SlideShare a Scribd company logo

Cyber

Download as PPTX, PDF
P
PuttaRahul

cyber

Education
1 of 65
K VASUDHA
computer security incident: as any unlawful, unauthorized, or unacceptable action that involves a computer system or a computer network. Such an action can include any of the following events: Theft of trade secrets Email spam or harassment Unauthorized or unlawful intrusions into computing systems Embezzlement Possession or dissemination of child pornography Denial-of-service (DoS) attacks Tortious interference of business relations Extortion Any unlawful action when the evidence of such action may be stored on computer media such as fraud, threats, and traditional crimes.
Computer Crime Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government. A computer can play one of three roles in a computer crime:  A computer can be the target of the crime, it can be the instrument of the crime, or it can serve as an evidence repository storing valuable information about the crime.  In some cases, the computer can have multiple roles. It can be the “smoking gun” serving as the instrument the crime.  It can also serve as a file cabinet storing critical evidence.  For example, a hacker may use the computer as the tool to break into another computer and steal files, then store them on the computer.
Computer Forensic Objective: The objective in computer forensics is quite straightforward. It is to recover, analyze, and present computer-based material in such a way that it is useable as evidence in a court of law. The key phrase here is useable as evidence in a court of law. It is essential that none of the equipment or procedures used during the examination of the computer obviate this.
COMPUTER FORENSICS SERVICES A computer forensics professional does more than turn on a computer, make a directory listing, and search through files. Your forensics professionals should be able to successfully perform complex evidence recovery procedures with the skill and expertise that lends credibility to your case. For example, they should be able to perform the following services:  Data seizure  Data duplication and preservation  Data recovery  Document searches  Media conversion  Expert witness services  Computer evidence service options  Other miscellaneous services
Data Seizure Federal rules of civil procedure let a party or their representative inspect and copy designated documents or data compilations that may contain evidence. Your computer forensics experts, following federal guidelines, should act as this representative, using their knowledge of data storage technologies to track down evidence [3]. Your experts should also be able to assist officials during the equipment seizure process. See Chapter 6, “Evidence Collection and Data Seizure,” for more detailed information. Data Duplication and Preservation When one party must seize data from another, two concerns must be addressed: the data must not be altered in any way, and the seizure must not put an undue burden on the responding party. Your computer forensics experts should acknowledge both of these concerns by making an exact duplicate of the needed data. Because duplication is fast, the responding party can quickly resume its normal business functions, and, because your experts work on the duplicated data, the integrity of the original data is maintained.
Data Recovery Using proprietary tools, your computer forensics experts should be able to safely recover and analyze otherwise inaccessible evidence. The ability to recover lost evidence is made possible by the expert’s advanced understanding of storage technologies. For example, when a user deletes an email, traces of that message may still exist on the storage device. Although the message is inaccessible to the user, your experts should be able to recover it and locate relevant evidence. Document Searches Your computer forensics experts should also be able to search over 200,000 electronic documents in seconds rather than hours. The speed and efficiency of these searches make the discovery process less complicated and less intrusive to all parties involved.
Media Conversion Some clients need to obtain and investigate computer data stored on old and unreadable devices. Your computer forensics experts should extract the relevant data from these devices, convert it into readable formats, and place it onto new storage media for analysis. Expert Witness Services Computer forensics experts should be able to explain complex technical processes in an easy-to-understand fashion. This should help judges and juries comprehend how computer evidence is found, what it consists of, and how it is relevant to a specific situation (see sidebar, “Provide Expert Consultation and Expert Witness Services”).
 Computer Evidence Service Options Your computer forensics experts should offer various levels of service, each designed to suit your individual investigative needs. For example, they should be able to offer the following services: Standard service On-site service Emergency service Priority service Weekend service
Standard Service Your computer forensics experts should be able to work on your case during normal business hours until your critical electronic evidence is found. They must be able to provide clean rooms and ensure that all warranties on your equipment will still be valid following their services. On-Site Service Your computer forensics experts should be able to travel to your location to perform complete computer evidence services. While on-site, the experts should quickly be able to produce exact duplicates of the data storage media in question. Their services should then be performed on the duplicate, minimizing the disruption to business and the computer system. Your experts should also be able to help federal marshals seize computer data and be very familiar with the Federal Guidelines for Searching and Seizing Computers. Emergency Service After receiving the computer storage media, your computer forensics experts should be able to give your case the highest priority in their laboratories. They should be able to work on it without interruption until your evidence objectives are met. Priority Service Dedicated computer forensics experts should be able to work on your case during normal business hours (8:00 A.M. to 5:00 P.M., Monday through Friday) until the evidence is found. Priority service typically cuts your turnaround time in half. Weekend Service Computer forensics experts should be able to work from 8:00 A.M. to 5:00 P.M., Saturday and Sunday, to locate the needed electronic evidence and will continue
TYPES OF EVIDENCE Testimonial Evidence Testimonial evidence is any evidence supplied by a witness. This type of evidence is subject to the perceived reliability of the witness, but as long as the witness can be considered reliable, testimonial evidence can be almost as powerful as real evidence. Word processor documents written by a witness may be considered testimonial— as long as the author is willing to state that he wrote it. Hearsay Hearsay is any evidence presented by a person who was not a direct witness. Word processor documents written by someone without direct knowledge of the incident are hearsay. Hearsay is generally inadmissible in court and should be avoided.
THE RULES OF EVIDENCE There are five rules of collecting electronic evidence. These relate to five properties that evidence must have to be useful. 1. Admissible 2. Authentic 3. Complete 4. Reliable 5. Believable
Admissible Admissible is the most basic rule. The evidence must be able to be used in court or otherwise. Failure to comply with this rule is equivalent to not collecting the evidence in the first place, except the cost is higher. Authentic If you can’t tie the evidence positively to the incident, you can’t use it to prove anything. You must be able to show that the evidence relates to the incident in a relevant way. Complete It’s not enough to collect evidence that just shows one perspective of the incident. You collect not only evidence that can prove the attacker’s actions, but also evidence that could prove their innocence. For instance, if you can show the attacker was logged in at the time of the incident, you also need to show who else was logged in and why you think they didn’t do it. This is called exculpatory evidence and is an important part of proving a case. Reliable The evidence you collect must be reliable. Your evidence collection and analysis procedures must not cast doubt on the evidence’s authenticity and veracity. Believable The evidence you present should be clearly understandable and believable to a jury.There’s no point presenting a binary dump of process memory if the jury has no idea what it all means. Similarly, if you present them with a formatted, human understandable version, you must be able to show the relationship to the original binary, otherwise there’s no way for the jury to know whether you’ve faked it. Using
Evidence collection  Minimize handling and corruption of original data.  Account for any changes and keep detailed logs of your actions.  Comply with the five rules of evidence.  Do not exceed your knowledge.  Follow your local security policy.  Capture as accurate an image of the system as possible.  Be prepared to testify.  Work fast.  Proceed from volatile to persistent evidence.  Don’t shutdown before collecting evidence.  Don’t run any programs on the affected system.
Minimize Handling and Corruption of Original Data Once you’ve created a master copy of the original data, don’t touch it or the original. Always handle secondary copies. Any changes made to the originals will affect the outcomes of any analysis later done to copies. You should make sure you don’t run any programs that modify the access times of all files (such as tar and xcopy). You should also remove any external avenues for change and, in general, analyze the evidence after it has been collected. Account for Any Changes and Keep Detailed Logs of Your Actions Sometimes evidence alteration is unavoidable. In these cases, it is absolutely essential that the nature, extent, and reasons for the changes be documented. Any changes at all should be accounted for—not only data alteration but also physical alteration of the originals (the removal of hardware components). Comply with the Five Rules of Evidence The five rules are there for a reason. If you don’t follow them, you are probably wasting your time and money. Following these rules is essential to guaranteeing successful evidence collection. Do Not Exceed Your Knowledge If you don’t understand what you are doing, you can’t account for any changes you make and you can’t describe what exactly you did. If you ever find yourself “out of your depth,” either go and learn more before continuing (if time is available) or find someone who knows the territory. Never soldier on regardless. You’ll just damage your case.
Follow Your Local Security Policy If you fail to comply with your company’s security policy, you may find yourself with some difficulties. Not only may you end up in trouble (and possibly fired if you’ve done something really against policy), but you may not be able to use the evidence you’ve gathered. If in doubt, talk to those who know. Capture as Accurate an Image of the System as Possible Capturing an accurate image of the system is related to minimizing the handling or corruption of original data. Differences between the original system and the master copy count as a change to the data. You must be able to account for the differences. Be Prepared to Testify If you’re not willing to testify to the evidence you have collected, you might as well stop before you start. Without the collector of the evidence being there to validate the documents created during the evidence-collection process, the evidence becomes hearsay, which is inadmissible. Remember that you may need to testify at a later time. No one is going to believe you if they can’t replicate your actions and reach the same results. This also means that your plan of action shouldn’t be based on trial-and-error.
Work Fast The faster you work, the less likely the data is going to change. Volatile evidence may vanish entirely if you don’t collect it in time. This is not to say that you should rush. You must still collect accurate data. If multiple systems are involved, work on them in parallel (a team of investigators would be handy here), but each single system should still be worked on methodically. Automation of certain tasks makes collection proceed even faster. Proceed from Volatile to Persistent Evidence Some electronic evidence (discussed later) is more volatile than others are. Because of this, you should always try to collect the most volatile evidence first. Don’t Shutdown Before Collecting Evidence You should never, ever shutdown a system before you collect the evidence. Not only do you lose any volatile evidence, but also the attacker may have trojaned (via a trojan horse) the startup and shutdown scripts, plug-and-play devices may alter the system configuration, and temporary file systems may be wiped out. Rebooting
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber
Cyber

Recommended

Ethical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsEthical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsShanaAneevan
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Digital evidencepaper
Digital evidencepaperDigital evidencepaper
Digital evidencepaperwiwin_wuland
 
Computer forensic
Computer forensicComputer forensic
Computer forensicibraheem ogundele
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfELIJAH
 

Recommended

Ethical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsEthical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsShanaAneevan
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Digital evidencepaper
Digital evidencepaperDigital evidencepaper
Digital evidencepaperwiwin_wuland
 
Computer forensic
Computer forensicComputer forensic
Computer forensicibraheem ogundele
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfELIJAH
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
Evidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity EssayEvidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity EssayJessica Howard
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxsmile790243
 
Computer forensic
Computer forensicComputer forensic
Computer forensicShashi Mishra
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Computer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics servicesComputer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics servicesICFECI
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime sceneApplied Forensic Research Sciences
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdfComputer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdffeetshoemart
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)JIEMS Akkalkuwa
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
CF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCompute Forensics
 
Forensic Expert Cross Examination
Forensic Expert Cross ExaminationForensic Expert Cross Examination
Forensic Expert Cross Examinationivneetsingh
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfAlejandro Daricz
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...pable2
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPace IT at Edmonds Community College
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 

More Related Content

Similar to Cyber

Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
Evidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity EssayEvidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity EssayJessica Howard
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxsmile790243
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Computer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics servicesComputer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics servicesICFECI
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdfComputer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdffeetshoemart
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)JIEMS Akkalkuwa
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
CF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCompute Forensics
 
Forensic Expert Cross Examination
Forensic Expert Cross ExaminationForensic Expert Cross Examination
Forensic Expert Cross Examinationivneetsingh
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...pable2
 

Similar to Cyber (20)

Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
Evidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity EssayEvidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity Essay
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Computer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics servicesComputer forensics investigation and digital forensics services
Computer forensics investigation and digital forensics services
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdfComputer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdf
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
CF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCF-Computer-Forensic-Services
CF-Computer-Forensic-Services
 
Forensic Expert Cross Examination
Forensic Expert Cross ExaminationForensic Expert Cross Examination
Forensic Expert Cross Examination
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic Concepts
 

Recently uploaded

THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 

Recently uploaded (20)

THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 

Cyber

  • 2.
  • 3.
  • 4. computer security incident: as any unlawful, unauthorized, or unacceptable action that involves a computer system or a computer network. Such an action can include any of the following events: Theft of trade secrets Email spam or harassment Unauthorized or unlawful intrusions into computing systems Embezzlement Possession or dissemination of child pornography Denial-of-service (DoS) attacks Tortious interference of business relations Extortion Any unlawful action when the evidence of such action may be stored on computer media such as fraud, threats, and traditional crimes.
  • 5. Computer Crime Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government. A computer can play one of three roles in a computer crime:  A computer can be the target of the crime, it can be the instrument of the crime, or it can serve as an evidence repository storing valuable information about the crime.  In some cases, the computer can have multiple roles. It can be the “smoking gun” serving as the instrument the crime.  It can also serve as a file cabinet storing critical evidence.  For example, a hacker may use the computer as the tool to break into another computer and steal files, then store them on the computer.
  • 6. Computer Forensic Objective: The objective in computer forensics is quite straightforward. It is to recover, analyze, and present computer-based material in such a way that it is useable as evidence in a court of law. The key phrase here is useable as evidence in a court of law. It is essential that none of the equipment or procedures used during the examination of the computer obviate this.
  • 7. COMPUTER FORENSICS SERVICES A computer forensics professional does more than turn on a computer, make a directory listing, and search through files. Your forensics professionals should be able to successfully perform complex evidence recovery procedures with the skill and expertise that lends credibility to your case. For example, they should be able to perform the following services:  Data seizure  Data duplication and preservation  Data recovery  Document searches  Media conversion  Expert witness services  Computer evidence service options  Other miscellaneous services
  • 8. Data Seizure Federal rules of civil procedure let a party or their representative inspect and copy designated documents or data compilations that may contain evidence. Your computer forensics experts, following federal guidelines, should act as this representative, using their knowledge of data storage technologies to track down evidence [3]. Your experts should also be able to assist officials during the equipment seizure process. See Chapter 6, “Evidence Collection and Data Seizure,” for more detailed information. Data Duplication and Preservation When one party must seize data from another, two concerns must be addressed: the data must not be altered in any way, and the seizure must not put an undue burden on the responding party. Your computer forensics experts should acknowledge both of these concerns by making an exact duplicate of the needed data. Because duplication is fast, the responding party can quickly resume its normal business functions, and, because your experts work on the duplicated data, the integrity of the original data is maintained.
  • 9. Data Recovery Using proprietary tools, your computer forensics experts should be able to safely recover and analyze otherwise inaccessible evidence. The ability to recover lost evidence is made possible by the expert’s advanced understanding of storage technologies. For example, when a user deletes an email, traces of that message may still exist on the storage device. Although the message is inaccessible to the user, your experts should be able to recover it and locate relevant evidence. Document Searches Your computer forensics experts should also be able to search over 200,000 electronic documents in seconds rather than hours. The speed and efficiency of these searches make the discovery process less complicated and less intrusive to all parties involved.
  • 10. Media Conversion Some clients need to obtain and investigate computer data stored on old and unreadable devices. Your computer forensics experts should extract the relevant data from these devices, convert it into readable formats, and place it onto new storage media for analysis. Expert Witness Services Computer forensics experts should be able to explain complex technical processes in an easy-to-understand fashion. This should help judges and juries comprehend how computer evidence is found, what it consists of, and how it is relevant to a specific situation (see sidebar, “Provide Expert Consultation and Expert Witness Services”).
  • 11.  Computer Evidence Service Options Your computer forensics experts should offer various levels of service, each designed to suit your individual investigative needs. For example, they should be able to offer the following services: Standard service On-site service Emergency service Priority service Weekend service
  • 12. Standard Service Your computer forensics experts should be able to work on your case during normal business hours until your critical electronic evidence is found. They must be able to provide clean rooms and ensure that all warranties on your equipment will still be valid following their services. On-Site Service Your computer forensics experts should be able to travel to your location to perform complete computer evidence services. While on-site, the experts should quickly be able to produce exact duplicates of the data storage media in question. Their services should then be performed on the duplicate, minimizing the disruption to business and the computer system. Your experts should also be able to help federal marshals seize computer data and be very familiar with the Federal Guidelines for Searching and Seizing Computers. Emergency Service After receiving the computer storage media, your computer forensics experts should be able to give your case the highest priority in their laboratories. They should be able to work on it without interruption until your evidence objectives are met. Priority Service Dedicated computer forensics experts should be able to work on your case during normal business hours (8:00 A.M. to 5:00 P.M., Monday through Friday) until the evidence is found. Priority service typically cuts your turnaround time in half. Weekend Service Computer forensics experts should be able to work from 8:00 A.M. to 5:00 P.M., Saturday and Sunday, to locate the needed electronic evidence and will continue
