Downloaded 24 times
More Related Content
Similar to Computer forensic ppt
Computer forensic ppt
- 1. © AIR LAWACADEMY & RESEARCH CENTRE, NAGPUR 1
- 2. “Computer Forensic isthe process of identifying, preserving, analyzing and presenting the digital evidence in such a manner that the evidences are legally acceptable”. ANALYSIS ACQUISTION EVIDENCE REPORTING © AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 2
- 3. To findout the criminal which is directly or indirectly related to cyber world. To find out the digital evidence. Presenting evidences in a manner that legal action of the criminal. © AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 3
- 4. Employee internetabuse Unauthorized disclosure of corporate information. Industrial espionage Damage assessment Criminal fraud and deception cases © AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 4
- 5. Criminal Prosecutors:Rely on evidence obtained from a computer to prosecute suspects and use as evidence. Civil Litigations: Personal and business data discovered on a computer can be used in fraud, harassment, or discrimination cases. © AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 5
- 6. “Any data thatis recorded or preserved on any medium in or by a computer system or other similar devices, that can be read and understand by a person or a computer system or other similar devices”. © AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 6
- 7. Persistent Data:Data that remains unaffected when the computer is turned off. Example: Hard Drive and storage media. Volatile Data: Data that would be lost if the computer is turned off. Example: Deleted files, computer history, the computer’s registry, temporary files and web browsing history. © AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 7
- 8. Admissible- Mustbe able to be used in court or elsewhere. Authentic- Evidence must be relevant to the case. Complete- Must not lack any information. Reliable- No question about authenticity. Believable- Clear, easy to understand and believable by a court. IR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 8
- 9. Find theevidence, where it is stored. Find relevant data- recovery. Create order of volatility. Collect evidence- use tools. Good documentation of all the actions AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 9
- 10. Acquisition: Physicallyor remotely obtaining possession of the computer and external physical storage devices. Identification: This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites. AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 10
- 11. Evaluation: Evaluatingthe data recovered to determine if and how it could be used again the suspect for prosecution in court. Presentation: Presentation of evidence discovered in a manner which is understood by lawyers, no technically staff/management, and suitable as evidence as determined by laws. AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 11
- 12. Disk imagingsoftware Hashing tools File recovery programme Encryption decoding software Password cracking software AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 12
- 13. Proper knowledgeof computer. Strong computer science fundamentals. Strong system administrative skills. Knowledge of the latest forensic tools. © AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 13
- 14. Digital forensics helpto protect from and solve cases involving: Theft of intellectual property: This is related to any act that allow access to customer data and any confidential information. Financial Fraud: This is related to anything that uses fraudulent purchase of victims information to conduct fraudulent transactions. AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 14
- 15. Digital evidenceaccepted into court must prove that there is no tampering. Costs- Producing electronic records and preserving them is extremely costly. Legal practitioners must have extensive computer knowledge. IR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 15
- 16. © AIR LAWACADEMY & RESEARCH CENTRE, NAGPUR 16 THANK YOU