SlideShare a Scribd company logo

Computer forensics and its role

Download as PPTX, PDF
S
Sudeshna Basak
Technology
1 of 35
Computer Forensics
Topics to be covered • Defining Computer Forensics • Who uses Computer Forensics • Laws • Reasons for gathering evidence • Evidence processing guidelines • Requirements • Steps of Computer Forensics • Forensics recovery • Examples • Anti-forensics • Conclusion • Acknowledgement
• The process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.” (McKemmish, 1999) • “Gathering and analyzing data in a manner as freedom distortion or bias as possible to reconstruct data or what has happened in the past on a system.” (Farmer & Vennema,1999) • Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. • Forensic Computing, also known as Evidential Computing and even sometimes Data Recovery, is the specialist process of imaging and processing computer data which is reliable enough to be used as evidence in court What is Computer Forensics? (Some definitions)
What will Computer Forensics do? • Computer forensics, innovators of image copying technology, defined the principles of the science of computer forensics and formalized an approved and accepted methodology to COLLECT, ANALYSE and PRESENT suspect data to a Court of Law. • Computer forensics evidence is frequently sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. • Computer forensics specialists draw on an array of methods for discovering data that resides in a computer system. • Experts in forensics computing can frequently recover files that have been deleted, encrypted, or damaged, sometimes as long as years earlier. • Evidence gathered by computer forensics experts is useful and often necessary during discovery, depositions, and actual litigation.
Who Uses Computer Forensics? • Criminal Prosecutors • -Rely on evidence obtained from a computer to prosecute suspects and use as evidence • Civil Litigations • -Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases • Insurance Companies • -Evidence discovered on computer can be used to mollify costs (fraud, worker’s compensation, arson, etc) • Private Corporations • -Obtained evidence from employee computers can be used as evidence in harassment, fraud, and embezzlement cases
FBI Computer Forensic Services • Content • Comparison again known data • Transaction sequencing • Extraction of data • Recovering deleted data files • Format conversion • Keyword searching • Decrypting passwords • Analyzing and comparing limited source code
KNOW THE LAW... • The US DOJ maintains a website with guidelines and case law pertaining to seizing and searching computers. It's the best place to start putting together a legal case that will be based on evidence obtained from a computer system. The US DOJ website is: http://www.usdoj.gov/criminal/cybercrime/searching.html They also have a wealth of "cyber-crime" information online at: http://www.usdoj.gov/criminal/cybercrime/
Reasons For Evidence • Wide range of computer crimes and misuses • Non-Business Environment: evidence collected by Federal, State and local authorities for crimes relating to: – -Theft of trade secrets – -Fraud – -Extortion – -Industrial espionage – -Position of pornography – -SPAM investigations – -Virus/Trojan distribution – -Intellectual property breaches – -Unauthorized use of personal information – -Perjury
• Computer related crime and violations include a range of activities including: • Business Environment: • -Theft of or destruction of intellectual property • -Unauthorized activity • -Tracking internet browsing habits • -Reconstructing Events • -Inferring intentions • -Selling company bandwidth • -Wrongful dismissal claims • -Software Piracy Reasons For Evidence (cont)
Evidence Processing Guidelines • New Technologies Inc. recommends following 16 steps in processing evidence • They offer training on properly handling each step – Step 1: Shut down the computer • Considerations must be given to volatile information • Prevents remote access to machine and destruction of evidence (manual or ant-forensic software) – Step 2: • Document the Hardware Configuration of The System • Note everything about the computer configuration prior to re-locating
Evidence Processing Guidelines (cont) • Step 3: Transport the Computer System to A Secure Location – Do not leave the computer unattended unless it is locked in a secure location • Step 4: Make Bit Stream Backups of Hard Disks and Floppy Disks • Step 5: Mathematically Authenticate Data on All Storage Devices – Must be able to prove that you did not alter any of the evidence after the computer came into your possession • Step 6: Document the System Date and Time • Step 7: Make a List of Key Search Words • Step 8: Evaluate the Windows Swap File
Evidence Processing Guidelines (cont) • Step 9: Evaluate File Slack – The DOS file system file allocation table (FAT) was never designed to handle storage device with more than 32767 units of data. 32767 is the largest number that can be represented with 16 bits. – Data is written in sectors of 512 bytes (hard drives, floppy), or 2048 bytes (CD-ROM). – This set an arbitrary limit on disk storage devices of 512x32767 = 16MB. – To accommodate larger drives the concept of “clusters” was invented. Clusters are a group of sectors written as a single atomic unit. With clustering came file slack.
Evidence Processing Guidelines (cont) • RAM Slack If the file you are writing is shorter than the number of bytes in the clusters you have allocated for your file, the file system will pad the data out to the end of the current sector with “RAM slack”. RAM slack is random data that happens to be in RAM memory at the time the file is written. It can contain any data that you were working on since you last booted the PC. Such as emails, word documents, graphics, etc. • Drive Slack Unlike RAM slack which comes from working storage, “drive slack” is data left on the drive from a previous file. After completing the last partial sector with RAM slack, subsequent whole sectors in the last cluster are left as is with whatever data was written there previously.
