SlideShare a Scribd company logo

Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting

D
Dr. Ramchandra Mangrulkar

ASSDF Module 6: Digital Forensics

Engineering
1 of 31
Download to read offline
Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting Dr.Ramchandra Mangrulkar October 7, 2020 Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 1 / 18
The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
What to take along 1. Evidence Tape 2. Chain of custody form 3. Inventory forms 4. Digital camera 5. Toolkit ( Screw driver set with pentalobe Screwdriver for removing HDDs from Mac laptops) 6. Adhesive tape, Sticky note 7. New/ wiped pen drives, hard drives 8. Gloves, static wrist band 9. Write blockers (e.g. ATA, SATA, SCSI, firewire, USB, e-sata, SSD) with cables. 10. Hardware for Imaging (TD2U, Falcon, TrueImager) if available 11. Laptop with FTK (Crossover Tested) 12. Card readers 13. Magnifying glass, Flash Light 14. Faraday bag/Aluminium foil, Bubble wraps Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 4 / 18
Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
Documenting the Scene There is an old tried and true saying in law enforcement: “If you don’t write it down, it didn’t happen.” These are words of wisdom indeed. photographs written notes video process begins the moment investigators arrive at the scene noting the date and time all the people at the scene detailed descriptions of the evidence we collect its location, the names of who discovered and collected it item’s condition, especially if there is visible damage. digital evidence is described by type, make, model, serial number, or other similar descriptors. device is on or off or if it’s connected to other devices (such as printers) or a network (like the Internet). Virtually everything we see, find, and do should be documented. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 6 / 18
Evidence into Custody Place the phone in special containers that shield the phone from wireless signals. Empty paint cans and Faraday bags are two of the more typical choices. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 7 / 18
Protecting Cell Phones from Network Signals It’s essential to isolate a live cell phone from the network. If not, it can receive calls, text messages, or even commands to delete all the data. A Faraday bag is one way to prevent a network signal from reaching the phone. A Faraday bag is made of “some type of conducting material or mesh” that repels these signals. 1 . 1 The function of the bag is based on the work of Michael Faraday, an English scientist who specialized in electromagnetism (Microsoft Corporation) Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 8 / 18
Evidence Label Format Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 9 / 18
Evidence Labelling The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 10 / 18
Chain of Custody Before a piece of evidence gets in front of a jury, it must first meet a series of strict legal requirements, well-documented called chain of custody. evidence makes many stops on its road to trial. Each of these stops must be noted, tracking each and every time the evidence item changes hands or locations Without this detailed accounting, the evidence will be deemed untrustworthy and inadmissible. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 11 / 18
Chain of Custody Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 12 / 18
Chain of Custody : Marking Evidence Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 13 / 18
Chain of Custody :Cloning Evidence A forensic clone is an exact, bit for bit copy of a hard drive. It’s also known as a bit stream image. In other words, every bit (1 or 0) is duplicated on a separate, forensically clean piece of media, such as a hard drive. Hard drives are susceptible to failure. Having two clones gives you one to examine and one to fall back on. Forensically Clean Media : Drives can be cleaned with the same devices used to make the clones. The cleaning process overwrites the entire hard drive with a particular pattern of data such as 1111111111111 Forensic Image Formats : The end result of the cloning process is a forensic image of the source hard drive : EnCase (Extension .E01) Raw dd (Extension .001) AccessData Custom Content Image (Extension .AD1) Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 14 / 18
Evidence Validation: Hashing How do we know our clone is an exact duplicate of the evidence drive? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 15 / 18
Evidence Validation: Hashing Example How do we know our clone is an exact duplicate of the evidence drive? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 16 / 18
Final Report Conclusion of the analysis, the examiner will generate a final report detailing what was done, what was found, and their findings. Ideally, final reports need to be crafted with the intended audience in mind. Must be addressed wrt nontechnical reader’s such as judges, attorneys and juries. major forensic tools, such as EnCase and FTK Final report should include a detailed narrative of all the actions taken by the examiner, starting at the scene if they were present. The examination should be documented with sufficient detail so that the procedure can be duplicated by another examiner Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 17 / 18
Home work https://www.forensic.co.in http://www.forensicsciencesimplified.org/digital/ how.html https://nij.ojp.gov/topics/articles/ new-approaches-digital-evidence-acquisition-and-analy https://www.ncjrs.gov/pdffiles1/nij/250700.pdf Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 18 / 18

