• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Computer forensic 101 - OWASP Khartoum

Computer forensic 101 - OWASP Khartoum



An Introduction to Computer Forensics Field ... Some Information's about the Field .. Some Demos ... How to be a Forensic expert ... Forensics Steps .... Dark Side of Forensics .... and lot more great ...

An Introduction to Computer Forensics Field ... Some Information's about the Field .. Some Demos ... How to be a Forensic expert ... Forensics Steps .... Dark Side of Forensics .... and lot more great Information's .....



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Computer forensic 101 - OWASP Khartoum Computer forensic 101 - OWASP Khartoum Presentation Transcript

    • Ahmed Abbas Ahmed.abbas1992@hotmail.com Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.owasp.org/index.php/Khartoum
    • Computer Forensic 101The Art Of Hunting Tigers . 2
    • 3
    • BioO Network Student At SUST-CSIT.O I am a Programmer For More Than 4 Years.O I Spend All My Time Reading Or developing Programs. 4
    • 5
    • What is Forensic ?O Computer Forensic is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media 6
    • Goal of Computer Forensics O The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recoveri ng, analyzing and presenting facts and opinions about the information. 7
    • 8
    • Simply It means …O Computer forensic experts will have to handle computer device or media storage devices , keep them save , analyze those devices and try to get any information that can helps in the case he is working on. 9
    • But … One Thing …O One SO important thing .. No personal feeling or opinions . You can not hide information to protect some one because you will get … will you know what I mean . 10
    • Keep This In Mind …O Every hacking attempt has a weak point that can lead the hacker to jail. 11
    • Forensic in News.. 12
    • 13
    • 14
    • 15
    • Critical Incident Response Team CIRT 16
    • What is CIRTO A CIRT is a carefully selected and well-trained group of people whose purpose is to promptly and correctly handle an incident so that it can be quickly contained, investigated , and recovered from. 17
    • Who is CIRT members ?O Itis usually comprised of members from within the company. They must be people that can drop what they’re doing (or re -delegate their duties) and have the authority to make decisions and take actions. 18
    • CIRT MembersO Management.O Information Security.O IT .O IT Auditor.O Security.O Human Resource.O Public Relations. 19
    • Role Of The InvestigatorO Impartiality : not our job to make decisions about cases .. We just offer the facts of the case. 20
    • Role Of The InvestigatorO Must ensure all evidences are probably acquired , handled , documented. 21
    • Role Of The InvestigatorODo the investigation and analysis of all evidences . 22
    • Role Of The InvestigatorOReport all findings and maybe testify in court of law. 23
    • As a forensic expert you may go to Court 24
    • Skills Needed. 25
    • Technical SkillsO Basic computer maintenance and networking skills.O Know laws and criminal procedures.O Know network security in a good way.O Know investigation techniques.O Know multiple OS’s.O Know forensic tool very good. 26
    • Presentation skillsO Ability to write reports in clear manner and acceptable format.O Ability to translate high technical words to simple non technical words.O Ability to speak well in public forum. 27
    • Good Speaker ? You Will Do A great Job At Court… 28
    • Why Do Companies Has Different Way To Do Forensic 29
    • Perfect policy !!! 30
    • How To be A Forensic Expert ? 31
    • How To be A Forensic Expert ? 32
    • How To be A Forensic Expert ? O You need to learn computers maintenance , computer security , network security. O You need strong self confidence . 33
    • How To be A Forensic Expert ? You can take some certificates :- O Forensics Certs: Certified Computer Examiner (CCE) O IT Certs: Certified Hacking Forensic Investigator (CHFI) O IT Certs: Certified Forensic Computer Examiner (CFCE) 34
    • O IT Certs: GIAC Certified Forensic Analyst and Forensics ExaminerO Forensics Certs: Professional Certified Investigator (PCI)O EnCase Certified ExaminerO AccessData Certified Examiner. 35
