Guide To Digital Forensics

Guide To Digital Forensics

Computer forensics or digital forensics is a time period in computer science to obtain legal proof found in digital media or computers storage. With digital forensic investigation, the investigator can discover what occurred to the digital media similar to emails, hard disk, logs, computer system, and the network itself. In many case, forensic investigation can produce how the crime might occurred and how we will shield ourselves towards it subsequent time.

Some the reason why we have to conduct a forensic investigation: 1. To assemble evidences so that it can be utilized in courtroom to resolve legal cases. 2. To analyze our network strength, and to fill the security hole with patches and fixes. 3. To get well deleted information or any recordsdata within the event of hardware or software program failure

In computer forensics, a very powerful things that must be remembered when conducting the investigation are:

1. The original evidence should not be altered in anyways, and to do conduct the process, forensic investigator should make a bit-stream image. Bit-stream image is a bit by bit copy of the unique storage medium and actual copy of the unique media. The distinction between a bit-stream image and regular copy of the original storage is bit-stream image is the slack house in the storage. You'll not find any slack area info on a duplicate media.

2. All forensic processes should observe the legal laws in corresponding nation the place the crimes happened. Each country has completely different law suit in IT field. Some take IT rules very seriously, for example: United Kingdom, Australia.

3. All forensic processes can only be conducted after the investigator has the search warrant.

Forensic investigators would usually looking at the timeline of how the crimes occurred in well timed manner. With that, we will produce the crime scene about how, when, what and why crimes could happened. In a big company, it's urged to create a Digital Forensic Team or First Responder Workforce, in order that the corporate could still protect the evidence till the forensic investigator come to the crime scene.

First Response rules are: 1. In no way ought to anyone, aside from Forensic Analyst, to make any attempts to get better info from any computer system or machine that holds electronic information. 2. Any try and retrieve the data by person mentioned in number 1, needs to be prevented as it may compromise the integrity of the evidence, in which turned inadmissible in legal court.

Based mostly on that rules, it has already defined the necessary roles of having a First Responder Crew in a company. The unqualified particular person can solely safe the perimeter so that nobody can contact the crime scene until Forensic Analyst has come (This may be completed by taking photograph of the crime scene. They'll additionally make notes concerning the scene and who were current at that time.

Steps need to be taken when a digital crimes happenred in a professional method: 1. Secure the crime scene till the forensic analyst arrive.

2. Forensic Analyst must request for the search warrant from native authorities or company's management.

3. Forensic Analyst make take an image of the crime scene in case of if there is no any pictures has been taken.

4. If the computer remains to be powered on, don't turned off the computer. As a substitute, used a forensic instruments comparable to Helix to get some info that may only be discovered when the computer remains to be powered on, resembling data on RAM, and registries. Such tools has it's particular function as to not write anything back to the system so the integrity keep intake.

5. As soon as all live evidence is collected, Forensic Analyst cant turned off the computer and take harddisk back to forensic lab.

6. All the evidences should be documented, by which chain of custody is used. Chain of Custody maintain records on the evidence, comparable to: who has the proof for the final time.

7. Securing the evidence have to be accompanied by authorized officer comparable to police as a formality.

8. Back in the lab, Forensic Analyst take the proof to create bit-stream image, as unique evidence should not be used. Usually, Forensic Analyst will create 2-5 bit-stream image in case 1 image is corrupted. In fact Chain of Custody still used in this state of affairs to maintain records of the evidence.

9. Hash of the original evidence and Saskatchewan bit-stream image is created. This acts as a proof that authentic proof and the bit-stream image is the exact copy. So any alteration on the bit image will end in different hash, which makes the evidences found grow to be inadmissible in court.

10. Forensic Analyst begins to seek out proof within the bit-stream image by rigorously wanting on the corresponding location depends on what sort of crime has happened. For example: Non permanent Internet Information, Slack House, Deleted File, Steganography files.

Il Comitato Processione Venerdì Santo

ringrazia la famiglia Aviani e la famiglia Centoscudi, per la disponibilità dei terreni senza i quali la Sacra Rappresentazione non sarebbe così suggestiva.
Un ringraziamento allo Studio GSG di Bagnoregio e a Mario Mecarelli per le fotografie utilizzate.
Si ringrazia inoltre chi direttamente o indirettamente contribuisce alla realizzazione dell'evento ed un grazie particolare va a tutta la comunità di Vetriolo che da anni partecipa sentitamente alla Rappresentazione del Venerdì Santo.