DOCSLIB.ORG

Forensics Data

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Forensics Data Project Report Fast Processing of Large (Big) Forensics Data Indian Academy of Sciences Summer Research Fellowship Program - 2014 By. Pritam Dash School of Computing Science and Engineering, Vellore Institute of Technology, Chennai Campus Guide: Dr. B.M Mehtre Associate Professor Institute of Development and Reaearch in Banking Technology, Hyderabad, India 1 Declaration I hereby declare that the project entitled Fast Processing of Large (Big) Forensics Data submitted for the Indian Academy of Sciences Summer Research Fellowship Program 2014 is my original work and the project has not formed the basis for the award of any degree, associateship, fellowship or any other similar work. Signature of the Student: Place: Hyderabad Date: 25th July 2014 2 Certificate This is to certify that this project report entitled Fast Processing of Large (big) Forensics Data is submitted to Indian Academy of Sciences, Bangalore, is a bonafide record of work done by Mr. Pritam Dash, undergraduate student at Vellore Institute of Technology, Chennai Campus under my supervision from 29th May 2014 to 25th July 2014. Signature of Guide Place: Hyderabad Date: 25th July 2014 3 Acknowledgement I take this opportunity to express my profound gratitude and deep regards to my guide Dr. B.M. Mehtre for his exemplary guidance, monitoring and constant encouragement throughout the course of this work. The help and guidance given by him time to time shall carry me a long way in the journey of life on which I am about to embark. I also take this opportunity to express a deep sense of gratitude to Mr. Sandeep K, Research Associate, IDRBT for his support, valuable information and guidance, which helped me in completing this task through various stages. I am obliged to staff members of (IDRBT), for the valuable information provided by them in their respective fields. I am grateful for their cooperation during the period of my summer research. Pritam Dash Hyderabad, 25th July 2014 4 Abstract The magnitude of potential digital evidence has grown exponentially. The increasing amount of data, especially unstructured data is becoming a major challenge for forensic investigators. Hence, in cyber forensics the necessity of sifting through vast amount of data quickly is now paramount. To speed up the processing, it is essential in the triage process to first eliminate those files that are clearly unrelated to the investigation. An effective method for supporting this work is matching files against black and white lists. We compare 5 different methods of finding additional uninteresting files: frequent hash values, frequent paths, frequent size, clustered creation, and uninteresting extensions [1]. Tests were run on data sources of different volumes collected from Windows and Linux systems. In this work we propose a new strategy for faster processing of large forensics data. And provides a comparison between the total no. of uninteresting files found by Metadata and Hash set matching with the above mentioned 5 methods. In our initial test we could eliminate additional 2.37% and 3.4% uninteresting files in Windows and Linux data sources respectively. Keywords: digital forensics, data source, hash set, metadata, black-list, white-list, uninteresting files. 5 Table of Contents Declaration ................................................................................................................................. 2 Certificate ................................................................................................................................... 3 Acknowledgement ...................................................................................................................... 4 Abstract ...................................................................................................................................... 5 Table of Contents ....................................................................................................................... 6 1 Digital Forensics Overview ................................................................................................ 7 1.1 Introduction ................................................................................................................ 7 1.2 Phases in Digital Forensics Analysis ..................................................................... 7 1.3 Branches of Digital Forensics .................................................................................... 8 1.3.1 Computer forensics ................................................................................................ 8 1.3.2 Mobile device forensics ......................................................................................... 9 1.3.3 Network forensics .................................................................................................. 9 1.3.4 Forensic data analysis ............................................................................................. 9 1.3.5 Database forensics .................................................................................................. 9 1.4 Challenges in Digital Forensics .............................................................................. 9 1.4.1 Large (big) data as a challenge ............................................................................ 10 2 Literature survey .............................................................................................................. 11 2.1 Introduction .............................................................................................................. 11 2.2 Strategies and tools for fast processing ................................................................ 11 2.2.1 Metadata analysis ................................................................................................. 12 2.2.2 Super clustering using Dirim ............................................................................ 