5. Proposed Work 5.1 Problem Definition Digital crimes have become blusterous worldwide as the intense growth of networks and other networked technology particularly the Internet develops. Criminals have now become handy in utilizing technologically based mediums to carry out different sorts of crimes. Consequently digital forensics has become a predominant field. Over the years development in the field has been tool centered, being driven by commercial developers of the tools used in the digital investigative process. This, along with having no set standards to guide digital forensics practitioners operating in the field has led to issues regarding the reliability, verifiability and consistency of digital evidence. Along with these, there …show more content…
”]”/e’ } Step 3: Postmortem Forensic Analysis A. Evidence Collection A.1 Detection & Identification of traces if (Heavy INBOUND||OUTBOUND Traffic from same SIP to same DIP) It’s a Trace of DoS else if (Length of Ru ≥ 75, with so many junk characters) Malware Downloaded else if (Occurrence of 10.X.X.X || 192.168.X.X || 127.0.0.1) It’s a Trace Anomalous or Susceptive Source else if (Ru=IP ADD || Length of Ru= too long || Length of Ru= tiny || Ru have @) It’s a Trace of Phishing else if (Rs=TCP_DENIED && HSC=403) It’s Trace of Faulty URL/Blocked URL/Server Failure A.2 Verify traces For verifying, try to visit susceptive URLs or can apply trace route on susceptive IP Address or can view captured data from Active Monitoring System (AMS). Tn = Total Traces collected; After verifying, True Traces TT = Tn - TF; En = TT {Because En ⊆ Tn}; A.3 Good enough is good enough Calculate/generate the hash value of evidences for assuring the integrity. SHA1 (En) { // returns 160 bit hash value H2 return H2; } B. Integrity Check After completing the investigation, again calculate/generate the hash value of access.log. And match it with the previously generated hash