005, pp. 41-44. [2] Chung-Huang Yang,Pei-Hua Yen ” Fast Deployment of Computer Forensics with USBs” 2010 International Conference on Broadband, Wireless Computing, Communication and Applications Figure:8 Interface of Sleuth kit/Autopsy browser 183
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 [3] Hanan Hibshi Carnegie ,Timothy Vidas Carnegie ,Lorrie Cranor Carnegie Mellon University Pittsburgh, PA, USA “Usability of forensics tools: user study” 2011 Sixth International Conference on IT Security Incident Management and IT Forensics. [4] Syed Naqvi, Gautier Dallons, Christophe “Applying Digital Forensics in the Future Internet Enterprise Systems – European SMEs’ Perspective”(CETIC) Charleroi, Belgium 2010 Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering. [5] Mario Hildebrandt, Stefan Kiltz and Jana Dittmann” A Common Scheme for Evaluation of Forensic Software” 2011 Sixth International Conference on IT Security Incident Management and IT Forensics. [6] Guidance Software, EnCase. http://www.guidancesoftware.com [7] Ashley Brinson*, Abigail Robinson, Marcus Rogers “A cyber forensics ontology: Creating a new approach to studying cyber forensics” d igital investigation 3 S ( 2 0 0 6 ) S 3 7 – S 4 3. [8] Frank Y.W. Law, K.P. Chow, Michael Y.K. Kwan, Pierre K.Y. Lai “Consistency Issue on Live Systems Forensics”. [9] Yong-Dal Shin* ”New Digital Forensics Investigation Procedure Model” Fourth International Conference on Computing and Advanced Information Management. [10] Seokhee Lee, Hyunsang Kim, Sangjin Lee, “Digital evidence collection process in integrity and memory information gathering”. [11] Dan Manson, Anna Carlin, Steve Ramos, Alain Gyger, Matthew Kaufman, Jeremy Treichelt “Is the Open Way a Better Way?Digital Forensics using Open Source Tools” Proceedings of the 40th Hawaii International Conference on System Sciences – 2007”. [12] Marcus K. Rogers, Kate Seigfried” The future of computer forensics: a needs analysis survey” Received 21 November 2003; accepted 6 January 2004. [13] Maria Karyda and Lilian Mitrou,” Internet Forensics: Legal and Technical Issues” Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007). [6] Simson L. Garfinkel,” Automating Disk Forensic Processing with SleuthKit, XML and Python” 2009 Fourth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering. . 184 All Rights Reserved © 2012 IJARCET

Recomendados

Computer forensics
Computer forensicsComputer forensics
Computer forensics
deaneal
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEWFORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
cscpconf
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes
Kranthi
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 

Recomendados

Computer forensics
Computer forensicsComputer forensics
Computer forensics
deaneal
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEWFORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
cscpconf
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes
Kranthi
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
Agape Inc
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
computer forensics
computer forensics computer forensics
computer forensics
samantha jarrett
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.
Vishal Tandel
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
OWASP Khartoum
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systems
ijsrd.com
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
Parsons Corporation
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
Ollie Whitehouse
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
Online
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
Dhruv Seth
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
Ambuj Kumar
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
Chandan Sah
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
Soumen Debgupta
 
476 479
476 479476 479
476 479
Editor IJARCET
 
313 318
313 318313 318
313 318
Editor IJARCET
 

Mais conteúdo relacionado

Mais procurados

05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
Soumen Debgupta
 

Mais procurados (20)

Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
computer forensics
computer forensics computer forensics
computer forensics
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systems
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 

Destaque

Electrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationElectrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturization
Editor IJARCET
 

Destaque (9)

476 479
476 479476 479
476 479
 
313 318
313 318313 318
313 318
 
42 46
42 4642 46
42 46
 
20 54-1-pb
20 54-1-pb20 54-1-pb
20 54-1-pb
 
Alfabeto Emocional
Alfabeto EmocionalAlfabeto Emocional
Alfabeto Emocional
 
303 306
303 306303 306
303 306
 
643 648
643 648643 648
643 648
 
87 90
87 9087 90
87 90
 
Electrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationElectrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturization
 

Semelhante a 180 184

Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
IJMIT JOURNAL
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
IJMIT JOURNAL
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
CSCJournals
 

Semelhante a 180 184 (20)

Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptx
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
504 508
504 508504 508
504 508
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
 
cyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricscyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometrics
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection System
 
IOT Forensics
IOT ForensicsIOT Forensics
IOT Forensics
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 

Mais de Editor IJARCET

Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207
Editor IJARCET
 
Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199
Editor IJARCET
 
Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204
Editor IJARCET
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
Editor IJARCET
 
Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189
Editor IJARCET
 
Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185
Editor IJARCET
 
Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176
Editor IJARCET
 
Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172
Editor IJARCET
 
Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164
Editor IJARCET
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158
Editor IJARCET
 
Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154
Editor IJARCET
 
Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147
Editor IJARCET
 
Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124
Editor IJARCET
 
Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142
Editor IJARCET
 
Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138
Editor IJARCET
 
Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129
Editor IJARCET
 
Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118
Editor IJARCET
 
Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113
Editor IJARCET
 
Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107
Editor IJARCET
 
Volume 2-issue-6-2098-2101
Volume 2-issue-6-2098-2101Volume 2-issue-6-2098-2101
Volume 2-issue-6-2098-2101
Editor IJARCET
 

Mais de Editor IJARCET (20)

Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207
 
Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199
 
Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189
 
Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185
 
Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176
 
Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172
 
Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158
 
Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154
 
Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147
 
Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124
 
Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142
 
Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138
 
Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129
 
Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118
 
Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113
 
Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107
 
Volume 2-issue-6-2098-2101
Volume 2-issue-6-2098-2101Volume 2-issue-6-2098-2101
Volume 2-issue-6-2098-2101
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

180 184

  • 1. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 COMPREHENSIVE STUDY OF DIGITAL FORENSICS Jatinder kaur, Gurpal Singh SMCA, Thapar University, Patiala-147004, India jyoti929@gmail.com, gurpalsingh123@gmail.com  Abstract— This paper presenting the review about digital forensics, it consists of techniques as well as various tools used to accomplish the tasks in the digital forensic process. Network forensics is forensics and important technology for network security area. In this paper, we inspect digital evidence collection processes using these tools. From last few decades the Figure 1 : Shows processes to collect digital data digital forensic techniques have been improved appreciably but still we face a lack of effective forensics tools to deal with varied incidents caused by these rising technologies and the advances 2. Collect, observe & preserve. in cyber crime. This article discusses the tools used in network 3. Analyze , identify and forensics , various gaps founds in these tools, and the 4. Rebuild the evidence and verify the result every time [16]. advantages and disadvantages of these tools. In the document describe digital evidence collection process Index Terms— Forensics, Digital evidence, Network forensics, as follows: computer forensics, Cyber crime , Encase, Sleuth Kit. 1. Where is the evidence? List out the systems were involved in the incident and from which evidence will be collected. I. INTRODUCTION 2. Establish what is likely to be relevant and admissible. Forensics is use of science and technology to investigate and When in doubt err on the side of collecting too much rather establish facts in criminal and civil courts of law. Internet than not enough. Forensics includes techniques and methodologies to collect , preserve and analyze digital data on the internet for 3.For each system, obtain the relevant order of volatility. investigation purposes. It is a field of research and practice that has evolved as a 4. Remove external avenues for change. result of increasing internet usage and the move of criminal activity. It is also argued that internet forensics evolved as a 5. Following the order of volatility, collect the evidence with response to the hacker community. tools Digital forensics focuses on developing evidence pertaining to digital files that relate to a computer document, email, text, 6.Record the extent of the system's clock flow. digital photograph, software program, or other digital record 7. Question what else may be evidence as you work through which may be at issue in a legal case. It is a branch of forensic the collection steps. science to monitor, analyze and examine digital media or 8.Document each step. devices. The government and the corporate security firms dedicate significant resources to investigating the insider 9. Don't forget the people involved. Make notes of who was computer attacks that continue to plague organization a there and what were worldwide. Computer forensics process consist of they doing, what they observed and how they reacted[2]. Preparation, Acquisition , Preservation, Examination and analysis and Reporting[1] . Among these steps, Acquisition step is a procedure that investigators collect digital evidence and garauntee integrity of evidence at incident site. II. WHY WE NEED FOR DIGITAL FORENSICS? Accordingly , Acquisition step most significant step for efficient investigation. Unauthorised access : This occurs when a user/hacker Cyber Analyst performs the following tasks while working deliberately gets access into someone else’s network either with digital evidences: to monitor or data destruction purposes[3]. 1. Identify: Any digital information or artifacts that can be used as evidence Denial of service attack : It involves sending of disproportionate demands or data to the victims server 180 All Rights Reserved © 2012 IJARCET
