SlideShare a Scribd company logo

Digital forensics ahmed emam

Download as PPTX, PDF
ahmad abdelhafeez
ahmad abdelhafeez

network,security

Engineering
1 of 27
Digital Forensics Presented by: Ahmed Emam Presented to: Dr. Ashraf Tammam
Outline • Introduction • Categories • History • Review • Types of computer crimes and investigations. • Anti-forensics • Future Challenges • Real life cases • Conclusion • References
Introduction • Your computer will betray you. • Change is inevitable. • digital forensics is still in its infancy.
Introduction – cntd’ According to a study by University of California – Berkeley in 2001. It was found that 93% of all new information at that time was created entirely in digital format.
What? • Forensics is the application of science to solve a legal problem. • Digital Forensics is the preservation, identification, extraction, interpretation and documentation of computer evidence which can be used in the court of law. • In Forensic Magazine, Ken Zatyko defined digital forensics this way: “The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.”
Digital Forensics Categories
History • The field started to emerge in the 1980’s. • Since the late 1970s the amount of crime involving computers has been growing very quickly, creating a need for constantly developing forensic tools and practices. • The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. • In the 1980’s, the federal laws began to incorporate computer offences and Canada was the first country to pass legislation in 1983. • Starting 2000, in response to the need for standardization, various bodies and agencies have published guidelines for digital forensics. • Many of the early members were computer hobbyists and became responsible for the field's initial research and direction. • One of the first practical (or at least publicized) examples of digital forensics was Cliff Stoll's pursuit of hacker Markus Hess in 1986.
Review – Why and Who? • Why? - Due to the growth in computer crime law enforcement agencies began establishing specialized groups to handle the technical aspects of investigations. • Who? - Criminal Prosecutors & law enforcement agencies, Insurance Companies, Private Corporations.
Review – How?
Types of Computer Crimes and Investigations • Types of Computer Crimes:  Computer based crimes.  Computer facilitated crimes. • Types of Investigations:  Criminal forensics.  Intelligence gathering.  civil litigation – Also known as Electronic discovery (eDiscovery).  Intrusion investigation.  administrative matters.
Conditions of Reliability • The “conditions of reliability” are generally the same for most jurisdictions and it was stated that electronic copies of data are admissible provided that:  They were from the indicated source.  They were acquired using proven tools and techniques.  They have not been altered since the time of acquisition.
Challenges – Digital Forensics • Digital evidence accepted into court. • Costs. • Presents the potential for exposing privileged documents. • Legal practitioners must have extensive computer knowledge.
Locard’s Exchange Principle • “Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the blood or semen he deposits or collects. All of these and more, bear mute witness against him. This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it, study and understand it, can diminish its value.” • It can be interpreted as follows: In the physical world, when perpetrators enter or leave a crime scene, they will leave something behind and take something with them. Examples include DNA, latent prints, hair, and fibers
Locard’s Analogy for Digital Forensics • Registry keys and log files can serve as the digital equivalent to hair and fiber. • Like DNA, our ability to detect and analyze these artifacts relies heavily on the technology available at the time. • Viewing a device or incident through the “lens” of Locard’s principle can be very helpful in locating and interpreting not only physical but digital evidence as well.
The field of Anti-forensics • To counter the relatively new forensic advances, anti- forensic tools and techniques are cropping up in significant numbers. • They are being used by criminals, terrorists, and corporate executives. • Definition: “an approach to manipulate, erase, or obfuscate digital data or to make its examination difficult, time consuming, or virtually impossible”
Several Techniques for Anti-forensics • Hiding Data:  Changing file names and extensions.  Burying files deep within seemingly unrelated directories.  Hiding files within files.  Encryption.  Steganography. • Destroying Data:  Drive wiping  “Darik’s Boot and Nuke”  “DiskWipe”  “CBL Data Shredder”  “Webroot Window Washer”  “Evidence Eliminator”
Concerns about Data wiping • From an evidentiary or investigative perspective, the presence or use of these applications can serve as the next best thing to the original evidence. • As Seen, some tales are left in the registry
