Show
Forensic Investigation of computer Discussed below, totally different phases of the computer forensics investigation process: Pre-investigation phase: This phase involves all the tasks performed before the commencement of the actual investigation. It involves setting up a computer forensics laboratory, building a forensics workstation, investigation toolkit, the investigation team, obtaining approval from the relevant authority, and so on. Investigation phase: Considered as the main phase of the computer forensics investigation, it involves acquisition, preservation, and analysis of the evidentiary data to identify the supply of crime and also the offender. This section involves implementing the technical knowledge to find the evidence, examine, document, and preserve the findings also as evidence. Post-investigation phase: This phase involves reporting and documentation of all the actions undertaken and also the findings throughout the course of an investigation. Make sure that the audience will simply perceive the report also because it provides adequate and acceptable proof. Also Read this Blog Forensic Readiness an Overview1.Pre-investigation section Incident responders cannot jump into action now when receiving a complaint or report of a security incident, but they have to follow a particular protocol that has gathering of plaintiff information, type of incident, and getting permission and warrants for taking additional action. Of these processes mix to form the pre-investigation phase. Steps concerned within the pre-investigation phase include: Build the Investigation Team Related Product EC-Council Certified Incident Handler | ECIH v22.Investigation partAfter getting the specified permissions and having assessed the case conditions, the investigator is prepared to research the incident. The investigation part includes varied stages and processes that require careful and systematic execution to get higher results. The computer forensics investigation method is a collection of a large sort of processes, ranging from incident response to analysis of the crime scene, gathering proof for its analysis, and from documenting to news. every step during this process is equally crucial for the acceptance of the evidence in a court of law and prosecution of the perpetrators. Steps involved in the investigation phase include: – Initiate the Investigation process Perform computer Forensics Investigation this step includes the subsequent phases: Initial Response First response refers to the primary action performed when the occurrence of a security incident. Counting on the sort of reaction, the primary response will facilitate the victim from further damage and can help incident responders easily trace the suspect. Search and Seizure The investigators ought to have keen data of all the devices that would have competed a part in sending the attack data tc the victim device. They should be able to search for all the involved devices and seize them during a formal manner so as to analyse them for evidentiary data. Collect the proof Evidence is that the crucial information which will facilitate investigators in understanding the method of attack and tracing the assaulter. Therefore, the investigator ought to apprehend wherever they’ll notice the proof and the way to assemble it. Secure the proof Evidence is fragile knowledge that is easy to manipulate, alter, and destroy. Therefore, attackers are always trying to find ways to break it in each potential way. Thus, it’s important to store and secure the evidence in an economical manner. Data Acquisition During the investigation of digital devices, all the proof may be present within the sort of information. Therefore, the investigators ought to have expertise in acquiring the data stored across various devices in different forms. Data Analysis Data analysis refers to the method of surfing the data the info the information and finding the relevant evidentiary data and its relevancy to the crime. This analysis helps in proving the crime and therefore the offender. 3. Post-investigation partThe responsibility of the investigators doesn’t finish with finding the evidence data and analyzing it, however, they must even be able to justify however they got hold of the conclusion to the prosecutors, attorneys, and judges. Steps involved within the post-investigation part include: Proof Assessment: Evidence assessment is that the method of relating the obtained evidentiary information to the incident for understanding however the complete incident took place. Assessment of proof could be a crucial stage within the forensics method. Proof assessment depends on the sort of incident, the objectives needed to perform the incident, the loopholes gift for incident prevalence, and so on. Throughout the assessment, it’s necessary to assess the digital proof in correlation with the scope of the case so as to come to a decision the course of action. There are three Phases in Forensics Investigation first one is Pre-investigation second is Investigation and third is Post Investigation is every phase has an important phase. Infosavvy gives training on ECIHv2 in which you will learn how incident Response work. Questions related to this topic
Top Incident Handling KnowledgeThis Blog Article is posted by Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092 |