This is the fifteenth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.
Digital forensic is a part of forensic science that recovers and investigates materials found in digital devices. Digital forensic can be computer forensic, network forensic, forensic data analysis, mobile device forensic, and anything that includes digital data. Digital forensics is widely known in gaining evidence from digital data to support justification of a crime incident, like finding the information exchange between suspects using digital media (some call it E-discovery). Very similar to digital crime investigation (DCI) which distinguish digital forensic itself as a process of digging evidence from digital device, while DCI itself is the use of digital device to help gain evidence of a crime incident. Other than supporting crime investigation digital forensic is often known to investigate certain events on the digital world. [1]
Digital technologies are becoming part of our lives, or maybe already are. Everyday we are using digital devices, and making Hollywood movies came to reality where information about certain individuals, their signatures, even evidence can be found in digital devices. More than 100 years ago we didn’t treat blood, finger prints, and food prints as important evidence since science back cannot extract information of an event. Today is different where blood and finger prints can show the individual responsible on that scene. Recently digital evidence is making the same trend. With investigation on the digital device we can tell who the users are, where they are, what for and when they used it. [2]
On the first section states of real world incidents, but it’s not only there that incidents occur, but also on the digital world. The term cyber threat is known now like theft of private information, online fraud, and damages due to malwares occurs. On the real world incidents we intent find who the culprit to press charges on the court but on the digital world the question “who” is not as important as “how”. We can find who breached the information security and who created the malware to press charge against them, but if that’s the only thing then we can expect even more attacks in the future. How the breached occurs and how the malware works is the important thing to make a defense mechanism for future attacks. Through digital forensic we obtain these information to apply security based on the threat. [3]
Generally there 4 steps [4]: