A digital forensic tool — ExifTool
What is digital forensics?
Formally, digital forensics is defined as the branch of forensic science that is concerned with the identification, preservation, extraction, and documentation of digital evidence using scientifically validated methods — evidence that will ultimately be used in a court of law.
The term originated from “computer forensics” which includes the investigation of computers and digital storage media, but it has separated into a discipline focused on handling digital evidence found on all digital devices that store data.
Digital evidence can be collected from many sources. These include computers, laptops, mobile phones, digital cameras, hard drives, IoT, CD-ROM, USB sticks, databases, servers, cloud, web pages, and more. Data sources like these are subject to digital forensics investigations and must be handled with the most care to avoid any modification or contamination.
Government agencies and law enforcement use digital forensics to obtain additional evidence when a crime has occurred, whether it’s cybercrime or another type of crime, to support allegations against a suspect. In cybercrime investigations, digital forensics investigators are employed by government agencies once an incident is detected, to find evidence for the prosecution of crimes.
Not only is digital forensics useful for solving different types of cybercrime such as data breaches, ransomware, and data theft, but it can also be used to solve physical crimes — such as burglary, assault, fraud, and murder. The evidence uncovered can lead an investigation toward the motives behind the crime and can even connect the suspect to the crime scene or support an alibi.
The full form of EXIF is Exchangeable image file format, ExifTool is open-source software that allows us to read and manipulate the metadata of image, audio, video, and PDF files …
This tool is generally used in cyber investigations, Investigators in all forms of law enforcement — whether local, state, or federal — routinely come across digital photographs while executing search warrants or permissive searches.
Features
Exiftool was launched in 1995 the author of this tool Phil Harvey Exif Tool is a handy command-line-based tool for digital forensics as it can extract EXIF data from different media files such as images and videos. It can provide analysis over different meta-data from those files such as file types, permissions, file sizes, device type, GPS coordinates, and much more.
EXIF data can provide a treasure trove of information to investigators, including:
- Camera model
- Camera serial number
- Exposure setting
- The date and time picture was taken
- GPS coordinates
- GPS version ID
- Latitude and longitude
- Altitude
- GPS timestamp
- Image Description
- Software
- Author
There are many other forensics tools……..like —
Wireshark
Wireshark is a popular ethical hacking tool as well as one of the most commonly used red team tools but is also regularly utilized by digital forensics investigators. It’s an open-source network traffic analyzer and is used for network forensics. Wireshark analyzes and captures network traffic in real-time and it can help discover any threats on the network.
Registry Recon
The Windows registry is a common location where malware established persistence so its data can provide a wealth of information for a digital forensics investigation. You can open and view the Windows registry with a built-in Windows application and registry analysis is available in some forensics platforms, but there are also specialized tools such as Registry Recon. It acts as a computer forensics tool to retrieve and analyze registry data, as well as delete parts of the registry from Windows OS
SurfaceBrowser™
SurfaceBrowser™ can uncover the entire online infrastructure of any company and provide relevant intelligence data from DNS records, domains, subdomains, SSL certificates, historical WHOIS data, and much more. Internet-facing assets can increase one’s attack surface and its risk of an attack and can provide critical information that can be linked to cybercrime.
ProDiscover Forensic
ProDiscover offers a product suite that offers solutions for incident response and electronic discovery as well as a wide array of diagnostic tools. Their most commonly used product for forensic investigations is ProDiscover Forensics, which helps investigators uncover, collect, process, preserve and analyze data from a computer disk as well as create evidence reports.
