A branch of forensic science that includes recovering and investigating materials of the digital devices especially when there is a crime committed using computers. Analyzing a crime is the most important factor in digital forensics before arriving at a conclusion. During the analysis process, the most critical function is to validate the evidence. Analysis of forensics and digital evidence depends on the type of investigation involved, the amount of data that will be processed during investigation, court orders, company policies and search warrants. Digital forensic analysis involves locating and recovering particular materials that eases the investigation process at a rapid rate, and it is also important to understand what data to collect and analyze.
During the investigation process if it is required to extract as much as information as possible then it becomes a tedious process. Such investigations result in scope creep, where the investigation goes further than the original description due to unanticipated proofs during investigation. Scope creep is increasingly used in criminal investigations as these investigations require detailed examination, and scope creep increases the time and resources needed to extract, analyze and present evidence . The scope creep process has the complete rights of full discovery of the digital evidence.
Few basic steps are involved in digital forensic analysis such as registering the computer material of the suspect, recording the condition of the computer material when in custody. The original drive must be removed from the computer, and the target drives must be used only after reformatting so as to ensure it does not contain any data. The drives must be inspected for any viruses. Complementary metal–oxide–semiconductor (CMOS) contains the date and time values, which must be checked during investigation. The process involved in acquiring data from the drive must be documented, and later processed in a logical manner.
One of the critical elements of the entire forensic analysis process hinges on practitioners knowledge of the capabilities, limitations, and restriction of their tools . There are many forensic tools that provide programmed hashing of image files, and a few tools have limitations in performing hashing. AccessData Forensic Toolkit or OSForensics that support Windows and Linux systems can be used to analyze data from numerous sources that contain image files from other dealers. Indexed search, and live search can also be performed using this toolkit. The most critical aspect of digital forensics is to validate digital evidence because it is important to ensure the integrity of data to present evidence in the court . Validation can be done using hash values to discriminate data.
AccessData, unlike the software validation tool, special requirements are implied if the validations are to be applied in the digital forensics context, especially the lack of capability to conduct extensive validation because of time constraints. Significant thoughts and common methods are used in forensic tool validation, and the most commonly used method is the just-in-time tool validation method. Hexadecimal editors are also used in validation and these are useful as they provide more enhanced features such as indexing text data for faster keyword searches. MD5 and SHA-1 are hashing algorithms that are a part of Hex workshop, which is a Hexadecimal editor.
Data hiding involves changing or manipulating a file to conceal information, and the techniques include changing file extension, setting file attributes to hidden, hiding partitions, and using encryption and password protection . Recovering passwords can be done either through rainbow tables, brute-force attacks, or dictionary attacks. The easiest method is provided by the rainbow tables as they have predefined hash values of all the known passwords.
References
Casey, E. (2009). Handbook of Digital Forensics and Investigation. Academic Press.
Nelson, B., Phillips, A., & Steurat, C. (2014). Guide to Computer Forensics and Investigations (5 ed.). Cengage Learning.