More concerns • When looking at the drive at the bit level, a distinct repeating pattern of data may be seen. This is completely different from what would normally be found on a hard drive in everyday use.
More concerns • Some operating systems, Apple OSX Lion for example, ship with a drive wiping utility installed. Called Secure Erase, this utility offers multiple options for data destruction.
Future Challenges and POR • Standards and Controls: Standards and controls are a fundamental part of scientific analysis, including forensic science. Its relevance to digital forensics is a matter of dispute. Standard Control A prepared sample that has known properties that is used as a control during forensic analyses. A test performed in parallel with experimental samples that is designed to demonstrate that a procedure is working correctly and the results are valid.
Future Challenges and POR • Standards and Control – cntd’:  Two opinions exist. John Barbra Scientific Working Group on Digital Evidence “In the end, closely following these established scientific practices ensures that any results gained are accurate, reliable, and repeatable. He further argued that without the use of standards and controls, it would be “extremely difficult or impossible to scientifically assess the validity of the results obtained from the analysis of the physical evidence” “Their position is that standards are being used in digital forensics, but controls are “not applicable in the computer forensics sub-discipline”  SWGDE’s position centers on false positives.  Tools and processes may miss evidence, but they will never find evidence that doesn’t exist.
Future Challenges and POR • CLOUD FORENSICS  Technically: Deleted files on a magnetic drive remain on the disk until they are overwritten. In the cloud, when a file is deleted the mapping is removed immediately, usually within a matter of seconds. This means that there is no remote access to the deleted data.  Legally: Dealing with multiple jurisdictions can significantly frustrate efforts to get to the relevant data • SOLID STATE DRIVES (SSD) • SPEED OF CHANGE
Case Scenarios – Case 1 Italian Case Law on Digital Evidence • Digital evidence could be altered and can contain countless pieces of information. The “Garlasco” case is a clear example of this.
Case Scenarios – Case 2 BTK Killer • The case of Dennis Rader, better known as the BTK killer. • It was solved thirty years later with the help of digital forensics. • He murdered ten people in Kansas from 1974 to 1991. Rader managed to avoid capture for over thirty years until technology betrayed him. • A floppy disk was received from the BTK killer. • The disc contained a file named “Test A.rtf.” (The .rtf extension stands for “Rich Text File”). A forensic exam of the file struck gold. The file’s metadata (the data about the data) gave investigators the leads they had been waiting over thirty years for. Aside from the “Date Created” (Thursday, February 10, 2005 6:05:34 PM) and the “Date Modified” (Monday, February 14, 2005 2:47:44 PM) were the “Title” (Christ Lutheran Church) and “Last Saved By:” (Dennis).
Conclusion • Digital Forensics field is an emerging field and it faces lots of challenges that are still POR. However, the intense research makes it viable to be taken into consideration in house of court.
Thank You Any Questions?
References • The Basics of Digital Forensics, by Johm Sammons • http://www.cert.org/digital-intelligence/history.cfm • http://www.cert.org/about/ • http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=59056 • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2013_004_001_40234.pdf • http://resources.sei.cmu.edu/asset_files/WhitePaper/2012_019_001_52449.pdf • http://resources.sei.cmu.edu/asset_files/CERTResearchReport/2009_013_001_51315.pdf • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2008_004_001_14948.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14429.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14432.pdf • http://www.cert.org/digital-intelligence/case-studies/tjx-heartland.cfm • http://www.cert.org/digital-intelligence/case-studies/iceman.cfm • http://www.us-cert.gov/sites/default/files/publications/infosheet_Cyber%20Exercises.pdf • http://en.wikipedia.org/wiki/Digital_forensics • http://www.techopedia.com/definition/27805/digital-forensics • http://www.forensicswiki.org/wiki/Main_Page • http://www.tees.ac.uk/undergraduate_courses/Crime_Scene_&_Forensic_Science/BSc_(Hons)_Computer_ and_Digital_Forensics.cfm • https://eforensicsmag.com • http://www.dfrws.org • http://en.wikibooks.org/wiki/Introduction_to_Digital_Forensics/Acquisition • http://researchrepository.murdoch.edu.au/14422/2/02Whole.pdf • http://prezi.com/4_azs1ecvq4y/crimes-solved-using-digital-forensics/ • Slide Share presentations.

