Abstract
There are radical changes in the computing world each second. Significant advancements in computer technologies enable the cyberattackers to perform a high number of successful cyberattacks results in damaging critical infrastructures, financial loss, and health. Several nations adopt cyberforensics to investigate such cybercrimes, and however, with current technologies, it is hard to get the latent evidence from the crime scene. The evidence could be massive in size, and it is challenging to find the real culprit from that enormous information. Moreover, the evidence demands live acquisition, which is somehow not possible as an attacker always tries to destroy the digital footprint. Cybercrimes data is getting astonishing day by day as it expands its horizon and costing millions of dollars to the government. Even the highest turnover companies are prone to cybercrime. This is not the biggest problem since an attacker can compromise the security of these companies and can use their resources to perform a nationwide attack that includes ransomware, identity theft, violating privacy, human and sex trafficking, selling weapons or drugs online and data breaches. The data breach is one of the most influential and fastest-growing cyberattacks in various countries, specifically in the USA. That includes the major data breaches suffered by Marriott exposed around 500 million user account and Yahoo data breach uncovered 3 billion user account and Equifax breach in 2017 exposed 150 million accounts, which are some of the most significant breaches ever occurred in the history of cyberspace. According to cybersecurity ventures, throughout 20172021, the global spending on cybersecurity exceeds $1 trillion, which is enormous spending for just preventing data breaches. Instead, we can use this spending on a real problem such as climate change. This chapter deals with a formal introduction to cyberforensics and how anyone can perform forensics on different platforms, such as computers and networks. We also elaborate on the different architecture of forensics to get a generalized idea about how to collect data and how to analyze it for a finite conclusion about the crime scene. The chapter also describes different open-source tools and technologies used by various forensic agencies in order to retrieve the data from the evidence.
