Your SlideShare is downloading. ×
Computer Forensic
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Computer Forensic

1,806
views

Published on

Public college at unibro

Public college at unibro

Published in: Technology, Education

1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
1,806
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
260
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Technology Open Source LaboratoryPortable Computer Forensic Novizul Evendi C.E.O TLab
  • 2. Theory
  • 3. Computer forensic ● Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis. ● Multiple methods of – Discovering data on computer system – Recovering deleted, encrypted, or damaged file information – Monitoring live activity – Detecting violations of corporate policy ● Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity
  • 4. Example Computer forensic ● Recovering thousands of deleted emails ● Performing investigation post employment termination ● Recovering evidence post formatting hard drive ● Performing investigation after multiple users had taken over the system
  • 5. Who Uses Computer forensic ● Criminal Prosecutors ● Rely on evidence obtained from a computer to prosecute suspects and use as evidence ● Civil Litigations ● Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases ● Insurance Companies ● Evidence discovered on computer can be used to mollify costs (fraud, worker’s compensation, arson, etc) ● Private Corporations ● Obtained evidence from employee computers can be used as evidence in harassment, fraud, and embezzlement cases
  • 6. Who Uses Computer forensic ● Law Enforcement Officials ● Rely on computer forensics to backup search warrants and post-seizure handling ● Individual/Private Citizens ● Obtain the services of professional computer forensic specialists to support claims of harassment, abuse, or wrongful termination from employment
  • 7. Step Of Computer Forensic ● Acquisition : Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices ● Identification : This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites ● Evaluation : Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court ● Presentation : This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence as determined by United States and internal laws
  • 8. Processing Guidelines ● Shut down the computer ● Document the Hardware Configuration of The System ● Transport the Computer System to A Secure Location ● Make Bit Stream Backups of Hard Disks and Floppy Disks ● Mathematically Authenticate Data on All Storage Devices ● Document the System Date and Time ● Make a List of Key Search Words ● Evaluate the Windows Swap File
  • 9. Processing Guidelines (Cont) ● Evaluate File Slack ● Evaluate Unallocated Space (Erased Files) ● Search Files, File Slack and Unallocated Space for Key Words ● Document File Names, Dates and Times ● Identify File, Program and Storage Anomalies ● Evaluate Program Functionality ● Document Your Findings ● Retain Copies of Software Used
  • 10. Anti Computer Forensic ● Software that limits and/or corrupts evidence that could be collected by an investigator ● Performs data hiding and distortion ● Exploits limitations of known and used forensic tools ● Works both on Windows and LINUX based systems ● In place prior to or post system acquisition
  • 11. War Tools
  • 12. Portable Computer Forensic
  • 13. Portable Computer Forensic
  • 14. Portable Computer Forensic
  • 15. Portable Computer Forensic
  • 16. Portable Computer Forensic
  • 17. Portable Computer Forensic
  • 18. Portable Computer Forensic
  • 19. Technology Open Source LaboratoryWeb : www.tlab.co.idMail : karuwak@tlab.co.id Penutup /TLabUpdate @TLabUpdate Demo