This document discusses best practices for collecting, preserving, and analyzing digital evidence. It covers topics such as data recovery, backup solutions, hidden data recovery techniques, evidence collection methods, and standards for ensuring digital evidence is authenticated and verified. The goal is to extract useful information from seized devices and recovered data in a way that can be used in a court of law to identify attackers and reconstruct security incidents.
What is digital evidence? , sources of digital evidence, types of digital evidence, the procedure for collecting digital evidence, records, digital vs physical evidence, controlling contamination.
What is digital evidence? , sources of digital evidence, types of digital evidence, the procedure for collecting digital evidence, records, digital vs physical evidence, controlling contamination.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
Search & Seizure of Electronic Evidence by Pelorus Technologiesurjarathi
Pelorus shares a presentation on search & seizure of electronic evidence Digital evidence is any digital information which is received from computers, audio files, video recordings, digital images etc. The evidence obtained is essential in computer and cyber crimes. For more information on search & seizure of electronic evidence visit our website.
Incident Response Methodology is one of the popular process to investigate the incident which is unlawful, unauthorized or unacceptable action on computer system or computer network.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
Search & Seizure of Electronic Evidence by Pelorus Technologiesurjarathi
Pelorus shares a presentation on search & seizure of electronic evidence Digital evidence is any digital information which is received from computers, audio files, video recordings, digital images etc. The evidence obtained is essential in computer and cyber crimes. For more information on search & seizure of electronic evidence visit our website.
Incident Response Methodology is one of the popular process to investigate the incident which is unlawful, unauthorized or unacceptable action on computer system or computer network.
Forensics analysis and validation: Determining what data to collect and analyze, validating forensic data, addressing data-hiding techniques, performing remote acquisitions Network Forensics: Network forensics overview, performing live acquisitions, developing standard procedures for network forensics, using network tools, examining the honeynet project.
Encryption: Who, What, When, Where, and Why It's Not a PanaceaResilient Systems
Encryption is a crucial and powerful tool in any organization's data protection / privacy arsenal. But to be effective, it must be applied properly. And even then it's not a silver bullet, including from a privacy breach disclosure perspective.
This webinar will discuss:
- Encryption vs. hashing: what is it, and when might you want to use one over the other?
- Practical considerations: implementation options and their merits
- Legal considerations: encryption requirements, benefits and restrictions
- Legal limitations: situations in which encryption is not enough
Our featured speakers for this webinar will be:
- Suhna Pierce, Associate, Morrison Foerster
- Gant Redmon, Esq. CIPP/US, General Counsel & VP of Business Development, Co3 Systems
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
Fundamentals of Cyber Forensics and Investigations along with tools and technology used in Digital Forensics to solve the cases. Explained procedure of Cyber Forensics and investigation.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
2. Data Recovery
• What is Data Recovery?
• Role of Backup in Data Recovery
• Data Recovery Solution
• Hiding and Recovering Hidden Data
3. What is Data Recovery
• Usually data recovery means that data that is lost is
recovered – e.g., when a system crashes some data
may be lost, with appropriate recovery procedures
the data is recovered
• In digital forensics, data recovery is about extracting
the data from seized computers (hard drives, disks
etc.) for analysis
4. Role of Backup in Data Recovery
• Databases/files are backed up periodically (daily, weekly,
hourly etc.) so that if system crashes the databases/files can
be recovered to the previous consistent state
• Challenge to backup petabyte sized databases/files
• Obstacles for backing up
– Backup window, network bandwidth, system throughout
• Current trends
– Storage cost decreasing, systems have to be online 24x7
• Next generation solutions
– Multiple backup servers, optimizing storage space
5. Data Recovery/Backup Solution
• Develop a plan/policy for backup and recovery
• Develop/Hire/Outsource the appropriate expertise
• Develop a system design for backup/recovery
– Three tier architectures, caches, backup servers
• Examine state of the art backup/recovery products
and tools
• Implement the backup plan according to the policy
and design
6. Recover Hidden Data
• Hidden data
– Files may be deleted, but until they are overwritten, the
data may remain
– Data stored in diskettes and stored insider another disk
• Need to get all the pieces and complete the puzzle
• Analysis techniques (including statistical reasoning)
techniques are being used to recover hidden data
and complete the puzzle
7. Evidence Collection and Data Seizure
• What is Evidence Collection
• Types of Evidence
• Rules of Evidence
• Volatile Evidence
• Methods of Collection
• Steps to Collection
• Controlling Contamination
8. What is Evidence Collection
• Collecting information from the data recovered for further
analysis
• Need to collect evidence so that the attacker can be found
and future attacks can be prevented and/or limited
• Collect evidence for analysis or monitor the intruder
• Obstacles
– Difficult to extract patterns or useful information from the recovered
data
– Difficult to tie the extracted information to a person
9. Types of Evidence
• Testimonial Evidence
