Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Lect 4 computer forensics
1. Intro to Computer Forensics
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanistan
BAKHTAR UNIVERSITY باخترپوهنتون د
2. Outline
• CF Investigation Process
• Secure the Evidence
• Acquire and Analyze the Data
• Assess Evidence and Case
• Prepare the Final Report
• Testify in the court as an Expert witness
• Computer Forensics Service Providers
3. Secure the Evidence
• Secure the evidence without damaging the evidence’s integrity
• Place the evidence in a secured site by not allowing any intruders to access
it
• Maintain the chain of custody to properly track the evidence
• Identify digital and non digital artifacts to separate the evidence according
to their behavior
• Maintain a log book at the entrance of the lab to log in the timings and
name of the person visited
• Place an intrusion alarm system in the entrance of the forensic lab
• Contact law enforcement agencies to know how to preserve the evidence
4. Chain of custody
• Chain of custody is a legal document that demonstrates the
progression of evidence as it travels from original evidence location to
the forensic laboratory
9. Recovery……… if Necessary
• Tools of Recovery
• Recover my files
• Digital Rescue premium
• EASEUS data recovery wizard
• PC inspector file Recovery
• Advanced Disk Recovery
• Total Recall
10. Analyze the Data
• Thoroughly analyze the acquired data to draw conclusions related to
the case
• Data analysis techniques depend on the scope of the case or client’s
requirements
• Analysis of the file’s content, date and time of file creation and
modification, users associated with file creation access and file
modification, and physical storage location of the file
• Identify and categorize data in order of relevance
11. Tools for Analysis
• Forensic tools help in sorting and analysis of a large volume of data
to draw meaningful conclusions.
• Tools
• AccessData’s FTK
• Guidance Software’s Encase Forensics
• Brain Carrier’s the Sleuth Kit
12. Evidence Assessment
• Conduct a complete assessment by reviewing the
• Search warrant
• Legal authorization
• Case detail
• Nature of the hardware and software
• Potential evidence
• Circumstances surrounding the acquisition of the evidence to be examined
14. Prepare the final Report
• Report Writing is a crucial stage in the outcome of the investigation
• The report should be clear, concise and written for the appropriate
audience
17. Expert Witness
• An expert witness is a person who has a thorough knowledge of a
subject and whose credentials can convince others to believe his or
her opinions on that subject in a court of law
18. Testifying in the court
• Presenting digital evidence in the court requires knowledge of new,
specialized, evolving and sometimes complex technology
19. Computer forensics Service Providers
• www.compforensics.com
• www.forensic.com
• www.burgessforensics.com
• Global digital forensics
• etc