Sujit

  • 67 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
67
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Acquisition physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices. Identification This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites. Evaluation Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court. Presentation This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence as determined by United States and internal laws
  • 2.  To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: steganography and marking. Steganography: The art of storing information in such a way that the existence of the information is hidden.  Watermarking: Hiding data within data Information can be hidden in almost any file format. File formats with more room for compression are best • Image files (JPEG, GIF) • Sound files (MP3, WAV) • Video files (MPG, AVI) The hidden information may be encrypted, but not necessarily.  Hard Drive/File System manipulation Slack Space is the space between the logical end and the physical end of file and is called the file slack
  • 3. • Steganalysis - the art of detecting and decoding hidden data. •Hiding information within electronic media requires alterations of the media properties that may introduce some form of degradation or unusual characteristics. • The pattern of degradation or the unusual characteristic of a specific type of steganography method is called a signature. • Steganalysis software can be trained to look for a signature.
  • 4. •Human Observation •Software analysis •Disk analysis utilities •Statistical Analysis •Frequency scanning
  • 5. Recovery of watermarked data is extremely hard. Currently, there are very few methods to recover hidden, encrypted data. Data hidden on disk is much easier to find. Once found, if unencrypted, it is already recovered Deleted data can be reconstructed (even on hard drives that have been magnetically wiped) Check swap files for passwords and encryption keys which are stored in the clear (unencrypted) Software Tools • Scan for and reconstruct deleted data • Break encryption
  • 6. The "network" in "network forensics" != "computer" •Network here means "relating to packets" or "network traffic" Definition of forensics (dictionary.com) •Relating to, used in, or appropriate for courts of law or for public discussion or argumentation. •Of, relating to, or used in debate or argument; rhetorical. •Relating to the use of science or technology in the investigation and establishment of facts or evidence in a court of law: a forensic laboratory. Many claim to perform network forensics,but most of these practitioners are probably just capturing packets •These guidelines will elevate your game to forensic levels Forensics helps with "patch and proceed" or "pursue and prosecute"
  • 7. It has an ability to search through a massive amount of data Quickly Easily Thoroughly In any language
  • 8. Digital evidence accepted into court Must prove that there is no tampering. All evidence must be fully accounted for. Computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures Costs. Producing electronic records & preserving them is extremely costly. Presents the potential for exposing privileged documents. Legal practitioners must have extensive computer knowledge.
  • 9.  FINANCIAL FRAUD DETECTION  CRIMINAL PROSECUTION  CIVIL LITIGATION
  • 10. With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden and used to prosecute individuals that belive they have succecessfully beaten the system.