Recommended

Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics pptOECLIB Odisha Electronics Control Library
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 

Recommended

Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics pptOECLIB Odisha Electronics Control Library
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptxAlAsad4
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Introduction to e-Discovery
Introduction to e-Discovery Introduction to e-Discovery
Introduction to e-Discovery Malla Reddy Donapati
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 

More Related Content

What's hot

Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptxAlAsad4
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 

What's hot (20)

Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptx
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Introduction to e-Discovery
Introduction to e-Discovery Introduction to e-Discovery
Introduction to e-Discovery
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 

Viewers also liked

Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Dennis Rader
Dennis RaderDennis Rader
Dennis Radermabrandt
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 

Viewers also liked (15)

Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Dennis Rader
Dennis RaderDennis Rader
Dennis Rader
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 

Similar to Digital forensics ahmed emam

Social Issues in Computing : Forensics
Social Issues in Computing : ForensicsSocial Issues in Computing : Forensics
Social Issues in Computing : ForensicsKaruna Kak
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
Digital&computforensic
Digital&computforensicDigital&computforensic
Digital&computforensicRahul Badekar
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Muzzammil Wani
 
Legal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingLegal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingNeal Axton
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.pptOkviNugroho1
 
CS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and deveCS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and devevikashagarwal874473
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1Jinalkakadiya
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 

Similar to Digital forensics ahmed emam (20)

Social Issues in Computing : Forensics
Social Issues in Computing : ForensicsSocial Issues in Computing : Forensics
Social Issues in Computing : Forensics
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Digital&computforensic
Digital&computforensicDigital&computforensic
Digital&computforensic
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
 
Legal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingLegal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud Computing
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.ppt
 
CS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and deveCS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and deve
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.ppt
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Digital forensics by vimal priya.s
Digital forensics by vimal priya.sDigital forensics by vimal priya.s
Digital forensics by vimal priya.s
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
 
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptx
 
Scope of Cyber forensics
Scope of Cyber forensicsScope of Cyber forensics
Scope of Cyber forensics
 

More from ahmad abdelhafeez

Surveying cross layer protocols in ws ns
Surveying cross layer protocols in ws nsSurveying cross layer protocols in ws ns
Surveying cross layer protocols in ws nsahmad abdelhafeez
 
Energy harvesting sensor nodes
Energy harvesting sensor nodes Energy harvesting sensor nodes
Energy harvesting sensor nodes ahmad abdelhafeez
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...ahmad abdelhafeez
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...ahmad abdelhafeez
 
Energy conservation in wireless sensor networks
Energy conservation in wireless sensor networksEnergy conservation in wireless sensor networks
Energy conservation in wireless sensor networksahmad abdelhafeez
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 
Malewareanalysis presentation
Malewareanalysis presentationMalewareanalysis presentation
Malewareanalysis presentationahmad abdelhafeez
 

More from ahmad abdelhafeez (20)

Surveying cross layer protocols in ws ns
Surveying cross layer protocols in ws nsSurveying cross layer protocols in ws ns
Surveying cross layer protocols in ws ns
 
Service level management
Service level managementService level management
Service level management
 
Energy harvesting sensor nodes
Energy harvesting sensor nodes Energy harvesting sensor nodes
Energy harvesting sensor nodes
 
V5I3_IJERTV5IS031157
V5I3_IJERTV5IS031157V5I3_IJERTV5IS031157
V5I3_IJERTV5IS031157
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
 
Energy conservation in wireless sensor networks
Energy conservation in wireless sensor networksEnergy conservation in wireless sensor networks
Energy conservation in wireless sensor networks
 
