Computer forensics is scientific process in discovery conduct , searching, analysis, and collection evidence from computer system or storage digital with a standard and report / documentation to can be submitted as proof of valid legal into court.
Forensic techniques are used to explain the current state of a digital evidence, such as a computer system, storage medium like harddisk or CD-ROM, an electronic document like email and picture and etc.
Why computer forensics plays an important role today?
As the development of technology and the advancement of the human brain, does not rule out the evil in the world of IT increases. Crime in the IT world triggered by many things, from someone trying to learn hacking, then hooked, to a profession that is better known as the hacker / cracker and etc.
In below, there are steps taken in the implementation of computer forensics
1. Identification
2. Collecting
a. Chain of custody
b. Acquitition
c. Fingerprint
3. Analysis
a. Chain of custody (ensure the data not changed)
b. Analysis (prove certainty from chain of custody)
c. Collecting (Collect analysis result)
d. Reconstruction
4. Report / Documentation
Linux Command for Digital Forensics
- fdisk -l /path
- hwinfo [options]
--short just a short listing
--log logfile write info to logfile
--debug level set debuglevel
--version show libhd version
--dump-db n dump hardware data base, 0: external, 1: internal
--hw_item probe for hw_item
- dd if=unknown.dd of=/dev/sdb
- lshw
No comments:
Post a Comment