files

Data-Acquisition-and-Duplication-Tools-Software

Data Acquisition and Duplication Tools: Software

Leave a Comment / CHFI / By

Data Acquisition and Duplication Tools: Software in this article explain different types of software which is using in data acquision and duplication data tool. EnCase Forensic Source: https://www.guidancesoftware.com EnCase is a popular multi-purpose forensic platform which includes many useful tools to support several areas of the digital forensic process. This tool can collect a lot of data from many devices and extracts potential evidence. It also generates an evidence report. EnCase Forensic can help investigators …

Data Acquisition and Duplication Tools: Software Read More »

Review-Data-Acquisition-and-Duplication-Steps

Review Data Acquisition and Duplication Steps

Leave a Comment / CHFI / By

Review Data Acquisition and Duplication Steps in this Data acquisition is the first pro-active step in the forensic investigation process. The aim of forensic data acquisition is to make a forensic copy of data, which can act as evidence in the court. Forensic data duplication refers to the creation of a file that has every bit of information from the source in a raw bit-stream format. Steps to follow in the process of data acquisition …

Review Data Acquisition and Duplication Steps Read More »

Understand-Static-Data-Acquisition

Understand Static Data Acquisition

Leave a Comment / CHFI, Knowledge Base / By

Understand Static Data Acquisition in this refer to the non-volatile data, which does not change its state after the system shut down. Static data acquisition refers to the process of extracting and gathering the unaltered data from storage media. Sources of non-volatile data include hard drives, DVD-ROMs, USB drives, flash cards, smart-phones, external hard drives, etc. This type of data exists in the form of emails, word processing documents, web activity, spreadsheets, slack space, swap …

Understand Static Data Acquisition Read More »

Live-data-acquisition

Live Data Acquisition

Leave a Comment / CHFI / By

Live Data Acquisition is the process of extracting volatile information present in the registries, cache, and RAM of digital devices through its normal interface. The volatile information is dynamic in nature and changes with time, therefore, the investigators should collect the data in real time. Simple actions such as looking through the files on a running computer or booting up the computer have the potential to destroy or modify the available evidence data, as it …

Live Data Acquisition Read More »

File-System-Analysis-Using-Autopsy

File System Analysis Using Autopsy

1 Comment / CHFI / By

File System Analysis Using Autopsy is a digital forensics platform and graphical interface to The Sleuth Kite and other digital forensics tools. Law enforcement, military, and corporate examiners use it to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. Autopsy is an end-to-end platform with modules that come with it out of the box and others that are available from third-parties. Some of the …

File System Analysis Using Autopsy Read More »

Learn All About Linux File Systems

Learn All About Linux File Systems

Leave a Comment / CHFI / By

In this blog explain Linux File System Architecture, File system Hierarchy atandard (FHS), Extended File System (EXT), Second Extended File System (EXT2), Second Extended File System (EXT2) (Cont’d), Second Extended File System (EXT2) (Cont’d) etc… Linux OS uses different file systems to store the data. As the investigators may encounter the attack source or victim systems to be running on Linux, they should have comprehensive knowledge regarding the storage methods it employs. The following section …

Learn All About Linux File Systems Read More »

An Overview of Encrypting File Systems (EFS)

An Overview of Encrypting File Systems | EFS

Leave a Comment / CHFI / By

In this blog explain The Encrypting File System | EFS is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent. To protect files from mishandling and to ensure their security, the system should encrypt them. NTFS has Encrypting File System (EFS) as built-in feature. Encryption in file systems uses symmetric key encryption technology …

An Overview of Encrypting File Systems | EFS Read More »

New Technology File System (NTFS)

New Technology File System (NTFS) – an Overview

Leave a Comment / CHFI / By

In this blog explain New Technology File System | NTFS (NT file system) is the file system that the Windows NT operating system uses for storing and retrieving files on a hard disk. New Technology File System (NTFS) is one of the latest file systems supported by Windows. It is a high-performance file system, which repairs itself; it supports several advanced features such as file-level security, compression, and auditing. It also supports large and powerful volume storage solutions such as self-recovering disks. …

New Technology File System (NTFS) – an Overview Read More »

Data-Analysis-&-Evidence-Assessment

Data Analysis & Evidence Assessment

Leave a Comment / CHFI / By

Data Analysis & Evidence Assessment refers to the process of going through the data and finding the relevant evidential data and its relevance to the crime. This section will explain the process of analyzing the data in order to use it for proving the crime and the perpetrator. Data Analysis Data analysis refers to the process of examining, identifying, separating, converting, and modeling data to isolate useful information. In forensic investigation, the data analysis helps …

Data Analysis & Evidence Assessment Read More »

computer-forensic-investigation

Collect Physical Evidence in computer forensic investigation

Leave a Comment / CHFI / By

The victim computer and its elements are vital evidence sources in a computer forensic investigation. Collect all the electronic devices or any other media found at the crime scene. Seize storage devices like hard drives, memory cards, and removable media as they can have stored information. Handheld devices like smart phones, mobile phones, PDAs, digital multimedia devices, and GPS receivers can have valuable evidence information like Internet browsing history, e-mails, chat logs and friend lists, …

Collect Physical Evidence in computer forensic investigation Read More »