Computer Forensics


Published on

abstract on the topic of computer forensics, consists of rare and useful data.

Use for paper presentations

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Computer Forensics

  1. 1. COMPUTER FORENSICS Abstract: The topic “Computer Forensics” deals with performing a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it. With the increase in the use of computer and internet, there evolved an increasing cybercrime such as stalking, hacking, blackmailing etc. In such a situation computers, mail services, social networking sites can be major evidences to prove the crime and find out the persons involved in it. The tools used by the forensic experts are also a part of the discussion. I Introduction: Computer Forensics is a branch of forensic science that uses investigation and analysis techniques to find and determine legal evidences found in computer and digital storage mediums. It is the practice of lawfully establishing evidence and facts. The core goals of it are fairly straight forward: preservation, identification, extraction, documented and interpretation of computer data. Data should be retrieved and analyzed without it is damaged. The authenticity of the data is also ensured. There is a plethora hardware and software tools available to assist with the interpretation of forensic data.
  2. 2. II Definition: Computer Forensics is referred to as computer forensics analysis, electronic discovery and data discovery. Computer analysis and computer examination is the process of methodically examining computer media (Hard diskettes, disk tapes etc.) for evidence. III History: The field of computer forensics began in 1980s, after personal computers became a viable option for consumers. In 1984, an FBI program was created known for a time as magnet media program, it is now known as the computer analysis and response team (CART). Shortly thereafter, the man who is credited with being “the father of computer forensics” began work in this field. His name was Michael Anderson. 1995: International Organization on Computer Evidence (IOCE) was formed. 1997: The G8 countries declared that “Law enforcement personnel must be trained and equipped to address high- tech crimes” in the Moscow. 1998: INTERPOL Forensic Science Symposium. 1999: FBI CART case load exceeds 2000 cases examining, 17 terabytes of data. 2000: First FBI Regional Computer Forensic Laboratory established. 2003: FBI CART case load exceeds 6500 cases, examining 782 terabytes of data. IV Need for Computer Forensics: The purpose of it is mainly due to the wide variety of computer crimes that take place in recent times. The loss caused depends upon the sensitivity of the computer data or the information for which the crime has been committed. It is also efficient where in the data is stored in a single system for the backup. The main objective of computer forensics is to produce evidence in the court that lead to the punishment of the actual. The word forensic itself means bringing to court. V Types of crimes: A) Breech of computer security.
  3. 3. B) Fraud/theft. C) Copyright violation. D) Identity theft. E) Narcotics Investigation. F) Burglary. G) Suicide. H) Obscenity. VI How forensic experts work? A) Make an initial assessment about the type of case that is going to be investigated. B) Determine a preliminary design or approach to the case. C) Determine the reasons needed. D) Obtain a copy of the disk drive. E) Identify and minimize or avoid the risks. F) Investigate the data that is recovered. G) Complete the case report. VII Forensic tools: The forensic tools are software’s or hardware’s used for gathering the required data from the media storage devices of the computer that is believed to be used to commit any illegal activity or crime. Basic tools: Some of the basic and commonly used computer forensic tools are: A) Registry Recon: It extracts registry information from a piece of evidence (disk image etc.) whether that information was active, backed up or deleted and rebuilds all the registries represented by the extracted information. B) SANS Investigative Toolkit: It is pre-configured with all the necessary tools to perform a detailed forensic examination. The new version is rebuilt on an Ubuntu base with additional tools like replaying of entire computer activity in detail etc. Memory forensic tools: Memory tools are used to acquire and analyze a computers volatile memory. Some of them are A) CMAT: Compile Memory Analysis Tool is a self-contained memory analysis tool that analyzes windows OS memory
  4. 4. and extracts information about running processes. B) Memoryze: This tool can acquire live memory images and analyze memory dumps. It is inclusive to Microsoft Windows. Mobile device forensics tools: Mobile forensic tool tend to have hardware and software components. A) Cellebrite Mobile Forensics: It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices, mobile media cards, Sims and GPS devices. B) MicroSystemation XRY: XRY is digital forensic product by MicroSystemation used to recover information from mobile phones, smartphones, GPS, navigation tools and Tablets computers. Network Forensics tools: Network forensic tools are designed to capture and analyze network packets either from LAN or Internet. A) Wire Shark: It captures and analyzes packets. In short it is a protocol analyzer. B) TCP flow: It is a TCP/IP session reassembles. It records the TCP flow and stores the data such that it is convenient for protocol analysis. Database forensic tools: Database forensic is related to the investigations applied on database and metadata. A) Hash keeper: It uses an algorithm to establish unique numeric identifiers (hash values) for files known to be good or bad. It was developed to reduce the amount of time required to examine files on digital media. B) Arbutus: Arbutus data tool is a window based analysis and conversion tool that fraud investigators use to analyze server or mainframe data. VIII Applications: A) Uncover evidences of illegal activities such as credit card fraud, intellectual property theft etc.
  5. 5. B) Investigate and find evidence for crimes that were not directly committed via computer but for which the accused might have stored evidence on computer data storage devices. C) Detect and close computer system security holes through ‘legal hacking’. D) Tracking the activities of the Terrorists by using Internet. IX Conclusion: Cybercrimes are increasing in number day to day. The Forensic Department has been efficiently delivering its duties by controlling the crime rate on the Internet. The techniques developed by the forensic science are also used by army in detecting the presence of chemical weapons and high explosives. Almost in all the cases the persons involved in crime are found out. On the other hand it is the duty of judiciary to resolve any disputes and punish the accused. X References: A) Computer Forensics, Computer Crime Investigation by John R. Vacca. B) Computer Forensics and Investigation by Nelson, Phillips C) List of Computer Forensic Tools, Computer Forensics, Wikipedia