  • 2. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 beyond the limit that the server is capable to handle and 2. Access Data’s FTK hence causes the server to crash. Drive Spy is a powerful tool that recovers and analyses data on FAT 12, FAT 16, and FAT 32disks can search for altered Virus ,Worms and Trojan attacks : viruses are basically files and keywords[4]. programs that are attached to a file which then gets circulated to other files and gradually to other computers in the FTK is an easy to use GUI application for FAT 12, FAT 16, network. and FAT 32 and new technology file system (NTFS) disks Worms unlike viruses do not need a host for attachments 1. FTK Imager they make copies themselves and do this repeatedly hence 2. Registry Viewer eating up all the memory of the computer. 3. Password Recovery Toolkit III. ENABLED STRATEGIES TO COMPUTER IV. VARIOUS TECHNOLOGIES USED FOR FORENSICS : TOOLS FORENSICS Computer forensics involves the preservation, identification, A ENCASE : extraction, documentation and interpretation of computer data, in which computer forensics is defined as “an art of This tool is Used to Analyse digital Media. It performs the science using sophisticated methods and procedures to following function Data acquisition , file recovery, file preserve, identify, extract, document, examine, analyze and parsing, and hard disk format recovery. interpret digital evidence.” This methodology and basic It is a network enabled incident response system which offers principles are briefly stated as follows: immediate and complete forensic analysis of volatile and static data on compromised servers and workstations (1) Acquire the evidence without altering or damaging the anywhere on the network, without disrupting operations. It is original. used for the verification of the data after verifying it gives the hash value[6]. There are three (2) Authenticate the recovered evidence as being the same as components of Encase tool which are discussed below: the originally seized data. 1. The first of these components is the Examiner software (3) Analyze the data without modifying it. This software is installed on a secure system where Investigations and audits are performed. The computer forensics operating strategies below provide effective investigation procedures for cyber crime cases. 2. The second component is called SAFE, which stands for Secure Authentication of EnCase. SAFE is a server 1.Preserve the evidence : Digital evidence can be changed at any time by striking the keyboard or clicking the mouse. If which is used to authenticate users, administer access the evidence is not handled properly, it could result in rights, maintain logs of EnCase transactions, and evidence damage, inaccessible data, inability to prove that provide for secure data transmission. the suspect committed the crime, or even a possibility of having no evidence. Therefore, the first step upon arrival at 3. The final component is Servlet, an efficient the scene of the cyber-crime is to properly control the scene and begin to record the time, carry out the investigation and component installed on network workstations and collect all significant digital evidence. servers to establish connectivity between the Examiner, Digital evidence is, by its very nature, fragile[5]. SAFE, and the networked workstations, servers, or services being investigated. 2. Examine the evidence: After obtaining the evidence from the scene, the next step is to analyze it. Common computer documents, pictures and sounds can be examined by many ENCASE WORKING SNAPSHOTS: different software programs. However, the biggest problem is deleted documents, sometimes having been deleted by the How to recover the hard disk format data with the help of suspect, which could be the most important evidence of all. Encase tool. In these snapshots the working of the tool is Thus, slack space in the hard drive must also be scanned; this is one of the main reasons for using the bit-stream-copy discussed below : method. A software tool must be used here to do string searching and document rebuilding. (3) Evidence analysis: After examination and analysis of the evidence is to recover data from deleted files, files fragments, complete files. Tools used for this process are: 1. Digital intelligence’s Drive spy 181
  • 3. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 B. FTK Explorer  Developer : Access Data  Operating System : Windows  Type : Computer Forensics Main purpose of this toolkit is to Locate deleted e-mails. Disk imaging program called FTK Imager. FTK Imager saves an image of a hard disk in one file that may be later on reconstructed. Through this toolkit the Figure:2 Interface of Encase tool recovery of password can be constructed. With the help of this tool from Winzip, WinRar, Gzip and compressed file This is the main screen of the encase tool. In this we data is automatically extracted. will first select the option new and then after FTK processes data faster than any other computer forensics selecting the case option and save this new case by solution. It delivers true distributed processing, allowing you giving the name as your choice. to divide your processing across four workers. Furthermore, FTK is the only computer forensics solution to fully leverage multithreaded, multi-core computers. So while common forensics tools waste the potential of