Cyber forensic 1


Published on

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cyber forensic 1

  2. 2. OVERVIEW  Application of the scientific method to digital media in order to establish factual information for judicial review.  The process of extracting information and data from computer storage media and guaranteeing its accuracy and reliability.  Collection of people - processes – tools - measures that support or refute certain allegations or suspicions of misuse which involve a computer system.
  3. 3. "PLAUSIBLE DENIABILITY" DEFENSE  "My machine had a backdoor installed. Someone else must have loaded those child pornography files on my system."  Cyber forensics may determine the accuracy of this statement.
  4. 4. CRIME & UNAUTHORIZED ACTIVITY  Crime  Breach of federal, state or other forms of established law.  Unauthorized Activity  Activities that are restricted by policies
  5. 5. ASPECTS OF ORGANIZATIONAL SECURITY — IT Security‘ • Application security • Computing security • Data security • Information security • Network security — Physical Security' • Facilities security • Human security — Financial Security • Security from frauds — Legal Security • National security • Public security
  6. 6. FORENSIC INVESTIGATION  Process of Computer Forensics 1. Preservation 2. Acquisition 3. Analysis 4. Discovery 5. Documentation 6. Presentation of Evidence
  7. 7. PRESERVATION  Making sure the evidence is un-tampered with and continues to be in the state in which it is found
  8. 8. ACQUISITION  The Process of acquiring or gaining the evidence
  9. 9. ANALYSIS  Going through and discovering what type of information and evidence that we have acquired
  10. 10. DISCOVERY  Breaking down the acquired evidence and isolating what is called relevant or interesting evidence.  Evidence that is relational to the investigations that you are going through.
  11. 11. DOCUMENTATION  Mostly for litigation purposes.  Documentation serve to prove that we followed due diligence when performing the investigations from beginning to the end.  Litigation: A controversy before a court or a "lawsuit”.
  12. 12. PRESENTATION OF EVIDENCE  Mostly for litigation purposes  Convert everything that we have learned into understandable terms when conveyed to an interesting party (corporation or court of law)
  13. 13. EVOLUTION OF COMPUTER FORENSICS Francis Galton (1822-1911) •Made the first recorded study of fingerprints Leone Lattes (1887-1954) •Discovered blood groupings (A,BAB, & o) Calvin Goddard (1891-1955) •Allowed Firearms and bullet comparison for solving many pending court cases Albert Osborn (1858-1946) •Developed essential features of document examination Hans Gross (1847-1915) •Made use of scientific study to head criminal investigations FBI (1932) •A lab was set up to provide forensic sendees to all field agents and other law authorities across the country
  14. 14. EVOLUTION OF COMPUTER FORENSICS CART (1984) •Computer Analysis and Response Team (CART) was developed to provide support to FBI field offices in the search of computer evidence 1993 •First International Conference on computer evidence held IOCE(i995) •International Organization on Computer Evidence (IOCE) formed 1998 •International Forensic Science Symposium formed to provide forum for forensic manager 2000 •First FBI Regional Computer Forensic Laboratory established
  18. 18. CYBER CRIME  Cyber crime means any criminal activity in which a computer or network is the source, tool or target or place of crime.  The Cambridge English Dictionary defines cyber crimes as crimes committed with the use of computers or relating to computers, especially through internet.  Crimes involving use of information or usage of electronic means in furtherance of crime are covered under the scope of cyber crime.  Cyber Crimes may be committed against persons, property and government
  19. 19. COMPUTER FACILITATED CRIMES  Dependency on the computer has given way to new crimes  Computers are used as a tool for committing crimes  Computer crimes pose new challenges for investigators due to their  Speed  Anonymity  Fleeting nature of evidence
  20. 20. MODES OF ATTACK 1. Hacking - A hacker is an unauthorized user who attempts to or gains access to an information system. Hacking is a crime even if there is no visible damage to the system, since it is an invasion in to the privacy of data. There are different classes of Hackers. a) White Hat Hackers - They believe that information sharing is good, and that it is their duty to share their expertise by facilitating access to information. However there are some white hat hackers who are just "joy riding" on computer systems. b) Black Hat Hackers - They cause damage after intrusion. They may steal or modify data or insert viruses or worms which damage the system. They are also called 'crackers'.