    • Sites To Learn From ..O ForensicFocus The Place For You ..O computer-forensics.sans.org Who don’t know Sans ….O Google Our best friend …O DefCon The top conference for hackers .. And forensic men too. 36
    • 37
    • How To Build Your Forensic Lab ? 38
    • Commercial Tools (High Cost)O Encase.O AccessData Date Forensic Tool Kit FTKO DriveSpy.O Parben. 39
    • Free Tools ^_^O Linux DD.O AutopsyO The Sleuth KitO Helix.O Forensic incident response environment.O Knoppix. 40
    • Linux Distribution for Forensics 41
    • Linux Distribution for ForensicsO CAINE (Computer Aided investigation Enivrement).O DEFT .O Helix 3. 42
    • Forensics Steps 43
    • Forensic StepsO Obtain authorization to search and seize. 44
    • Forensics StepsO Secure the area, which may be a crime scene. 45
    • Forensics StepsO Document the chain of custody of every item that was seized. 46
    • Forensics StepsO Bag, tag, and safely transport the equipment and e- evidence. 47
    • Forensics StepsAcquire the e-evidence from theequipment by using forensicallysound methods and tools to createa forensic image of the e-evidence. 48
    • Forensics StepsO Keep the original material in a safe, secured location. 49
    • Forensics StepsO Design your review strategy of the e-evidence, including lists of keywords and search terms. 50
    • Forensics StepsO Examine and analyze forensic images of the e-evidence (never the original!) according to your strategy. 51
    • Forensics StepsO Interpret and draw inferences based on facts gathered from the e- evidence. Check your work. 52
    • Forensics StepsO Describe your analysis and findings in an easy-to-understand and clearly written report. 53
    • Forensics StepsO Give testimony under oath in a deposition or courtroom. 54
    • Disk imagingO The operation to make an exact copy of a computers hard drive. 55
    • Disk ImagingO The copy includes all the partition information, boot sectors, the file allocation table, operating system installation and application software. 56
    • Disk ImagingO Disk images are used to copy a hard drives contents during a investigation, to restore a hard drives contents during disaster recovery or when a hard drive is erased. 57
    • Disk imaging ToolsO DD : a Linux tool.O FTK imager : windows Based Tool. 58
    • Log File AnalysisO Very important Part of the investigation , it can reveal attempts to hack some devices , accessing unauthorized data , etc. 59
    • Log File AnalysisWe can Analyze a lot of log fileslike :-- Windows event log- Security events log- Application events log- Firewall events log. 60
    • Forensic Experts!! 61
    • The Dark Side!!! 62
    • The Dark Side!!!O Doing computer forensics for any amount of time in your life changes you. It damages you. It makes you unfit to be around others in decent company, because you have to mentally screen absolutely everything you say in fear of drawing looks of horror or disgust from the good people around you. 63
    • The Dark SideO For forty hours a week, a computer forensic examiner is exposed to the worst that the world has to offer — child pornography, beheadings, torture, r ape — all in high resolution photo or video formats. 64
    • The Dark SideO In fact, people in the business have found that for general criminal computer forensic examiners there is a two-year time limit before your soul dies. 65
    • The Dark SideO Around that time, every examiner either has built-up enough of a callus that he/she can continue forever, or that examiner pushes the chair away from the desk, stands up, and says, “I can’t do this anymore.” 66
    • The Dark SideO Being exposed to this kind of daily horror changes you. I’m not asking for sympathy; I think paramedics or police officers have it worse. 67
    • OWASP Forensic Guide..O OWASP is working on A massive document covering all aspects of forensic work .O Not Yet Out …O Coming Soon …. 68
    • After All .. Why To be a Forensic…?O Three of the top coolest security jobs are related to forensics. 69
    • After All .. Why To be a Forensic…?O It pays well … thousands of dollars if you leveled up to expert stage of the sience . 70
    • After All .. Why To be a Forensic…?O Most important .. No Social Life …O Of course I am Joking ….. 71
    • Questions ???!! 72
    • I hope this was entertaining . 73