What is USB Forensic?

-
What is USB forensic?
  • Digital Forensics analysis of USB forensics include preservation, collection,
    Validation, Identification, Analysis, Interpretation, Documentation, and Presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal.
  • Sometime it is necessary to check weather the given file from the USB is as it as the sender send or not? It may be possible that the third party or an attacker can modify the data. To ensure this problem USB forensic is used.

How to check the data integrity from USB drive?
  • There is a function called MD checksum in any file. The value for the MD5SUM Is
    changed whenever the file is modify.
  • Suppose sender A want to send the file acb.txt to receiver B
  • Now with the file abc.txt a sender can also send the md5sum of that file to receiver B
  • Note at the time of receiving the file , receiver B can check the md5sum of received file abc.txt and compare tha sum to the sender’s md5sum
  • If the both values are matche, we can say that the file is unchanged, undamaged.
Find the History of Every Connected USB Device on Your Computer
  • As we all know there is a registry in window OS. With the help of registry data we can easily find the details of USB drives which are connected to our PC
  • Whenever any USB is connected to a machine the a registry key with the name "USBSTOR" is created. The steps are as follow
  1. Go to the registry . type “regedit” into CMD
  2. Than search for HKEY_LOCAL_MACHINE – SYSTEM – CURRENT
    CONTROL SET – ENUM – USBSTOR
  3. In this folder you can find the details about the USB drives which are
    recently connected to the machine
  • This is how you can see the details of USB devices which are connected to your machine
Why data recovery is necessary in digital forensics?
  • Forensic data recovery is the extraction of data from damaged evidence sources in a
    forensically sound manner. This method of recovering data means that any evidence
    resulting from it can later be relied on in a court of law.
  • Forensic data recovery is a process which is used to retrieve data which will be used for legal purposes. Compared with common data recovery tasks, Forensic data recovery is a bit more complex. At most times, it requires retrieving data which was deliberately erased, damaged, or corrupted. That's why there is little reliable software for Forensic data recovery even there are a large number of data recovery applications
    on the market.

Comments

Post a Comment

Popular posts from this blog

"Coot" Ransomware

-
Image
What is Ransomware? Ransomware is a malicious program which will encrypt your data and make a barrier between you and your files After successful implementation of ransomware on your network or your machine it will stating encrypting the data with advance level of encryption which is really difficult to crack Now after encryption you have to purchase a tool called "Cypter" tool from attack and related decryption key too In some cases it is possible to retried the data without paying ransom to bad guy. What is Coot Ransomware attack? From ending of July 2020 the number of coot ransomware is increasing frequently. coot is from "DJVU" family of ransomware. In this type of attack the file will be encrypted with some high level encryption techniques and the file extension will be ".coot" at the end of the file. Suppose there is a file on your machine called "a.txt" than the encrypted file will be "a.txt.coot" Also you can see the other
Read more

Data Recovery Tools (Disk Drill)

-
Image
There are many tools available for data recovery in the market . Some of the tools are as follow Encase FTK manager Manager RAM capture  X-ways forensic Sleuth kit (+autopsy) Paladin Disk Drill Restoration (Window) Disk Drill . Disk Drill is an undeniable leader among data recovery software, it can recover deleted files from your device even if it is failing, unreadable, or has lost a partition. Features : You can recover up to 500MB of data free with Disk Drill for Windows. Unlike any other, the app has two important additional data loss prevention functionalities. The first, Recovery Vault, adds a layer to the Recycle Bin and keeps a backup reference to all deleted files. The second, Guaranteed Recovery, keeps a copy of each file moved to a previously selected folder, as for example the Recycle Bin. In addition, Disk Drill allows users to create image files in the form of ISO, IMG or DMG files. Therefore in practice, enables the user to conduct the data search in a clone, without ta
Read more

Ransomeware Malware

-
Image
What is ransomware? Ransomware is a part of a Malware It looks like a simple executable file, but whenever it executed on a machine . it will automatically encrypt all of your file with advanced encryption algorithm.  Ransomware is on trending on cyber-war. What is ransomware attack? First of all an attacker try to infect your machine with ransomware. Now the ransomware malware will encrypt your machine and you can not access your data, For decryption you required a software called "Crypter" as well as a key for decryption, which can only be with attacker only.  Now attacker ask for some money in form of Bit-coins to hide its identity, this money is called ransom.After you pay to attacker.he/she will give you software and a key.. This is called a ransomware attack. Why it is difficult to decrypt the files without payment? First of all we don't know from which encryption system did the attacker use it can be.... RSA DSA AES etc Now if we get the idea regarding the encrypti
Read more