modern hardware solutions, FTK will fully utilize anything you throw at it[5]. • Faster more efficient processing • Cancel/Pause/Resume functionality • Better real-time processing status • CPU resource throttling • Email notification upon processing completion. FTK delivers advanced memory and volatile analysis to aid forensic investigators and incident responders. Memory Analysis: Enumeration of all running Processes( Including those Figure:3 Interface working of tool hidden) 1. DLL list 2. Network Sockets 3. Drivers loaded in memory 4. Device driver layering identification 5. Handles 6. Enumeration and hook detection of 7. SCT,IDT and IRP 8. Devices 9. Registry enumeration 10. VAD tree Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated and dump the corresponding item[6]. Figure:4 In this figure there is case folder presented by this screenshot . Choose the drive from which you want to recover the data. After that click next and it will recover the deleted drive and the content of that hard drive successfully by this tool. These are the steps of Encase tool which we can use to recover hard disk deleted data. 182 All Rights Reserved © 2012 IJARCET
  • 4. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 TSK is a collection command line tools that provides media management and forensics analysis functionality. The autopsy forensic browser is a GUI front end for the TSK product. SLEUTH KIT CORE TOOLS 1. File System Layer 2. File Name Layer 3. Meta Data Layer 4. Data Unit Layer 5. Media Management 6. hfind 7. mactime 8. sorter AUTOPSY BROWSER ADDS TO TSK 1. Dead Analysis 2. Live Analysis Figure:7 FTK interface 3. Case Management 4. Even Sequencer FTK runs in windows operating system and provides a very 5. Notes powerful tool set to acquire and examine electronic media. 6. Image Integrity 7. Reports C. SLEUTH KIT 8. Logging Sleuth kit runs on windows and Unix system. It is the file system tool allow you to examine file systems of a suspect V. CONCLUSION computer in a non-intrusive fashion. Because thetools do not rely on the operating system to process the file systems, Sleuth Kit along with Autopsy Browser has been selected as deleted and hidden content is shown. the best tool to implement for hands on training. The purpose The Sleuth Kit is written in C and Perl . With these tools, you of this paper is to introduce the aforementioned concepts in the cyber-crime investigations domain and the suitability of can identify where partitions are located and extract them so the underlying tools is studied Furthermore, a variety of that they can be analyzed with file system analysis tools. digital forensics tools include digital evidence bag, The Sleuth Kit has been tested on[6]: automated logging – network tools in particular – which • Linux could be interfaced with the proposed system. By doing this, • Mac OS X a more specialised system equipped with the appropriate • Windows (Visual Studio ) semantics would allow further exploration of the efficiency and effectiveness of the tool.By comparing the features of these given tools in this paper in future we will give a new design and implementation framework of network forensics system for these tools with efficient results to collect the digital evidence. VI. REFERENCES [1] Kenneally, E.K., “The Internet is the Computer: the role of forensics in bridging the digital and physical divide”, Digital Investigation, Vol. 2, Issue 1, 2005, pp. 41-44. [2] Chung-Huang Yang,Pei-Hua Yen ” Fast Deployment of Computer Forensics with USBs” 2010 International Conference on Broadband, Wireless Computing, Communication and Applications Figure:8 Interface of Sleuth kit/Autopsy browser 183
  • 5. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 5, July 2012 [3] Hanan Hibshi Carnegie ,Timothy Vidas Carnegie ,Lorrie Cranor Carnegie Mellon University Pittsburgh, PA, USA “Usability of forensics tools: user study” 2011 Sixth International Conference on IT Security Incident Management and IT Forensics. [4] Syed Naqvi, Gautier Dallons, Christophe “Applying Digital Forensics in the Future Internet Enterprise Systems – European SMEs’ Perspective”(CETIC) Charleroi, Belgium 2010 Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering. [5] Mario Hildebrandt, Stefan Kiltz and Jana Dittmann” A Common Scheme for Evaluation of Forensic Software” 2011 Sixth International Conference on IT Security Incident Management and IT Forensics. [6] Guidance Software, EnCase. http://www.guidancesoftware.com [7] Ashley Brinson*, Abigail Robinson, Marcus Rogers “A cyber forensics ontology: Creating a new approach to studying cyber forensics” d igital investigation 3 S ( 2 0 0 6 ) S 3 7 – S 4 3. [8] Frank Y.W. Law, K.P. Chow, Michael Y.K. Kwan, Pierre K.Y. Lai “Consistency Issue on Live Systems Forensics”. [9] Yong-Dal Shin* ”New Digital Forensics Investigation Procedure Model” Fourth International Conference on Computing and Advanced Information Management. [10] Seokhee Lee, Hyunsang Kim, Sangjin Lee, “Digital evidence collection process in integrity and memory information gathering”. [11] Dan Manson, Anna Carlin, Steve Ramos, Alain Gyger, Matthew Kaufman, Jeremy Treichelt “Is the Open Way a Better Way?Digital Forensics using Open Source Tools” Proceedings of the 40th Hawaii International Conference on System Sciences – 2007”. [12] Marcus K. Rogers, Kate Seigfried” The future of computer forensics: a needs analysis survey” Received 21 November 2003; accepted 6 January 2004. [13] Maria Karyda and Lilian Mitrou,” Internet Forensics: Legal and Technical Issues” Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007). [6] Simson L. Garfinkel,” Automating Disk Forensic Processing with SleuthKit, XML and Python” 2009 Fourth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering. . 184 All Rights Reserved © 2012 IJARCET