Digital Forensics

  • Home
  • Digital Forensics
Digital Forensics

Today’s huge volumes of data, heterogeneous information and communication technologies, and borderless cyberinfrastructures create new challenges for security experts and law enforcement agencies investigating cyber-crimes. [1] Computer Forensics is the investigation of computer system that is suspected to being involved in committing criminal activity (or victim of criminal activity). [2]

Although digital forensics might seem to be a novel discipline, its roots date back to 1970, when engineers recovered the only copy of a database that had been inadvertently deleted. [3] From such a starting point, digital forensics rapidly evolved. Nowadays, it’s possible to address a variety of aspects concerning digital investigations, for instance, undeleting data or dumping network traffic to reconstruct attacks offline. The standard toolbox used for digital forensics covers all the different aspects of the cyber investigation procedure. [1]

Disk Forensics

Disk Forensics (also called File system investigation) is the identification, collection and analysis of the evidence from the storage media. File systems or file management systems is a part of operating system which organize and locate sectors for file storage. [4], [5]

Despite its name, Disk Forensics is not limited to hard disks, but it extends to all kinds of storage media such as USB drives, SD cards, etc. Bring us your media, and the Cyberhelix team will check thoroughly your media with various enterprise and custom tools and investigate what has gone wrong.

Database Forensics

Databases play an important role in any organization when storage and computing component come into view. Nowadays all activities are performed online and through which lots of sensitive and personal information get stored in the database. [6]

A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud. [7]

Malware Forensics

Malware Forensics is a method of finding, analyzing & investigating various properties of malware to find the culprits and reason for the attack. The process also includes tasks such as finding out the malicious code, determining its entry, method of propagation, impact on the system, ports it tries to use etc. investigators conduct forensic investigation using different techniques and tools. [8]

Malware is a term coined by merging two words – malicious and software, which is used to define a broad range of software that disrupt computer services, steal data, or compromise user safety. It is used to define a range of intrusive and hostile software applications. Malware are software designed for malicious purposes and deliberately cause harm to its target. [9]

Malware can be classified several ways in order to distinguish the unique types of malware from each other. Distinguishing and classifying different types of malware from each other is important to better understanding how they can infect computers and devices, the threat level they pose and how to protect against them. [10]

Different malware types exist, however nowadays, malware is often modular and multifaceted, more of a “blended-threat,” with diverse functionality and means of propagation. [11] A list with the most common ones is presented below [12], [13], [14]:

  1. Viruses – Software usually hidden within another seemingly innocuous program that can produce copies of itself and insert them into other programs or files.
  2. Ransomware – Software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
  3. Trojans – A harmful program that misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it.
  4. Backdoors – A backdoor is a method of bypassing normal authentication procedures, usually over a connection to a network such as the Internet. Once a system has been compromised, one or more backdoors may be installed in order to allow access in the future, invisibly to the user.
  5. Evasion – Malware that utilizes a combination of many techniques designed to avoid detection and analysis.

Email Forensics

Email forensics is the process of analyzing email contents, header information, transit path for email, sender or receiver information and other details to collect evidence against culprit or to make our system more secure. [15]

Despite its age, (The history of modern Internet email services reaches back to the early ARPANET, with standards for encoding email messages published as early as 1973 [16]) email is still the most common form of communication today. [17]

These two factors make it very attractive to all kinds of cyber-criminals. The European Union Agency for Cyber Security (ENISA) ranks phishing and spamming in the top five threats for 2020. [18]

Some popular threats in Email communication are:

  1. Eavesdropping [19]
  2. Identity Theft [20]
  3. Email spoofing [20], [21]
  4. Email spamming [22]
  5. Phishing [23], [24]
  6. Email frauds [15]

Memory Forensics

Traditionally, digital forensics focused on artifacts located on the storage devices of computer systems, mobile phones, digital cameras, and other electronic devices. In the past decade, however, researchers have created a number of powerful memory forensics tools that expand the scope of digital forensics to include the examination of volatile memory as well. [25]

Memory forensics can provide unique insights into runtime system activity, including open network connections and recently executed commands or processes. In many cases, critical data pertaining to attacks or threats will exist solely in system memory – examples include network connections, account credentials, chat messages, encryption keys, running processes, injected code fragments, and internet history which is non-cacheable. Any program – malicious or otherwise – must be loaded in memory in order to execute, making memory forensics critical for identifying otherwise obfuscated attacks. [26]

Network Forensics

Network forensics is capturing, recording and analysis of network events in order to discover the source of cyber attacks. In network forensics there are two major types of investigation [27], [28] i.e. Network Traffic Analysis & Log Files Analysis.

Wireless Forensics

802.11 (Wi-Fi) based wireless networking has significantly altered the networking means and topology for cities, offices, homes and coffee shops over the last five years. A second generation of wireless devices has extended what was once a computer-to-computer protocol into the area of embedded functional devices. Accompanying this widespread usage is the presence of crime; the more popular technology, the more opportunity exists for its misuse. [29]

The wireless forensic process involves capturing all data moving over the network and analyzing network events in order to uncover network anomalies, discover the source of security attacks, and investigate breaches on computers and wireless networks to determine whether they are or have been used for illegal or unauthorized activities.


To see the references click on the link above.


Related Services Of Cyberhelix

Data Shredding

Destroy completely your digital data

Read More


GDPR, ISO 27001, Cyber-security at Sea

Read More

OSINT Solutions

OSINT investigations using the latest tools and technologies

Read More

Security Testing

Pentesting, Red Teaming, Web App Testing, Social Engineering

Read More

Emergency Incident Response

Defend your enterprise from ongoing attacks

Read More