Effective Management Of Rapid Intervention, Investigation, Analysis And Reporting Processes On Crimes Committed By Computer With New Generation Forensic Informatics Methods

Abstract

Because of the exponential growth in the volume and speed of attack vectors, the rapid growth of computer crimes, the corporate attack surface and the enormous volumes of data, preventing the cyber-attacks has become very difficult. In terms of forensics, classical forensic methods in a traditional approach which include removing the disk, gettng its image and examining the image takes a lot of time with the increasing amount of data so that this situation leads to make quick intervention too difficult against cyber attack and it takes a lot of time. For example, on average, getting an image of harddisk which include 20 terabyte capacity takes 2 days of time. As a solution, with a special tool (Binalyze AIR) that collects only evidentiary documents getting hash of all evidences (Disk Proof, Proof of Memory, Proof of Scanner, Proof of NTFS, Proof of Log, Proof of Network, Proof of Event Logs, Proof of WMI, Proof of Process Execution, etc.) and collects only the documents that have the quality of evidence, thus this process can be completed in a very short time. It provides effective management of crime scene investigation and fast response to crimes committed by computer, investigation, analysis and reporting processes blocked with traditional forensic methods and offers an innovative solution to the scientific literature. In summary, in this study, the results obtained by using modern forensic techniques (Binalyze AIR and Binalyze Tactical software) are presented in comparison with classical forensic methods.