Discussion
Interim Paper 1
Week 3 Interim Paper 1
Digital Forensic
In most criminal investigations, computer systems are often at the center of these incidents and investigations. Digital evidence gathered from these computer systems is analyzed based on how they affect the investigations. In most instances, the evidence gathered is used as testimony. Forensic experts work hand in hand with the police to identify, preserve, analyze, and present digital evidence to solve criminal cases. Forensic scientists use digital forensic tools and methods in acquiring this evidence (Lovanshi & Bansal, 2019). The forensic team comprises skilled personnel who work in public and private sectors to carry out tasks related to collecting and analyzing digital evidence. They also write reports based on their findings. Today's analytical tools allow forensic experts to uncover encrypted, deleted, or hidden files from these computer systems. The evidence uncovered is useful in contesting alibis, examining Internet abuse, and using network and computing resources (Wu et al., 2020). Therefore, by applying these techniques and software forensic tools, forensic experts can provide crucial discoveries that give investigators a breakthrough in criminal cases.
Digital forensics involves the collection, examination, analysis, and reporting. The nature of the cases investigated often varies based on the crime committed. Regardless of the nature of the crime, forensic experts are expected to follow protocol and ethically conduct themselves as stipulated by law. The systems analyzed must be in police custody; otherwise, it is considered an invasion of privacy (Lovanshi & Bansal, 2019). Forensic examiners collect enough information to determine the next appropriate steps in their investigation. This assures that no damage or loss of critical data is incurred (Wu et al., 2020). Some of the analytical tools used in forensic investigations include Linux DD, Paraben Forensic Toolkit, X-Ways Forensic Addition, and Encase Forensic Edition to collect, index, and report. Tools like Wireshark are used in analyzing network traffic through intercepting and logging it for more analysis (Sachdeva et al., 2020). NetworkMiner, which is also an analytical tool, is useful in tracking down network intruders in real-time. The software also comprises forensic tools that perform analyses on stored network traffic.
The selected tool for this forensic analysis is Wireshark. It is a tool used in analyzing network packets and can be used in network testing and troubleshooting. The tool is useful in monitoring different traffic in a computer system. Some of the features of this tool include; first, it provides a Voice over Internet Protocol analysis. Second, it can quickly decompress Capture files compressed with gzip (Alfawareh, n.d.). Third, the forensic team can apply an intuitive analysis, coloring rules to the network packet. Through this tool, forensic scientists can read live data from the network, including USB, ATM, and Bluetooth, among others. The tool also allows the scientist to read or write a file in any format.
Similarly, it supports decryption for numerous protocols, including Wired Equivalent Privacy (WEP), IPsec (Internet Protocol Security), Secure Sockets Layer (SSL). The tool is also accessible on Windows, NetBSD, FreeBSD, Solaris, macOS, and Linux, among other operating systems (Alfawareh, n.d.). The captured network data can be browsed through Tshark Utility or a GUI. The Wireshark tool is a flexible tool for network analysis, and with its robust statistics, filtering, and highlighting features, its value is worth more than a network analysis (Sachdeva et al., 2020). By converting timeline data from text format to Pcap files, a forensic analyst gains access to the features mentioned above. Additionally, the analyst can create profiles that contain colorization filters and rules to hasten the analysis process.
References
Alfawareh, M. A Deeper Look into Network Traffic Analysis using Wireshark. Retrieved from https://d1wqtxts1xzle7.cloudfront.net/58477339/LARGE_bf_A_Deeper_Look_into__Network_Traffic_Analysis_using_Wireshark.pdf?1550858971=&response-content-disposition=inline%3B+filename%3DA_Deeper_Look_into_Network_Traffic_Analy.pdf&Expires=1604666567&Signature=fMTL0DtMNjYY5tExh8tsoSzSbQwfeJvMEDqdPt7IKyWRDx4S7U4SdgHD8lZNqQp1LgR7ksXHBSnCnK~YCyW1XLB3~VLDrLjxwlLtUaxeikhqI5crQRoqPxeNGqwGnk24s4zm~4RklqKk0zgu~FYpwN0YwuOXh84LVtggMJjwspX4EbmLy~yhxmO76O9oEcwerTxwyHA3tFR7ymm52Gv1tKDcuGMIHDI3gczwiUfj~9YERgj2HFwuHm~pFIuleNG2ir5l0BMaNOoeZRxpg9pIRA9-RxqqS~L9qCR-MuFvhT8C6PNYh5eMmhxkJJYilZpZjv~FbhE402aQDdTElo7ucg__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA
Lovanshi, M., & Bansal, P. (2019). Comparative study of digital forensic tools. In Data, Engineering and Applications (pp. 195-204). Springer, Singapore. Retrieved from https://doi.org/10.1007/978-981-13-6351-1_15
Sachdeva, S., Raina, B. L., & Sharma, A. (2020). Analysis of Digital Forensic Tools. Journal of Computational and Theoretical Nanoscience, 17(6), 2459-2467. Retrieved from https://doi.org/10.1166/jctn.2020.8916
Wu, T., Breitinger, F., & O'Shaughnessy, S. (2020). Digital forensic tools: Recent advances and enhancing the status quo. Forensic Science International: Digital Investigation, 34, 300999. Retrieved from https://doi.org/10.1016/j.fsidi.2020.300999