This document provides an overview of computer forensics. It defines computer forensics as the process of identifying, collecting, and analyzing digital evidence in a way that is legally acceptable. The document then discusses the evolution of digital forensics over three phases: the ad-hoc phase from the 1970s-1980s when tools were lacking; the structured phase from the 1980s-1990s when basic tools and techniques were developed; and the enterprise phase from the 1990s onward as computer use increased exponentially. Finally, it notes that computer forensics is needed for criminal investigations, security investigations, domestic cases, and data/IP theft cases to produce legally acceptable evidence that can lead to punishment.

1. COMPUTER FORENSICS AND
INVESTIGATION
Module:1 Understand the importance of
computer forensics
Topic: Introduction to computer forensics
BY,
Neha Raju K
Assistant Professor
BCA-CloudTechnology and Information Security Management

2. Contents
• Overview
• Introduction
• Definition of Computer Forensics
• Evolution of Digital forensics
• Assignment
• Why do we need computer forensics?

3. Overview
➢The main objective is to find the
criminal which is directly or indirectly
related to cyber world.
➢To find out the digital evidences.
➢Presenting evidences in a manner that
leads to legal action of the criminal.

4. Introduction • Many people across the globe prefer using gadgets like
computers, laptops, smart phones, ipads, etc. for
communication and online transactions.
• Organizations use various security measures to protect
confidential data.
• In spite of the security measures taken, cyber-crime still
occurs and is growing day by day.
• Hence we use Computer Forensics to investigate digital
crimes such as hacking of information online via bank
accounts, credit cards, emails, social networking websites
etc.

5. What is computer
forensics?
➢Computer forensics is a technological practice to
identify, collect, analyse and report various forms
of digital evidences in such a manner that
evidences are legally acceptable.

6. Evolution of Digital
Forensics
➢The computer forensics domain began to evolve
more than 30 years ago when computers were
developed and were being used extensively for
data processing.
➢The US’s law enforcement and military
organizations were the first to use computer
forensics.
➢The development of computer forensics can be
divided into three phases.
1. Ad-hoc phase
2. Structured phase
3. Enterprise phase

7. 1.AD-HOC PHASE

8. ➢ In the beginning, there was a lack of structure, appropriate tools, written processes and
procedures.
➢ No clear goals were defined and there was a lack of legal framework.
TIMELINE
➢ 1970- First crime cases involving computers, mainly financial fraud.
➢ 1980’s-first financial investigators and courts to realize that evidence can be stored in various
digital media devices.
➢ Norton utilities developed an “un-erase” tool.
➢ ACFE was founded.
➢ HTCIA was formed in Southern California.

9. STRUCTURED PHASE

10. ➢Various first generation tools and techniques were developed and employed. But
most of them were quite complex.
➢The most important thing in this phase was the development and enabling of
the criminal legislation.
Timeline
➢1984- FBI Magnetic media program was created and become the computer
analysis and response team(CART)
➢1987-Access Data- Cyber Forensics company was formed.
➢1988-Founding of the International Association of computer investigative
Specialists(IACIS).
➢The first seized Computer Evidence Recovery Specialists (SCERS) training classes
were conducted.

11. • 1993- First International Conference on Computer Evidence was held.
• 1995-International Organization of Computer Evidence (IOCE) was formed.
• 1997-The G8 countries, in Moscow, declared that “Law enforcement personnel
must be trained and equipped to address high-tech crimes.
• 1998-In march,G8 appointed IICE to create international principles, guidelines
and procedures relating to digital evidence.
• 1998-INTERPOL Forensic Science Symposium.

12. 3. ENTERPRISE PHASE
➢1999-FBI CART case load exceeds 2000 cases,
examined 17Terabytes of data.
➢2000-First FBI Regional Computer Forensic
Laboratory established.
➢2003- FBI CART case load exceeds 6500 cases,
examining 782 terabytes of data.

13. Basic Terminology
• Cybercrime, or computer-oriented crime, is a crime that involves a computer and a
network.
• The computer may have been used in the commission of a crime, or it may be the target.
• Cybercrimes can be defined as: "Offences that are committed against individuals or
groups of individuals with a criminal motive to intentionally harm the reputation of the
victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using
modern telecommunication networks such as Internet (networks including chat rooms,
emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)".

14. Why do we
need
computer
forensics?
• To produce evidence in the court that can lead to
the punishment of the actual.
• To ensure the integrity of the computer system.
• Hence the use of computer forensics is growing
for the following reasons:
1. Criminal investigations
2.Security investigations
3.Domestic cases
4.Data/IPTheft cases

15. DAILY ASSIGNMENT NO 1:
TOPIC :Myths about computer forensics

16. ThankYou