Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

Digital Forensics by Mind Map: Digital Forensics
0.0 stars - 0 reviews range from 0 to 5

Digital Forensics

Module - VII. Digital Evidence Presentation

Admissible Digital Evidence

Inculpatory Evidence

Exculpatory Evidence

Evidence of Tampering

The Best Evidence Rule

Layman's Analogies

Digital Evidence- Hearsay

Authenticity & Alteration

Module VI

Module V: Forensic Examination Protocol

Forensic Scinence – The Applcation of Science to law

It utilized for Identifying, recovering, reconstructing or analyzing evidence during a criminal and civil investigation.

It diverges from traditional area because of rate of advancement of technologies

Analyze available evidence Create hypothesis,Perform test This process will lead to Strong possibility about what have occurred

Cardinal Rules of Digital forensic

Never mishandled Evidence

Never work on original evidence

Never trust the system Document

Document all action.

Alpha 5



Authentication - may use MD5, SHA1

Analysis & Reporting


Keyword search is the most important aspect of digital forensic

Examine executable files & run suspicious application in a standalone environment

Module II: Digital Incident Response

Digital Incident Assessment

Type of Inicident, Upon notification of an incident, you must determine the following on the digital device involved:a) whether it is considered to be "Contraband" or "the fruits of the crime" of the offence. b) does it contain evidence of the incident or the offence. c) was used as a tool of the offence. d) was used as a stotrage device

Parties Involved, Complainants, Victims, Witnesses, Informants, Suspects

Incident/ Equipements

Available Response Resources

Securing Digital Evidence

Chain of Custody

Module I: Computer Forensic Incidents

The Legal System

Criminal Incidents

Types, Identity Theft, Telecommunications fraud, Online Auction Fraud, Trafficking in Contraband, Network Intrusions, Cyber Threats, Pirating Intellectual Property

Civil Incidents

Types, Theft of Proprietory Data, Misuse of Corporate IT assets, Sexual Harassment Lawsuits, Compliance wit SOX, Compliance with Gramm-Leach-Biley Act

Internal Threat

Employee wrongful termination lawsuits

External Threat

Investigative Challenges

Comp Fraud

Module IV - Digital Evidence Protocol

Digital Forensic Science tool, technique, Approach, analysis and Process the digital evidence

These evidence help reconstruct the Incident

Proof in court of Law

Data File – Active Data, Archival data, Backup Data, Residual Data (Free Space, File Slack, RAM Slack, Swap Files, Temp File, Unallocated Space, E-Mail, Background Data (Audit Trail, Access control, Metadata)

Active Data, word, spreadsheet, datbase, Photographs, calander

Archival Data, Not an active data but is stored in fee Space on HDD, media

Backup data, Data copied in safe area/media, Win95/98 - c:\windows\sysbackp\, WinNT/XP/2K - c:\document setting\username\ntuser.dat

Residual Data, May be deleted file on file structure, RAM, File Slack (unallocated cluster space), swap file (hidden), temp file, unallocated space

The Court and Rule of Evidence – US Federal Rules of Procedure (Data compaliation, Data Duplication/Authentication by Expert

Data Compilation

Information Discoverable

Verification/validation, Standard followed

Module III - OS /Disk Storage Concepts

Disk Based Operating System

DOS, DOS 1.x, DOS 2.x, DOS 3.x, DOS 6.x, DOS 6.22, DOS 7.0, DOS 7.1

FAT, FAT 12, FAT 16, VFAT, FAT32


OS File Storage Concepts

Disk Storage Concepts

Slack Space

File Management

File Formats