Important two marks – Digital forensics

1, Forensic science

A forensic scientist is first a scientist. When a scientist's knowledge is used to help lawyers,

juries, and judges understand the results of scientific tests, the scientist becomes a forensic

scientist. Because the work of a forensic scientist is intended to be used in court and because

scientific evidence can be very powerful, the forensic scientist must be accurate, methodical,

detailed, and above all, unbiased.

2, State Locard’s Exchange Principle.

Edmond Locard (1877–1966) studied law at the Institute of Legal Medicine and worked

subsequently as an assistant to the forensic pioneer AlexandreLacassagne prior to directing

the forensic laboratory in Lyon, France. Locard's techniques proved useful to the French

Secret Service during World War I (1914–1918), when Locard was able to determine where

soldiers and prisoners had died by examining the stains on their uniforms.

3, characteristics of examination phase

• Initial Data Source Examination and Preprocessing

• Forensic File Formats and Structures

• Data Recovery

• Data Reduction and Filtering

• Timestamps

• Compression, Encryption and Obfuscation.

• Data and File Carving

• Automation

4, digital foot print

The term "digital footprint" in digital forensics refers to the traces or records of a person's online
activities and interactions. These footprints can encompass a wide range of digital data that
individuals leave behind while using digital devices and platforms
5, 5 WH formula sets.

Who is it about?

What happened?

When did it take place?

Where did it take place?

Why did it happen?

6, chain of custody

The Chain of Custody in cyber security isn’t much different from the one in legal matters.

It’s a documentation of the ownership of a digital asset, such as data, as it transfers from

one person or organization to another, the exact date and time of the transfer, and the purpose of transfer.

7, NIST SP 80-86 standard

SP 800-86 (NIST SP800-86; NIST, 2006) discusses the phases of the digital forensicprocess:

collection, examination, analysis, and reporting. This standard includes

generalrecommendations as well as more detailed technical guidelines for evidence

collectionand examination from data files, operating systems, networks, applications, and

othersources.

8, Methods for collection of digital evidence

1. Disk Imaging

2. Live System Acquisition

3. Memory Capture

4. Network Traffic Capture

5. Mobile Device Forensics

6. Remote Acquisition

7. Dual-Tool Verification

9, Basic Principles of Mutual Legal Assistance

Absent a cooperation treaty, the starting point is that no nation state has any obligation to provide assistance to
an other nation state in order to secure digital evidence. However, it can

do so as per its own volition, thus adhering to the principle of comity. This can be translated into expressing a
civil, peaceful, or polite attitude. As there questing state must be equally civil, its formal request for assistance
(formally, the letter rogatory) must offer reciprocity. Thus, it has to demonstrate that it is willing and able to
serve a similar request from the other state, should the need arise.

The formal request must describe the crime under investigation and cite the relevant provision of the criminal
code. Next, it must cite the relevant procedural provision and show that a legal permission would have been
granted in its own jurisdiction, had the evidence been located there. One way to do this is to obtain permission
in abstract regarding the coercive measure requested.

10, what is law enforcement and enterprise forensic readiness

A mix of law enforcement and enterprise forensic analysts involved in an investigation is also possible. The
enterprise can perform its own initial digital forensic investigation as part of the incident response procedures
before deciding whether to contact law enforcement and handing off the evidence to a criminal investigation.

11, Specialized key codes

1. API Keys
2. Registry Keys
3. PIN and PUK codes

12, challenges in digital forensics

1. Volume and Complexity of Data

2. Data Fragmentation and Encryption

3. Volatility of Digital Evidence

4. Anti-Forensic Techniques

5. Legal and Privacy Concerns

13, jail breaking

It is a process of escalating privileges to remove restrictions on the iOS. This is very similar

to the rooting process in Android which we will explore in chapter 4 Android operating

system. At one time jailbreaking was required to support using the iPhone as a Wi- Fi

hotspot, a process known as tethering. That is no longer the case as the iOS supports

tethering.
14, oxygen forensics

Oxygen Forensics is a digital forensics software company that provides tools and solutions for extracting,
analyzing, and presenting digital evidence from mobile devices, smartphones, and other digital sources.

advantages

It is quite easy to navigate to events, phone books, messages, and many other pieces of data the forensic
examiner may have an interest in. Oxygen is a robust tool with a number of interesting features. It is a
reasonable option for the professional forensics lab to include. Given the cost of forensics tools, it is
recommended that you seek out recommendations from colleagues, and not rely totally on the marketing
information from vendors.

15, android rooting procedure

The procedure for rooting an Android device involves gaining privileged access (root access) to the Android
operating system, allowing users to modify system files and settings that are normally restricted. Rooting can
provide additional control over the device and enable the installation of custom ROMs, apps, and modifications.
However, rooting also carries risks such as voiding device warranties and potentially exposing the device to
security vulnerabilities if not done carefully

16, advantages of Usefulness of Digital Evidence

1. Objective Corroboration of Testimony

2. Establishing Accurate Timelines

3. Reconstruction of Events and Activities

4. Identification of Perpetrators

5. Legal Support in Prosecution or Defense

6. Validation or Refutation of Alibis

17, Applications for app decompiling

Forensics frequently involves understanding the apps on the phone. The apps could be malware for some time.
In other instances, someone might claim that malware on their phone

is responsible for illegal content, and it is necessary to be able to view the app to determine if this is true or not.
It is fortunately quite easy to decompile Android apps.

18, Racist and Xenophobic Speech.

The parties must criminalize dissemination of racist and xenophobic material to the public through computer
systems

b. Threatening individuals or groups of individuals with the commission of a serious criminal offense against
them, which is racist or xenophobically motivated
C. Insults made in public that are racist or xenophobic motivate ;and denial, gross minimization, approval, or
justification of genocide or crimes against humanity.

19, Different directories used in android.

1. /system: Contains essential system files and binaries for the Android operating system.

2. /data: Stores application data, user settings, databases, and cache directories.

3. /storage: Represents the root of the device's storage hierarchy, including internal and external storage
locations.

4. /cache: Holds temporary files and cached data used by the system and applications.

5. /sdcard or /mnt/sdcard: Represents the primary shared storage (internal storage) for user data.

20, Categories of compression algorithm used in file system.

1. Lossless Compression:

 Lempel-Ziv (LZ) Compression

 Deflate (ZIP)

 LZ4

 LZO

2. Lossy Compression:

 JPEG Compression

 MP3 Compression

3. Dictionary-Based Compression:

 Lempel-Ziv-Welch (LZW)

 Burrows-Wheeler Transform (BWT)

4. Run-Length Encoding (RLE)

5. Delta Encoding

6. Entropy Coding:

 Huffman Coding

 Arithmetic Coding

7. Adaptive Compression:
  Adaptive Huffman Coding

13MARKS

Important topics in Digital Forensics

Mobiled it,rooting andriod

identification phase in digital forensics

tools and techniques for iOS devices

methods for collection of digital forensics evidences, strengths and limitations

law enforcement agencies and enterprises for investigations

steps for forensic analysis in android devices