12 2.2.3 Using Jumplist to identify fraudulent documents ................................................ 13 2.2.4 OpenLV ................................................................................................................ 13 2.2.5 Hash set matching............................................................................................... 13 2.2.6 Indexing through piece wise hash signature ........................................................ 15 2.2.7 Indexing image hashes ......................................................................................... 15 2.2.8 Methods for finding additional uninteresting files .......................................... 16 3 Proposed Method .............................................................................................................. 17 3.1 Step-1: Finding drives of interest. ............................................................................ 17 3.2 Step- 2: Eliminating uninteresting files .................................................................... 17 3.3 Experimental setup ................................................................................................... 17 3.4 Results and discussions ............................................................................................ 18 4 Conclusion and Future Work ........................................................................................... 21 4.1 Conclusion ................................................................................................................ 21 4.2 Future work .............................................................................................................. 21 References ................................................................................................................................ 22 6 1 Digital Forensics Overview 1.1 Introduction Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating reconstruction of events found to be criminal. The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence. As well as identifying direct evidence of a crime, digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example, in copyright cases), or authenticate documents. Investigations are much broader in scope than other areas of forensic analysis (where the usual aim is to provide answers to a series of simpler questions) often involving complex time-lines or hypotheses. 1.2 Phases in Digital Forensics Analysis Fig- 1 Phases In Digital Forensics Identification. This process includes the search, recognition and documentation of the physical devices on the scene potentially containing digital evidence. Collection – Devices identified in the previous phase can be collected and transferred to an analysis facility. 7 Acquisition – This process involves producing an image of a source of potential evidence, ideally identical to the original. Preservation – Evidence integrity, both physical and logical, must be ensured at all times. Analysis
Load more

Recommended publications
  • Part 1 Digital Forensics Module Jaap Van Ginkel Silvio Oertli
    Part 1 Digital Forensics Module Jaap van Ginkel Silvio Oertli July 2016 Agenda • Part 1: Introduction – Definitions / Processes • Part 2: Theory in Practice – From planning to presentation • Part 3: Live Forensics – How to acquire a memory image – Investigate the image • Part 4: Advanced Topics – Tools – Where to go from here – And more 2 Disclaimer§ • A one or two-day course on forensics will not make you a forensics expert. – Professionals spend most of their working time performing forensic analysis and thus become an expert. • All we can offer is to shed some light on a quickly developing and broad field and a chance to look at some tools. • We will mostly cover Open Source Forensic Tools. 3 Introduction Forensics in History 4 Forensics – History 2000 BC 1200 BC 5 Introduction Definitions / Processes 6 Forensics – The Field digital forensics Computer Forensics Disk Forensics Mobil Forensics Memory Forensics Datenbase Forensics Live Forensics Network Forensics 7 Forensics - Definition • Digital Forensics [1]: – Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. • Computer Forensics [2]: – Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. 8 Forensics - Definitions • Network Forensics [3]: – Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.[1] Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information.
    [Show full text]
  • Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking
    Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking ROD GEHL AND DARRYL PLECAS JUSTICE INSTITUTE OF BRITISH COLUMBIA NEW WESTMINSTER, BC Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted. Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is, unless otherwise noted, released under a Creative Commons Attribution 4.0 International (CC BY-NC) license. This means you are free to copy, retain (keep), reuse, redistribute, remix, and revise (adapt or modify) this textbook but not for commercial purposes. Under this license, anyone who revises this textbook (in whole or in part), remixes portions of this textbook with other material, or redistributes a portion of this textbook, may do so without gaining the author’s permission providing they properly attribute the textbook or portions of the textbook to the author as follows: Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is used under a CC BY-NC 4.0 International license. Additionally, if you redistribute this textbook (in whole or in part) you must retain the below statement, Download this book for free at https://pressbooks.bccampus.ca/criminalinvestigation/ as follows: 1. digital format: on every electronic page 2. print format: on at least one page near the front of the book To cite this textbook using APA, for example, follow this format: Gehl, Rod & Plecas, Darryl. (2016). Introduction to Criminal Investigation: Processes, Practices and Thinking.
