Computer forensics


Published on

When U delete a file it is not really deleted

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • 03/22/12 Computer Forensics-Sara Faust
  • 03/22/12 Computer Forensics-Sara Faust
  • Computer forensics

    1. 1. ComputerForensics LALIT GARG 3610109 CSE-2NDYEAR
    2. 2. IndexWhat is Computer ForensicsObjective of Computer ForensicsWhy Computer ForensicsHistory of Computer ForensicsHow it approachesSteps of InvestigationWhat not to do during InvestigationComputer Forensics Techniques
    3. 3. IndexAnti-ForensicsComputer Forensics ToolsAdvantages of Computer ForensicsDisadvantages of Computer ForensicsConclusions
    4. 4. What is Computer ForensicsComputer forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded
    5. 5. Objective of ComputerForensicsUsually to provide digital evidence of aspecific or general activity
    6. 6. Why Computer Forensics?- Employee internet abuse- Unauthorized disclosure of corporate information anddata- Industrial espionage- Damage assessment- Criminal fraud and deception cases- More general criminal cases- and countless others!
    7. 7. History of Computer Forensics Bankruptcy in Enron in December 2001 Hundreds of employees were left jobless while some executives seemed to benefit from the companys collapse. The United States Congress decided to investigate and A specialized detective force began to search through hundreds of Enron employee computers using computer forensics.
    8. 8. How it approaches?-Secure the subject system (from tampering during theoperation)-Take a copy of hard drive (if applicable)-Identify and recovery all files (including those deleted)- Access/copy hidden, protected and temporary files-Study special areas on the drive (eg: residue frompreviously deleted files)- Investigate data/settings from installedapplications/programs
    9. 9. How it approaches….cont-Assess the system as a whole, including its structure- Consider general factors relating to the users activity- Create detailed report. Throughout the investigation, itis important to stress that a full audit log of youractivities should be maintained.
    10. 10. Steps of Investigation Secure the computer system to ensure that the equipment and data are safe Find every file on the computer system Recover as much deleted information as possible using applications Reveal the contents of all hidden files with programs designed to detect the presence of hidden data Decrypt and access protected files
    11. 11. Cont… Analyze special areas of the computers disks Document every step of the procedure Be prepared to testify in court as an expert witness in computer forensics
    12. 12. What should not be doneduring investigation?-Avoid changing date/time stamps (of files for example)or changing data itself-Overwriting of unallocated space (which can happen onre-boot for example). Study dont change is a usefulcatch-phrase.
    13. 13. Computer Forensics Technique Cross-Drive Analysis(CDA) Live Analysis Deleted File Analysis
    14. 14. Anti-Forensics : The Nightmare Programmers design anti-forensic tools to make it hard or impossible to retrieve information during an investigation Dozens of ways people can hide information
    15. 15. Anti-Forensics…..contd. Some programs can fool computers by changing the information in files headers Programs can divide files up into small sections and hide each section at the end of other files Programs called packers can insert executable files into other kinds of files Encryption is another way to hide data Changing the metadata attached to files Some computer applications will erase data if an unauthorized user tries to access the system
    16. 16. Computer Forensics Tools Disk imaging software Software or hardware write tools Hashing tools File recovery programs Programs to preserve information in RAM Encryption decoding software Password cracking software
    17. 17. Advantages of Computer Forensics Ability to search through a massive amount of data  Quickly  Thoroughly  In any language
    18. 18. Disadvantages ofComputer Forensics Digital evidence accepted into court  must prove that there is no tampering  all evidence must be fully accounted for  computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures
    19. 19. Disadvantages of Computer Forensics Costs  producing electronic records & preserving them is extremely costly Presents the potential for exposing privileged documents Legal practitioners must have extensive computer knowledge
    20. 20. ConclusionWith computers becoming more and moreinvolved in our everyday lives, bothprofessionally and socially, there is a need forcomputer forensics. This field will enable crucialelectronic evidence to be found, whether it waslost, deleted, damaged, or hidden, and used toprosecute individuals that believe they havesuccessfully beaten the system.
    21. 21. Thank YouIt’s nice to be important but it is more important to be nice
    22. 22. Any Query???