Evidence Processing Guidelines (cont) • Step 10: Evaluate Unallocated Space (Erased Files) • Step 11: Search Files, File Slack and Unallocated Space for Key Words • Step 12: Document File Names, Dates and Times • Step 13: Identify File, Program and Storage Anomalies • Step 14: Evaluate Program Functionality • Step 15: Document Your Findings • Step 16: Retain Copies of Software Used
Computer Forensic Requirements Hardware – Familiarity with all internal and external devices/components of a computer – Thorough understanding of hard drives and settings – Understanding motherboards and the various chipsets used – Power connections – Memory BIOS – Understanding how the BIOS works – Familiarity with the various settings and limitations of the BIOS
Computer Forensic Requirements (cont) • .Operation Systems – Windows 3.1/95/98/ME/NT/2000/2003/XP – DOS – UNIX – LINUX – VAX/VMS Software – Familiarity with most popular software packages such as Office Forensic Tools – Familiarity with computer forensic techniques and the software packages that could be used
Steps Of Computer Forensics • .According to many professionals, Computer Forensics is a four (4) step process Acquisition – Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices Identification -This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites Evaluation – Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court
Steps Of Computer Forensics (cont) • .Presentation – This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence as determined by United States and internal laws
Handling Evidence • No possible evidence is damaged, destroyed, or otherwise compromised by the procedures used to search the computer • Preventing viruses from being introduced to a computer during the analysis process • Establishing and maintaining a continuing chain of custody • Limiting the amount of time business operations are affected
Initiating An Investigation • DO NOT begin by exploring files on system randomly • Establish evidence custodian - start a detailed journal with the date and time and date/information discovered • If possible, designate suspected equipment as “off-limits” to normal activity. This includes back-ups, remotely or locally scheduled house-keeping, and configuration changes • Collect email, DNS, and other network service logs
Incidence Response • Identify, designate, or become evidence custodian • Review any existing journal of what has been done to system already and/or how intrusion was detected • Begin new or maintain existing journal • Install monitoring tools (sniffers, port detectors, etc.) • Without rebooting or affecting running processes, perform a copy of physical disk • Capture network information
Forensic Recovery Take pictures to document area around the computer. You may find removable media, or clues to your subject’s passwords in your photos.
Forensic Recovery • . Tip #3: Don’t assume system will boot first from the floppy drive. Always go into setup first and make sure the system will boot first from where you expect it to. Ex. Floppy or CD-ROM.
Forensic Recovery • . Take screen shots to preserve evidence. In this case documented “buddies list” in ICQ and Yahoo! Messenger. Used FTK to find emails to / from same buddies. And their solicitations on Internet adult meeting sites.
EXAMPLES • 1.Hot Hard Drives: In an arson and murder investigation, computer forensic investigators were asked to analyze hard drives recovered from a burned house which were charred and covered with ash and soot. When experienced engineers opened the drives in a sterile cleanroom – designed for repairing damaged computer media – they discovered the data contained on the individual data platters was not subjected to a high enough heat to cause permanent data loss. Relying on years of experience with fire-damaged computer media, engineers recovered and produced all of the data to the prosecutor’s office for analysis. The evidence contained on the hard drives helped the prosecutors build their case against the charged individual.
EXAMPLES • 2.Usurping USB Drives: On behalf of a bank, a computer forensic investigation was undertaken focusing on several computers owned by a bank customer suspected in a money laundering scheme. The initial review of the computers revealed that a large capacity USB drive was installed on the machine one day prior to turning over the computers pursuant to the court order. Upon further review of the USB drive, the engineers proved the individual had engaged in corporate financial fraud, stolen business funds and moved the money in foreign back accounts.
Anti-Forensics • Software that limits and/or corrupts evidence that could be collected by an investigator • Performs data hiding and distortion • Exploits limitations of known and used forensic tools • Works both on Windows and LINUX based systems • In place prior to or post system acquisition
Methods Of Hiding Data To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: steganography and marking. – Steganography: The art of storing information in such a way that the existence of the information is hidden.
Methods Of Hiding Data • 1 To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: steganography and marking. The duck flies at midnight. Tame uncle Sam Simple but effective when done well
Methods Of Hiding Data Watermarking: Hiding data within data – Information can be hidden in almost any file format. – File formats with more room for compression are best • Image files (JPEG, GIF) • Sound files (MP3, WAV) • Video files (MPG, AVI) – The hidden information may be encrypted, but not necessarily – Numerous software applications will do this for you: Many are freely available online
CONCLUSION • Use a systematic approach to investigations • Plan a case by taking into account: – Nature of the case – Case requirements – Gathering evidence techniques • Do not forget that every case can go to court • Apply standard problem-solving techniques • Keep track of the chain of custody of your evidence • Produce a final report detailing what you did and found
ACKNOWLEDGEMENT • .I wish to thank my faculty members of CSE department ,Dr. Sudhir Chandra Sur Degree Engineering College for guidance and useful suggestions, which helped us a lot in completing the presentation work, in time. We also took help from internet for ideas which made us able to complete this presentation.
• . THANK YOU.
• . PRESENTED BY: OIESWARYA BHOWMIK SUDESHNA BASAK