    [Show full text]
  • Guidelines on Mobile Device Forensics
    NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Sam Brothers Wayne Jansen http://dx.doi.org/10.6028/NIST.SP.800-101r1 NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Software and Systems Division Information Technology Laboratory Sam Brothers U.S. Customs and Border Protection Department of Homeland Security Springfield, VA Wayne Jansen Booz Allen Hamilton McLean, VA http://dx.doi.org/10.6028/NIST.SP. 800-101r1 May 2014 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 et seq., Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate Federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A- 130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A- 130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Digital Forensics Concentration
    DIGITAL FORENSICS CONCENTRATION The Digital Forensic concentration is available to students Why Enroll in the at Hilbert College who are interested in learning more about Digital Forensics computer-based information applied to legal matters. The concentration is comprised of three computer courses and 2 Concentration? digital forensic courses, some held in Hilbert’s new, modern Low student/teacher computer laboratory classroom. Together these five courses will ratio in all classes provide more in depth exposure to fundamental principles in the Access to all new l use of computers in legal investigations. This concentration is equipment and available to students in all majors, though it is likely of particular instrumentation interest to students in the Forensic Science/CSI department who Unmatched personal wish to obtain a stronger computer-based foundation than what attention to academic is required for their major. advisement Coursework includes one semester of computer systems Opportunity to learn (covering computer architecture and operating systems), one from top-notch semester of computer networking, one semester of computer professors who have crime investigation (covering procedures and techniques of data real-world experience in a digital forensic recovery involved in criminal investigations), one semester of setting computer forensics (covering data seizure, imaging and analysis) Job search guidance and one semester of Advanced Mobile Device Forensics. All in the profession courses in the concentration are three credits. Additionally, the Expanded job courses in the concentration do not require prior exposure to opportunities after graduation: computers as they are designed to be taken sequentially: initially “According to the introducing students to foundational concepts and material and Department of Labor, progressing to more advanced applications of concepts in later demand is expected to grow 22% over the courses.
    [Show full text]
  • Digital Forensics Based Analysis of Mobile Phones
    Journal of Android and IOS Applications and Testing Volume 4 Issue 3 Digital Forensics Based Analysis of Mobile Phones Pooja V Chavan PG Student, Department of Computer Engineering, K. J. Somaiya College of Engineering, Mumbai, Maharashtra, India Email: [email protected] DOI: Abstract Now-a-day’s ratio of mobile phone is increasing day by day. Digital forensics methodology is use to recover and investigate data that found in a digital devices. Mobile phone usage is more that’s why not only judicial events occurred but also mobile forensics and subdivision of digital forensics are emerged. Some hardware and software are used for mobile phone investigations. Keywords: Digital forensics, digital devices, mobile phone INTRODUCTION because electronic device have a variety of Forensic science’s subdivision is a digital different operating system, technology, forensic, is a one type of process. The storage structure, Features. First identify main objective of this process to find the crime after that digital forensic work evidence in digital devices [1]. Digital on four important steps (Figure 1): forensics are used for the analysis of data, such as audio, video, pictures, etc. After • Collection: The collected of evidence the analysis of electronic devices data that like fingerprints, broken fingernails help for legal process. The usage of blood and body fluids. advanced technology is increasing rapidly. • Examination: The examination of Electronic device have a variety of product process is depending on evidence. like tablet, flash memory, memory card, • Analysis: The crime scenes obtain SD card, etc. When forensic analysis is different digital evidence, analysis is performed at that time data should be done on storage evidence this secure.
    [Show full text]
  • Application of Network Forensics in Identification of Network Traffic
    Published by : International Journal of Engineering Research & Technology (IJERT) http://www.ijert.org ISSN: 2278-0181 Vol. 7 Issue 07, July-2018 Application of Network Forensics in Identification of Network Traffic 1Ajay Sehrawat, 2Neha Shankar Das and 3Praveen Mishra 1 Software Engineer (IT), Regional Centre for Biotechnology, 2M.Tech, GGSIPU, 3Additional Director, ERNET India, Abstract - With the development of the latest technology The use of Network Traffic Analysis can also be seen in interventions in the field of networking, cyber- crimes are security domain. It includes management and monitoring of increasing at a gradual rate. It has led to increase in online packets from source IP address to destination IP port crimes and attacks in which malicious packets are being sent to number. It takes amount of packets sent in consideration to other hosts. Network Traffic Analysis comes under Network check flow of consistency in network. Network forensics is Forensics which is one of the classifications of Cyber Forensics that deals with capturing, recording, monitoring and analysis defined in [11] as “capturing, monitoring and scrutiny of of network traffic. Keeping this in view, the paper describes the network events in order to determine the cause of security need of network forensics and its aspects. The paper proposes a attacks and other problem incidents”. It can be said that model for network traffic analysis which is useful for detecting Network Forensics is a branch of digital forensics which is malicious packets received from intruders. studied to examine the network traffic so that attacks and malicious activities can be discovered. There is difference Keywords: Network Forensics, Network Monitoring and Network between computer forensics and digital forensics.
