2. Introduction
Computer crime is a criminal act in which a
computer is the object of the offence or the tool
of its commission.
Classification:
Computer centered crime
Computer assisted crime
Incidental computer crime
3. What is computer forensics?
A branch of digital forensic
science pertaining to legal
evidence found in
computers and digital
storage media
A Scientific process of
preserving, identifying,
extracting, documenting,
and interpreting data on
computer
4. Objectives
To recover, analyze, and preserve the computer and
related materials in a manner that can be presented as
evidence in a court of law
To identify the evidence in a short amount of time,
estimate the potential impact of the malicious activity on
the victim, and assess the intent and identity of the
perpetrator
5. Digital Evidence
• Digital evidence or electronic evidence is any
probative information stored or transmitted
in digital form that a party to a court case may
use at trial.
• In the legal world, Evidence is EVERYTHING.
• Evidence is used to establish facts.
•
6. Where to find evidence?
text documents,
graphical images,
calendar files,
databases,
audio and video files,
Web sites and application programs.
Even viruses, Trojan horses and
spyware
E-mail records and instant
messaging logs,
7. Handling Information
Information and data being sought after and
collected in the investigation must be properly
handled
Volatile Information
– Network Information
• Communication between system and the network
– Active Processes
• Programs and daemons currently active on the
system
– Logged-on Users
• Users/employees currently using system
– Open Files
• Libraries in use; hidden files; Trojans (root kit)
loaded in system
8. Handling Information
• Non-Volatile Information
– This includes information, configuration
settings, system files and registry settings
that are available after reboot
– Accessed through drive mappings from
system
– This information should investigated and
reviewed from a backup copy
10. Forensic Techniques
Live analysis:
• The examination of computers from within
the operating system using custom
forensics to extract evidence.
Cross-drive analysis:
• forensic technique that correlates
information found on multiple hard drives.
• can be used to perform anomaly detection.
11. Forensic Techniques
Example of Software Tools:
• EnCase
• WinHex
• ProDiscover
• S-tool
Deleted files:
• recovery of deleted files
• Use of forensic software tools for recovering
or carving out deleted data.
12. Forensic Techniques
Steganography:
• concealing a message, image, or file within
another message, image, or file.
• detection of steganographically encoded
packages is called steganalysis.
• the simplest method to detect modified files is to
compare them to known originals.
14. Advantages
Ensures the overall integrity and continued existence of
an organization’s computer system and network
infrastructure.
Helps the organization capture important information if
their computer systems or networks are compromised.
Efficiently tracks down cyber criminals and terrorists from
different parts of the world.
Tracks complicated cases such as child pornography
and e-mail spamming.
16. Conclusion
• With computer becoming more and more
involved in our everyday lives, both
professionally and socially, there is a need
for computer forensics. This field will
enable crucial electronic evidence to be
found, whether it was lost, deleted,
damaged, or hidden, and used to
prosecute individuals that believe they
have successfully beaten the system.
