Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

computer forensics


Published on

Published in: Technology
  • Is computer forensics only about data that is being destroyed and corrupted or it also deals with extraction and reading data from the normal computers like ours
    Are you sure you want to  Yes  No
    Your message goes here

computer forensics

  1. 1. COMPUTER FORENSICS By : Ch. Rekha Priyanka (08Q61A0515)
  2. 2. Introduction: <ul><li>Computer Forensics is a branch of Digital forensic science that deals with investigating and analyzing legal evidence found in computers and digital media. </li></ul><ul><li>This applies to: </li></ul><ul><ul><li>Computer systems </li></ul></ul><ul><ul><li>Hard disks </li></ul></ul><ul><ul><li>CDs </li></ul></ul><ul><ul><li>Electronic documents (ex: email messages, JPEG images, etc.) </li></ul></ul>
  3. 3. HISTORY OF COMPUTER FORENSICS : <ul><li>Michael Anderson </li></ul><ul><ul><li>“ Father of computer forensics” </li></ul></ul><ul><ul><li>special agent with IRS </li></ul></ul><ul><li>Meeting in 1988 (Portland, Oregon) </li></ul><ul><ul><li>creation of IACIS, the International Association of Computer Investigative Specialists </li></ul></ul><ul><ul><li>the first Seized Computer Evidence Recovery Specialists (SCERS) classes held </li></ul></ul>
  4. 4. WORKING PROCESS : Methods of hiding Data : To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: Steganography and marking. <ul><li>Steganography: The art of storing information in such a way that the existence of the information is hidden. </li></ul><ul><li>Watermarking: Hiding data within data. </li></ul>
  5. 5. <ul><li>Hard Drive/File System manipulation: </li></ul>WORKING PROCESS : Method of Hiding Data <ul><li>Slack Space </li></ul><ul><li>Partition waste space </li></ul><ul><li>Hidden drive Space </li></ul><ul><li>Bad sectors </li></ul><ul><li>Extra Tracks </li></ul><ul><li>Change file names and extensions </li></ul>
  6. 6. Methods Of Detecting/Recovering Data : <ul><li>Steganalysis - the art of detecting and decoding hidden data. </li></ul>Steganalysis Methods - Detection <ul><li>Human Observation. </li></ul><ul><li>Software Analysis. </li></ul><ul><li>Disk Analysis. </li></ul><ul><li>RAM Slack. </li></ul><ul><li>Firewall/Router Filters. </li></ul><ul><li>Statistical Analysis. </li></ul><ul><li>Frequent Scanning. </li></ul>
  7. 7. Methods Of Detecting/Recovering Data : Steganalysis Methods – Recovery – Recovery of watermarked data is extremely hard. • Currently, there are very few methods to recover hidden, encrypted data. – Data hidden on disk is much easier to find. Once found, if unencrypted, it is already recovered – Deleted data can be reconstructed (even on hard drives that have been magnetically wiped) – Check swap files for passwords and encryption keys which are stored in the clear (unencrypted) – Software Tools • Scan for and reconstruct deleted data • Break encryption • Destroy hidden information (overwrite)
  8. 8. TECHNICAL APPLICATIONS : <ul><li>Understanding of </li></ul><ul><ul><li>storage technology </li></ul></ul><ul><ul><li>operating system features </li></ul></ul><ul><ul><ul><li>Windows </li></ul></ul></ul><ul><ul><ul><li>Linux </li></ul></ul></ul><ul><ul><ul><li>Unix </li></ul></ul></ul><ul><ul><ul><li>Mac OS </li></ul></ul></ul><ul><ul><li>file systems </li></ul></ul>
  9. 9. <ul><li>Knowledge of </li></ul><ul><ul><li>Slack space </li></ul></ul><ul><ul><li>Host Protected Area (HPA) </li></ul></ul><ul><ul><li>Device Configuration Overlay (DCO) </li></ul></ul><ul><li>Disk imaging </li></ul><ul><li>Data recovery </li></ul><ul><li>Total data deletion </li></ul><ul><li>Handling encryption </li></ul>TECHNICAL APPLICATIONS :
  10. 10. How Computer Forensics are Used ? <ul><li>Criminal Prosecutors </li></ul><ul><li>Civil Litigations </li></ul><ul><li>Insurance Companies </li></ul><ul><li>Large Corporations </li></ul><ul><li>Law Enforcement </li></ul><ul><li>Any Individual </li></ul>
  11. 11. ADVANTAGES OF COMPUTER FORENSICS : <ul><ul><li>Ability to search through a massive amount of data </li></ul></ul><ul><ul><li>Quickly </li></ul></ul><ul><ul><li>Thoroughly </li></ul></ul><ul><ul><li>In any language </li></ul></ul>
  12. 12. DISADVANTAGES OF COMPUTER FORENSICS : <ul><li>Digital evidence accepted into court: </li></ul><ul><ul><li>must prove that there is no tampering </li></ul></ul><ul><ul><li>all evidence must be fully accounted for </li></ul></ul><ul><ul><li>computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures </li></ul></ul>
  13. 13. DISADVANTAGES OF COMPUTER FORENSICS : <ul><li>Costs </li></ul><ul><ul><li>producing electronic records & preserving them is extremely costly. </li></ul></ul><ul><ul><ul><li>Sattar vs. Motorola Inc </li></ul></ul></ul><ul><li>Presents the potential for exposing privileged documents. </li></ul><ul><li>Legal practitioners must have extensive computer knowledge. </li></ul>
  14. 14. CONCLUSION : With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.
  15. 15. Bibliography : <ul><ul><li>All State Investigations, Inc. January 2005 </li></ul></ul><ul><ul><li>Computer Forensics, Inc. </li></ul></ul><ul><ul><li>Computer Forensic Services, LLC. January 2005. </li></ul></ul><ul><ul><li>International Association of Computer Investigative Specialists. January 2005. </li></ul></ul><ul><ul><li>Middlesex County Computer Technology. January 2005. </li></ul></ul><ul><ul><li>Virtue, Emily. “Computer Forensics: Implications for Litigation and Dispute Resolutions.” April 2003. </li></ul></ul>
  16. 16. QUERIES
  17. 17. THANK 'Q' !