Digital Forensics - The Artifact Game

Exchangeable Image File Format Exif Data is a metadata that is generated and stored by your camera whenever you take a photo and this data is embedded within your images and includes information about GPS coordinates (location), that is why many websites are stripping the exif data from the uploaded images due to privacy concern. Apart from your GPS coordinates exif stored many sensitive information and some of them are Camera Model Name, Modify Date, Date/Time Original, Create Date, File Source, Camera Firmware Version, Owner Name, Image Type etc. and all this information is then processed by Exif/DCF reader of the website, if not stripped by the server. This type of information is formatted according to the TIFF specification and may be found in JPG, TIFF, PNG, JP2, PGF, MIFF, HDP, PSP and XCF images, as well as many TIFF-based RAW images and even some AVI and MOV videos. The EXIF meta information is organized into different Image File Directories (IFD’s) within an image. Exif...

Evidence Integrity and Handling Maintaining the integrity of the crime scene means protecting any potential evidence from being damaged or destroyed and preventing any false evidence from being introduced to the area in question. Maintaining the integrity of a computer system for use in a forensic examination is a similar process in principle. When working with digital image, one needs to maintain the integrity of the files and also demonstrate that the steps taken were effective. Maintaining integrity requires security of the files during transport and storage. Demonstrating integrity uses methods to show that the file has not changed. Methods for Maintaining Integrity : 1. Written Documentation SOP documenting the steps required to properly maintain security. This documentation may include chain of custody, if required by agency policy. 2. Physical Security/Environment Mechanical or physical systems for preventing unauthorized access to data or loss of data, e.g. door locks,...

Evidence Acquisition Handling the evidence is one of the most important aspects in the expanding field of computer forensics. An investigator should take precautions while collecting, preserving and transporting the digital evidence. Some steps should be followed by the first responders in handling the digital evidence at an electronic crime scene. Steps : 1. Recognize, identify, seize and secure all the digital evidence at the crime scene. 2. Document the entire crime scene and the specific location of the evidence found. 3. Collect, label, and preserve the digital evidence. 4. Package and transport digital evidence in a secure manner. Before collecting evidence at a crime scene, first responders should ensure that the legal authority exists to seize the evidence, the scene has been secured and documented and appropriate personal protective equipments are used. Evidence Preservation Steps (Follow in order): 1. Photograph the computer and scene 2. If the computer is off d...

Digital Forensics is a branch of forensic science that uses scientific knowledge or methods to gather evidence and solve crimes. It has some scientifically proven methods to preserve, collect, validate, identify, analyze, interpret, document and present the digital evidence. The main aim of a digital forensic investigation is to find facts and recreate the truth of an event. Digital Forensics has three main categories : Acquisition Analysis Presentation 1. Acquisition : Acquisition means collecting the digital media to examine. It includes optical media, hard drives, storage cards from camera, mobile phones, embedded chips from devices etc. The collected evidence should be treated delicately and a duplicate should be made of the collected evidence to maintain the record. 2. Analysis : In this category a media is actually examined with appropriate analysis methods. It includes file content examination, file system analysis, statistical analysis etc. and finally the results a...