Cyber Forensic

Cyber forensics, also known as digital forensics, is the process of identifying, preserving, analyzing, and presenting digital evidence in a manner that is legally admissible. It is used to investigate and prevent cybercrimes, such as hacking, identity theft, and cyberstalking, as well as to gather evidence in cases of intellectual property theft and other cyber-related offenses.

The process of cyber forensics typically involves the following steps:

  1. Identification: Identifying the digital evidence and the scope of the investigation

  2. Preservation: Securing and preserving the digital evidence to ensure that it is not tampered with or altered

  3. Analysis: Analyzing the digital evidence to determine what occurred and who was responsible

  4. Presentation: Presenting the findings and evidence in a manner that is legally admissible

Cyber forensic investigators use a variety of tools and techniques to gather and analyze digital evidence, including data recovery software, network analysis tools, and forensic imaging software. They must also be familiar with the laws and regulations related to digital evidence, as well as the principles of computer science and information technology.

It is important to note that cyber forensics is a constantly evolving field, as technology and cybercrime tactics continue to advance. Therefore, it is crucial for cyber forensic investigators to stay current with the latest tools, techniques, and trends in the field.

In summary, Cyber forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally admissible. It is an integral part of investigating and preventing cyber crimes.


Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Forensic process

Computer forensic investigations usually follow the standard digital forensic process

  • Acquisition
  • Analysis
  • Reporting


A number of techniques are used during computer forensics investigations.

Cross-drive analysis
A forensic technique that correlates information found on multiple hard drives. The process, still being researched, can be used to identify social networks and for perform anomaly detection

Live analysis The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems, for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged (known as a live acquisition) before the computer is shut down.

Deleted files A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Most operating systems and file systems do not always erase physical file data, allowing investigators to reconstruct it from the physical disk sectors. File carving involves searching for known file headers within the disk image and reconstructing deleted materials.

More Contents will be publishing soon

Indian Cyber Securiry

Research Papers

Case Study

Cyber Police