    [Show full text]
  • Forensic Attribution Challenges During Forensic Examinations of Databases
    Forensic Attribution Challenges During Forensic Examinations Of Databases by Werner Karl Hauger Submitted in fulfilment of the requirements for the degree Master of Science (Computer Science) in the Faculty of Engineering, Built Environment and Information Technology University of Pretoria, Pretoria September 2018 Publication data: Werner Karl Hauger. Forensic Attribution Challenges During Forensic Examinations Of Databases. Master's disser- tation, University of Pretoria, Department of Computer Science, Pretoria, South Africa, September 2018. Electronic, hyperlinked versions of this dissertation are available online, as Adobe PDF files, at: https://repository.up.ac.za/ Forensic Attribution Challenges During Forensic Examinations Of Databases by Werner Karl Hauger E-mail: [email protected] Abstract An aspect of database forensics that has not yet received much attention in the aca- demic research community is the attribution of actions performed in a database. When forensic attribution is performed for actions executed in computer systems, it is nec- essary to avoid incorrectly attributing actions to processes or actors. This is because the outcome of forensic attribution may be used to determine civil or criminal liabil- ity. Therefore, correctness is extremely important when attributing actions in computer systems, also when performing forensic attribution in databases. Any circumstances that can compromise the correctness of the attribution results need to be identified and addressed. This dissertation explores possible challenges when performing forensic attribution in databases. What can prevent the correct attribution of actions performed in a database? The first identified challenge is the database trigger, which has not yet been studied in the context of forensic examinations. Therefore, the dissertation investigates the impact of database triggers on forensic examinations by examining two sub questions.
    [Show full text]
  • 2021-22 Undergraduate Catalog
    Undergraduate and Graduate Course Descriptions for the 2021 - 2022 Academic Year ACCT - Accounting ACCT 201 INTRO TO FINANCIAL ACCOUNTING: A comprehensive study of basic financial accounting processes applicable to a service, merchandising, and manufacturing business. An analysis of transactions, journalizing, posting, preparation of working papers and ­financial statements. ACCT 202 INTRO TO MANAGERIAL ACCT: An introductory study of managerial accounting processes including job order costing, process costing, cost­volume­profit analysis, standard costs, activity­based costing, cost analysis, budgeting, and managerial decision making. Prerequisite: ACCT 201 or equivalent with a minimum grade of C. ACCT 301 INTERMEDIATE ACCOUNTING I: A study of financial accounting ­standard setting, the conceptual framework underlying financial accounting, balance sheet and income statement ­presentations, revenue and expense ­recognition, and accounting for current assets, and current liabilities. Prerequisite: ACCT 202 with a minimum grade of C. ACCT 302 INTERMEDIATE ACCOUNTING II: This class is the second course of the three­semester sequence of intermediate financial accounting. This course focuses on issues related to the reporting and analysis of financial accounting information. The objective in this course is to examine in detail (with an emphasis on both the "what" and the "why") the following financial topics: 1) Operational Assets 2) Time value of money 3) Bonds and long term notes 4) Leases 5) Employee benefits and pensions. Prerequisite: ACCT301 or equivalent with a minimum grade of C. ACCT 306 COST ACCOUNTING: A study of cost behavior, overhead cost ­allocations, cost systems design, and an introduction to activity­based costing and control systems. Emphasis is on case studies and other practical applications.
