Digital Forensic Pcs Forensic Forensic Models IT Essay

Today the increasing number of computer and electronics components has demanded the utilization of Digital forensic teaching that the digital forensics can be put in place in specialized domains of police, computer security, and nationwide defense. In the info technology period, information stored in the devices are digital as mostly the organization or business use computer storage space marketing as compare to newspaper used by freelance writers, scholars, scientists, musicians, and public numbers. This gives new troubles to these matter folks related to accessing and preserving information, data recovery and maintaining trust. In this specific article, overview of the available investigation operations, methodologies, different tools used by forensics experts and lastly a final result will be done.


Digital Forensic, Computer Forensic, Forensic Models, Computer Forensic Inspection, Digital Forensic Methods, Forensic Techniques, Forensic Tools


Digital forensics is the branch of forensic relating to the recovery and exploration of material found in digital devices due to occurrence of computer criminal offenses occurrence. Digital forensic is a synonym for the computer forensic in early start but today it includes other area of investigation like computer, databases, and network, mobile which can handle keeping digital data.

Due to much growth in a variety of types of technology devices, marketing, digital forensics has identified the sub branches in line with the investigation required. One of the digital forensics branches are Computer forensics, Mobile device forensics, Network forensics, Forensic data evaluation and Databases forensics.

Computer forensics involves the examination of the digital advertising stored in the computers for investigation goal, mobile forensic is restoration of digital information from a mobile device, network forensic is the getting research related to network traffic, information gathering or research assortment of intrusion detection, forensic data research is investigate the structure of fraudulent action using composition data while the final an example may be data source forensic is the analysis of directories and their metadata including the its items, log documents and in-RAM data inspection.

When the computer forensic is at consideration usually three different collections of folks from Law Enforcement agencies, Government, Business & Industry are participating with the intention of searching for attackers/hackers and criminals who strike the security of systems and use personal computers for unauthorized activities. Computer Forensic address the issues of Country wide and Information Security, Corporate Espionage, White Collar Criminal offenses, Child Pornography, Traditional Criminal offense, Incident Response, Staff Monitoring, Personal privacy Issues.

In the next this paper focus on investigation stages, methods and techniques and tools how this information helps the novice in the computer, network, mobile and databases forensic.

Forensic Methodologies " Phases of Computer Forensic

Before discussing the forensic methodologies you need to be familiar with the few terms of forensic conditions. One of them is forensic proof. A brief history of facts, categorization, guidelines, standard guide, and its basic principles in order to guarantee the chain of custody will be layed out.

Evidence is any item or information accumulated at the world of a criminal offenses, or at related locations, which is available to be relevant to an investigation. There are various types of proof, from DNA and tire markings, to bloodstains and fingerprints Information should be Admissible, Authentic, Complete, Reliable and Believable. Information chain of guardianship defends its integrity. It can be categorized as key (best type facts using documents), supplementary (Mouth or eye witness), immediate, conclusive, circumstantial, corroborative and opinion evidence. There are guides designed for Computer Based Facts e. g. By Connection of Chief COPS. During research collection following rule should be strictly followed by investigator

There should be no change of data on the computer or other press taken

Person should be qualified while being able to access original data performed on a target computer

Audit path or other record of most processes put on computer-based facts should be created and conserved.

He will ensure the law and principles of ownership and access to information within a computer.

So many forensic inspection techniques have been developed till now. The objective in this paper is to help make the forensic exploration process or model with common phases of forensic to perform the intended inspection when compared with others model. Few models which exist are stated below.

Computer Forensic Investigative Process (1984)

Abstract Digital Forensics Model (ADFM) (2002)

Enhanced Digital Exploration Process Model (EDIP) (2004)

Computer Forensics Field Triage Process Model (CFFTPM) (2006)

Scientific Crime Field Research Model (2001)

Common Process Model for Incident and Computer Forensics (2007)

Network Forensic Universal Process Model (2010)

Here is the universal investigation process particularly the General Computer Forensic Investigation Model (GCFIM) proposed in this specific article that share the common phases with recently developed models. Number below, demonstrate the suggested GCFIM.

Model (GCFIM). JPG

Pre Process is the first phase of Common Computer Forensic Exploration Model. In this particular phase the tasks are associated with other responsibilities that required to be completed prior to the looking into and collecting the state data. These tasks are having the mandatory approval from matter authority, preparing and setting up of the various tools to be utilized, etc.

Acquisition and Preservation is the next phase of Generic Computer Forensic Inspection Model. On this phase tasks performed related to the acquiring and collecting information in acceptable manner in which concern data is together basic on the accepted methods employing a variety of restoration techniques, then the task is figuring out the digital components from the attained evidence, and finally in this stage the tasks are transporting, stocking and preserving of data such as building a good quality circumstance management and ensuring an acceptable string of guardianship. Overall, this period is where all matter data are captured, stored and provided for the next thing.

