Anti-forensics Techniques 7
Mobile Device Forensics9
File Carving 10
Digital forensics is an emerging discipline that focuses on the acquisition, recovery, documentation, and analysis of information contained within and created with computer systems. These methods and methodologies are used typically to figure out what happened, when it happened, how it happened, and who was involved. The rapid growth of the internet has made it easier to commit traditional crimes by providing criminals an alternate method for launching attacks with relative anonymity. Effects of such technology has been great but , with the ever changing complexity of the communication and networking infrastructure is making investigation of the crimes difficult. Clues to solving a case might be hidden in large volumes of data that needs to be sifted through in order to detect crimes and collect evidence. This is only the tip of the iceberg and we are starting to realize that digital forensics plays a very important part in areas such as Corporations, law enforcement, network security, and information assurance. As digital forensics starts to encompass our daily lives, we should pay close attention in how certain techniques such as Network Forensics, Anti-forensics Techniques, Mobile Device Forensics, and File Carving are being adopted. I will explore the benefits of these four techniques and if they have added value to Information Assurance as it relates to Forensic Support. Or is there a real problem with the standardization of how data is collected and stored.
Digital forensics is known as evidence being collected for court cases, corporate investigations or personal uses. The collected information is extremely sensitive to alteration and therefore must be handled very carefully. Much of the work to date in digital forensics has focused on data extraction. Developers have created these techniques to copy data from physical devices then store it as a disk image, where it can be searched for documents, images, etc (Caloyannides, Michael A, 2010). As both the variety and scale of forensic investigations increase, new tools are being introduced. There are lots of examples that display the importance of digital forensics and information assurance. Cases such as Enron, World Com; Author & Anderson are where digital forensics was used to bring these corporations to justice. Houston Regional Computer Forensics Laboratory processed data from 130 computers, thousands of e-mails, and more than 10 million pages of documents, culling evidence that helped deliver convictions of the Enron’s top executives as well as other corporations. As a result of the advent of information systems into today’s business, there is minimal denial of the fact that society is becoming an information culture. Even the classic discoverers embarking upon yet unknown locations usually carry a satellite enabled mobile phone to update the home front using web logs, image archives and telephone communications.
Network forensics is known for capturing, recording, and analysis of network events in order to discover the source of security attacks or intrusion incidents. Network forensics is subcategorized into two types of systems; Catch-it-as-you-can and Stop, look and listen systems; each having its own unique meaning and understanding. Catch-it-as-you-can systems deal with the issues where all packets that pass through specific points are captured and written to storage. This method uses a batch mode type. Stop, look and listen systems tend to analyze each packet in a rudimentary way where specific information is saved for analysis.
There are laws that limit what can or can’t be monitor such as the Health Insurance Portability and Accountability Act (HIPAA). This has become a fine line to walk because of technical feasibility, but IT...