Backtrack for Computer Forensics

Computer or Digital Forensic has become popular right now. Computer forensics is a part of a digital forensic scientific discipline concerning authorized evidence seen in computer systems and also digital hard drive media (Wikipedia). Backtrack as the greatest security tool offers numerous resources intended for computer forensics. Not just penetration tests and also security attack, Backtrack additionally supports computer forensic. We are able to evaluate all kinds of operating systems, such as DOS, Windows, MAC, or UNIX.

The fundamental ways of computer forensics:

  1. Preparation
  2. Collection
  3. Examination
  4. Analysis
  5. Reporting
Computer forensic applications is actually work to investigate a digital evidence since numerous gadget could be potential evidence which help your computer analyst discover the reality. Evidence is found in data files and other facts locations. The consumer isn't aware which their own data has been created to their documents.

Backtrack linux offers several possible source to become trusted digital forensic applications. Backtrack offers a lot of resources that support computer analyst to accomplish several work such as Examine drive, Analyzing drive, Recovery drive, Vulnerabilities scan, Penetration testing, and also File interogration.

Classification of digital forensic tool.

Data Acquisition.
Data Acquisition is defined of software that is responsible to interrogate harddrive and get neccessary info from them.
Data Recovery and Carving.
The details Retrieval resources is placed of application that responsible to obtain remove data back again, inspecting invisible and also remove partition, as well as repairing the damaged block of filesystem. Information carving is actually taking out details (files) from undifferentiated blocks (raw data) with regards to data file identification.

Meta Data Analysis.
Meta Data Exploration is seeking invisible variable, to complete the meta details examination we want several software which could carry out exercise just like dissassembling a file (ducument/image/audio/video) and have invisible variable such as while had been data file final accessed, when had been it revised, or even simeting such as whenever had been data file may be produced and also utilizing exactly what applications it is may be produced

Network Forensic.
Network Forensic equipment isn't a lot different when match up against network security plan, cause that's have actual very same formula although most people do the reverese enginnering kinds. Network forensic tools protected this sort of jobs like make a good analysis of network visitors, captures data transmitted as part of TCP connections (flows)

Log File Analysis.
You will find the different parts of data files that could have got evidentiary value for example the day and also time of creation, modification, deletion, access, user name or identification, and file attributes. computer-created data files (log) which may be possible evidence are backup data files, log files, configuration files, printer spool files, cookies, swap files, hidden files, system files, history files, temporary files, link files, event logs.

0 Response to "Backtrack for Computer Forensics"

Post a Comment