The digital forensic tools are the software that are used to test the network activity and correction of the any evidence that can be presented before the law .
However it helps to identify, preserve, recover, analyze and present facts and opinions regarding any digital information that can be presented during the prosecution period.
These tools are used for the following uses[1]:
Below are my two installed forensic tools.
The digital forensic tools are very vital in the research period and they are very resourceful and the selection of the best tool should consider some of the following factors[2]:
The 2 forensic techniques.
The investigation in the field of the forensic auditing requires on e to use some processes and a number of phases.
However there are some techniques that are required to be used to conduct forensic audit which includes the following :
This is the techniques that based on correlation of information that comes from many storage disks ,however it is used in analysis of some social media and does the detections of nay anomalies.
This is a technique that is carried out by examining the computers operating systems using the system admin tool or systadmin in order to obtain any required evidence. This is mainly used in case there are some encryption in the data files and it is done by getting the disk image before the computer is shut.
This is a technique used by the digital forensic analysts to recover some of the file that could have been deleted, the forensic tool therefore has inbuilt tools that are used to discover any deleted file.
This is enabled by the operating systems since most of them do not delete completely the files and hence the investigating team is able to do reconstruction from the disks sector through files curving .
There are two major tools that I installed in my computer in order to carry out the demonstration of the forensic audit, these are the Nmap tool and the Wireshark tool.
The below is the illustration of how each works in the process of doing the forensic investigation.
The Nmap is also called Network Mapped which is a tool that is basically used to scan a network and to detect any hosts ,it is used when there are many steps in penetration tests[3]. However the Nmap is used for several functions which includes:
The Nmap is able to do several scanning which includes the TCP,FIN and UDP as discussed below.
This is a technique used that is referred to as Half open scanning since the there no complete hands shake in the TCP processes where the NMap just sends the SYN packet to destination without creating any session.
Below is the syntax used.
# nmap -sS 192.168.1.1
This is technique used when the SYN is not optional and there is completed TCP handshake as shown below.
# nmap -sT 192.168.1.1
This is a technique to identify nay UDP port that is open in the targeted host machine ,where no SYN packet is sent since the main target is the UDP port ,and after the scanning the UDP waits the response as shown below:
# nmap -sU 192.168.1.1
The TCP SYN don’t give best solution since there is installed firewalls since the SYN packet is blecked by the target machines firewall and thus FIN is used since only the flag is sent and no TCP handshake is required to complete the process[4].
The Wireshark is the second network tool it was originally known as the Ethereal, however it captures data packet in real times and convert them to human readable formats.
It is made of data filter, color coding to enable analysis of those packets. The following are the steps of the activities done by the wireshark tool which includes.
This is the first thing done after the installation of the wireshark where it is opened and the name of the network is double clicked in the capturing interface of the application as shown in figure below.
Then the packets will start to display in real time after the interface is clicked as shown below.
This is where the phoning home is sent in order to terminate any network running application to enable fine scan in the network.
Then the filter is applied typing the target host in the filter box and start by clicking enter button ,for instance in case one uses the dns the only filter will be the DNS packets which will be visible as in the figure below where filtering will be auto completed by the wireshark[5].
However one can be able to display the filters as in the figure below by selecting the menu Analyze > Display Filters .
This is the third part where the packets found are inspected by selecting and clicking to get more details as shown below.
Then the filters are created from above by right clicking of the on the details option and then applying filters as shown below.
Therefore due to those strong features in wireshark it is widely used by various professionals while debugging the implemented networks protocols, examination of network security ,and inspection of internal networks protocols.
The digital forensic is one of the best activities that are meant to be employed to the various organization while researching for a certain evidence of any crime .
This is done by use of the various tools that mainly helps to do data imaging ,extraction ,recovering and testing of the various events that took place .
While selecting the tool to use the investigators are advised to check on the flexibility, reliability and ability to expand in future in order to deliver the best results.
During the process of forensic audit the investigator is required to use the best tool to obtain the result however the following are some of the recommendations for better results and handling of any reported crime:
References
[1] W .Tommie ,Fraud Auditing and Forensic Accounting. New York:Wiley,2013.
[2] S.Mark ,Auditing Cases: An Interactive Learning Approach. North Carolina: Pearson,2015.
[3] D.Larry, Forensic and Investigative Accounting. New York:CCH Inc,2015.
[4] N.Mark ,Forensic Analytics: Methods and Techniques for Forensic Accounting Investigations. Kharkiv, Ukraine :South-Western College Pub,2013.
[5] W.Tommie ,Fraud Auditing and Forensic Accounting., Kharkiv, Ukraine:South-Western College Pub,2014.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download