1. Intro to Computer Forensics
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanistan
BAKHTAR UNIVERSITY باخترپوهنتون د
2. Outline
• Computer forensics
• Evolution, objective, advantages and disadvantages of CF
• Forensics Readiness Planning
• Cybercrime and its types
• Cybercrime investigation
3. Forensics Science
• Forensics Science is a science which proves to a court that the suspected
was involved or not, in the criminal activities, in order to find out the truth
that injustice shall not be occurred.
• Application of physical sciences to law
• in the search for truth in
• civil,
• criminal,
• and social behavioral matters
• In order to end that injustice shall not be done to any member of society. [CHFI]
• To prove that a person was present or not at the place of crime
4. Computer Forensics
• It is the combination of law and computer science
• Computer forensics is a process of gathering related data or
information from the digital appliances involved in the crime and
preserved those data or information in a way that is acceptable to
court of law.
• A methodical series of techniques and procedures for gathering
evidence, from computing equipment and various storage devices
and digital media that can be presented in a court of law in a
coherent and meaningful format. [Dr. H.B. Wolfe]
5. Computer Forensics
• Forensics computing is thee science of capturing, processing, and
investigating data from computers using a methodology whereby any
evidence discovered is acceptable in a court of law. [CHFI]
• The preservation, identification, extraction, interpretation, and
documentation of computer evidence, to include the rules of
evidence, legal processes, integrity of evidence, factual reporting of
the information found, and providing of expert opinion in a court of
law or other legal and/or administrative proceeding as to what was
found [CSI]
7. Evolution of Computer Forensics
• Francis Galton (1982 – 1911): Made the first recorded study of fingerprints
• Leone Lattes (1887 – 1954): Discovered Blood groupings
• Calvin Goddard (1891 – 1955): allowed firearms and bullet comparison for
solving many pending court cases
• Albert Osborn (1858 – 1946): Developed essential feature of document
examination
• Hans Gross (1847 – 1915): Made use of scientific study to head criminal
investigations
• FBI (1932): A lab was set up to provide forensics services to all field agents
and other law authorities across the country.
9. Objective of Computer Forensics
• To find out the criminal which is directly or indirectly related to cyber
region.
• To recover, analyze and preserve computer and related materials in
such a way that they can be presented as evidence in a court of law.
• To identify the evidence quickly, estimate the potential impact of the
malicious activity on the victim, and assess the intent and identity of
the perpetrator.
10. Advantages of Computer Forensics
• Help to protect from and solve cases involving
• Theft of intellectual property
• This is related to any act that allows access to customer data and any confidential
information
• Financial Fraud
• This is related to anything that uses fraudulent purchase of victims information to
conduct fraudulent transactions.
11. Disadvantages of Computer Forensics
• Digital evidence accepted into court must prove that there is no
tampering
• Costs
• Producing electronic records and preserving them is extremely costly
• Legal practitioners must have extensive computer knowledge
13. Forensics Readiness?
• It is defined as the ability of an organization to maximize its potential
to use digital evidence whilst minimizing the costs of an investigation.
14. Benefits of Forensics Readiness [CHFI]
• Evidence can be gathered to act in the company’s defense if subject to a
law suit
• In the event of a major incident, a fast and efficient investigation can be
conducted and corresponding actions can be followed with minimal
disruption to the business.
• Forensics readiness can extend the target of information security to the
wider threat from cybercrime such as intellectual property protection,
fraud, or extortion.
• Fixed and structured approach for storage of evidence can considerably
reduce the expense and time of an internal investigation
• It can improve and simplify law enforcement interface
• In case of a major incident, proper and in-depth investigation can be
conducted
16. Forensics Readiness Planning
1) Define the business states that need digital evidence
2) Identify the potential evidence available
3) Determine the evidence collection requirement
4) Decide the procedure for securely collecting the evidence that meets the
requirement in a forensically sound manner
5) Establish a policy for securely handling and storing the collected evidence
6) Ensure that the observation process is aimed to detect and prevent the
important incidents
7) Ensure investigative staff are capable to complete any task related to handling
and preserving the evidence
8) Document all the activities performed and their impact
9) Ensure authorized review to facilitate action in response to the incident
17. Cyber Crime
• Cyber crime is an illegal action against any entity using computer, its
systems and its applications.
• Crime directed against a computer
• Crime where the computer contains evidence
• Crime where the computer is used as a tool to commit the crime
• A cyber crime is intentional and not accidental
18. Cyber crime
• Computer and networks make a healthy environment for the cyber
criminal to perform their illegal actions due to the following factors
• Speed
• Anonymity
• Different cyber laws
• It is also a great challenges for the investigators as well.
19. Modes of Attacks
• There are generally two main types of attacks
• Internal Attacks
• Breach of trust from employees within the organization
• External Attacks
• Attackers either hired by an insider or by an external entity to destroy the competitor’s
reputation
20. Examples of Cyber crime
1) Fraud achieved by the manipulation of the computer network
2) Deliberate circumvention of the computer systems
3) Unauthorized access to or modification of programs and data
4) Intellectual property theft, including software piracy
5) Industrial espionage by means of access to or theft of computer materials
6) Identity theft, which is accomplished by the use of fraudulent computer
7) Writing or spreading computer viruses or worms
8) Salami slicing is the practice of stealing money repeatedly in small quantities
9) Denial of service attack, where the company’s websites are flooded with
service requests and their website is overloaded and either slowed or is
crashed completely
10) Making and digitally distributing child pornography