computer forensics: consists of history, their need, types of crime, how experts work, rules of evidence, forensic tools, tools based on different categories.
extremely detailed ppt, consists of information difficult to find. very useful for paper presentation competitions.
What is digital evidence? , sources of digital evidence, types of digital evidence, the procedure for collecting digital evidence, records, digital vs physical evidence, controlling contamination.
Cyber crime is an activity done using computers and internet.
Cyber forensics is the science of collecting, examining, analyzing and reporting electronic evidence.
What is digital evidence? , sources of digital evidence, types of digital evidence, the procedure for collecting digital evidence, records, digital vs physical evidence, controlling contamination.
Cyber crime is an activity done using computers and internet.
Cyber forensics is the science of collecting, examining, analyzing and reporting electronic evidence.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
A Pilot study on issues and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence
Presentation on Investigating Emails to detect their spam free nature. Emails are a way to harm others or a social engineering way to fulfill wrong motives by some people. Awareness about the Forensics behind Email will give people an edge to protect themselves from fraud crimes.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
A Pilot study on issues and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence
Presentation on Investigating Emails to detect their spam free nature. Emails are a way to harm others or a social engineering way to fulfill wrong motives by some people. Awareness about the Forensics behind Email will give people an edge to protect themselves from fraud crimes.
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
Download DOC word file from below Links:
Link 1 :http://gestyy.com/eiT4WO
Link 2: http://fumacrom.com/RQUm
Disclaimer: Above doc file is only for education purpose only
Process of Digital forensics
Identification
Preservation
Analysis
4. Presentation and Reporting:
5. Disseminating the case:
What is acquisition in digital forensics?
How to handle data acquisition in digital forensics
Types of Digital Forensics
Disk Forensics
Network Forensics
Wireless Forensics
Database Forensics
This presentation tell us about how computer forensic help to find criminals. What strategy is used by forensic specialist for finding a clue. How computer forensic play an important role in case study.
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
Lecture 09 - Memory Forensics.pdf
L E C T U R E 9
B Y : D R . I B R A H I M B A G G I L I
Memory Forensic Analysis
P A R T 1
RAM overview
Volatility overview
http://www.bsatroop780.org/skills/images/ComputerMemory.gif
Understanding RAM
• Two main types of RAM
– Static
• Not refreshed
• Is still volatile
– Dynamic
• Modern computers
• Made up of a collection of cells
• Each cell contains a transistor and a capacitor
• Capacitors charge and discharge (1 and zeros)
• Periodically refreshed
RAM logical organization
• Programs run on computers
• Programs are made up of processes
– Processes are a set of resources used when executing an
instance of a program
– Processes do not generally access the physical memory directly
– Each process has a �virtual memory space�
• Allows operating system to stay in control of allocating memory
– Virtual memory space is made up of
• Pages (default size 4K)
• References (used to map virtual address to physical address)
• May also have a reference to data on the disk (Page file) – used to
free up RAM memory
RAM logical organization
! Each process is represented by an EPROCESS Block:
Normal memory
• Each process is represented by an _EPROCESS block.
• Contained within each _EPROCESS block is both a pointer to the next process
(fLink – Forward Link) and a pointer to the previous process (bLink – Back Link).
• When OS is operating, the _EPROCESS blocks and their pointers come
together to resemble a chain, which is known as a doubly-linked list.
• Chain is stored in kernel memory and is updated every time a process is
launched or terminated.
• Windows API walks this list from head to tail when enumerating processes via
Task Manager, for example.
Not so normal
• Hides processes from windows API
• Known as Direct Kernel Object Manipulation (DKOM)
• Involves manipulating the list of _EPROCESS blocks to �unlink� a
given process from the list
• By changing the forward link of process 1 to point to the third process,
and changing the �bLink� of process 3 to point to process 1, the
attacker�s process is no longer part of the list of _EPROCESS blocks.
• Since the Windows API uses this list to enumerate processes, the
malicious process will be hidden from the user but still able to operate
normally.
P A R T 2
Introduction to Memory
forensics
Before & Now
! Traditionally
! We have always been told to �pull the plug� on a live system
! This is done so that the reliability of the digital evidence is not
questioned
! Now
! People are considering live memory forensics
" Data relevant to the investigation may lie in memory
" Whole Disk Encryption….
Challenges in traditional method
• High volume of data (Aldestein, 2006)
– Increases the time in an investigation
– Increases storage capacity needed for forensic images
– Number of machines that could be included in th ...
antivirus software: consists of history, identification methods, popular anti viruses in the market, pros and issues of it.
Extremely basic ppt- can be used for college presentations & competitions- doesnt have enough info to be the winner, but certainly useful. :)
ppt consists of history, generations of firewalls, types, architectures, advantages & disadvantages.
very basic ppt- can be used for college & paper presentation seminars.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. INTRODUCTION
• Computer forensics is a branch of Forensic Science
that uses investigation and analysis techniques to
find and determine legal evidence found in
computer and digital storage mediums.
• The core goals of it are: (1) Preservation
(2)Identification
(3)Extraction
(4)Documentation
(5)Interpretation
3. • Computer Forensics is referred to as computer
forensics analysis, electronic and data discovery.
• Computer Analysis and Computer Examination
is the process of methodically examining
electronic media (Hard disks, Disk tapes, Floppy
disks, etc.) for evidence.
4. HISTORY
• The field of Computer Forensics began in 1980’s
after personal computers became a viable option
for the consumer.
• In 1984, an FBI program was created. For a time
it was known as magnet media program.
• It is now known as Computer Analysis and
Response Team (CART).
• Michael Anderson, the father of Computer
Forensics, began to work on it.
5. TIMELINE OF COMPUTER FORENSICS
• 1995- International Organization on Computer
Evidence (IOCE) was formed.
• 1997- The G8 countries declared that “Law
Enforcement personnel must be trained and
equipped to address hi-tech crimes”.
• 1998- INTERPOL Forensic Science symposium
was held.
• 1999- FBI CART case load exceeds 2000 cases
examining, 17 terabytes of data.
6. • 2000- First FBI Regional Computer Forensic
Laboratory established.
• 2003- FBI CART case load exceeds 6500 cases,
examining 782 terabytes of data.
7. NEED FOR COMPUTER FORENSICS
• The main purpose of it is mainly due to the wide
variety of computer crimes that take place in
recent times.
• The loss caused depends upon the sensitivity of
computer data or the information for which the
crime has been committed.
• An efficient backup of data is required especially
which is stored in a single system.
• The main objective of computer forensics
is to produce evidence in the court that leads to
the punishment of the actual.
8. TYPES OF DIGITAL CRIMES
Breach of Computer Security
Fraud/Theft
Copyright Violation
Identity Theft
Burglary
Suicide
Obscenity
9. HOW DO FORENSIC EXPERTS WORK?
Each forensic expert follows the following steps
when they are going to handle a case:
• Make an initial assessment about the type of
case that is going to be investigated
• Determine a preliminary design or approach to
the case
• Determine the reasons needed
• Obtain a copy of disk drive
10. • Identify and minimize or avoid the risks
• Investigate the data that is recovered
• Complete the case report
11. RULES OF EVIDENCE
There are basically five rules to be followed by the
experts to follow while collecting evidence:
Admissible: Admissible stands for that the
evidence must be usable. If the evidence is not
usable, then it is considered not present.
Authentic: The expert must be able to explain
that the evidence is related to the incident in a
relevant manner.
12. Complete: The evidence collected must show
every perspective of the evidence. If it shows the
possible attacker’s involvement, it must be able
prove his/her innocence.
Reliable: The evidence collection must be
authentic and it must not cast doubt on it’s
reliability.
Believable: The evidence presented must be
understandable and believable to the jury.
13. FORENSIC TOOLS
• The forensic tools are the software and hardware
used for gathering data from the media storage
devices of the computer that is believed to be
used to commit any crime.