Recommended

LEcture #28-#30
LEcture #28-#30LEcture #28-#30
LEcture #28-#30Dr. Ramchandra Mangrulkar
 
Lecture #32: Forensic Duplication
Lecture #32: Forensic DuplicationLecture #32: Forensic Duplication
Lecture #32: Forensic DuplicationDr. Ramchandra Mangrulkar
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsDr. Ramchandra Mangrulkar
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 

Recommended

LEcture #28-#30
LEcture #28-#30LEcture #28-#30
LEcture #28-#30Dr. Ramchandra Mangrulkar
 
Lecture #32: Forensic Duplication
Lecture #32: Forensic DuplicationLecture #32: Forensic Duplication
Lecture #32: Forensic DuplicationDr. Ramchandra Mangrulkar
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsDr. Ramchandra Mangrulkar
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Vishal Tandel
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsAlchemist095
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemAlchemist095
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
cyber forensics
cyber forensicscyber forensics
cyber forensicsAmbuj Kumar
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
Introduction To Forensic Methodologies
Introduction To Forensic MethodologiesIntroduction To Forensic Methodologies
Introduction To Forensic MethodologiesLedjit
 
Cyber forensics question bank
Cyber forensics question bankCyber forensics question bank
Cyber forensics question bankArthyR3
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
An Introduction to Asset Recovery
An Introduction to Asset RecoveryAn Introduction to Asset Recovery
An Introduction to Asset Recoverymylespilkington
 
AD_FTKX_BRO_ENG_19Nov2014
AD_FTKX_BRO_ENG_19Nov2014AD_FTKX_BRO_ENG_19Nov2014
AD_FTKX_BRO_ENG_19Nov2014Leonard Cibelli
 
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Facultad de Informática UCM
 
219941
219941219941
219941gueste9afb2
 
219941
219941219941
219941gueste9afb2
 

More Related Content

What's hot

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Vishal Tandel
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsAlchemist095
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemAlchemist095
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
Introduction To Forensic Methodologies
Introduction To Forensic MethodologiesIntroduction To Forensic Methodologies
Introduction To Forensic MethodologiesLedjit
 
Cyber forensics question bank
Cyber forensics question bankCyber forensics question bank
Cyber forensics question bankArthyR3
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
An Introduction to Asset Recovery
An Introduction to Asset RecoveryAn Introduction to Asset Recovery
An Introduction to Asset Recoverymylespilkington
 
AD_FTKX_BRO_ENG_19Nov2014
AD_FTKX_BRO_ENG_19Nov2014AD_FTKX_BRO_ENG_19Nov2014
AD_FTKX_BRO_ENG_19Nov2014Leonard Cibelli
 
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Facultad de Informática UCM
 

What's hot (20)

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case Study
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file system
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT V
 
Introduction To Forensic Methodologies
Introduction To Forensic MethodologiesIntroduction To Forensic Methodologies
Introduction To Forensic Methodologies
 
Cyber forensics question bank
Cyber forensics question bankCyber forensics question bank
Cyber forensics question bank
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IV
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
An Introduction to Asset Recovery
An Introduction to Asset RecoveryAn Introduction to Asset Recovery
An Introduction to Asset Recovery
 
AD_FTKX_BRO_ENG_19Nov2014
AD_FTKX_BRO_ENG_19Nov2014AD_FTKX_BRO_ENG_19Nov2014
AD_FTKX_BRO_ENG_19Nov2014
 
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
 

Similar to Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting

sakshi Computer_forensics_ppt.ppt
sakshi Computer_forensics_ppt.pptsakshi Computer_forensics_ppt.ppt
sakshi Computer_forensics_ppt.pptSakshiAlex
 
Best Practices For Seizing Electronic Evidence -- DoJ
Best Practices For Seizing Electronic Evidence -- DoJ Best Practices For Seizing Electronic Evidence -- DoJ
Best Practices For Seizing Electronic Evidence -- DoJDavid Sweigert
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceDr. Richard Otieno
 