    [Show full text]
  • Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing
    Georgia Southern University Digital Commons@Georgia Southern Electronic Theses and Dissertations Graduate Studies, Jack N. Averitt College of Spring 2018 Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data Majeed Kayode Raji Follow this and additional works at: https://digitalcommons.georgiasouthern.edu/etd Part of the Business Analytics Commons, Business Intelligence Commons, Computational Engineering Commons, and the Other Engineering Commons Recommended Citation Raji, Majeed Kayode, "Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data" (2018). Electronic Theses and Dissertations. 1879. https://digitalcommons.georgiasouthern.edu/etd/1879 This thesis (open access) is brought to you for free and open access by the Graduate Studies, Jack N. Averitt College of at Digital Commons@Georgia Southern. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons@Georgia Southern. For more information, please contact [email protected]. DIGITAL FORENSIC TOOLS & CLOUD-BASED MACHINE LEARNING FOR ANALYZING CRIME DATA by MAJEED KAYODE RAJI (Under the Direction of Hayden Wimmer) ABSTRACT Digital forensics is a branch of forensic science in which we can recreate past events using forensic tools for a legal measure. Also, the increase in the availability of mobile devices has led to their use in criminal activities. Moreover, the rate at which data is being generated has been on the increase which has led to big data problems. With cloud computing, data can now be stored, processed and analyzed as they are generated. This thesis document consists of three studies related to data analysis. The first study involves analyzing data from an Android smartphone while making a comparison between two forensic tools; Paraben E3: DS and Autopsy.
    [Show full text]
  • Hacking Exposed Computer Forensics, Second Edition, Delivers the Most Valuable Insight on the Market
    HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co.
    [Show full text]
  • IEEE Paper Template in A4 (V1)
    ISSN 2319 – 1953 International Journal of Scientific Research in Computer Science Applications and Management Studies Digital Forensics in Cloud Computing Environment Santhosh B, Nelson Dsouza#2, Akash D Kumbhar*2 #1,Associate Professor, Dept of MCA,AIMIT, Mangaluru, Karnataka, India #2Department of MCA, AIMIT, Mangaluru, Karnataka, India Abstract— The Internet is growing explosively, as is the • In a lawful manner, preserving, extracting, storing, analyzing number of crimes committed against or using computers. As a and presenting the evidence. response to the growth of computer crime, the field of computer • To gain an insight into the activities and techniques used by forensics has emerged. Computer forensics involves carefully cybercriminals. And find a counter way to solve the loopholes. collecting and examining electronic evidence that not only assesses the damage to a computer as a result of an electronic III. CHALLENGES AND RESEARCH GAPS attack, but also to recover lost information from such a system to prosecute a criminal. With the growing importance of computer The states not available, suspect and court ready becomes a security today and the seriousness of cybercrime, it is important challenge for cloud forensic investigator to recognize the data for computer professionals to understand the technology that is set for them. The increase in data storage capacity in a cloud used in computer forensics. This paper will discuss the need, goal is a disadvantage for a digital forensic investigation as it for computer forensics to be practiced in an effective, legal ways increases the time for analyzing the abundant data. and challenges. Forensics is the process of using scientific Lack of tools and little expertise in cloud forensics is of knowledge for collecting, analyzing and presenting evidence to concern, involves more challenging when encryption, multi- the courts.
    [Show full text]
  • Purpose of Computer and Network Forensics
    Purpose of Computer and Network Forensics Table of Contents Purpose of Computer and Network Forensics ................................................................................ 2 What Is Digital Forensics? ............................................................................................................... 3 Need for Digital Forensics -1 ........................................................................................................... 4 Need for Digital Forensics -2 ........................................................................................................... 6 Purpose of Digital Forensics ............................................................................................................ 8 Notices .......................................................................................................................................... 12 Page 1 of 12 Purpose of Computer and Network Forensics Purpose of Computer and Network Forensics 4 **004 Okay. So we'll start out with the purpose of computer and network forensics. Page 2 of 12 What Is Digital Forensics? What Is Digital Forensics? As defined in NIST Guide to Integrating Forensic Techniques into Incident Response: “Application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data” Also known as or called computer forensics and network forensics, and includes mobile device forensics All better called one term: Digital
    [Show full text]