Forensics

Operating Systems come in a few competing choices, of which the major players are Apple’s MacOS, Microsoft’s Windows and then the various flavours of Linux, of which most are open-sourced while the remainder are proprietary to their vendors. Of the three, Windows is the most dissimilar, with MacOS and Linux sharing a similar BSD/Unix platform running behind the scenes. This gives MacOS and Linux similar traits when it comes to logging, analysing and tracing system event-logs....

Cyber-attacks do not always originate from outside of the target organisation. Veritably around twenty-five percent of all data breaches occur from the inside, from employees or trusted individuals within the organisation (TechBeacon, 2018). Employees that have access to internal records, intellectual property or intramural trade secrets need to be watched as closely as any external party or connection should be. Why employees are a risk Employees can trigger internal cyber-attacks, steal intellectual property or even publicly release internal affairs and private information for a number of reasons, which could include:...

Cyber forensics is hard, but it is even harder when servers are hosted in different geographical locations and an investigation needs all localities to cooperate and hand over every part of the data consistently. This is primarily due to privacy laws that each region may apply or carry out in differing ways. Multiple regions Even if a compilation can source multiple regions data; dealing with international governments could mean prolonged wait times, unfamiliar processes to follow or even citizens of those regions withholding data due to privacy rights within that region....

In Cyber Forensic there are a vast array of tools that are used throughout most investigations, however, not all jurisdictions allow or even agree to the usage of some of them. This is mainly due to each specific geographical region’s view on their citizens right to privacy. Some of the tools and tactics to collecting evidence are therefore questionable and raise specific concerns in this matter. During the evidence collection process there are many things to consider when it comes to data being transferred over a network....

Operating systems (OS) really have come a long way since the very first one was created by General Motors in 1956 (WIHT, 2017) to run on an IBM mainframe. Since then, there have been countless attempts at popularising OS?s and a few companies have truly stood the test of time. Among these the Windows OS, MacOS and Linux OS are the most notable with the highest market share and global penetration....

In digital and cyber forensics, there are three main types of categories when it comes to forensic tooling. They can be considered as: Graphical User Interfaces (GUI?s) Interactive Text-based Consoles Command-line interfaces (CLI?s) Of these, the main competitors are really just GUIs and CLIs as they certainly differentiate most from one another. They both have their strengths and reasons to be used, of which neither should be discounted. Many people like to use the GUI version of an application, as it allows them to focus on the task at hand that may extend between a range of activities and doesn?...

Investigations are not proven in a jurisdiction until a detailed forensic report is created and presented to a judge or jury who can take it to the next level. Presenting digital evidence should be laid out that it is not overly technical in order for all parties to fully understand and interpret in its arrangement, yet still goes into absolute detail to express all the intricacies of an investigation and its extrication....

Ever since it has been possible for humans to operate computers, some have used it to perform criminal activities. Part of a cybercriminal’s gameplay is to cover up or otherwise alter digital evidence in one form or another. There are many reasons why cybercriminals may try to alter computer evidence; these could be any of the following: Cover their traces The most obvious reason is to simply cover up that the fact that an attacker was around and where the attack came from....