Current Forensic tools: evaluating computer forensic tool needs, computer forensics software tools, computer forensics hardware tools, validating and testing forensics software E-Mail Investigations: Exploring the role of e-mail in investigation, exploring the roles of the client and server in e-mail, investigating e-mail crimes and violations, understanding e-mail servers, using specialized e-mail forensic tools. Cell phone and mobile device forensics: Understanding mobile device forensics, understanding acquisition procedures for cell phones and mobile devices
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Current Forensic Tools
1. Current Forensic
Tools
Dr R Jegadeesan Prof-CSE
Jyothishmathi Institute of Technology
and Science, karimnagar
2. • Look for versatility, flexibility, and robustness
– OS
– File system(s)
– Script capabilities
– Automated features
– Vendor’s reputation for support
• Keep in mind what application files you will be analyzing
2
Current Forensic Tools
Evaluating computer forensic tool needs
3. • Hardware forensic tools
– Range from single-purpose
components to complete computer
systems and servers
• Software forensic tools
– Types
• Command-line applications
• GUI applications
– Commonly used to copy data from a suspect’s disk
drive to an image file
3
Current Forensic Tools
Types of Computer Forensics Tools
4. • Five major categories:
– Acquisition
– Validation and discrimination
– Extraction
– Reconstruction
– Reporting 4
Current Forensic Tools
Tasks Performed by Computer Forensics Tools
5. • Validation
– Ensuring the integrity of data being copied
• Discrimination of data
– Involves sorting and searching through all investigation data
5
Current Forensic Tools
Validating and testing forensics software
6. • Subfunctions
– Hashing
o CRC-32, MD5, Secure Hash Algorithms
– Filtering
o Known system files can be ignored
o Based on hash value sets
– Analyzing file headers
o Discriminate files based on their types
• National Software Reference Library (NSRL) has compiled a list of
known file hashes
– For a variety of OSs, applications, and images
6
Current Forensic Tools
Validating and testing forensics software
7. • Subfunctions
– Hashing
o CRC-32, MD5, Secure Hash Algorithms
– Filtering
o Known system files can be ignored
o Based on hash value sets
– Analyzing file headers
o Discriminate files based on their types
• National Software Reference Library (NSRL) has compiled a list of
known file hashes
– For a variety of OSs, applications, and images
7
Current Forensic Tools
Validating and testing forensics software
8. • Many computer forensics programs include a list of common header
values
– With this information, you can see whether a file extension is
incorrect for the file type
• Most forensics tools can identify header values
8
Current Forensic Tools
Validating and testing forensics software
10. 10
E-Mail Investigations
Introduction
What is E-mail investigation?
“E-mail investigation is a digital forensics process of finding out
evidences from suspect emails that allows investigator to examine,
preserve, and reveal digital evidence”(branch of forensics science).
11. 11
E-Mail Investigations
Exploring the role of e-mail in investigation
Vital Roles of E-mail Forensics
• Examine.
• Preserve.
• Carve Evidence.
• Report.
12. 12
E-Mail Investigations
Exploring the role of e-mail in investigation
Requirements of E-mail Investigation
• To carve evidence.
• To ensure the reliability of e-mails.
• To pointing on illegal acts and intertwine them.
• Presenting an evidence
13. 13
E-Mail Investigations
Exploring the role of e-mail in investigation
Goal of E-mail Forensics
E-mail investigation contains the wealth of mails that’s why E-mail
forensics investigator must not only investigate but also retrieve the
kind of evidence from mails which is presentable and
leads to legal action taken on the crime.
14. 14
E-Mail Investigations
Exploring the role of e-mail in investigation
Types of E-mail Crimes
1. Email spoofing.
2.Email frauds.
3. Email bombing.
4. Sending threatening emails.
5. Defamatory emails.
6. Sending malicious codes through email..
15. 15
E-Mail Investigations
Investigating e-mail crimes and violations
Investigating E-mail from Corporate
• Corporate: Apps.rai@somecompany.com
Everything after @ belongs to the domain name.
• Investigating corporate emails is easier.
16. 16
E-Mail Investigations
Investigating e-mail crimes and violations
Investigating E-mails from Public Servers
Try to ignore the use of your own email-id while investigating. Use
public severs like yahoo, Hotmail..,etc.
• Public: Whatever@hotmail.com
17. 17
E-Mail Investigations
Investigating e-mail crimes and violations
Investigating E-mail Header
Search e-mail header in
• GUI clients.
• Command- line clients.
• Web-based clients.
Header contains useful information
• Unique identifying number.
• Sending time.
• IP address of sending e-mail server.
• IP address of e-mail client.
19. 19
E-Mail Investigations
Use specified E-mail Investigating tool
Use specified E-mail Investigating tool
• AccessData’s FTK Imager.
• MailXaminer.
• Encase.
• DBXtract.
• Paraben, etc.
20. 20
Cell phone and mobile device forensics
Understanding Mobile Device Forensics
• People store a wealth of information on cell phones and mobile devices
o People don’t think about securing their mobile devices
• Items stored on mobile devices:
o Incoming, outgoing, and missed calls
o Text and Short Message Service (SMS) messages
o E-mail
o Instant-messaging (IM) logs
o Web pages
o Pictures
o Personal calendars
o Address books
o Music files
o Voice recordings
o GPS data
• Investigating cell phones and mobile devices is one of the most challenging tasks in
digital forensics
21. 21
Cell phone and mobile device forensics
Mobile Device Forensic Analysis Process
• Biggest challenge is dealing with constantly changing
models of cell phones
• When you’re acquiring evidence, generally you’re
performing two tasks:
– Acting as though you’re a PC synchronizing with the device (to
download data)
– Reading the SIM card
• First step is to identify the mobile device
22. 22
Cell phone and mobile device forensics
Data Acquisition Procedures for Cell Phones and Mobile
Devices
• Check these areas in the forensics lab :
– Internal memory
– SIM card
– file system is a hierarchical structure
– Removable or external memory cards
• Information that can be retrieved:
– Service-related data, such as identifiers for the SIM card and the subscriber
– Call data, such as numbers dialed
– Message information
– Location information
• If power has been lost, PINs or other access codes might be required
to view files.
• Encryption