Web
site
Home
About C-DAC
Research
Products
Training
Disk forensics
Network forensics
Device forensics
Hardware forensics
CyberCheck
E-mailTracer
TrueBack
CyberInvestigator
Hasher
PDAAnalyzer
Network Session Analyzer
TrueImager
TrueLock
Courses
Gallery
Register
Saturday, July 31, 2010
Home
>
Disk Forensics
Themes:
Default
Orange
Plain
.:: Members Area ::.
User Name:
Password:
Remember Me
Forgot Password ?
Sign Up
.:: Navigation
Incident Reporting
E-MailTracer
Forums
Procedure
White Papers
.:: Featured
Press Release
Laws and Rules
FAQ
.:: Visitor No. ::.
1
4
9
6
2
Disk Forensics
Disk forensics is the science of extracting forensic information from digital storage media like Hard disk, USB devices, Firewire devices, CD, DVD, Flash drives, Floppy disks etc.. The process of Disk Forensics are
Identify digital evidences
Acquire the evidence
Authenticate the evidence
Preserve the evidence
Analyze the evidence
Report the findings
Identify digital storage devices
First step in Disk Forensics is the identification of the storage devices in the crime scene. Computers may having the disks like Hard disk of IDE/SCSI, CD, DVD, Floppy disk etc, Mobiles, PDAs etc may having the flash card, SIM, USB/ Firewire disks, Magnetic Tapes, Zip drives, Jazz drives etc.
Acquire the Storage devices
Once the digital evidences are identified, it should be acquired by any of the forensic imaging tool. Acquisition is a process of bit-stream imaging. Imaging should be done with correct and complete data and also it should maintain the Disk Geometry. During this process the source media should be write protected.
Authenticate the evidence
Once the imaging has done, it should be verified with the original one. Hashing is a mechanism to prove that the copy is exact with original and it has not been altered.
Preserve the evidence
Electronic evidences might be altered or tampered without trace. Once the acquisition and authentication has done, the original evidence should be placed in secure storage. One more copy of image should be taken and it needs to be stored into appropriate media or reliable mass storage. Optical media can be use as the mass storage. It is reliable, fast, longer life span and reusable.
Analyze the evidence
Analysis is a searching of relevant information in the digital evidence. Analysis should be in the complete evidence without leaving a single bit of information. Searching may be of files or data in normal files and folders, Registries, Pictures, databases, cookies, temporary files, swap, Internet History, passwords etc and ambient data area like deleted, formatted, slack, unallocated, lost
Report the findings
Report generation is an important and the final stage in Disk Forensics. The value of the evidence will ultimately depend on the way it is presented. Technical evidence of the report should be in simple and precise way so that the non – technical person can also understand.
.:: News ::.
Established Cyber Forensics Cell @ Delhi, Mumbai and Kerala
Network Forensics Workshop 2009 @ C-SAC, Mauritius
Cyber Forensics Analysis Centre set up by CDAC
.:: Popular Links ::.
National Police Academy
Central Bureau of Investigation
Kerala Police
Indian Institute of Science
Directorate of Forensic Science Laboratory
.:: Downloads ::.
F-DAC 1.0
F-RAT 1.0
F-TEx 1.0
OSVAC 1.0
CyberCheck 4.0 Evaluation Version
Feedback
|
Contact Us
|
About RCCF
|Legal |For Journalists
© 2010 CDAC Trivandrum. All rights reserved.
Terms of Use
|
Trademarks
|
Privacy Statement
Cyber Forensics Analysis Centre set up by CDAC