What is Digital Forensics ?

Digital Forensics : is the process of finding , preserving , examining and explaining digital evidence .

Digital Forensics goal : the most important of Digital Forensics is to answer questions .

What? How? When? Where? Who?

these questions will help to understand how incident happen .

Digital Evidence refers to stored , transmitted or collected information that is used us proof before the court of justice .

Example of Digital Evidence :

• Delete files .
• Network logs .
• Temp files by web browser .
• Memory dump .
• Backup of device .
• Edited image .
• Event logs .
• Downloaded files .
• Email messages .
• Pictures by cameras .

Challenges of Evidence :

• Covert Channels
• Mobile Malwares
• Botnets
• Organized Crime
• Steganography
• Targeted Attacks
• Encryption

What are Digital Forensic tools?

Digital Forensic tools are investigative tools that discover , extract , preserve , decrypt and analyze Digital evidence .

Exploring the 20 Best Computer Forensic Tools :

1. Wireshark
2. Oxygen Forensic Suite
3. ProDiscover Forensic
4. SIFT SANS
5. MailXaminer
6. Volatility
7. The Sleuth Kit (+Autopsy)
8. FTK Imager
9. Caine
10. X-Ways
11. Paladin
12. 1Xplico
13. FAW
14. E-Fense
15. Registry Recon
16. Magnet RAM
17. Encase
18. CrowdResponse
19. NMAP
20. Bulk Extractor

The core steps in Digital Forensics include :

• Identification of resources and devices involved in the investigation
• Preservation of the necessary data
• Analysis of the evidence
• Documentation and presentation of findings

The chain of custody contains information such as

• What is the evidence?
• How the evidence was acquired?
• When the evidence was acquired?
• Who acquired the evidence?
• Where the evidence was stored?
• Any other action that was performed on the evidence.