Computer Forensics
•
7 likes•1,007 views
Computer Forensics is the branch of digital forensics which deal with the evidence (data) obtained from computers to be produced in the court of law.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Computer Forensics
Similar to Computer Forensics (20)
Recently uploaded
Recently uploaded (20)
Computer Forensics
- 1. COMPUTER FORENSICS A Need of Modern Crimes -Daksh Verma
- 2. INTRODUCTION
- 3. O Computer Forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable. O Method used to investigate and analyze data maintained on or retrieved from electronic data storage media for the purposes of presentation in a court of law, civil or administrative proceeding.
- 4. Important Data Persistent Data Volatile Data O Data which is preserved when the computer is turned off. O Data stored on hard drives, external memory. O Data which is lost when the computer is turned off. O Data stored in registers, cache memory, RAM. Another categorization of data is Ambient Data and Active Data
- 5. NEED O To produce evidence in the court that can lead to punishment of the actual. O To ensure the integrity of the computer system. O To focus on the response to the hi-tech offences, started to intertwine.
- 6. ADVANTAGES O Catch the culprit or the criminal who is involved in the crime related to the computers. O To Organizations: Recovering lost data Advice on how to safeguard data from theft
- 7. CYBER CRIMES
- 8. O Cyber crimes occur when information technology is used to commit or conceal an offence. O “Digital Evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial.” O 2 Types: Persistent Data Volatile Data
- 9. Types of Cyber Crimes O Hacking O Theft O Cyber Stalking O Identity Theft O Malicious Software O Child soliciting and Abuse O Email-Spoofing O Copyright Violations
- 13. Characteristics of Digital Evidence O Admissible Must be able to be used in court O Authenticate Evidence relates to incident in relevant way O Complete Exculpatory evidence for alternate suspects O Reliable No question about authenticity and veracity O Believable Clear, easy to understand & believable by jury
- 14. Top Spots for Evidence O Temporary Files O File Slack O Unallocated Space O Internet History Files O E-mails O File Storage Dates O Settings, Folder Structures, File Names O Storage Devices
- 15. Popular Cases O BTK Serial Killer Evidence: File’s metadata on floppy disk O U.S. Navy Football Star Rape Case Evidence: IM keywords and HTML coding O Industrial Espionage Case Evidence: Stolen engineering drawings
- 16. THE PROCESS
- 17. ACQUISITION • Physically or remotely obtaining possession of computer, network mappings, external storage devices. IDENTIFICATION • Identifying what data could be recovered • Retrieving data using various tools EVALUATION • Evaluating how retrieved data can be used against the suspect. PRESENTATION • Presentation of evidence in a form understandable by non-technical persons.
- 18. Steps to Retrieve Evidence 1. Shut down the computer 2. Document the hardware configuration of the system 3. Transport the computer system to a secure location 4. Make bit stream backups of hard disks and storage devices 5. Mathematically authenticated data on all storage devices 6. Document the system date and time 7. Make a list of key search words
- 19. Steps to Retrieve Evidence 8. Evaluate the Windows swap file 9. Evaluate file slack 10. Evaluate unallocated space 11. Search files, file slack, unallocated space for key words 12. Document file names, date and time 13. Identify file, storage and program anomalies 14. Document your findings
- 20. TOOLS USED
- 21. GETFREE O Used to analyze Unallocated Space O Unallocated space contains the deleted files and the associated file slack O Automatically calculates the size of and captures the Unallocated space O Captures the contents of Windows swap file for analysis with other tools O Dos-based for speed and ease-of-use
- 22. GETSLACK O Used to analyze File Slack O Network logons and passwords or passwords used in file encryption can be found in file slack. O Calculates the size of and captures the File Slack O Dos-based for speed and ease-of-use
- 23. Forensic Graphics File Extractor O Automatically extract exact copies of graphics file images O Searches Windows Swap File and Unallocated Space for patterns of BMP, GIF and JPG file images O Reconstructs partial or complete image files in one highly accurate operation. The accuracy of this process is dependent upon the degree of fragmentation involved
- 24. APPLICATIONS O Financial Fraud Detection O Criminal Prosecution O Civil Litigation O Corporate Security Policy and Acceptable Use Violations
- 25. CONCLUSION O With increase in technology, cyber crimes increasing. O Computer forensics is a vital part of the computer security process. O As more knowledge is obtained about how crimes are committed with the use of computers, more forensic tools can be fine tuned to gather evidence more efficiently and combat the crime wave on technology.