Analysis is the third phase of General Computer Forensic Research Model. This is actually the primary and the heart and soul of the forensic analysis process. It gets the greatest part of stages including the jobs such as information tracing and validation, restoration of invisible or encrypted data, data mining, and timeline etc. Different types of examination are performed on the purchased data using the correct tools and ways to recognize the source of crime and finally discovering the individual responsible of the criminal offense.

Presentation is the fourth phase of Common Computer Forensic Analysis Model. The finding from analysis phase are noted and presented to the authority with expert testimony. The documentation presented also includes the sufficient and acceptable information in order to understand by the matter party easily. The ultimate outcome out of this period is either to confirm or disprove the alleged criminal acts.

Post-Process is the previous phase of Universal Computer Forensic Inspection Model. This stage concerns only the correct finishing of the analysis work. Digital and physical information should be correctly handed over to the authorize owner and kept in secure place, if required. Finally however, not the last, if there is a need to review the investigative process in each period it ought to be done for the excellence of the future investigations.

Challenges during Forensic Investigation

There are some specialized, legal, learning resource as well as general and specific problems during the investigators face. Technical problems are faced in finding the criminals over the internet; legal challenges will be the result of not competitive with the currently technology, sociable environment and structure while the difficulties in resources that the support should be accessible in all levels. The issues that are faced during computer forensic generally and specific are the tools or techniques restriction from the private sector, no standard classification and contracts of computer crime, no proper record availability to perform testing, large numbers of OPERATING-SYSTEM platforms and record formats anticipated to which unavailability of experts with true titles. Apart from these troubles during investigation it might take large space of memory space from Gigabytes to Terabytes or even may necessitate the storage space network. For computer forensic expert additionally it is challenging to really have the competence in RAID level, inlayed system along with Network and Grid computing.

Forensic Tools

Now in the next several forensic tools in the domain of computer, network, mobile, data source and some others are briefly described.

Reason for Using Computer Forensics Tools

There are multiple reasons for choosing the computer forensics tools like systems employed by the defendants and litigants, to recuperate the lost data in case there is hardware or software malfunction, to research about the computer use in case there is staff termination or when the machine is attacked by an intruder.

To check out computer offences different computer forensic tools like drive imaging software for the document structure and hard disk content can be used, for comparing the data between original and duplicate Hashing tools can be used which assigns unique number for violation confirmation and for recovery the lost data or erased data recovery programs can be used. In the same way software and hardware write tools can be used to reconstruct the hard drive bit by bit as these tools create the copy of hard disk drive. Encase is well know commercial tool that is capable of doing various responsibilities like disk imaging and confirmation and analysis of data while PC Inspector File Recovery is a free tool helps in exposing and recovering the items stored in any type of safe-keeping press that is linked with the computer even if the content is removed.

Network forensics

Network forensics deals with the capture, saving or research of network occurrences to discover evidential information about the foundation of security problems in a court of rules.

There is an instrument known as eMailTrackerPro that can track down the sender communication by detecting the Ip in the header. If there is a need to see all information like Ip, country information or domains information SmartWhoIs can be utilized as free available network tool. To perform the web forensic famously known tool Mandiant Web Historian can help forensic examiner to verify how the intruders investigated the several sites by reviewing the history files of web site. Other tool Index. dat can be used to view the browsing background, the cookies and the cache as it gives the critical information about a cookie like its key-value pair, the website address associated with the cookie, the time/time the cookie was first created and previous accessed and etc.

Ethereal is network packet analyzer, WinPcap is the packet shoot tool used to capture the packets and AirPcap is the packet capture tool for the IEEE 802. 11b/g Wireless LAN interfaces.

Mobile Forensics

Mobile forensics as the name indicates is to investigate data from mobile device for proof purpose regardless of the mobile system of GSM / GPRS / Wireless technology. Investigator focus on either call data or Text message/Email data by making use of different commercial, non commercial, open source, command range or physical mobile forensic tools. The forensics process for cellular devices are different in these three main categories: seizure, acquisition, and exam/analysis while other areas of the computer forensic process still apply. Some Commercial Forensic Tools include AccessData's MPE+, FINALMobile Forensics by FINALDATA, Air Forensic Collection, while Open source tools include iPhone Analyzer, the Mobile Internal Acquisition Tool, and TULP2G plug-ins. Performing mobile forensic using control line System codes, AT modem orders and Unix command word dd can be utilized.

Database Forensic

Tools used for database forensic are ACL, Idea and Arbutus as it's the forensic research of directories and their metadata. These tools record action in the recorded form about the forensic expert on the databases as he uses databases contents, log files and in-RAM data. Still there may be need to do research in this field to perform repository forensic that requirements skill experts.


The information provided in this specific article helps the audience with basic knowledge of digital forensic and its branches with desire to to do further research in specific area of the field. Different Forensic methodologies are outlined in order to provide the decision to forensic expert to choose this technique or design his own process model. Further different tools especially the wide open source you can improve the forensic expert skills. Today the technology is evolving very speedily and developing skills in multiple areas enhances the professional job and money value of the average person.

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)