The document outlines the field of computer forensics, which involves the investigation and analysis of digital evidence to support legal proceedings. It covers its history, timeline, the need for computer forensics, types of digital crimes, the methodology employed by forensic experts, and rules for evidence collection. Additionally, it discusses various forensic tools used in the field and highlights an example of a high-profile case solved through computer forensics.

1. COMPUTER FORENSICS
A Paper Presentation

2. INTRODUCTION
• Computer forensics is a branch of Forensic Science
that uses investigation and analysis techniques to
find and determine legal evidence found in
computer and digital storage mediums.
• The core goals of it are: (1) Preservation
(2)Identification
(3)Extraction
(4)Documentation
(5)Interpretation

3. • Computer Forensics is referred to as computer
forensics analysis, electronic and data discovery.
• Computer Analysis and Computer Examination
is the process of methodically examining
electronic media (Hard disks, Disk tapes, Floppy
disks, etc.) for evidence.

4. HISTORY
• The field of Computer Forensics began in 1980’s
after personal computers became a viable option
for the consumer.
• In 1984, an FBI program was created. For a time
it was known as magnet media program.
• It is now known as Computer Analysis and
Response Team (CART).
• Michael Anderson, the father of Computer
Forensics, began to work on it.

5. TIMELINE OF COMPUTER FORENSICS
• 1995- International Organization on Computer
Evidence (IOCE) was formed.
• 1997- The G8 countries declared that “Law
Enforcement personnel must be trained and
equipped to address hi-tech crimes”.
• 1998- INTERPOL Forensic Science symposium
was held.
• 1999- FBI CART case load exceeds 2000 cases
examining, 17 terabytes of data.

6. • 2000- First FBI Regional Computer Forensic
Laboratory established.
• 2003- FBI CART case load exceeds 6500 cases,
examining 782 terabytes of data.

7. NEED FOR COMPUTER FORENSICS
• The main purpose of it is mainly due to the wide
variety of computer crimes that take place in
recent times.
• The loss caused depends upon the sensitivity of
computer data or the information for which the
crime has been committed.
• An efficient backup of data is required especially
which is stored in a single system.
• The main objective of computer forensics
is to produce evidence in the court that leads to
the punishment of the actual.

8. TYPES OF DIGITAL CRIMES
Breach of Computer Security
Fraud/Theft
Copyright Violation
Identity Theft
Burglary
Suicide
Obscenity

9. HOW DO FORENSIC EXPERTS WORK?
Each forensic expert follows the following steps
when they are going to handle a case:
• Make an initial assessment about the type of
case that is going to be investigated
• Determine a preliminary design or approach to
the case
• Determine the reasons needed
• Obtain a copy of disk drive

10. • Identify and minimize or avoid the risks
• Investigate the data that is recovered
• Complete the case report

11. RULES OF EVIDENCE
There are basically five rules to be followed by the
experts to follow while collecting evidence:
Admissible: Admissible stands for that the
evidence must be usable. If the evidence is not
usable, then it is considered not present.
Authentic: The expert must be able to explain
that the evidence is related to the incident in a
relevant manner.

12. Complete: The evidence collected must show
every perspective of the evidence. If it shows the
possible attacker’s involvement, it must be able
prove his/her innocence.
Reliable: The evidence collection must be
authentic and it must not cast doubt on it’s
reliability.
 Believable: The evidence presented must be
understandable and believable to the jury.

13. FORENSIC TOOLS
• The forensic tools are the software and hardware
used for gathering data from the media storage
devices of the computer that is believed to be
used to commit any crime.

14. BASIC TOOLS
Some of the basic and commonly used computer
forensic tools are:
Registry Recon: It extracts registry information
from a piece of evidence (disk image etc.) whether
that information was active, backed up to deleted
and rebuild all the registries represented by the
extracted information.

16. SANS Investigative Tool kit: It is pre-
configured with all the tools to perform a
detailed forensic examination. The new Ubuntu
base with additional tools like replaying of
entire computer activity in detail.

17. OTHER TYPES OF FORENSIC TOOLS
Forensic tools are divided into various categories
based on their specialization:
Memory Forensic Tools
Mobile Device Tools
Network Forensic Tools
Database Forensic Tools

18. MEMORY FORENSIC TOOLS
Memory forensic tools are used to acquire and
analyze a computers volatile memory.
Some of them are:
CMAT: Compile Memory Analysis Tool is a self-
contained memory analysis tool that analyses
Windows OS memory and extracts information
about running processes.

20. Memoryze: This tool can acquire live memory
images and analyze memory dumps. It is
inclusive of Microsoft Windows.

21. MOBILE DEVICE FORENSIC TOOLS
Mobile forensic tool tend to have hardware and
software components.
Cellebrite Mobile Forensics: It is a
Universal Forensic extraction device which is
both hardware and software. It is used to gather
evidence from mobile devices and mobile media
cards, Sims and GPS devices.

23. MicroSystemation XRY: XRY is a digital
forensic product by MicroSystemation used to
recover information from mobile phones, smart
phones, GPS, navigation tools and Tablets
computers.

24. NETWORK FORENSIC TOOLS
Network forensic tools are designed to capture
and analyze network packets either from LAN or
Internet.
Wire Shark: It captures and analyzes packets.
In short, it’s a protocol analyzer.

26. TCP flow: It is a TCP/IP session reassembles.
It records the TCP flow and stores the data such
that it is convenient for protocol analysis.

27. DATABASE FORENSIC TOOLS
Database forensic tools is related to the
investigations applied on database and
metadata.
HashKeeper: It uses an algorithm to establish
unique numeric identifiers (hash values) for files
known to be good or bad. It was developed to
reduce the amount of time required to examine
files on digital media.

29. Arbutus: Arbutus data tool is a window based
analysis and conversion tool that fraud
investigators use to analyze server or mainframe
data.

30. APPLICATIONS
• Uncover evidences of illegal activities such as credit
card fraud, intellectual property theft etc.
• Investigate and find for crimes that were not directly
committed via computer but for which the accused
might have stored evidence on computer data
storage devices.
• Detect and close computer system security holes
through ‘legal hacking’.
• Tracking the activities of terrorists by using
Internet.

31. A HIGH-PROFILE CASE SOLVED!!!
MICHEAL JACKSON’S ACCIDENTAL DEATH MYSTERY WAS
SOLVED BECAUSE OF COMPUTER FORENSICS.
IT WAS FOUND OUT THAT IT WAS DUE TO A HIGH DOSAGE OF
PROPOFOL (a sedative).

32. DR. CONRAD MURRAY( Michael Jackson’s personal physician)
WAS ARRESTED FOR ‘INVOLUNTARY MANSLAUGHTER’.
CRUCIAL EVIDENCE WAS GATHERED FROM HIS SEIZED
LAPTOP BY THE FORENSIC EXPERTS WHICH PROVED THAT
HE DID GIVE MICHAEL A HIGH DOSE OF PROPOFOL.
HE IS CURRENTLY SERVING A 4 YEAR SENTENCE .

33. CONCLUSION
• Cyber crimes are increasing in number day to
day.
• The Forensic Department has been efficiently
delivering it’s duties by controlling the crime
rate on the digital side.
• Almost in all cases the persons involved have
been found out.
• On the other hand, it is the duty of judiciary to
resolve any disputes and punish the accused.

34. THANK YOU