Digitalforensics
Digitalforensics
Astitwo Pandey
BSc. (Hons.) Ethical Hacking, Softwarica college of IT and E-commerce, Coventry University
Jan 15.2022
Acknowledgment
On this project, I have worked hard. However, without the kind support and assistance of
many people, it would not have been feasible. I want to express my heartfelt gratitude to
each and every one of them. I owe a great deal to Mr. Ganesh Bhusal for his direction,
ongoing oversight, and provision of the information required for the project as well as for
their assistance in seeing it through to completion. I would want to thank my parents for
their great support and cooperation, both of which helped me finish this project. My friends
who gladly assisted me with this report's development and those who were able to lend a
First, a quick introduction to Astro, a private firm, and the security breach that occurred are
provided in this article. The threat, vulnerability, and risk analyses of the firm and the
incident are also presented. I've also spoken about how professional collaboration and
cooperation are practiced in a cybersecurity business and how they might be improved. After
that, I discussed the decision-making elements that may result in a favorable or unfavorable
result. Similar to this, I've included a short on the value of decision-making in business and
To guarantee that the evidence is gathered, kept, and processed in a way that is legally
acceptable and protects the integrity of the evidence, there are a number of measures that must be
taken when handling digital evidence in today's cyberspace. The key steps in the procedure are as
follows:
Identification:
Locating and identifying the evidence is the first stage in processing digital evidence. This
may entail identifying certain hardware or media that house the evidence as well as particular files
Seizure:
Evidence must be seized in a way that maintains its integrity and admissibility after it has
been recognized. This may entail physically seizing the hardware or media containing the evidence
Preservation:
Since digital evidence is very brittle and can readily manipulated or destroyed, it is crucial
to keep it intact. Making copies of the evidence, employing specialist software to produce forensic
photographs of the evidence, or putting the evidence in a secure place are all examples of how to
do this.
Analysis:
Once the evidence has been maintained, it may be examined to gather pertinent data and
make inferences about the alleged occurrences. The evidence may be examined using specialist
software tools and methods, and experts in pertinent domains may also be consulted.
Presentation:
The presentation of the evidence in a form that is convincing to the appropriate parties,
such as a court or law enforcement agency, is the last stage in the processing of digital evidence
process. Making reports, charts, or other visual aids to effectively communicate the pertinent
To guarantee that the digital evidence is gathered, kept, and examined in a manner that is
legally acceptable and retains its integrity, it is crucial to carefully follow these procedures. To
make sure that the evidence is handled appropriately, this can be a complicated procedure, and it
The integrity of digital evidence can be preserved using a variety of methods and instruments.
Hash verification:
This involves calculating a hash value (such as MD5 or SHA-1) of the original digital
evidence and then comparing it to the hash value of the evidence at a later time to ensure that the
Digital signatures:
This technique uses a private key to encrypt the hash value of the digital evidence,
creating a digital signature. This signature can then be verified using the corresponding public
key to ensure that the evidence has not been tampered with.
Chain of custody:
This involves documenting the handling and storage of the digital evidence from the
point of acquisition to the point of presentation in court. This is important to ensure that the
evidence has not been tampered with and that it can be traced back to its original source.
Data duplication:
This involves creating multiple copies of the digital evidence to ensure that the evidence
This is to ensure that the time when the digital evidence was captured is known and can
be verified.
There are various digital forensics tools available that can be used to analyze digital
evidence and retrieve information that may be useful in an investigation. These tools can be used
to recover deleted files, analyze disk images, and extract data from mobile devices.
Forensically sound imaging is the process of making an identical replica of the original
digital evidence that may be used as testimony in court. Using specialist software, this may be
accomplished by creating a forensic picture of the evidence that has a hash value that can be used
Secure storage:
To avoid manipulation or alteration, digital evidence has to be kept in a safe area. This can
entail utilizing encryption to safeguard the data or keeping the evidence in a secure location.
Integrity in Rural Areas
In rural areas where no forensic personnel are available as a first responders, the integrity
of digital evidence can still be maintained through the use of proper procedures and protocols.
The scene should be secured to prevent any further contamination of the evidence. This
includes ensuring that the area is not disturbed, and that any potential evidence is not tampered
with.
The scene should be thoroughly documented, including taking photographs and videos of
the area and any potential evidence. This documentation can be used to establish the chain of
Secure storage:
Any potential evidence should be stored in a secure location, such as a locked room or
Training:
First responders should be trained in proper procedures for handling and preserving digital
evidence, such as how to properly package and label evidence, and how to maintain the chain of
custody.
Transfer the evidence to the right authorities:
Once the evidence has been collected, it should be transferred to the appropriate authorities,
such as a forensic laboratory or the police, for further analysis and preservation.
Evidence Kits:
Rural areas can have a ready kit that include the appropriate containers, labels, and
Remote Expertise:
If the digital evidence is collected, but no forensic personnel are available, it is possible to
use remote expertise to analyze the evidence, for example, by sending the digital evidence to a
forensic lab or by using digital forensic tools, which can be operated remotely by trained experts.
Rural Law enforcement agencies
Creating a starter digital forensics kit can be a cost-effective way for rural law enforcement
agencies to improve their ability to collect and process digital evidence. A starter digital forensics
kit should include a combination of hardware and software tools that are specifically designed for
collecting and analyzing digital evidence. Some of the components that might be included in such
a kit are:
These tools allow forensic personnel to create forensic images of digital evidence, which
are exact copies of the original evidence that can be used as evidence in court.
These tools allow forensic personnel to collect digital evidence from a variety of sources,
Analysis software:
Analysis software is used to examine and analyze digital evidence and may include tools
for searching for specific keywords or patterns, analyzing network traffic, and extracting metadata
Hardware write blockers prevent data from being written to a digital device, which is
Hardware storage devices, such as external hard drives or USB drives, can be used to store
Digital evidence collection bags are used to store and transport digital evidence and are
To ensure that digital devices can be powered on and analyzed even in remote areas where
there is no electricity.
Training materials:
This could include books, videos, and online training resources that can be used to train
This includes forms and documentation needed to establish and maintain the chain of
Overall, a starter digital forensics kit should be tailored to the specific needs and resources
of the rural law enforcement agency and should include a combination of hardware and software
tools that are cost-effective and easy to use. By investing in a starter digital forensics kit, rural law
enforcement agencies can improve their ability to collect and process digital evidence and more