Hello Friends, This is my first blog post in Hashnode. I am very interested in digital forensics. So, I decided to share with you what I learned. I thought to write a series of articles about developing simple and valuable forensics data analysis tools using python.
First of all, we need to know what is Digital Forensics.
"Digital Forensic is a branch of forensic science encompassing the recovery and investigation of material found in digital devices" - Wikipedia.
Digital Forensic is a huge field. This complex and huge field can be divided into many sub-branches relating to the type of digital devices involved. For example: Computer Forensics, Forensic Data Analysis, Network Forensics and Mobile Device Forensics.
[Photo From Wallpapercave]
In this article series, I thought to develop some Forensics Data Analysis Tools. May be, python is not the best option for some situations and we can use already developed Forensics Tools for many tasks. But already developed Forensic Data Analysis Tools may be invaluable in some situations. So, That's why we need to know about developing such tools.
In the early days, investigators performed live analysis on media and examined computers from within the operating system using existing sysadmin tools to extract evidence. They realized this is not a good practice because mostly they face the risk of modifying data on the disk and evidence tampering issues. These issues lead to the development of Forensics Tools.
Finally, let's discuss some various scenarios we can use our Coding and Scripting knowledge for the Forensic Data Analysis field. Think of a client reporting a data breach and unsure of how many files were exfiltrated over the past 24 hours from their file server. We can write a simple program/script to extract the metadata of the files and check the modified dates on those files to identified what files are modified last 24 hours. Another example, Think if a business has a suspicion that an employee may be involved in company data stealing, we can write a script to find digital footprints[For example writing a script to analyze system log files to identify the USB devices connected to the system past 2 weeks or past 24 hours]. In some situations, we have to find someone who download, upload or handled illegal material using the company's network or finding financial fraud in a company. And, think about a friend or a family member or a loved one behave differently, or showing suspicious behaviour, we can write a program to find clues in texts, emails or social media exchanges he/she did and trace the reasons to their suspicious behaviours.
This is the end of my first article. So, Actually, I think, these days, it's important to learn forensics and also I hope you enjoyed this article.
[Cover Photo - Wallpapercave]