Latihan2 comp-forensic

503 views
356 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
503
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Latihan2 comp-forensic

  1. 1. Computer Forensics In Today's World Presented by Sabto Prabowo
  2. 2. Evolution of Computer Forensic • 1888: Francis Galton made the first-ever recorded study of fingerprints to catch potential criminals in crimes such as murders. • 1893: Hans Gross was the first person to apply science to a criminal investigation. • 1910: Albert Osborn became the first person to develop the essential features of documenting evidence during the examination process.
  3. 3. • 1915: Leone Lattes was the first person to use blood groupings to connect criminals to a crime. • 1925: Calvin Goddard became the first person to make use of firearms and bullet comparisons for solving many pending court cases. • 1932: The Federal Bureau of Investigation (FBI) set up a laboratory to provide forensic services to all field agents and other law authorities. Evolution of Computer Forensic
  4. 4. • 1984: The Computer Analysis and Response Team (CART) was developed to provide support to FBI field offices searching for computer evidence. • 1993: The first international conference on computer evidence was held in the United States. • 1995: IOCE was formed to provide a forum to global law enforcement agencies for exchanging information regarding cyber crime investigations Evolution of Computer Forensic
  5. 5. Evolution of Computer Forensic • 1998: The International Forensic Science Symposium was formed to provide a forum for forensic managers and to exchange information. • 2000: The first FBI Regional Computer Forensic Laboratory (RCFL) was established for the examination of digital evidence in support of criminal investigations such as identity theft, hacking, computer viruses, terrorism, investment fraud, cyber stalking, drug trafficking, phishing/spoofing, wrongful programming, credit card fraud, online auction fraud, e-mail bombing and spam, and property crime.
  6. 6. “application of physical sciences to law in the search for truth in civil, criminal, and social behavioral matters to the end that injustice shall not be done to any member of the society.” Define of Forensic Science Based on Handbook of Forensic Pathology Book,
  7. 7. Detect a computer incident, identify the intruder, and prosecute the perpetrator in a court of law The Function of Computer Forensics
  8. 8. Computer Forensic Methodologies Preservation: The forensic investigator must preserve the integrity of the original evidence. The original evidence should not be modified or damaged. The forensic examiner must make an image or a copy of the original evidence and then perform the analysis on that image or copy. The examiner must also compare the copy with the original evidence to identify any modifications or damage.
  9. 9. Computer Forensic Methodologies Extraction: After identifying the evidence, the examiner must extract data from it. Since volatile data can be lost at any point, the forensic investigator must extract this data from the copy made from the original evidence. This extracted data must be compared with the original evidence and analyzed.
  10. 10. Computer Forensic Methodologies Identification: Before starting the investigation, the forensic examiner must identify the evidence and its location. For example, evidence may be contained in hard disks, removable media, or log files. Every forensic examiner must understand the difference between actual evidence and evidence containers. Locating and identifying information and data is a challenge for the digital forensic investigator. Various examination processes such as keyword searches, log file analyses, and system checks help an investigation.
  11. 11. Computer Forensic Methodologies Interpretation: The most important role a forensic examiner plays during investigations is to interpret what he or she has actually found. The analysis and inspection of the evidence must be interpreted in a lucid manner.
  12. 12. Computer Forensic Methodologies Documentation: From the beginning of the investigation until the end (when the evidence is presented before a court of law), forensic examiners must maintain documentation relating to the evidence. The documentation comprises the chain of custody form and documents relating to the evidence analysis.
  13. 13. Forensic readiness involves an organization having specific incident response procedures in place, with designated trained personnel assigned to handle any investigation. It enables an organization to collect and preserve digital evidence in a quick and efficient manner with minimal investigation costs. Forensic Readiness
  14. 14. Forensic Readiness Planning 1. Define the business scenarios that might require the collection of digital evidence. 2. Identify the potential available evidence. 3. Determine the evidence collection requirement. 4. Designate procedures for securely collecting evidence that meets the defined requirement in a forensically acceptable manner. 5. Establish a policy for securely handling and storing the collected evidence. 6. Ensure that the monitoring process is designed to detect and prevent unexpected or adverse incidents. 7. Ensure investigative staff members are properly trained and capable of completing any task related to evidence collection and preservation. 8. Create step-by-step documentation of all activities performed and their impact. 9. Ensure authorized review to facilitate action in response to the incident.
  15. 15. “any illegal act that involves a computer, its systems, or its applications.” Define of Cyber Crime
  16. 16. Modes of Attack Insider attack occurs when there is a breach of trust from employees within the organization. Insiders are likely to have specific goals and objectives, and have legitimate access to the system. Insider Attack These types of attacks originate from outside of an organization. The attacker is either hired by an insider or an external entity to destroy a competitor’s reputation. Outsider Attack
  17. 17. Types of Attack Identity theft According to the U.S. Department of Justice (USDOJ), identity theft refers to all types of crime in which someone wrongfully obtains and uses another person’s personal data in a way that involves fraud or deception, typically for economic gain. Common forms of identity theft are shoulder surfing, dumpster diving, spamming, spoofing, phishing, and skimming. The criminal steals a person’s identity by stealing e-mail, information from computer databases, or eavesdropping on transactions over the Internet.
  18. 18. Types of Attack Hacking Hacking is a practice used to obtain illegal access to computer systems owned by private corporations or government agencies in order to modify computer hardware and software. People who are involved in hacking are often referred to as hackers.
  19. 19. Types of Attack Computer Viruses And Worms Viruses and worms are software programs with malicious code. These programs are designed to spread from one computer to another. Viruses can affect machines and seek to affect other vulnerable systems through applications such as an e-mail client. Worms seek to replicate themselves over the network, thereby exhausting resources and creating malfunctions. Trojan horses and backdoors are programs that allow an intruder to retain access to a compromised machine.
  20. 20. Child pornography Child pornography refers to the sexual exploitation or abuse of a child. It can be defined as any means of depicting or promoting the sexual exploitation of a child including written, audio, or video material which focuses on the child’s sexual behavior or genitals. The Internet provides a means for child pornographers to both find children to exploit and to share pornographic material with others. Types of Attack

×