Open in app

Sign in

Write

Sign in

Cyber Forensics — Timeline

Anjana S
Analytics Vidhya
Published in
3 min readSep 21, 2021

Cyber Forensics is a branch of cyber security that deals with collecting , preserving , processing and analyzing computer related evidence that could be later presented in the court of law for a crime that has happened . Their main job is to analyze the information inside it by agreeing to legal terms and present it as an evidence that could prove the perpetrator .

The scope of Cyber forensics is huge and it doesn't stop with the evidence handling the skill sets could be used in many fields such as Ethical Hacking , Analyst roles , forensic experts , SOC analyst , CISO and much more

How a Cyber Forensics Evidence handling works ?

Basically there are two teams involved On-field forensics team and In-house forensics team. The On field forensics team go to the crime scene collect all the evidences pertaining to systems like Hard Drive , Pen Drive ,CD Drives , Laptops , Mobile Phones etc and they deliver it to the in-house forensics team. The team then checks for the details and files them as evidence through forensics lab .

Steps involved

  • The team goes to the crime scene and evidence is acquired properly by the on-field forensics team and handed to the forensic lab for in-forensics team analysis
  • The In-house team then analyzes the status of evidences for e.g the laptop is in switched off or on , if on it is in which state all it’s recorded and left unchanged if it’s in ON state and the details are acquired through Live Acquisition photographs and the data in RAM. If the evidence is in sleep state the acquired evidence is cloned/imaged properly and stored in another system/HDD(Hard Drive) for further analysis
  • Very important unless and until it’s necessary DO NOT SWITCH ON THE SYSTEM OR CHANGE IT. The reason behind it is the court will only accept the evidence if we prove the hash values of both original and cloned one. If one single bit is changed also the evidence goes obsolete.
  • Image the data from the disk through tools like Forensics Tool Kit .
  • Analyze the disk image , the system data thoroughly using tools like Autopsy oxygen or through reconnaissance/information gathering techniques to gain information about the victim . Along with these concentrate on system artifacts that contain login information , external media , networks , browser history to know about the digital footprints.
  • The detailed forensic report is then submitted to the court of law

The HDD or USB disk claimed from the crime scene is connected to the forensic work station to the Forensic toolkit software since this is a wired connection there might some data going from the system we are using to HDD. In order to eradicate these factors experts use Write blockers to stop the transmission of data . Software write blocker — Safe Block and Hardware write blocker — Tableau WB.

These are the protocols or procedures that an Cyber forensic expert follow . Happy exploring !!

Cybersecurity
Cybercrime
Cyberattack
Security
Forensics

--

--

Anjana S
Analytics Vidhya

Written by Anjana S

21 Followers
Writer for

Ex Uipath Student Developer Champion , Certified Ethical Hacker , RPA Enthusiast , Technical Content & Design Creator (@analysta02)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams