https://onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=Forensic_Report%3A_Examination_Procedures_%28en%29Forensic Report: Examination Procedures (en) - Revision history2026-05-05T02:30:25ZRevision history for this page on the wikiMediaWiki 1.35.4https://onnocenter.or.id/wiki/index.php?title=Forensic_Report:_Examination_Procedures_(en)&diff=71037&oldid=prevOnnowpurbo at 22:36, 20 October 20242024-10-20T22:36:12Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 22:36, 20 October 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">Sure! Here's the translated text in English while retaining the wiki format:</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==5. Digital Forensic Examination Procedures==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==5. Digital Forensic Examination Procedures==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>Onnowpurbohttps://onnocenter.or.id/wiki/index.php?title=Forensic_Report:_Examination_Procedures_(en)&diff=71036&oldid=prevOnnowpurbo: Created page with "Sure! Here's the translated text in English while retaining the wiki format: ==5. Digital Forensic Examination Procedures== '''Digital forensic examination procedures''' are..."2024-10-20T22:36:01Z<p>Created page with "Sure! Here's the translated text in English while retaining the wiki format: ==5. Digital Forensic Examination Procedures== '''Digital forensic examination procedures''' are..."</p>
<p><b>New page</b></p><div>Sure! Here's the translated text in English while retaining the wiki format:<br />
<br />
==5. Digital Forensic Examination Procedures==<br />
<br />
'''Digital forensic examination procedures''' are a series of systematic steps taken to collect, analyze, and preserve digital evidence from a device or system. The goal is to obtain relevant information for an investigation, whether criminal, civil, or internal corporate.<br />
<br />
==5.1 Evidence Receipt==<br />
* '''Date and Time of Receipt:''' Accurate records of when evidence is received are crucial for maintaining the chain of custody and the integrity of the evidence. <br />
* '''Condition of Evidence:''' Document the physical condition of the device (e.g., cracked, damaged, signs of tampering), as well as its power state (on, off).<br />
* '''Initial Steps:'''<br />
** '''Documentation:''' Make detailed notes of all device details, including brand, model, serial number, and included accessories.<br />
** '''Photography:''' Take photos of the device from various angles before and after the examination. This is useful for documenting the initial condition and any changes that occur during the examination process.<br />
** '''Video:''' Record a short video when unpacking the device to visually document the process.<br />
<br />
==5.2 Acquisition Process==<br />
* '''Acquisition Methods:'''<br />
** '''Live Acquisition:''' Copying data directly from a device that is currently operational. This method is useful for capturing volatile data (easily lost) such as memory.<br />
** '''Static Acquisition:''' Copying data from a device that has been powered off. This method is more commonly used because it does not disturb the device's condition.<br />
** '''Disk Imaging:''' Creating a bit-by-bit copy of the entire storage medium. This is the most recommended method to maintain data integrity.<br />
* '''Integrity Verification:'''<br />
** '''Hash Value:''' Calculate the hash value of both the original data and its copy. Compare the two hash values to ensure that the copy made is identical to the original.<br />
** '''Checksum:''' Calculate the checksum of the data to verify data integrity.<br />
<br />
==5.3 Data Analysis==<br />
* '''Types of Analysis:'''<br />
** '''File System Analysis:''' Identifying the type of file system used, directory structure, and existing files.<br />
** '''Network Analysis:''' Analyzing network activities previously performed by the device, including IP addresses, ports, and protocols used.<br />
** '''Malware Analysis:''' Searching for the presence of malware, viruses, or other malicious programs.<br />
** '''Email Analysis:''' Analyzing emails present on the device, including email content, attachments, and metadata.<br />
** '''Web History Analysis:''' Analyzing the web browsing history previously conducted.<br />
* '''Tools and Techniques:'''<br />
** '''Forensic Tools:''' Utilizing various forensic software such as EnCase, FTK Imager, Autopsy, and Sleuth Kit.<br />
** '''Scripting:''' Using programming languages like Python to perform more complex analyses.<br />
<br />
==5.4 Documentation==<br />
* '''Examination Report:''' Create a detailed report regarding the entire examination process, from evidence receipt to analysis results.<br />
* '''Screenshots:''' Take screenshots of important analysis results.<br />
* '''Log:''' Record all activities conducted during the examination process in a log file.<br />
* '''Chain of Custody:''' Document the chain of custody of the evidence completely, including who held the evidence, when, and where.<br />
<br />
'''Important:''' The entire examination process must be conducted according to established procedures and forensic ethical standards to maintain evidence integrity and avoid contamination.<br />
<br />
'''Note:''' The explanation above provides an overview of digital forensic examination procedures. Actual procedures may vary depending on the type of device, operating system, and investigation objectives.<br />
<br />
==Interesting Links==<br />
<br />
* [[Forensic: IT]]</div>Onnowpurbo