Computer forensics is the science of investigating digital devices and media for legal evidence. It began in the late 1980s with the creation of organizations like IACIS. Investigators use methods to detect and recover hidden, deleted, or encrypted data through techniques like disk analysis, steganalysis, and data carving. They must have expertise in operating systems, file systems, data storage, and encryption to properly handle electronic evidence for criminal and civil cases. While computer forensics allows thorough searches and analysis of large amounts of data, it also faces challenges such as ensuring evidence integrity and overcoming costs.

1. COMPUTER FORENSICS By : Ch. Rekha Priyanka (08Q61A0515)

2. Introduction: Computer Forensics is a branch of Digital forensic science that deals with investigating and analyzing legal evidence found in computers and digital media. This applies to: Computer systems Hard disks CDs Electronic documents (ex: email messages, JPEG images, etc.)

3. HISTORY OF COMPUTER FORENSICS : Michael Anderson “ Father of computer forensics” special agent with IRS Meeting in 1988 (Portland, Oregon) creation of IACIS, the International Association of Computer Investigative Specialists the first Seized Computer Evidence Recovery Specialists (SCERS) classes held

4. WORKING PROCESS : Methods of hiding Data : To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: Steganography and marking. Steganography: The art of storing information in such a way that the existence of the information is hidden. Watermarking: Hiding data within data.

5. Hard Drive/File System manipulation: WORKING PROCESS : Method of Hiding Data Slack Space Partition waste space Hidden drive Space Bad sectors Extra Tracks Change file names and extensions

6. Methods Of Detecting/Recovering Data : Steganalysis - the art of detecting and decoding hidden data. Steganalysis Methods - Detection Human Observation. Software Analysis. Disk Analysis. RAM Slack. Firewall/Router Filters. Statistical Analysis. Frequent Scanning.

7. Methods Of Detecting/Recovering Data : Steganalysis Methods – Recovery – Recovery of watermarked data is extremely hard. • Currently, there are very few methods to recover hidden, encrypted data. – Data hidden on disk is much easier to find. Once found, if unencrypted, it is already recovered – Deleted data can be reconstructed (even on hard drives that have been magnetically wiped) – Check swap files for passwords and encryption keys which are stored in the clear (unencrypted) – Software Tools • Scan for and reconstruct deleted data • Break encryption • Destroy hidden information (overwrite)

8. TECHNICAL APPLICATIONS : Understanding of storage technology operating system features Windows Linux Unix Mac OS file systems

9. Knowledge of Slack space Host Protected Area (HPA) Device Configuration Overlay (DCO) Disk imaging Data recovery Total data deletion Handling encryption TECHNICAL APPLICATIONS :

10. How Computer Forensics are Used ? Criminal Prosecutors Civil Litigations Insurance Companies Large Corporations Law Enforcement Any Individual

11. ADVANTAGES OF COMPUTER FORENSICS : Ability to search through a massive amount of data Quickly Thoroughly In any language

12. DISADVANTAGES OF COMPUTER FORENSICS : Digital evidence accepted into court: must prove that there is no tampering all evidence must be fully accounted for computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures

13. DISADVANTAGES OF COMPUTER FORENSICS : Costs producing electronic records & preserving them is extremely costly. Sattar vs. Motorola Inc Presents the potential for exposing privileged documents. Legal practitioners must have extensive computer knowledge.

14. CONCLUSION : With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.

15. Bibliography : All State Investigations, Inc. January 2005 http://www.allstateinvestigation.com/ComputerForensicServices.htm Computer Forensics, Inc. http://www.forensics.com/ Computer Forensic Services, LLC. January 2005. http://www.computer-forensic.com/index.html International Association of Computer Investigative Specialists. January 2005. http://www.cops.org/ Middlesex County Computer Technology. January 2005. http://www.respond.com/countyguides/1800000002/NJ/023 Virtue, Emily. “Computer Forensics: Implications for Litigation and Dispute Resolutions.” April 2003. http://ncf.canberra.edu.au/publications/emilyvirtue1.pdf

16. QUERIES

17. THANK 'Q' !