Comparative Study of Digital Forensic Tools
Digital forensics is a branch of forensics where investigator extracts, analyzes digital evidences, and produces into the court. Digital forensics is a scientific investigation to find data evidences from digital devices with the help of forensic tools or
- PDF / 352,736 Bytes
- 10 Pages / 439.37 x 666.142 pts Page_size
- 73 Downloads / 225 Views
1 Introduction Digital data prevails all around us and plays a crucial role in any kind of investigation when cybercrime comes in a picture. Digital data comprises of binary representations and contains information in the form of text, images, audio, video, etc. In the present scenario, many cybercrime cases such as hacking, banking frauds, phishing, email spamming, etc., have emerged which are linked with digital data. Digital forensics is a new and demanding branch in the field of Computer Science [1]. Digital forensics is a scientific approach of preserving, acquiring, analyzing, extracting, and reporting of Digital evidences which come from the Digital sources like computer, mobile, camera, etc. It is categorized into various subbranches that are listed below as shown in Fig. 1. • • • • • •
Computer Forensic Network Forensic Cyber Forensic Mobile Forensic Operating System Forensic Live forensic, etc.
There are many branches of forensic science present as discussed above, but we are working on desktop forensic, network forensic, and live network forensics. 1. Desktop Forensic: Desktop Forensic is a branch of digital forensic which is used for the extraction of digital evidence from the secondary memory. It deals with the recovery of the deleted files. Recovery is an important concept in cybercrime. M. Lovanshi (B) · P. Bansal Department of Information Technology, IET, Devi Ahilya Vishwavidyalaya, Indore, MP, India e-mail: [email protected] P. Bansal e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2019 R. K. Shukla et al. (eds.), Data, Engineering and Applications, https://doi.org/10.1007/978-981-13-6351-1_15
195
196
M. Lovanshi and P. Bansal
Fig. 1 Digital forensic classifications
Here, computer is used as a target or as a source of digital crime. Desktop forensic is a type of digital forensic where we can determine the information from the hard disk, operating system. There are many software tools required for the recovery of the deleted file, i.e., Prodiscover basic, Cyber check suit, FTK analyzer, Recuva, Ease Us, etc. [2]. 2. Live forensics: Live forensics is a branch of digital forensics which is used for the extraction of the digital evidence from the primary memory mainly focused on the RAM data. Here, RAM data like browsers information, cookies, registry, etc., are used as digital evidence in the live forensic case. It deals with the RAM dumping. Dumping of RAM means to extract information related to the RAM. There are many software tools present for extraction of the RAM data. Some tools are open source tools while some are licensed version tools like OSF Mount, Win-Lift, Belkasoft, Volatility Framework, etc. [2]. 3. Live network forensics: Live network forensic tool is the branch of digital forensics. It deals with the live packet sniffing, packet spoofing, identification of the topology, etc. Here, mainly focused on the extraction of the digital evidence through the live network. In the live network, forensic packet information can be extracted. There are many live n
Data Loading...
