Computer/Digital Forensic has become popular lately, start form Bank Robbery, Hacking/Cracking/Hijacking up to popular scandal on the artist sex tape using this method to find the truth. Computer forensics is the generic name that we use for the analysis and reporting on our findings from the forensic analysis of all computer or digital-related media. This not only includes PC/Laptop or Server hard drives but also other storage devices such as USB drives, MP3 players, memory cards, SIMS and data gathered via network analysis. Computer/Digital Forensic is a part of computer security, computer practitioners (computer analist/computer expert)clasified this method into offensive security action which usually did after insident. Digital forensic actualy do after computer criminal insident, common Digital forensics cases include:
drug dealing, internet misuse, pornography in the workplace, rape, illegal downloads, IP theft, paedophilia, murder, virus/malware infection, fraud, email analysis, data recovery, contract negotiations, e-discovery, peer-peer activities, spyware analysis, spoofed and threatening emails, document tracking
Talking of computer security tools not separrated with the most popular computer security tool of the year 'backtrack', backtrack has so many tools and application to do such security penetration testing, security attack and also computer security action for computer/digital forensic purpose. When we first boot up the new Backtrack 4, you might have noticed something slightly different that is ...
We can see that backtrack has include 'computer/digital forensic' as main cause existence of this distro |
All types of operating systems can be analysed, from DOS and Microsoft Windows-based, through to MAC, UNIX variants, and those utilising more obscure systems. If the data is stored electronically, then it can probably be forensically analysed. From other wellknown literacy, There are five basic steps to the computer forensics:
1. Preparation (of the investigator, not the data)
2. Collection (the data)
3. Examination
4. Analysis
5. Reporting
Which one must be analyzed ?
Computer/digital forensic tools is work to analyze a digital evidence, in the computer world we know that many device can be potential evidence which help computer analyst find the truth, here some potential evidance can be found :
images, time and date stamps, removable cartridges, memory card, video, sound
Evidence can also be found in files and other data areas created as a routine function of the various types of computer operating systems. In many cases, the user is not aware that data is being written to these areas or files. Passwords, Internet activity, deleted files and temporary backup files are examples of data that can often be recovered and examined.
Backtrack linux have some potential resource to be reliable digital forensic tools. Backtrack have so many tools to help computer analyst to do some jobs like Examine drive, Analizing drive, Recovery dive, Vulnerabilities check, Penetration testing, and File interogration. Actualy this is the end of part I, we will continue this diccuss as soon as posisble using title "Backtrack for Computer/Digital Forensic Tools Part II", See u there ..