Your SlideShare is downloading. ×
Computer forensics
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Computer forensics

1,302
views

Published on

Published in: Education, Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,302
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
182
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Computer Forensics
  • 2. Introduction• Topics to be covered–Defining Computer Forensics–Reasons for gathering evidence–Who uses Computer Forensics–Steps of Computer Forensics–Requirements–Anti-Forensics
  • 3. Definition• What is Computer Forensics??– Computer forensics involves the preservation,identification, extraction, documentation, andinterpretation of computer media for evidentiary and/orroot cause analysis.– Evidence might be required for a wide range ofcomputer crimes and misuses– Multiple methods of• Discovering data on computer system• Recovering deleted, encrypted, or damaged fileinformation• Monitoring live activity• Detecting violations of corporate policy– Information collected assists in arrests, prosecution,termination of employment, and preventing futureillegal activity
  • 4. Definition (cont)• What Constitutes Digital Evidence?– Any information being subject to human intervention ornot, that can be extracted from a computer.– Must be in human-readable format or capable of beinginterpreted by a person with expertise in the subject.• Computer Forensics Examples– Recovering thousands of deleted emails– Performing investigation post employmenttermination– Recovering evidence post formatting harddrive– Performing investigation after multipleusers had taken over the system
  • 5. Reasons For Evidence• Wide range of computer crimes and misuses– Non-Business Environment: evidence collected byFederal, State and local authorities for crimes relatingto:• Theft of trade secrets• Fraud• Industrial espionage(intelligence)• Position of pornography• Virus/Trojan distribution• Homicide(mur) investigations• Unauthorized use of personal information
  • 6. Reasons For Evidence (cont)• Computer related crime and violations include arange of activities including:– Business Environment:• Theft of or destruction of intellectual property• Unauthorized activity• Tracking internet browsing habits• Reconstructing Events• Inferring intentions• Selling company bandwidth• Wrongful dismissal claims• Sexual nuisance• Software Piracy
  • 7. Who Uses Computer Forensics?• Criminal Prosecutors– Rely on evidence obtained from a computer toprosecute suspects and use as evidence• Civil Litigations– Personal and business data discovered on a computercan be used in fraud, divorce, harassment, ordiscrimination cases• Insurance Companies– Evidence discovered on computer can beused to mollify costs (fraud, worker’scompensation, arson, etc)• Private Corporations– Obtained evidence from employee computers canbe used as evidence in harassment, fraud, andembezzlement cases
  • 8. Who Uses Computer Forensics? (cont)• Law Enforcement Officials– Rely on computer forensics to backup search warrantsand post-seizure handling• Individual/Private Citizens– Obtain the services of professional computer forensicspecialists to support claims of harassment, abuse, orwrongful termination from employment
  • 9. Steps Of Computer Forensics• According to many professionals, ComputerForensics is a four (4) step process– Acquisition• Physically or remotely obtaining possession of thecomputer, all network mappings from the system, andexternal physical storage devices– Identification• This step involves identifying what data could berecovered and electronically retrieving it by runningvarious Computer Forensic tools and softwaresuites– Evaluation• Evaluating the information/data recovered todetermine if and how it could be used again thesuspect for employment termination or prosecutionin court
  • 10. Steps Of Computer Forensics (cont)– Presentation• This step involves the presentation of evidencediscovered in a manner which is understood by lawyers,non-technically staff/management, and suitable asevidence as determined by United States and internallaws
  • 11. Computer Forensic Requirements• Hardware– Familiarity with all internal and externaldevices/components of a computer– Thorough understanding of hard drives and settings– Understanding motherboards and the various chipsetsused– Power connections– Memory• BIOS– Understanding how the BIOS works– Familiarity with the various settings and limitations ofthe BIOS
  • 12. Computer Forensic Requirements (cont)• Operation Systems– Windows 3.1/95/98/ME/NT/2000/2003/XP– DOS– UNIX– LINUX• Software– Familiarity with most popular software packagessuch as Office• Forensic Tools– Familiarity with computer forensic techniques and thesoftware packages that could be used
  • 13. Anti-Forensics• Software that limits and/or corrupts evidencethat could be collected by an investigator• Performs data hiding and distortion• Exploits limitations of known and used forensictools• Works both on Windows and LINUX basedsystems• In place prior to or post system acquisition
  • 14. Que ?

×