Successfully reported this slideshow.
COMPUTER           FORENSICS              - Bense Tony .J
Scientific process of preserving,identifying,               extracting ,documenting, and interpreting data oncomputerAct...
 Recovering   thousands   of   deleted  mails Performing      investigations     on  computers History Recovering evide...
   Hacking   Child pornography   Fraud   Virus distribution   SPAM investigations   Data theft   Sexual Harassment...
   Investigation Departments   Civil Litigations   Insurance Companies   Private Corporations   Law Enforcement Offic...
   Comparison with known data   Transaction sequencing   Extraction of data from devices   Recovering deleted data fil...
   According to many professionals, Computer    Forensics is a four (4) step process    Acquisition    Identification  ...
 Acquisition  Physically or remotely obtaining   possession of the computer  All network mappings from the system  And...
 Identification  what data could be recovered ?  electronically retrieving it by running various   Computer      Forens...
 Presentation  This step involves the presentation of   evidence discovered in a manner which is   understood by lawyers...
   Hardware    ◦ Familiarity with all internal and external      devices/components of a computer    ◦ Thorough understan...
   Operation Systems       Windows 3.1/95/98/ME/NT/2000/2003/XP       DOS       UNIX       LINUX       VAX/VMS   So...
   Software that limits and/or corrupts    evidence that could be collected by an    investigator   Performs data hiding...
   Covert Channels in Hiding    Transmission    ◦ Take advantage of timing or shared storage to      pass      data throu...
   Watermarking:   Hiding data within data    ◦ Information can be hidden in almost any      file format.    ◦ File form...
•   Hard Drive/File System manipulation    – Hidden drive space is a non-partitioned      space in-between partitions    –...
Extra Tracks: most hard disks have more than the rated no of tracks to make up for flaws in manufacturingChange file nam...
Encryption: The problem with this is that existence of data is not hidden, instead it draws attention to itself.  With s...
   Steganalysis –   the art of detecting and decoding hidden    data     Hiding information within electronic      medi...
   Steganalysis Methods   - Detection     Human Observation        Opening a text document in a common word processor ...
Firewall  Firewall/Routing filters can be    applied to search for hidden or    invalid data in IP datagram headers  Pr...
   Steganalysis Methods – Recovery     Recovery of watermarked data is      extremely hard     Data hidden on disk is m...
Check swap files for passwords and encryption keys which are stored in the clear (unencrypted)Software Tools  Scan for ...
   Never go the black side of the world   Never try to handle systems without    complete knowledge   Never leave your ...
Thank     YouEveryone
Upcoming SlideShare
Loading in …5
×

Computer Forensics

766 views

Published on

An overview about computer forensics.

Published in: Technology
  • Be the first to comment

Computer Forensics

  1. 1. COMPUTER FORENSICS - Bense Tony .J
  2. 2. Scientific process of preserving,identifying, extracting ,documenting, and interpreting data oncomputerAct of detecting informations fromdeleted and encrypted or hidden filesfrom systems for the purpose of legalactivities
  3. 3.  Recovering thousands of deleted mails Performing investigations on computers History Recovering evidence post formatting Hard drive View network history related to it
  4. 4.  Hacking Child pornography Fraud Virus distribution SPAM investigations Data theft Sexual Harassment Software piracy
  5. 5.  Investigation Departments Civil Litigations Insurance Companies Private Corporations Law Enforcement Officials Individual/Private Citizens
  6. 6.  Comparison with known data Transaction sequencing Extraction of data from devices Recovering deleted data files Format conversion Keyword searching Decrypting passwords
  7. 7.  According to many professionals, Computer Forensics is a four (4) step process Acquisition Identification Evaluation Presentation
  8. 8.  Acquisition  Physically or remotely obtaining possession of the computer  All network mappings from the system  And external physical storage devices
  9. 9.  Identification  what data could be recovered ?  electronically retrieving it by running various Computer Forensic tools and software suites Evaluation  Evaluating the information/data recovered to determine  How it could be used again the suspect for employment termination
  10. 10.  Presentation  This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence
  11. 11.  Hardware ◦ Familiarity with all internal and external devices/components of a computer ◦ Thorough understanding of hard drives and settings ◦ Understanding motherboards and the various chipsets used ◦ Power connections ◦ Memory BIOS ◦ Understanding how the BIOS works ◦ Familiarity with the various settings and limitations of the BIOS
  12. 12.  Operation Systems  Windows 3.1/95/98/ME/NT/2000/2003/XP  DOS  UNIX  LINUX  VAX/VMS Software  Familiarity with most popular software packages such as Microsoft Office Forensic Tools  Familiarity with computer forensic techniques and the software packages that could
  13. 13.  Software that limits and/or corrupts evidence that could be collected by an investigator Performs data hiding and distortion Exploits limitations of known and used forensic tools Works both on Windows and LINUX based systems
  14. 14.  Covert Channels in Hiding Transmission ◦ Take advantage of timing or shared storage to pass data through unsuspected channel Steganography: The art of storing information in such a way that the existence of the information is hidden.
  15. 15.  Watermarking: Hiding data within data ◦ Information can be hidden in almost any file format. ◦ File formats with more room for compression are best  Image files (JPEG, GIF)  Sound files (MP3, WAV)  Video files (MPG, AVI)
  16. 16. • Hard Drive/File System manipulation – Hidden drive space is a non-partitioned space in-between partitions – Bad sectors occur when the OS attempts to read info from a sector unsuccessfully
  17. 17. Extra Tracks: most hard disks have more than the rated no of tracks to make up for flaws in manufacturingChange file names and extensions – i.e. rename a .doc file to a .dll file
  18. 18. Encryption: The problem with this is that existence of data is not hidden, instead it draws attention to itself. With strong enough encryption, it doesn’t matter if its existence is known
  19. 19.  Steganalysis – the art of detecting and decoding hidden data Hiding information within electronic media requires alterations of the media properties that may introduce some form of degradation or unusual characteristics
  20. 20.  Steganalysis Methods - Detection  Human Observation  Opening a text document in a common word processor may show appended spaces and “invisible” characters  Images and sound/video clips can be viewed or listened to and distortions may be found  Software analysis  Even small amounts of processing can filter out echoes and shadow noise within an audio file to search for hidden information  If the original media file is available, hash values can easily detect modifications
  21. 21. Firewall Firewall/Routing filters can be applied to search for hidden or invalid data in IP datagram headers Proxy Sites The intrusion through proxy sites[except a few] can be easily found
  22. 22.  Steganalysis Methods – Recovery Recovery of watermarked data is extremely hard Data hidden on disk is much easier to find. Once found, if unencrypted, it is already recovered Deleted data can be reconstructed (even on hard drives that have been magnetically wiped)
  23. 23. Check swap files for passwords and encryption keys which are stored in the clear (unencrypted)Software Tools Scan for and reconstruct deleted data Break encryption Destroy hidden information (overwrite)
  24. 24.  Never go the black side of the world Never try to handle systems without complete knowledge Never leave your passwords carelessly in Internet Always use “https” type connections than “http” Implement the technical updates in a +ve way
  25. 25. Thank YouEveryone

×