  21. 21. MODES OF ATTACK c) Grey Hat Hackers - Typically ethical but occasionally violates hacker ethics Hackers will hack into networks, stand-alone computers and software. Network hackers try to gain unauthorized access to private computer networks just for challenge, curiosity, and distribution of information. Crackers perform unauthorized intrusion with damage like stealing or changing of information or inserting malware (viruses or worms)
  22. 22. MODES OF ATTACK 2. Cyber Stalking - This crime involves use of internet to harass someone. The behavior includes false accusations, threats etc. Normally, majority of cyber stalkers are men and the majority of victims are women. 3. Spamming - Spamming is sending of unsolicited bulk and commercial messages over the internet. Although irritating to most email users, it is not illegal unless it causes damage such as overloading network and disrupting service to subscribers or creates .negative impact on consumer attitudes towards Internet Service Provider.
  23. 23. MODES OF ATTACK 4. Cyber Pornography - Women and children are victims of sexual exploitation through internet. Pedophiles use the internet to send photos of illegal child pornography to targeted children so as to attract children to such funs. Later they are sexually exploited for gains. 5. Phishing - It is a criminally fraudulent process of acquiring sensitive information such as username, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.
  24. 24. MODES OF ATTACK 6. Software Piracy - It is an illegal reproduction and distribution of software for business or personal use. This is considered to be a type of infringement of copy right and a violation of a license agreement. Since the unauthorized user is not a party to the license agreement it is difficult to find out remedies. 7. Corporate Espionage - It means theft of trade secrets through illegal means such as wire taps or illegal intrusions.
  25. 25. MODES OF ATTACK 9. Embezzlement - Unlawful misappropriation of money, property or any other thing of value that has been entrusted to the offender's care, custody or control is called embezzlement. Internet facilities are misused to commit this crime. 10. Password Sniffers - Password sniffers are programmes that monitor and record the name and password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer can impersonate an authorized user and log in to access on restricted documents.
  26. 26. MODES OF ATTACK 12. Credit Card Fraud - In U.S.A. half a billion dollars have been lost annually by consumers who have credit cards and calling card numbers. These are stolen from on-line databases. 13. Web Jacking - The term refers to forceful taking of control of a web site by cracking the password. 14. Cyber terrorism - The use of computer resources to intimidate or coerce government, the civilian population or any segment thereof in furtherance of political or social objectives is called cyber terrorism. Individuals and groups quite often try to exploit anonymous character of the internet to threaten governments and terrorize the citizens of the country.
  27. 27. CYBER LAW  Cyber law refers to all the legal and regulatory aspects of internet and the World Wide Web.  Cyber space is governed by a system of law and regulations called cyber law.  Cyber law is needed because of the following reasons (a) Today millions of people are using the internet all over the world.  Because of global communications, internet is misused for criminal activities which require regulation.  Today many disturbing and unethical things are happening in the cyber space which are known as cyber crimes.  People with intelligence and having bad intensions are misusing the aspect of internet.
  28. 28. EXAMPLE OF CYBER CRIME  Fraud achieved by the manipulation of the computer records  Spamming wherever outlawed completely or where regulations controlling it are violated  Deliberate circumvention of the computer security systems  Unauthorized access to or modification of computer programs (see software cracking and hacking) or data.  Intellectual property theft, including software piracy  Industrial espionage by means of access to or theft of computer materials
  29. 29. TYPES OF COMPUTER CRIMES  Identity Theft  Hacking  Computer Viruses  Cyber stalking  Drug Trafficking  Phishing/Spoofing  Wrongful Programming  Credit Card Fraud  On-Line Auction Fraud  Email bombing and SPAM  Theft of Intellectual Property'
  30. 30. TYPES OF COMPUTER CRIMES  Denial of Service attack  Debt Elimination  Web Jacking  Internet Extortion  Investment Fraud  Escrow Services Fraud  Cyber defamation  Software piracy  Counterfeit Cashier's Check  Escrow Services Fraud  Embezzlement
  31. 31. KEY STEPS IN FORENSIC INVESTIGATION  Computer crime is suspected  Collect preliminary evidence  Obtain court warrant for seizure (if required)  Perform first responder procedures  Seize evidence at the crime scene  Transport them to the forensic laboratory  Create 2 bit stream copies of the evidence