Localization in wsn
Localization in wsnLocalization in wsn
Localization in wsn
 
Routing
RoutingRouting
Routing
 
Wsn security issues
Wsn security issuesWsn security issues
Wsn security issues
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
opnet
opnetopnet
opnet
 
Wsn security issues
Wsn security issuesWsn security issues
Wsn security issues
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 
Intrusion prevension
Intrusion prevensionIntrusion prevension
Intrusion prevension
 
Digital forensics.abdallah
Digital forensics.abdallahDigital forensics.abdallah
Digital forensics.abdallah
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 
Malewareanalysis presentation
Malewareanalysis presentationMalewareanalysis presentation
Malewareanalysis presentation
 
pentration testing
pentration testingpentration testing
pentration testing
 

Recently uploaded

RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfKamal Acharya
 
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringC Sai Kiran
 
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfInvolute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfJNTUA
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsMathias Magdowski
 
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5T.D. Shashikala
 
Artificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian ReasoningArtificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian Reasoninghotman30312
 
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdfBURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdfKamal Acharya
 
Online book store management system project.pdf
Online book store management system project.pdfOnline book store management system project.pdf
Online book store management system project.pdfKamal Acharya
 
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGBRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGKOUSTAV SARKAR
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDrGurudutt
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesRashidFaridChishti
 
Lab Manual Arduino UNO Microcontrollar.docx
Lab Manual Arduino UNO Microcontrollar.docxLab Manual Arduino UNO Microcontrollar.docx
Lab Manual Arduino UNO Microcontrollar.docxRashidFaridChishti
 
Electrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineElectrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineJulioCesarSalazarHer1
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Lovely Professional University
 
Multivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptxMultivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptxalijaker017
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisDr.Costas Sachpazis
 
Quiz application system project report..pdf
Quiz application system project report..pdfQuiz application system project report..pdf
Quiz application system project report..pdfKamal Acharya
 
Software Engineering - Modelling Concepts + Class Modelling + Building the An...
Software Engineering - Modelling Concepts + Class Modelling + Building the An...Software Engineering - Modelling Concepts + Class Modelling + Building the An...
Software Engineering - Modelling Concepts + Class Modelling + Building the An...Prakhyath Rai
 
Interfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdfInterfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdfragupathi90
 
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...Roi Lipman
 

Recently uploaded (20)

RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
 
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
 
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfInvolute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
 
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
 
Artificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian ReasoningArtificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian Reasoning
 
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdfBURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
 
Online book store management system project.pdf
Online book store management system project.pdfOnline book store management system project.pdf
Online book store management system project.pdf
 
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGBRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
 
Lab Manual Arduino UNO Microcontrollar.docx
Lab Manual Arduino UNO Microcontrollar.docxLab Manual Arduino UNO Microcontrollar.docx
Lab Manual Arduino UNO Microcontrollar.docx
 
Electrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineElectrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission line
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
 
Multivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptxMultivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptx
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
 
Quiz application system project report..pdf
Quiz application system project report..pdfQuiz application system project report..pdf
Quiz application system project report..pdf
 
Software Engineering - Modelling Concepts + Class Modelling + Building the An...
Software Engineering - Modelling Concepts + Class Modelling + Building the An...Software Engineering - Modelling Concepts + Class Modelling + Building the An...
Software Engineering - Modelling Concepts + Class Modelling + Building the An...
 
Interfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdfInterfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdf
 
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
 

Digital forensics ahmed emam

  • 1. Digital Forensics Presented by: Ahmed Emam Presented to: Dr. Ashraf Tammam
  • 2. Outline • Introduction • Categories • History • Review • Types of computer crimes and investigations. • Anti-forensics • Future Challenges • Real life cases • Conclusion • References
  • 3. Introduction • Your computer will betray you. • Change is inevitable. • digital forensics is still in its infancy.
  • 4. Introduction – cntd’ According to a study by University of California – Berkeley in 2001. It was found that 93% of all new information at that time was created entirely in digital format.
  • 5. What? • Forensics is the application of science to solve a legal problem. • Digital Forensics is the preservation, identification, extraction, interpretation and documentation of computer evidence which can be used in the court of law. • In Forensic Magazine, Ken Zatyko defined digital forensics this way: “The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.”
  • 7. History • The field started to emerge in the 1980’s. • Since the late 1970s the amount of crime involving computers has been growing very quickly, creating a need for constantly developing forensic tools and practices. • The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. • In the 1980’s, the federal laws began to incorporate computer offences and Canada was the first country to pass legislation in 1983. • Starting 2000, in response to the need for standardization, various bodies and agencies have published guidelines for digital forensics. • Many of the early members were computer hobbyists and became responsible for the field's initial research and direction. • One of the first practical (or at least publicized) examples of digital forensics was Cliff Stoll's pursuit of hacker Markus Hess in 1986.
  • 8. Review – Why and Who? • Why? - Due to the growth in computer crime law enforcement agencies began establishing specialized groups to handle the technical aspects of investigations. • Who? - Criminal Prosecutors & law enforcement agencies, Insurance Companies, Private Corporations.
  • 10. Types of Computer Crimes and Investigations • Types of Computer Crimes:  Computer based crimes.  Computer facilitated crimes. • Types of Investigations:  Criminal forensics.  Intelligence gathering.  civil litigation – Also known as Electronic discovery (eDiscovery).  Intrusion investigation.  administrative matters.
  • 11. Conditions of Reliability • The “conditions of reliability” are generally the same for most jurisdictions and it was stated that electronic copies of data are admissible provided that:  They were from the indicated source.  They were acquired using proven tools and techniques.  They have not been altered since the time of acquisition.
  • 12. Challenges – Digital Forensics • Digital evidence accepted into court. • Costs. • Presents the potential for exposing privileged documents. • Legal practitioners must have extensive computer knowledge.
  • 13. Locard’s Exchange Principle • “Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the blood or semen he deposits or collects. All of these and more, bear mute witness against him. This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it, study and understand it, can diminish its value.” • It can be interpreted as follows: In the physical world, when perpetrators enter or leave a crime scene, they will leave something behind and take something with them. Examples include DNA, latent prints, hair, and fibers
  • 14. Locard’s Analogy for Digital Forensics • Registry keys and log files can serve as the digital equivalent to hair and fiber. • Like DNA, our ability to detect and analyze these artifacts relies heavily on the technology available at the time. • Viewing a device or incident through the “lens” of Locard’s principle can be very helpful in locating and interpreting not only physical but digital evidence as well.
  • 15. The field of Anti-forensics • To counter the relatively new forensic advances, anti- forensic tools and techniques are cropping up in significant numbers. • They are being used by criminals, terrorists, and corporate executives. • Definition: “an approach to manipulate, erase, or obfuscate digital data or to make its examination difficult, time consuming, or virtually impossible”
  • 16. Several Techniques for Anti-forensics • Hiding Data:  Changing file names and extensions.  Burying files deep within seemingly unrelated directories.  Hiding files within files.  Encryption.  Steganography. • Destroying Data:  Drive wiping  “Darik’s Boot and Nuke”  “DiskWipe”  “CBL Data Shredder”  “Webroot Window Washer”  “Evidence Eliminator”
  • 17. Concerns about Data wiping • From an evidentiary or investigative perspective, the presence or use of these applications can serve as the next best thing to the original evidence. • As Seen, some tales are left in the registry
