In order to successfully investigate information security incidents, it is necessary to have practical skills in working with tools for the extraction of digital artifacts. This article will provide a list of useful links and tools for digital evidence collection. The main purpose of conducting such works is to use methods and means for preservation (immutability), collection and analysis of digital material evidence in order to reconstruct the events of the incident. The term “forensics” is an abbreviated form of “forensic science”, literally “forensic science”, that is, the science of examining evidence – exactly what is called criminology. The term “forensics” does not mean any criminology, but rather computer criminology. Some authors divide computer forensics and network forensics. The main area of application of forensics is the analysis and investigation of events in which computer information appears as an object of encroachment, a computer as a tool for committing a crime, as well as any digital evidence.
Various highly specialized utilities are used to fully collect and analyze information, which will be discussed below. I would like to warn you that during the execution of a criminal case, the presence of certain certificates and software compliances (FSTEC licenses) will most likely be considered. In this case, you will have to use combined methods of collecting and analyzing information, or write conclusions and a conclusion based on the data obtained from non-certified sources.
Network analysis
SiLK Tools
Traffic analysis tools to facilitate network security analysis.
In order to conduct research and collect digital evidence, it is necessary to observe the principles of immutability, integrity, completeness of information and its reliability. For this, it is necessary to follow the recommendations for software and methods of conducting investigations.
In the article, the analysis of the contents of the RAM, the study of Docker images, the analysis of logs, the extraction of information from the browser cache, and much more.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.