investigators

Detecting-Steganography

Detecting Steganography

Leave a Comment / CHFI / By

Detecting Steganography in this article how to detect Steganography explained with it types as well as Steganography detecting files explained with the help of tools using in stegenography and data hiding in file system structures technique. Software Clues on the Computer During investigation, the investigators should first look at files, documents, software applications, and other suspicious files for clues hidden through steganography. Steganography investigators should also know about common steganographic techniques, software, tools, terminologies, and …

Detecting Steganography Read More »

Anti-Forensics-Techniques-Password-Protection

Anti-Forensics Techniques: Password Protection

Leave a Comment / CHFI, Knowledge Base / By

Anti-Forensics Techniques: Password Protection in this A password refers to collection of words, letters, numbers, and/or special characters used for security processes such as user authentication or to grant access to a resource. The password ensures that unauthorized users do not access the computer, network resources, or other secured information. In addition, data files and programs may require a password. Password protection shields information, protects networks, applications, files, documents, etc., from unauthorized users. Many organizations …

Anti-Forensics Techniques: Password Protection Read More »

Understand-Anti-forensics-and-their-goals

Understand Anti-forensics and their goals

Leave a Comment / CHFI, Knowledge Base / By

Understand Anti-forensics and their goals, also referred to as counter forensics, may be a set of techniques that attackers or perpetrators use so as to avert or sidetrack the forensic investigation process or attempt to make it much harder. These techniques negatively impact the number and quality of evidence from a criminal offense scene, thereby making the forensic investigation process difficult. Therefore, the investigator may need to conduct a few more additional steps so as …

Understand Anti-forensics and their goals Read More »

Understand-Acquiring-RAID-Disks

Understand Acquiring RAID Disks

Leave a Comment / CHFI / By

Understand Acquiring RAID Disks may be challenging for forensics examiners due to the RAID system design, configuration, and size. The greatest concern is the size of the RAID system, as many systems are growing into many terabytes of data. Copying small RAID systems to one large disk is possible with the availability of larger disks. Investigators should use a proprietary format acquisition with compression to store more data in small storage capacities. Acquiring RAID Disks …

Understand Acquiring RAID Disks Read More »

Data-Acquisition-and-Duplication-Tools-Software

Data Acquisition and Duplication Tools: Software

Leave a Comment / CHFI / By

Data Acquisition and Duplication Tools: Software in this article explain different types of software which is using in data acquision and duplication data tool. EnCase Forensic Source: https://www.guidancesoftware.com EnCase is a popular multi-purpose forensic platform which includes many useful tools to support several areas of the digital forensic process. This tool can collect a lot of data from many devices and extracts potential evidence. It also generates an evidence report. EnCase Forensic can help investigators …

Data Acquisition and Duplication Tools: Software Read More »

Data-Acquisition-Methods

Data Acquisition Methods

1 Comment / CHFI, Knowledge Base / By

Data Acquisition Methods in this article explain which of the method using on data acquition and also explain those method which is continuously using in forensic investigation. There are following four methods available for data acquisition: 1. Bit-stream disk-to-image file Forensic investigators commonly use this data acquisition method. It is a flexible method, which allows creation of one or more copies, or bit-for-bit repkations of the suspect drive. ProDiscover, EnCase, FTK, The Sleuth Kit, X-Ways …

Data Acquisition Methods Read More »

Understand-Static-Data-Acquisition

Understand Static Data Acquisition

Leave a Comment / CHFI, Knowledge Base / By

Understand Static Data Acquisition in this refer to the non-volatile data, which does not change its state after the system shut down. Static data acquisition refers to the process of extracting and gathering the unaltered data from storage media. Sources of non-volatile data include hard drives, DVD-ROMs, USB drives, flash cards, smart-phones, external hard drives, etc. This type of data exists in the form of emails, word processing documents, web activity, spreadsheets, slack space, swap …

Understand Static Data Acquisition Read More »

Live-data-acquisition

Live Data Acquisition

Leave a Comment / CHFI / By

Live Data Acquisition is the process of extracting volatile information present in the registries, cache, and RAM of digital devices through its normal interface. The volatile information is dynamic in nature and changes with time, therefore, the investigators should collect the data in real time. Simple actions such as looking through the files on a running computer or booting up the computer have the potential to destroy or modify the available evidence data, as it …

Live Data Acquisition Read More »

Identifying-GUID-Partition-Table-(GPT)

Identifying GUID Partition Table (GPT)

Leave a Comment / CHFI, Knowledge Base / By

Identifying GUID Partition Table (GPT) in this GPT header will help an investigator analyze the layout of the disk including the locations of the partition table, partition area, and backup copies of the header and partition table. Investigators can use cmdlets given below in Windows PowerShell to identify the presence of GPT: Get-GPT Get-GPT command helps investigator to analyze the GUID Partition Table data structure of the hard disk. It requires the use of the …

Identifying GUID Partition Table (GPT) Read More »

Understand-the-Chain-of-Custody-and-It’s-Importance

Understand the Chain of Custody and It’s Importance

Leave a Comment / CHFI, Knowledge Base / By

Understand the Chain of Custody and It’s Importance In this Chain of custody is a legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory. It is a roadmap that shows how investigators collected, analyzed, and preserved the evidence. The investigators need to present this document in court. It ensures accurate auditing of the original data evidence, imaging of the source media, tracking of the …

Understand the Chain of Custody and It’s Importance Read More »