Recommended

Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 

Recommended

Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensicDINESH KAMBLE
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic SoftwaresDhruv Seth
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 

More Related Content

What's hot

04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 

What's hot (20)

04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Incident response process
Incident response processIncident response process
Incident response process
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 

Viewers also liked

Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic SoftwaresDhruv Seth
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013
Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013
Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013Devindra Oktaviano
 
Identifikasi forensik
Identifikasi forensikIdentifikasi forensik
Identifikasi forensikAmirul Hadi
 
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1Jinalkakadiya
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacych samaram
 
Communication skills in english
Communication skills in englishCommunication skills in english
Communication skills in englishAqib Memon
 
OWASP Khartoum Cyber Security Session
OWASP Khartoum Cyber Security SessionOWASP Khartoum Cyber Security Session
OWASP Khartoum Cyber Security SessionOWASP Khartoum
 
Lecture1
Lecture1Lecture1
Lecture1rjaeh
 

Viewers also liked (20)

Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013
Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013
Proliferasi Nuklir Era Kontemporer: Kapabilitas Nuklir Korea Utara 2003-2013
 
Identifikasi forensik
Identifikasi forensikIdentifikasi forensik
Identifikasi forensik
 
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1
 
Luka Tembak Forensik
Luka Tembak ForensikLuka Tembak Forensik
Luka Tembak Forensik
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacy
 
Threats
ThreatsThreats
Threats
 
Firewalls
FirewallsFirewalls
Firewalls
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Data encryption
Data encryptionData encryption
Data encryption
 
Communication skills in english
Communication skills in englishCommunication skills in english
Communication skills in english
 
OWASP Khartoum Cyber Security Session
OWASP Khartoum Cyber Security SessionOWASP Khartoum Cyber Security Session
OWASP Khartoum Cyber Security Session
 
Lecture1
Lecture1Lecture1
Lecture1
 

Similar to Computer forensics and its role

Computer forensics
Computer forensicsComputer forensics
Computer forensicsHiren Selani
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdfGnanavi2
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONAmina Baha
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collectiongagan deep
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libinlibinp
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Handling digital crime scene
Handling digital crime sceneHandling digital crime scene
Handling digital crime sceneSKMohamedKasim
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 

Similar to Computer forensics and its role (20)

cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
 
CF.ppt
CF.pptCF.ppt
CF.ppt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATION
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
3871778
38717783871778
3871778
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Handling digital crime scene
Handling digital crime sceneHandling digital crime scene
Handling digital crime scene
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Computer forensics and its role

