Your SlideShare is downloading. ×
Computer  forensics
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Computer forensics

2,163
views

Published on

When U delete a file it is not really deleted

When U delete a file it is not really deleted

Published in: Technology

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,163
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
250
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 03/22/12 Computer Forensics-Sara Faust
  • 03/22/12 Computer Forensics-Sara Faust
  • Transcript

    • 1. ComputerForensics LALIT GARG 3610109 CSE-2NDYEAR
    • 2. IndexWhat is Computer ForensicsObjective of Computer ForensicsWhy Computer ForensicsHistory of Computer ForensicsHow it approachesSteps of InvestigationWhat not to do during InvestigationComputer Forensics Techniques
    • 3. IndexAnti-ForensicsComputer Forensics ToolsAdvantages of Computer ForensicsDisadvantages of Computer ForensicsConclusions
    • 4. What is Computer ForensicsComputer forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded
    • 5. Objective of ComputerForensicsUsually to provide digital evidence of aspecific or general activity
    • 6. Why Computer Forensics?- Employee internet abuse- Unauthorized disclosure of corporate information anddata- Industrial espionage- Damage assessment- Criminal fraud and deception cases- More general criminal cases- and countless others!
    • 7. History of Computer Forensics Bankruptcy in Enron in December 2001 Hundreds of employees were left jobless while some executives seemed to benefit from the companys collapse. The United States Congress decided to investigate and A specialized detective force began to search through hundreds of Enron employee computers using computer forensics.
    • 8. How it approaches?-Secure the subject system (from tampering during theoperation)-Take a copy of hard drive (if applicable)-Identify and recovery all files (including those deleted)- Access/copy hidden, protected and temporary files-Study special areas on the drive (eg: residue frompreviously deleted files)- Investigate data/settings from installedapplications/programs
    • 9. How it approaches….cont-Assess the system as a whole, including its structure- Consider general factors relating to the users activity- Create detailed report. Throughout the investigation, itis important to stress that a full audit log of youractivities should be maintained.
    • 10. Steps of Investigation Secure the computer system to ensure that the equipment and data are safe Find every file on the computer system Recover as much deleted information as possible using applications Reveal the contents of all hidden files with programs designed to detect the presence of hidden data Decrypt and access protected files
    • 11. Cont… Analyze special areas of the computers disks Document every step of the procedure Be prepared to testify in court as an expert witness in computer forensics
    • 12. What should not be doneduring investigation?-Avoid changing date/time stamps (of files for example)or changing data itself-Overwriting of unallocated space (which can happen onre-boot for example). Study dont change is a usefulcatch-phrase.
    • 13. Computer Forensics Technique Cross-Drive Analysis(CDA) Live Analysis Deleted File Analysis
    • 14. Anti-Forensics : The Nightmare Programmers design anti-forensic tools to make it hard or impossible to retrieve information during an investigation Dozens of ways people can hide information
    • 15. Anti-Forensics…..contd. Some programs can fool computers by changing the information in files headers Programs can divide files up into small sections and hide each section at the end of other files Programs called packers can insert executable files into other kinds of files Encryption is another way to hide data Changing the metadata attached to files Some computer applications will erase data if an unauthorized user tries to access the system
    • 16. Computer Forensics Tools Disk imaging software Software or hardware write tools Hashing tools File recovery programs Programs to preserve information in RAM Encryption decoding software Password cracking software
    • 17. Advantages of Computer Forensics Ability to search through a massive amount of data  Quickly  Thoroughly  In any language
    • 18. Disadvantages ofComputer Forensics Digital evidence accepted into court  must prove that there is no tampering  all evidence must be fully accounted for  computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures
    • 19. Disadvantages of Computer Forensics Costs  producing electronic records & preserving them is extremely costly Presents the potential for exposing privileged documents Legal practitioners must have extensive computer knowledge
    • 20. ConclusionWith computers becoming more and moreinvolved in our everyday lives, bothprofessionally and socially, there is a need forcomputer forensics. This field will enable crucialelectronic evidence to be found, whether it waslost, deleted, damaged, or hidden, and used toprosecute individuals that believe they havesuccessfully beaten the system.
    • 21. Thank YouIt’s nice to be important but it is more important to be nice
    • 22. Any Query???