  • 18. More concerns • When looking at the drive at the bit level, a distinct repeating pattern of data may be seen. This is completely different from what would normally be found on a hard drive in everyday use.
  • 19. More concerns • Some operating systems, Apple OSX Lion for example, ship with a drive wiping utility installed. Called Secure Erase, this utility offers multiple options for data destruction.
  • 20. Future Challenges and POR • Standards and Controls: Standards and controls are a fundamental part of scientific analysis, including forensic science. Its relevance to digital forensics is a matter of dispute. Standard Control A prepared sample that has known properties that is used as a control during forensic analyses. A test performed in parallel with experimental samples that is designed to demonstrate that a procedure is working correctly and the results are valid.
  • 21. Future Challenges and POR • Standards and Control – cntd’:  Two opinions exist. John Barbra Scientific Working Group on Digital Evidence “In the end, closely following these established scientific practices ensures that any results gained are accurate, reliable, and repeatable. He further argued that without the use of standards and controls, it would be “extremely difficult or impossible to scientifically assess the validity of the results obtained from the analysis of the physical evidence” “Their position is that standards are being used in digital forensics, but controls are “not applicable in the computer forensics sub-discipline”  SWGDE’s position centers on false positives.  Tools and processes may miss evidence, but they will never find evidence that doesn’t exist.
  • 22. Future Challenges and POR • CLOUD FORENSICS  Technically: Deleted files on a magnetic drive remain on the disk until they are overwritten. In the cloud, when a file is deleted the mapping is removed immediately, usually within a matter of seconds. This means that there is no remote access to the deleted data.  Legally: Dealing with multiple jurisdictions can significantly frustrate efforts to get to the relevant data • SOLID STATE DRIVES (SSD) • SPEED OF CHANGE
  • 23. Case Scenarios – Case 1 Italian Case Law on Digital Evidence • Digital evidence could be altered and can contain countless pieces of information. The “Garlasco” case is a clear example of this.
  • 24. Case Scenarios – Case 2 BTK Killer • The case of Dennis Rader, better known as the BTK killer. • It was solved thirty years later with the help of digital forensics. • He murdered ten people in Kansas from 1974 to 1991. Rader managed to avoid capture for over thirty years until technology betrayed him. • A floppy disk was received from the BTK killer. • The disc contained a file named “Test A.rtf.” (The .rtf extension stands for “Rich Text File”). A forensic exam of the file struck gold. The file’s metadata (the data about the data) gave investigators the leads they had been waiting over thirty years for. Aside from the “Date Created” (Thursday, February 10, 2005 6:05:34 PM) and the “Date Modified” (Monday, February 14, 2005 2:47:44 PM) were the “Title” (Christ Lutheran Church) and “Last Saved By:” (Dennis).
  • 25. Conclusion • Digital Forensics field is an emerging field and it faces lots of challenges that are still POR. However, the intense research makes it viable to be taken into consideration in house of court.
  • 27. References • The Basics of Digital Forensics, by Johm Sammons • http://www.cert.org/digital-intelligence/history.cfm • http://www.cert.org/about/ • http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=59056 • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2013_004_001_40234.pdf • http://resources.sei.cmu.edu/asset_files/WhitePaper/2012_019_001_52449.pdf • http://resources.sei.cmu.edu/asset_files/CERTResearchReport/2009_013_001_51315.pdf • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2008_004_001_14948.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14429.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14432.pdf • http://www.cert.org/digital-intelligence/case-studies/tjx-heartland.cfm • http://www.cert.org/digital-intelligence/case-studies/iceman.cfm • http://www.us-cert.gov/sites/default/files/publications/infosheet_Cyber%20Exercises.pdf • http://en.wikipedia.org/wiki/Digital_forensics • http://www.techopedia.com/definition/27805/digital-forensics • http://www.forensicswiki.org/wiki/Main_Page • http://www.tees.ac.uk/undergraduate_courses/Crime_Scene_&_Forensic_Science/BSc_(Hons)_Computer_ and_Digital_Forensics.cfm • https://eforensicsmag.com • http://www.dfrws.org • http://en.wikibooks.org/wiki/Introduction_to_Digital_Forensics/Acquisition • http://researchrepository.murdoch.edu.au/14422/2/02Whole.pdf • http://prezi.com/4_azs1ecvq4y/crimes-solved-using-digital-forensics/ • Slide Share presentations.