14. BASIC TOOLS
Some of the basic and commonly used computer
forensic tools are:
Registry Recon: It extracts registry information
from a piece of evidence (disk image etc.) whether
that information was active, backed up to deleted
and rebuild all the registries represented by the
extracted information.
15.
16. SANS Investigative Tool kit: It is pre-
configured with all the tools to perform a
detailed forensic examination. The new Ubuntu
base with additional tools like replaying of
entire computer activity in detail.
17. OTHER TYPES OF FORENSIC TOOLS
Forensic tools are divided into various categories
based on their specialization:
Memory Forensic Tools
Mobile Device Tools
Network Forensic Tools
Database Forensic Tools
18. MEMORY FORENSIC TOOLS
Memory forensic tools are used to acquire and
analyze a computers volatile memory.
Some of them are:
CMAT: Compile Memory Analysis Tool is a self-
contained memory analysis tool that analyses
Windows OS memory and extracts information
about running processes.
19.
20. Memoryze: This tool can acquire live memory
images and analyze memory dumps. It is
inclusive of Microsoft Windows.
21. MOBILE DEVICE FORENSIC TOOLS
Mobile forensic tool tend to have hardware and
software components.
Cellebrite Mobile Forensics: It is a
Universal Forensic extraction device which is
both hardware and software. It is used to gather
evidence from mobile devices and mobile media
cards, Sims and GPS devices.
22.
23. MicroSystemation XRY: XRY is a digital
forensic product by MicroSystemation used to
recover information from mobile phones, smart
phones, GPS, navigation tools and Tablets
computers.
24. NETWORK FORENSIC TOOLS
Network forensic tools are designed to capture
and analyze network packets either from LAN or
Internet.
Wire Shark: It captures and analyzes packets.
In short, it’s a protocol analyzer.
25.
26. TCP flow: It is a TCP/IP session reassembles.
It records the TCP flow and stores the data such
that it is convenient for protocol analysis.
27. DATABASE FORENSIC TOOLS
Database forensic tools is related to the
investigations applied on database and
metadata.
HashKeeper: It uses an algorithm to establish
unique numeric identifiers (hash values) for files
known to be good or bad. It was developed to
reduce the amount of time required to examine
files on digital media.
28.
29. Arbutus: Arbutus data tool is a window based
analysis and conversion tool that fraud
investigators use to analyze server or mainframe
data.
30. APPLICATIONS
• Uncover evidences of illegal activities such as credit
card fraud, intellectual property theft etc.
• Investigate and find for crimes that were not directly
committed via computer but for which the accused
might have stored evidence on computer data
storage devices.
• Detect and close computer system security holes
through ‘legal hacking’.
• Tracking the activities of terrorists by using
Internet.
31. A HIGH-PROFILE CASE SOLVED!!!
MICHEAL JACKSON’S ACCIDENTAL DEATH MYSTERY WAS
SOLVED BECAUSE OF COMPUTER FORENSICS.
IT WAS FOUND OUT THAT IT WAS DUE TO A HIGH DOSAGE OF
PROPOFOL (a sedative).
32. DR. CONRAD MURRAY( Michael Jackson’s personal physician)
WAS ARRESTED FOR ‘INVOLUNTARY MANSLAUGHTER’.
CRUCIAL EVIDENCE WAS GATHERED FROM HIS SEIZED
LAPTOP BY THE FORENSIC EXPERTS WHICH PROVED THAT
HE DID GIVE MICHAEL A HIGH DOSE OF PROPOFOL.
HE IS CURRENTLY SERVING A 4 YEAR SENTENCE .
33. CONCLUSION
• Cyber crimes are increasing in number day to
day.
• The Forensic Department has been efficiently
delivering it’s duties by controlling the crime
rate on the digital side.
• Almost in all cases the persons involved have
been found out.
• On the other hand, it is the duty of judiciary to
resolve any disputes and punish the accused.