  • 2. Topics to be covered • Defining Computer Forensics • Who uses Computer Forensics • Laws • Reasons for gathering evidence • Evidence processing guidelines • Requirements • Steps of Computer Forensics • Forensics recovery • Examples • Anti-forensics • Conclusion • Acknowledgement
  • 3. • The process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.” (McKemmish, 1999) • “Gathering and analyzing data in a manner as freedom distortion or bias as possible to reconstruct data or what has happened in the past on a system.” (Farmer & Vennema,1999) • Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. • Forensic Computing, also known as Evidential Computing and even sometimes Data Recovery, is the specialist process of imaging and processing computer data which is reliable enough to be used as evidence in court What is Computer Forensics? (Some definitions)
  • 4. What will Computer Forensics do? • Computer forensics, innovators of image copying technology, defined the principles of the science of computer forensics and formalized an approved and accepted methodology to COLLECT, ANALYSE and PRESENT suspect data to a Court of Law. • Computer forensics evidence is frequently sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. • Computer forensics specialists draw on an array of methods for discovering data that resides in a computer system. • Experts in forensics computing can frequently recover files that have been deleted, encrypted, or damaged, sometimes as long as years earlier. • Evidence gathered by computer forensics experts is useful and often necessary during discovery, depositions, and actual litigation.
  • 5. Who Uses Computer Forensics? • Criminal Prosecutors • -Rely on evidence obtained from a computer to prosecute suspects and use as evidence • Civil Litigations • -Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases • Insurance Companies • -Evidence discovered on computer can be used to mollify costs (fraud, worker’s compensation, arson, etc) • Private Corporations • -Obtained evidence from employee computers can be used as evidence in harassment, fraud, and embezzlement cases
  • 6. FBI Computer Forensic Services • Content • Comparison again known data • Transaction sequencing • Extraction of data • Recovering deleted data files • Format conversion • Keyword searching • Decrypting passwords • Analyzing and comparing limited source code
  • 7. KNOW THE LAW... • The US DOJ maintains a website with guidelines and case law pertaining to seizing and searching computers. It's the best place to start putting together a legal case that will be based on evidence obtained from a computer system. The US DOJ website is: http://www.usdoj.gov/criminal/cybercrime/searching.html They also have a wealth of "cyber-crime" information online at: http://www.usdoj.gov/criminal/cybercrime/
  • 8. Reasons For Evidence • Wide range of computer crimes and misuses • Non-Business Environment: evidence collected by Federal, State and local authorities for crimes relating to: – -Theft of trade secrets – -Fraud – -Extortion – -Industrial espionage – -Position of pornography – -SPAM investigations – -Virus/Trojan distribution – -Intellectual property breaches – -Unauthorized use of personal information – -Perjury
  • 9. • Computer related crime and violations include a range of activities including: • Business Environment: • -Theft of or destruction of intellectual property • -Unauthorized activity • -Tracking internet browsing habits • -Reconstructing Events • -Inferring intentions • -Selling company bandwidth • -Wrongful dismissal claims • -Software Piracy Reasons For Evidence (cont)
  • 10. Evidence Processing Guidelines • New Technologies Inc. recommends following 16 steps in processing evidence • They offer training on properly handling each step – Step 1: Shut down the computer • Considerations must be given to volatile information • Prevents remote access to machine and destruction of evidence (manual or ant-forensic software) – Step 2: • Document the Hardware Configuration of The System • Note everything about the computer configuration prior to re-locating
  • 11. Evidence Processing Guidelines (cont) • Step 3: Transport the Computer System to A Secure Location – Do not leave the computer unattended unless it is locked in a secure location • Step 4: Make Bit Stream Backups of Hard Disks and Floppy Disks • Step 5: Mathematically Authenticate Data on All Storage Devices – Must be able to prove that you did not alter any of the evidence after the computer came into your possession • Step 6: Document the System Date and Time • Step 7: Make a List of Key Search Words • Step 8: Evaluate the Windows Swap File
  • 12. Evidence Processing Guidelines (cont) • Step 9: Evaluate File Slack – The DOS file system file allocation table (FAT) was never designed to handle storage device with more than 32767 units of data. 32767 is the largest number that can be represented with 16 bits. – Data is written in sectors of 512 bytes (hard drives, floppy), or 2048 bytes (CD-ROM). – This set an arbitrary limit on disk storage devices of 512x32767 = 16MB. – To accommodate larger drives the concept of “clusters” was invented. Clusters are a group of sectors written as a single atomic unit. With clustering came file slack.