Computer_forensics_ppt.ppt
Computer_forensics_ppt.pptComputer_forensics_ppt.ppt
Computer_forensics_ppt.pptGnanavi2
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
How digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabHow digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabArgelich Networks
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
Data mining and homeland security rl31798
Data mining and homeland security rl31798Data mining and homeland security rl31798
Data mining and homeland security rl31798Daniel John
 

Similar to Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting (20)

219941
219941219941
219941
 
219941
219941219941
219941
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
sakshi Computer_forensics_ppt.ppt
sakshi Computer_forensics_ppt.pptsakshi Computer_forensics_ppt.ppt
sakshi Computer_forensics_ppt.ppt
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Best Practices For Seizing Electronic Evidence -- DoJ
Best Practices For Seizing Electronic Evidence -- DoJ Best Practices For Seizing Electronic Evidence -- DoJ
Best Practices For Seizing Electronic Evidence -- DoJ
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
 
Computer_forensics_ppt.ppt
Computer_forensics_ppt.pptComputer_forensics_ppt.ppt
Computer_forensics_ppt.ppt
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
3.2
3.23.2
3.2
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal Perspective
 
How digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabHow digital technology is shaping the future of marthab
How digital technology is shaping the future of marthab
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Data mining and homeland security rl31798
Data mining and homeland security rl31798Data mining and homeland security rl31798
Data mining and homeland security rl31798
 

More from Dr. Ramchandra Mangrulkar

Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)Dr. Ramchandra Mangrulkar
 
Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)Dr. Ramchandra Mangrulkar
 
Lecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application SecurityLecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application SecurityDr. Ramchandra Mangrulkar
 
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)Dr. Ramchandra Mangrulkar
 
Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks Dr. Ramchandra Mangrulkar
 
Lecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part ILecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part IDr. Ramchandra Mangrulkar
 
Lecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity ManagementLecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity ManagementDr. Ramchandra Mangrulkar
 
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel SecurityLecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel SecurityDr. Ramchandra Mangrulkar
 
Lecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel SecurityLecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel SecurityDr. Ramchandra Mangrulkar
 
Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part II Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part IIDr. Ramchandra Mangrulkar
 
Lecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part ILecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part IDr. Ramchandra Mangrulkar
 

More from Dr. Ramchandra Mangrulkar (20)

Blockchain#2.pdf
Blockchain#2.pdfBlockchain#2.pdf
Blockchain#2.pdf
 
Blockchain#1.pdf
Blockchain#1.pdfBlockchain#1.pdf
Blockchain#1.pdf
 
Blockchain#3.pdf
Blockchain#3.pdfBlockchain#3.pdf
Blockchain#3.pdf
 
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
 
Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0
 
Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)
 
Lecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security BreachLecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security Breach
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 
Lecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application SecurityLecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application Security
 
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
 
Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks
 
Lecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part ILecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part I
 
Lecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity ManagementLecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity Management
 
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel SecurityLecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
 
Lecture #6: Multilevel Security Models
Lecture #6: Multilevel Security ModelsLecture #6: Multilevel Security Models
Lecture #6: Multilevel Security Models
 
Lecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel SecurityLecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel Security
 
Lecture #4: Access Control Policies
Lecture #4: Access Control PoliciesLecture #4: Access Control Policies
Lecture #4: Access Control Policies
 
Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part II Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part II
 
Lecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part ILecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part I
 

Recently uploaded

Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 

Recently uploaded (20)

Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 

Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting

  • 1. Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting Dr.Ramchandra Mangrulkar October 7, 2020 Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 1 / 18
  • 2. The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
  • 3. The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
  • 4. The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
  • 5. The principles of digital evidence 1 No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. 2 In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. 3 An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. 4 The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 2 / 18
  • 6. Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
  • 7. Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
  • 8. Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
  • 9. Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
  • 10. Evidence Collections After securing the evidence, a survey of the scene will give investigators an accurate sense of what’s ahead. Several questions need to be answered What kinds of devices are present? How many devices are we dealing with? Are any of the devices running? What tools will be needed? Do we have the necessary expertise on hand? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 3 / 18
  • 11. What to take along 1. Evidence Tape 2. Chain of custody form 3. Inventory forms 4. Digital camera 5. Toolkit ( Screw driver set with pentalobe Screwdriver for removing HDDs from Mac laptops) 6. Adhesive tape, Sticky note 7. New/ wiped pen drives, hard drives 8. Gloves, static wrist band 9. Write blockers (e.g. ATA, SATA, SCSI, firewire, USB, e-sata, SSD) with cables. 10. Hardware for Imaging (TD2U, Falcon, TrueImager) if available 11. Laptop with FTK (Crossover Tested) 12. Card readers 13. Magnifying glass, Flash Light 14. Faraday bag/Aluminium foil, Bubble wraps Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 4 / 18
  • 12. Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
  • 13. Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
  • 14. Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
  • 15. Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
  • 16. Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
  • 17. Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
  • 18. Order of Volatility CPU, cache, and register content Routing table, ARP cache, process table, kernel statistics Memory Temporary file system/swap space Data on hard disk Remotely logged data Data contained on archival media Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 5 / 18
  • 19. Documenting the Scene There is an old tried and true saying in law enforcement: “If you don’t write it down, it didn’t happen.” These are words of wisdom indeed. photographs written notes video process begins the moment investigators arrive at the scene noting the date and time all the people at the scene detailed descriptions of the evidence we collect its location, the names of who discovered and collected it item’s condition, especially if there is visible damage. digital evidence is described by type, make, model, serial number, or other similar descriptors. device is on or off or if it’s connected to other devices (such as printers) or a network (like the Internet). Virtually everything we see, find, and do should be documented. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 6 / 18
  • 20. Evidence into Custody Place the phone in special containers that shield the phone from wireless signals. Empty paint cans and Faraday bags are two of the more typical choices. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 7 / 18
  • 21. Protecting Cell Phones from Network Signals It’s essential to isolate a live cell phone from the network. If not, it can receive calls, text messages, or even commands to delete all the data. A Faraday bag is one way to prevent a network signal from reaching the phone. A Faraday bag is made of “some type of conducting material or mesh” that repels these signals. 1 . 1 The function of the bag is based on the work of Michael Faraday, an English scientist who specialized in electromagnetism (Microsoft Corporation) Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 8 / 18
  • 22. Evidence Label Format Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 9 / 18
  • 23. Evidence Labelling The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 10 / 18
  • 24. Chain of Custody Before a piece of evidence gets in front of a jury, it must first meet a series of strict legal requirements, well-documented called chain of custody. evidence makes many stops on its road to trial. Each of these stops must be noted, tracking each and every time the evidence item changes hands or locations Without this detailed accounting, the evidence will be deemed untrustworthy and inadmissible. Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 11 / 18
  • 25. Chain of Custody Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 12 / 18
  • 26. Chain of Custody : Marking Evidence Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 13 / 18
  • 27. Chain of Custody :Cloning Evidence A forensic clone is an exact, bit for bit copy of a hard drive. It’s also known as a bit stream image. In other words, every bit (1 or 0) is duplicated on a separate, forensically clean piece of media, such as a hard drive. Hard drives are susceptible to failure. Having two clones gives you one to examine and one to fall back on. Forensically Clean Media : Drives can be cleaned with the same devices used to make the clones. The cleaning process overwrites the entire hard drive with a particular pattern of data such as 1111111111111 Forensic Image Formats : The end result of the cloning process is a forensic image of the source hard drive : EnCase (Extension .E01) Raw dd (Extension .001) AccessData Custom Content Image (Extension .AD1) Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 14 / 18
  • 28. Evidence Validation: Hashing How do we know our clone is an exact duplicate of the evidence drive? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 15 / 18
  • 29. Evidence Validation: Hashing Example How do we know our clone is an exact duplicate of the evidence drive? Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 16 / 18
  • 30. Final Report Conclusion of the analysis, the examiner will generate a final report detailing what was done, what was found, and their findings. Ideally, final reports need to be crafted with the intended audience in mind. Must be addressed wrt nontechnical reader’s such as judges, attorneys and juries. major forensic tools, such as EnCase and FTK Final report should include a detailed narrative of all the actions taken by the examiner, starting at the scene if they were present. The examination should be documented with sufficient detail so that the procedure can be duplicated by another examiner Dr.Ramchandra Mangrulkar Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingOctober 7, 2020 17 / 18