Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Computer forensics


Published on

Published in: Education, Technology
  • Be the first to comment

Computer forensics

  1. 1. Computer Forensics
  2. 2. Introduction• Topics to be covered–Defining Computer Forensics–Reasons for gathering evidence–Who uses Computer Forensics–Steps of Computer Forensics–Requirements–Anti-Forensics
  3. 3. Definition• What is Computer Forensics??– Computer forensics involves the preservation,identification, extraction, documentation, andinterpretation of computer media for evidentiary and/orroot cause analysis.– Evidence might be required for a wide range ofcomputer crimes and misuses– Multiple methods of• Discovering data on computer system• Recovering deleted, encrypted, or damaged fileinformation• Monitoring live activity• Detecting violations of corporate policy– Information collected assists in arrests, prosecution,termination of employment, and preventing futureillegal activity
  4. 4. Definition (cont)• What Constitutes Digital Evidence?– Any information being subject to human intervention ornot, that can be extracted from a computer.– Must be in human-readable format or capable of beinginterpreted by a person with expertise in the subject.• Computer Forensics Examples– Recovering thousands of deleted emails– Performing investigation post employmenttermination– Recovering evidence post formatting harddrive– Performing investigation after multipleusers had taken over the system
  5. 5. Reasons For Evidence• Wide range of computer crimes and misuses– Non-Business Environment: evidence collected byFederal, State and local authorities for crimes relatingto:• Theft of trade secrets• Fraud• Industrial espionage(intelligence)• Position of pornography• Virus/Trojan distribution• Homicide(mur) investigations• Unauthorized use of personal information
  6. 6. Reasons For Evidence (cont)• Computer related crime and violations include arange of activities including:– Business Environment:• Theft of or destruction of intellectual property• Unauthorized activity• Tracking internet browsing habits• Reconstructing Events• Inferring intentions• Selling company bandwidth• Wrongful dismissal claims• Sexual nuisance• Software Piracy
  7. 7. Who Uses Computer Forensics?• Criminal Prosecutors– Rely on evidence obtained from a computer toprosecute suspects and use as evidence• Civil Litigations– Personal and business data discovered on a computercan be used in fraud, divorce, harassment, ordiscrimination cases• Insurance Companies– Evidence discovered on computer can beused to mollify costs (fraud, worker’scompensation, arson, etc)• Private Corporations– Obtained evidence from employee computers canbe used as evidence in harassment, fraud, andembezzlement cases
  8. 8. Who Uses Computer Forensics? (cont)• Law Enforcement Officials– Rely on computer forensics to backup search warrantsand post-seizure handling• Individual/Private Citizens– Obtain the services of professional computer forensicspecialists to support claims of harassment, abuse, orwrongful termination from employment
  9. 9. Steps Of Computer Forensics• According to many professionals, ComputerForensics is a four (4) step process– Acquisition• Physically or remotely obtaining possession of thecomputer, all network mappings from the system, andexternal physical storage devices– Identification• This step involves identifying what data could berecovered and electronically retrieving it by runningvarious Computer Forensic tools and softwaresuites– Evaluation• Evaluating the information/data recovered todetermine if and how it could be used again thesuspect for employment termination or prosecutionin court
  10. 10. Steps Of Computer Forensics (cont)– Presentation• This step involves the presentation of evidencediscovered in a manner which is understood by lawyers,non-technically staff/management, and suitable asevidence as determined by United States and internallaws
  11. 11. Computer Forensic Requirements• Hardware– Familiarity with all internal and externaldevices/components of a computer– Thorough understanding of hard drives and settings– Understanding motherboards and the various chipsetsused– Power connections– Memory• BIOS– Understanding how the BIOS works– Familiarity with the various settings and limitations ofthe BIOS
  12. 12. Computer Forensic Requirements (cont)• Operation Systems– Windows 3.1/95/98/ME/NT/2000/2003/XP– DOS– UNIX– LINUX• Software– Familiarity with most popular software packagessuch as Office• Forensic Tools– Familiarity with computer forensic techniques and thesoftware packages that could be used
  13. 13. Anti-Forensics• Software that limits and/or corrupts evidencethat could be collected by an investigator• Performs data hiding and distortion• Exploits limitations of known and used forensictools• Works both on Windows and LINUX basedsystems• In place prior to or post system acquisition
  14. 14. Que ?