– Evidence supplied by a witness; subject to the perceived
reliability of the witness
– Word processor documents written by a witness as long as
the author states that he wrote it
• Hearsay
– Evidence presented by a person who is not a direct
witness
– Word processor documents written by someone without
direct knowledge of the incident
10. Rules of Evidence
• Admissible
– Evidence must be able to be used in court
• Authentic
– Tie the evidence positively to an incident
• Complete
– Evidence that can cover all perspectives
• Reliable
– There should be no doubt that proper procedures were used
• Believable
– Understandable and believable to a jury
11. Additional considerations
• Minimize handling and corruption of original data
• Account for any changes and keep detailed logs
• Comply with the 5 basic rules
• Do not exceed your knowledge – need to understand what
you are doing
• Follow the security policy established
• Work fast / however need to be accurate
• Proceed from volatile to persistent evidence
• Do not shut down the machine before collecting evidence
• Do not run programs on the affected machine
12. Volatile Evidence
• Types
– Cached data
– Routing tables
– Process table
– Kernel statistics
– Main memory
• What to do next
– Collect the volatile data and store in a permanent storage
device
13. Methods of Collection
• Freezing the scene
– Taking a snapshot of the system and its
compromised state
– Recover data, extract information, analyze
• Honeypotting
– Create a replica system and attract the attacker
for further monitoring
14. Steps to Collection
• Find the evidence; where is it stored
• Find relevant data - recovery
• Create order of volatility
• Remove external avenues of change; no
tampering
• Collect evidence – use tools
• Good documentation of all the actions
15. Controlling Contamination
• Once the data is collected it should not be contaminated,
must be stored in a secure place, encryption techniques
• Maintain a chain of custody, who owns the data, data
provenance techniques
• Analyze the evidence
– Use analysis tools to determine what happened
• Analyze the log files and determine the timeline
• Analyze backups using a dedicated host
• Reconstruct the attack from all the information collected
16. Duplication and Preservation of
Evidence
• Preserving the Digital Crime Scene
– First task is to make a compete bit stream backup of all computer data
before review or process
– Bit stream backups (also referred to as mirror image backups) involve
the backup of all areas of a computer hard disk drive or another type
of storage media, e.g., Zip disks, floppy disks, Jazz disks, etc. Such
backups exactly replicate all sectors on a given storage device. Thus,
all files and ambient data storage areas are copied. Bit stream backups
are sometimes also referred to as 'evidence grade' backups and they
differ substantially from traditional computer file backups and
network server backups.
– http://www.forensics-intl.com/def2.html
• Make sure that the legal requirements are met and proper procedures are
followed
17. Digital Evidence Process Model
• The U.S. Department of Justice published a process model in the
Electronic Crime Scene Investigation: A guide to first responders that
consists of four phases: -
• 1. Collection; which involves the evidence search, evidence recognition,
evidence collection and documentation.
• 2. Examination; this is designed to facilitate the visibility of evidence,
while explaining its origin and significance. It involves revealing hidden
and obscured information and the relevant documentation.
• 3. Analysis; this looks at the product of the examination for its significance
and probative value to the case.
• 4. Reporting; this entails writing a report outlining the examination
process and pertinent data recovered from the overall investigation.
18. Standards for Digital Evidence
• The Scientific Working Group on Digital Evidence (SWGDE) was established in
February 1998 through a collaborative effort of the Federal Crime Laboratory
Directors. SWGDE, as the U.S.-based component of standardization efforts
conducted by the International Organization on Computer Evidence (IOCE), was
charged with the development of cross-disciplinary guidelines and standards for
the recovery, preservation, and examination of digital evidence, including audio,
imaging, and electronic devices.
• The following document was drafted by SWGDE and presented at the
International Hi-Tech Crime and Forensics Conference (IHCFC) held in London,
United Kingdom, October 4-7, 1999. It proposes the establishment of standards
for the exchange of digital evidence between sovereign nations and is intended to
elicit constructive discussion regarding digital evidence. This document has been
adopted as the draft standard for U.S. law enforcement agencies.
• http://www.fbi.gov/hq/lab/fsc/backissu/april2000/swgde.htm
19. Verifying Digital Evidence
• Encryption techniques
– Public/Private key encryption
– Certification Authorities
– Digital ID/Credentials
• Owner signs document with his private key, the Receiver
decrypts the document with the owner’s public key
• Owner signs document with the receiver’s public key,
Receiver decrypts the document with his private key
• Standards for Encryption
– Export/Import laws
20. Conclusion
• Data must be backed up using appropriate policies,
procedures and technologies
• Once a crime ahs occurred data ahs to be recovered from the
various disks and commuters
• Data that is recovered has to be analyzed to extract evidence
• Evidence has to analyzed to determine what happened
• Use log files and documentations to establish the timeline
• Reconstruct the attack
21. Conclusion
• Standards and processes have to be set in place for
representing, preserving, duplicating, verifying,
validating certifying and accrediting digital evidence
• Numerous techniques are out there; need to
determine which ones are useful for the particular
evidence at hand
• Need to make it a scientific discipline