Computer +forensics


Published on

Published in: Technology

Computer +forensics

  1. 1. COMPUTER FORENSICS By Group :-G10 Group Members are as:1:Pradeep Kumar 2:Parvez 3:Surender Singh
  2. 2. CONTENTS Definition of Computer Forensics History of Computer Forensics Steps Of Computer Forensics Certifications for Computer Forensic Computer Forensic Requirements Collecting Evidence Uses of Computer forensics Advantages of Computer Forensics Disadvantages of Computer Forensics Computer forensics labs and centers in India Conclusion
  3. 3. THE FIELD OF COMPUTER FORENSICS What is Computer Forensics?  Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis  Computer forensics is the process of identifying, preserving, and analyzing data and technical items for evidence that will be used in court
  4. 4. THE FIELD OF COMPUTER FORENSICS Used to obtain potential legal evidence  Evidence might be required for a wide range of computer crimes and misuses  Multiple methods of computer forensics are:  Discovering data on computer system  Recovering deleted, encrypted, or damaged file information  Monitoring live activity  Detecting violations of corporate policy  Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity 
  5. 5. THE FIELD OF COMPUTER FORENSICS  Example:- Recovering thousands of deleted emails  Performing investigation post employment termination  Recovering evidence post formatting hard drive 
  6. 6. HISTORY OF COMPUTER FORENSICS 1970s  First crimes cases involving computers, mainly financial fraud 1980’s  Financial investigators and courts realize that in some cases all the records and evidences were only on computers.  Norton Utilities, “Un-erase” tool created  Association of Certified Fraud Examiners began to seek training in what became computer forensics  SEARCH High Tech Crimes training created  Regular classes began to be taught to Federal agents in California and at FLETC in Georgia  HTCIA formed in Southern California
  7. 7. HISTORY OF COMPUTER FORENSICS 1984  FBI Magnetic Media Program created... this later becomes the Computer Analysis and Response Team (CART) 1993  First International Conference on Computer Evidence held 1995  International Organization on Computer Evidence (IOCE) formed
  8. 8. HISTORY OF COMPUTER FORENSICS 1997  The G8 countries declared that "Law enforcement personnel must be trained and equipped to address high-tech crimes" in the Moscow 1998  In March G8 appointed IICE to create international principles for the procedures relating to digital evidence 1998  INTERPOL Forensic Science Symposium
  9. 9. HISTORY OF COMPUTER FORENSICS 1999  FBI CART case load exceeds 2000 cases,  examining 17 terabytes of data 2000  First FBI Regional Computer Forensic Laboratory established 2003  FBI CART case load exceeds 6500 cases,  examining 782 terabytes of data
  10. 10. STEPS OF COMPUTER FORENSICS  According to many professionals, Computer Forensics is a four (4) step process  Acquisition  Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices  Identification  This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites
  11. 11. STEPS OF COMPUTER FORENSICS  Evaluation  Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court  Presentation  This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence as determined by United States and internal laws
  12. 12. CERTIFICATION FOR COMPUTER INVESTIGATIVE SPECIALISTS CEECS (Certified Electronic Evidence Collection Specialist Certification)  Awarded to individuals who complete the CEECS regional certification course  Also awarded to individuals in the Certified Forensic Computer Examiner course that successfully pass the written test
  13. 13. CERTIFICATION FOR FORENSIC COMPUTER EXAMINER Internal Certification Training Program  Must successfully complete two week training course offered by IACIS and correspondence proficiency problems External Certification Testing Process Not a training course  Testing process Active Law Enforcement Individuals qualified for IACIS membership  Recertification  Every three years must complete recertification process Must be in good standing with IACIS Complete proficiency test
  14. 14. A COMPUTER FORENSIC SPECIALIST PROMISES TO:      Do not delete, damage or alter any evidence Protect the computer and files against a virus Handle all evidence properly to prevent any future damage Keep a log of all work done and by whom Keep any Client-Attorney information that is gained confidential
  15. 15. COMPUTER FORENSIC REQUIREMENTS   Hardware  Familiarity with all internal and external devices/components of a computer  Thorough understanding of hard drives and settings  Understanding motherboards and the various chipsets used  Power connections  Memory BIOS  Understanding how the BIOS works  Familiarity with the various settings and limitations of the BIOS
  16. 16. COMPUTER FORENSIC REQUIREMENTS  Operation Systems Windows 3.1/95/98/ME/NT/2000/2003/XP  DOS  UNIX  LINUX    Software  Familiarity with most popular software packages such as MS Office Forensic Tools  Familiarity with computer forensic techniques and the software packages that could be used
  17. 17. COLLECTING EVIDENCE  Make Exact copies of all hard drives & disks using computer software   Protect the Computer system   Date and Time stamped on each file; used for timeline Avoid deletion, damage, viruses and corruption Discover files      Normal Files Deleted Files Password Protected Files Hidden Files Encrypted Files     Reveal all contents of hidden files used by application and operating system Access contents of password protected files if legally able to do so Analyze data Print out analysis     Computer System All Files and data Overall opinion Provide expert consultation/testimony
  18. 18. USES OF COMPUTER FORENSICS  Criminal Prosecutors   Civil Litigations   Rely on evidence obtained from a computer to prosecute suspects and use as evidence Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases Insurance Companies  Evidence discovered on computer can be used to mollify costs (fraud, worker’s compensation, arson, etc)
  19. 19. USES OF COMPUTER FORENSICS  Private Corporations   Law Enforcement Officials   Obtained evidence from employee computers can be used as evidence in harassment, fraud, and embezzlement cases Rely on computer forensics to backup search warrants and post-seizure handling Individual/Private Citizens  Obtain the services of professional computer forensic specialists to support claims of harassment, abuse, or wrongful termination from employment
  20. 20. ADVANTAGES OF COMPUTER FORENSICS Ability to search through a massive amount of data  Quickly  Thoroughly  In any language
  21. 21. DISADVANTAGES OF COMPUTER FORENSICS  Digital evidence accepted into court    must prove that there is no tampering all evidence must be fully accounted for computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures
  22. 22. DISADVANTAGES OF COMPUTER FORENSICS  Costs  producing electronic records & preserving them is extremely costly , Presents the potential for exposing privileged documents  Legal practitioners must have extensive computer knowledge 
  23. 23. COMPUTER FORENSICS LABS AND CENTERS IN INDIA 1. 2. 3. 4. 5. 6. 7. cyber college, Dehradun Secure India (A Group of Cyber Security Specialists), Muzaffarnagar, Uttar Pradesh E2Labs Research & Development Center, Hyderabad, Andhra Pradesh Agape Inc, Nagpur, Maharashtra Appin Technology Lab, Hyderabad, Andhra Pradesh Shoeb Online, Mumbai, Maharashtra, New Delhi 8. I.TECH COMPUTERS - DATA FORENSICS & DATA RECOVERY, Mumbai 9. Indiaforensic Center of Studies , Pune Focus Forensics Technology Private Limited,Delhi 10.
  24. 24. CONCLUSION With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.
  25. 25. REFERENCES icServices.htm  Computer Forensics, Inc.   
  26. 26. QUERY ?