News We Recently Launched AD Migrator and AD Reporter.
Advance Digital Forensics Training for Noida Police by SysTools at CCCI
About a month ago on the __ November 2016, SysTools conducted a Digital Forensics Training at the Center for Cyber Crime Investigation, Noida, addressing the S.P., P.I., and Investigative Officers of Noida Police.
Expert Trainers
The SP and PI along with SysTools arranged for a training session on Digital Forensics imparting knowhow on the best practices of evidence preservation and analysis to the investigative officers of Noida Police Department. The chief attendees of the session were both, the SP and PI of Noida Police along with their investigative officers with the background of cyber investigation.
Shared below is a brief account of all the sessions conducted on the different aspects of digital forensic by Team SysTools at CCCI, Noida.
Five sessions were conducted on total for the Noida Police Officers to help them brush up on their existing digital forensic skills with eDiscovery procedures and automated tools.
The Noida Police cyber cell team attending the training was instructed about Deadbox Forensics, incident response technique. Write blocker was used as a key element in this training session and its importance for the same was explained.
Team SysTools explained the varied software and hardware approaches that help in performing Deadbox forensics. An illustration of the practical approach was provided to the investigative officers using the Tableau TD3.
A special segment of the session was:
Chain of Custody Forms: The procedure generally refers to the documentation of all performed stages of investigation right from seizure, custody, analysis, to disposition of evidence. This stage of email forensic was informed about to the officers to help them understand the importance of following standard procedures that aim towards maintaining evidence originality.
SysTools Research and Examination team of Forensic Investigators shared a brief on Live Forensics. Seizure and acquisition processes are generally executed on machines or external storage media taken into custody.
However, the team put light on another form of forensic, which is Live Forensics that refers to capturing the live RAM activities occurring on the device in acquisition.
Examining the RAM being the first stage of this forensic procedure is explained followed by capture of memory, which further helps in extracting information such as passwords from live internet browsing sessions.
General Tips: A brief part of the session also focused on explaining the use of steganography with practical demonstration of the same.
Later, the team detailed about Windows Artifacts owing to the OS being excessively used by a large number of users. This part of the session was further detailed into types of data to be examined from a Windows OS for a beneficial investigation and approaches to be implemented for the same.
Certification of technological or investigative specialization helps investigators in professional skill representation. AccessData Certified Examiner (ACE) is amongst the most valuable certifications owned by the best of digital forensics investigators globally.
SysTools, during their training session, took the initiative of preparing CCCI team of investigative officers to attempt successfully crack the certification exam. Acquiring the certification holds so much importance that the digital forensics community considers it as a milestone of an investigator’s career span.
Shreyas Parikh (Examiner and Researcher, Digital Forensics team, SysTools) holds core specialization and interest in mobile forensics. Therefore, the session was led by Shreyas himself to share his detailed study of mobile phones and smartphone forensics.
The session was particularly conducted on Android based smartphone forensics. Moreover, it trained the officers about the standard procedure of performing acquisition on the captured device. Lastly, but most importantly, the session pointed out the two major approaches of performing mobile forensics:
1. Automated Approach: which was illustrated using Cellebrite UFED for; logical, file system, and physical data analysis.
2. Manual Approach: detailed data acquisition by gaining developer access of the device with ADB Shell and Cellebrite UFED.
An on-demand segment of training was appended to the session following an enquiry about investigating locked mobile phones in the 4th session. Shreyas and team elaborated the concept with practical demonstration of the procedure both; via manual and automated approaches.
1. Cellebrite UFED was suggested as the primarily considered approach for investigating a locked mobile device.
2. However, on the unforeseen failure of the procedure, manual approaches were detailed in the session, as per the knowhow of research and examination team.
In addition, extraction of contents from an Apple iPhone device were detailed, considering the inviolable level of security implemented on Apple devices.
The final training session conducted was on the complete usage of SysTools MailXaminer tool. Holding specialization in cyber / digital forensics makes the team of investigative officers efficient enough to prosper.
Demonstration: MailXaminer is a dedicated email examination product that focuses on analyzing emails of desktop and webmail services, both. The application is more of a toolkit than a single purpose application. It gives investigators the edge to explore the expanse of email investigation comprehensively.
1. Standalone access and examination of various email services.
2. Advanced search options featured for quick and apt analysis.
3. Findings of case exportable to legally supported file formats.
4. Generate multiple detailed case reports for future reference.
5. Advance analysis techniques for Image, video, and skin tone.
Approaching end, the session saw a positive response from the investigative officers owing to the addition of details in their existing knowhow of different investigative procedures with the help technologies like Cellebrite UFED, Tableau TD3, and MailXaminer in the support.