Forensic Analysis Process
On the digital side, we talk about digital forensics or cyber forensics. Since the first cybercrime case was judged in 1978 in Florida, the field has become more professional with techniques for identification, collection and preservation of evidence, and also analysis tools to process increasingly massive data. The techniques used, such as for DNA collection, must also be admissible in court.
The Forensic Toolbox
The technicians of the technical and scientific police, the famous PTS, have tools and procedures for their investigations. I ask my cybersecurity team, what is in their forensics toolbox? What is their "bluestar"?
Volatility is the first term, dropped as if it were obvious by David, head of the Cybersecurity Division. As its name suggests, Volatility captures information stored in memory before erasing it during the reboot.
David warns on one point. When a cyberattack occurs, stress often prevails over reason and in the desire to quickly put the systems back into production, the traces are erased. He insists on the importance of organizing well in advance, in a calm context, the response to these events in order to both capture the traces and the evidence while preserving the data and ensuring the legal and ethical obligations of communication.
I ask Adrien the same question. He answers me Autopsy, a software that will allow to analyze the storage space of phones or hard drives to detect elements and reconstruct the history of events in order to unravel the mystery of a cyberattack. [AA1]
Volatility, Autopsy: these names sound like metal bands. Renaud will play the synthesis by telling me about SIFT , a toolbox initially developed by Rob Lee and which contains among others Autopsy and Volatility. Renaud immediately specifies that the ORC framework , for Compromise Search Tool, powered by ANSSI, is quite life-saving to recover clues in the space of a few minutes during an intervention on a compromised IS.
Finally, after a few discussions, a first forensic case is put together in order to detect traces of data, network, memory or storage on media such as smartphones, servers, PCs and even tablets.
Forensic toolbox
Data, disk, network, wireless, database, malware, email, mobile usa telegram data forensic science deals with each area to extract clues and evidence. The tools mentioned above are not intended to present the complete range of forensic solutions; they illustrate the richness and complexity of cybersecurity.
If you want peace, for war
"Before the Senate's European Affairs Committee, Guillaume Poupard, head of ANSSI (National Agency for Information Systems Security), gave an overview of the computer attacks on sensitive infrastructures."