This document discusses computer forensics and its importance in fighting crimes. It defines computer forensics as the discovery, collection, and analysis of digital evidence found on devices for use in legal cases. The document outlines common computer forensics techniques, the scope of computer forensic examinations, and the typical process involving acquisition, extraction, analysis, and reporting of evidence. It also provides examples of cases that were solved using computer forensic evidence and discusses certifications in the field.
3. ITEMS USE FOR EXAMINATION
COMPUTER FORENSICS CASES
COMMON MISTAKES MADE
DURING A COMPUTER FORENSIC
ANALYSIS
CONCLUSION
QUESTIONS
REFERENCES
4. DEFINITION:
This is the discovery, collection,
and analysis of evidence found
on computers and networks to
investigate and establish faces in
criminal or civil courts.
5. COMPUTER FORENSICS TECHNIQUES:
Cross-drive analysis: A forensic technique
that correlates information found on multiple
HDD
Live analysis: The practice is useful when
dealing with Encrypting File System and
recovery of RAM data when the system was
shutdown
Deleted files: This is a common technique
7. SCOPE OF COMPUTER FORENSIC:
It focuses on computers and networks for
finding crimes evidence for government,
private business and other sectors of
organization.
Computers: (examination of computer
media, program, data & log files, Internet
messaging conversation, internet chat, e-
mail, etc)
8. SCOPE CONTINUES:
Networks: (analysis of server contents,
server and router log files, packet traffic
and information obtain from Internet
access providers.)
It is critical for Law enforcement as an
evidence gathering and criminal
investigation tool
9. COMPUTER FORENSICS PROCESS:
Acquisition/Preserve the media (The
original drives need be imaged, make
copies of original)
Extract evidence (this depends on the
type of investigation,the specialist needs
to determine what kind of information on
the computer is pertinent to the case)
10. PROCESS CONTUNUES:
Analysis: (The most tasking part, the
information retrieve can be incriminating
or exculpatory.)
Reporting/Documentation: (Configuration
of the computer and BIOS settings to
every step taken and pertinent evidence
that is found should be reported and
11. WHY COMPUTER FORENSICS?
Computer forensics allows for the general
integrity of your network infrastructure and
ensures that your organization’s private
information remains private.
Protection From employee abuse, as well as
protects your company from violating
government regulations such as those rules
regarding customer data privacy.
12. WHY COMPUTER FORENSICS? CONTS.
CUT DOWN COST: (Working with
professionals who have both technological and
practical understandings of computer forensics
and electronic discovery can also cut costs for
your company)
ANTITERRORISM :It is important as an
antiterrorism tool for both criminal persecution
and intelligent gathering.
13. COMPUTER FORENSICS TOOLS:
The Forensics Recovery of Digital
Evidence
Guidance Software’s EnCase
Ultimate Toolkit
The FireChief hardware A portable Tableau write blocker attached to a
Hard Drive
15. COMPUTER FORENSICS CASES :
Soham murders
The alibi of the killer was disproved when
mobile phone records of the person he claimed
to be with showed she was out of town at the
time.
BTK Killer(Dennis Rader was convicted of a
string of serial killings that occurred over a
period of sixteen years)
16. COMPUTER FORENSICS CASES CONTS. :
Joseph E. Duncan III (Forensic investigators
found a spreadsheet in which Duncan was
planning his murders; this helped prove he was
planning the crimes.)
Sharon Lopatka (After going through
hundreds of emails, investigators were able to
find her killer, Robert Glass.)
17. COMPUTER FORENSICS CASES CONTS. :
Dr. Conrad Murray (Michael
Jackson’s doctor was convicted
partially by digital evidence on his
computer. This evidence included
medical documentation showing
lethal amounts of propofol.)
18. COMMON MISTAKES MADE DURING A
COMPUTER FORENSIC ANALYSIS:
Using the internal IT staff to conduct a
computer forensics investigation
Waiting until the last minute to perform a
computer forensics exam
Too narrowly limiting the scope of
computer forensics
19. COMMON MISTAKES CONTINUES:
Not being prepared to preserve
electronic evidence
Not selecting a qualified computer
forensics team
20. COMPUTER FORENSIC CERTIFICATIONS:
ISFCE Certified Computer Examine
IACRB Certified Computer Forensics Examine
IACIS offers the Certified Computer Forensic
Examiner (CFCE) program.
Asian School of Cyber Laws offers
international level certifications in Digital
Evidence Analysis and in Digital Forensic
Investigation
21. CONCLUSION:
Though this area is a bit new to some
people in computing, but it is very important
to battle cybercrimes in the society which is
difficult to handle in the real world
scenarios. Large companies should be able
to train some of their IT staff in computer
forensics which could become asset to the
company.
23. REFERENCES:
Michael G. Noblett; Mark M. Pollitt, Lawrence A. Presley
(October 2000). "Recovering and examining computer forensic
evidence”
Leigland, R (September 2004). "A Formalization of Digital
Forensics".
A Yasinsac; RF Erbacher, DG Marks, MM Pollitt (2003).
"Computer forensics education". IEEE Security & Privacy.
CiteSeerX: 10.1.1.1.9510.
www.google.com
Wikipedia, the free encyclopedia.htm
Shelly, Cashman Vermaat (2006);Discovery Computers A