  • 13. TYPES OF EVIDENCE Testimonial Evidence Testimonial evidence is any evidence supplied by a witness. This type of evidence is subject to the perceived reliability of the witness, but as long as the witness can be considered reliable, testimonial evidence can be almost as powerful as real evidence. Word processor documents written by a witness may be considered testimonial— as long as the author is willing to state that he wrote it. Hearsay Hearsay is any evidence presented by a person who was not a direct witness. Word processor documents written by someone without direct knowledge of the incident are hearsay. Hearsay is generally inadmissible in court and should be avoided.
  • 14. THE RULES OF EVIDENCE There are five rules of collecting electronic evidence. These relate to five properties that evidence must have to be useful. 1. Admissible 2. Authentic 3. Complete 4. Reliable 5. Believable
  • 15. Admissible Admissible is the most basic rule. The evidence must be able to be used in court or otherwise. Failure to comply with this rule is equivalent to not collecting the evidence in the first place, except the cost is higher. Authentic If you can’t tie the evidence positively to the incident, you can’t use it to prove anything. You must be able to show that the evidence relates to the incident in a relevant way. Complete It’s not enough to collect evidence that just shows one perspective of the incident. You collect not only evidence that can prove the attacker’s actions, but also evidence that could prove their innocence. For instance, if you can show the attacker was logged in at the time of the incident, you also need to show who else was logged in and why you think they didn’t do it. This is called exculpatory evidence and is an important part of proving a case. Reliable The evidence you collect must be reliable. Your evidence collection and analysis procedures must not cast doubt on the evidence’s authenticity and veracity. Believable The evidence you present should be clearly understandable and believable to a jury.There’s no point presenting a binary dump of process memory if the jury has no idea what it all means. Similarly, if you present them with a formatted, human understandable version, you must be able to show the relationship to the original binary, otherwise there’s no way for the jury to know whether you’ve faked it. Using
  • 16. Evidence collection  Minimize handling and corruption of original data.  Account for any changes and keep detailed logs of your actions.  Comply with the five rules of evidence.  Do not exceed your knowledge.  Follow your local security policy.  Capture as accurate an image of the system as possible.  Be prepared to testify.  Work fast.  Proceed from volatile to persistent evidence.  Don’t shutdown before collecting evidence.  Don’t run any programs on the affected system.
  • 17. Minimize Handling and Corruption of Original Data Once you’ve created a master copy of the original data, don’t touch it or the original. Always handle secondary copies. Any changes made to the originals will affect the outcomes of any analysis later done to copies. You should make sure you don’t run any programs that modify the access times of all files (such as tar and xcopy). You should also remove any external avenues for change and, in general, analyze the evidence after it has been collected. Account for Any Changes and Keep Detailed Logs of Your Actions Sometimes evidence alteration is unavoidable. In these cases, it is absolutely essential that the nature, extent, and reasons for the changes be documented. Any changes at all should be accounted for—not only data alteration but also physical alteration of the originals (the removal of hardware components). Comply with the Five Rules of Evidence The five rules are there for a reason. If you don’t follow them, you are probably wasting your time and money. Following these rules is essential to guaranteeing successful evidence collection. Do Not Exceed Your Knowledge If you don’t understand what you are doing, you can’t account for any changes you make and you can’t describe what exactly you did. If you ever find yourself “out of your depth,” either go and learn more before continuing (if time is available) or find someone who knows the territory. Never soldier on regardless. You’ll just damage your case.
  • 18. Follow Your Local Security Policy If you fail to comply with your company’s security policy, you may find yourself with some difficulties. Not only may you end up in trouble (and possibly fired if you’ve done something really against policy), but you may not be able to use the evidence you’ve gathered. If in doubt, talk to those who know. Capture as Accurate an Image of the System as Possible Capturing an accurate image of the system is related to minimizing the handling or corruption of original data. Differences between the original system and the master copy count as a change to the data. You must be able to account for the differences. Be Prepared to Testify If you’re not willing to testify to the evidence you have collected, you might as well stop before you start. Without the collector of the evidence being there to validate the documents created during the evidence-collection process, the evidence becomes hearsay, which is inadmissible. Remember that you may need to testify at a later time. No one is going to believe you if they can’t replicate your actions and reach the same results. This also means that your plan of action shouldn’t be based on trial-and-error.
  • 19. Work Fast The faster you work, the less likely the data is going to change. Volatile evidence may vanish entirely if you don’t collect it in time. This is not to say that you should rush. You must still collect accurate data. If multiple systems are involved, work on them in parallel (a team of investigators would be handy here), but each single system should still be worked on methodically. Automation of certain tasks makes collection proceed even faster. Proceed from Volatile to Persistent Evidence Some electronic evidence (discussed later) is more volatile than others are. Because of this, you should always try to collect the most volatile evidence first. Don’t Shutdown Before Collecting Evidence You should never, ever shutdown a system before you collect the evidence. Not only do you lose any volatile evidence, but also the attacker may have trojaned (via a trojan horse) the startup and shutdown scripts, plug-and-play devices may alter the system configuration, and temporary file systems may be wiped out. Rebooting