  • 13. Evidence Processing Guidelines (cont) • RAM Slack If the file you are writing is shorter than the number of bytes in the clusters you have allocated for your file, the file system will pad the data out to the end of the current sector with “RAM slack”. RAM slack is random data that happens to be in RAM memory at the time the file is written. It can contain any data that you were working on since you last booted the PC. Such as emails, word documents, graphics, etc. • Drive Slack Unlike RAM slack which comes from working storage, “drive slack” is data left on the drive from a previous file. After completing the last partial sector with RAM slack, subsequent whole sectors in the last cluster are left as is with whatever data was written there previously.
  • 14. Evidence Processing Guidelines (cont) • Step 10: Evaluate Unallocated Space (Erased Files) • Step 11: Search Files, File Slack and Unallocated Space for Key Words • Step 12: Document File Names, Dates and Times • Step 13: Identify File, Program and Storage Anomalies • Step 14: Evaluate Program Functionality • Step 15: Document Your Findings • Step 16: Retain Copies of Software Used
  • 15. Computer Forensic Requirements Hardware – Familiarity with all internal and external devices/components of a computer – Thorough understanding of hard drives and settings – Understanding motherboards and the various chipsets used – Power connections – Memory BIOS – Understanding how the BIOS works – Familiarity with the various settings and limitations of the BIOS
  • 16. Computer Forensic Requirements (cont) • .Operation Systems – Windows 3.1/95/98/ME/NT/2000/2003/XP – DOS – UNIX – LINUX – VAX/VMS Software – Familiarity with most popular software packages such as Office Forensic Tools – Familiarity with computer forensic techniques and the software packages that could be used
  • 17. Steps Of Computer Forensics • .According to many professionals, Computer Forensics is a four (4) step process Acquisition – Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices Identification -This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites Evaluation – Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court
  • 18. Steps Of Computer Forensics (cont) • .Presentation – This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence as determined by United States and internal laws
  • 19. Handling Evidence • No possible evidence is damaged, destroyed, or otherwise compromised by the procedures used to search the computer • Preventing viruses from being introduced to a computer during the analysis process • Establishing and maintaining a continuing chain of custody • Limiting the amount of time business operations are affected
  • 20. Initiating An Investigation • DO NOT begin by exploring files on system randomly • Establish evidence custodian - start a detailed journal with the date and time and date/information discovered • If possible, designate suspected equipment as “off-limits” to normal activity. This includes back-ups, remotely or locally scheduled house-keeping, and configuration changes • Collect email, DNS, and other network service logs
  • 21. Incidence Response • Identify, designate, or become evidence custodian • Review any existing journal of what has been done to system already and/or how intrusion was detected • Begin new or maintain existing journal • Install monitoring tools (sniffers, port detectors, etc.) • Without rebooting or affecting running processes, perform a copy of physical disk • Capture network information
  • 22. Forensic Recovery Take pictures to document area around the computer. You may find removable media, or clues to your subject’s passwords in your photos.
  • 23. Forensic Recovery • . Tip #3: Don’t assume system will boot first from the floppy drive. Always go into setup first and make sure the system will boot first from where you expect it to. Ex. Floppy or CD-ROM.
  • 24. Forensic Recovery • . Take screen shots to preserve evidence. In this case documented “buddies list” in ICQ and Yahoo! Messenger. Used FTK to find emails to / from same buddies. And their solicitations on Internet adult meeting sites.
  • 25. EXAMPLES • 1.Hot Hard Drives: In an arson and murder investigation, computer forensic investigators were asked to analyze hard drives recovered from a burned house which were charred and covered with ash and soot. When experienced engineers opened the drives in a sterile cleanroom – designed for repairing damaged computer media – they discovered the data contained on the individual data platters was not subjected to a high enough heat to cause permanent data loss. Relying on years of experience with fire-damaged computer media, engineers recovered and produced all of the data to the prosecutor’s office for analysis. The evidence contained on the hard drives helped the prosecutors build their case against the charged individual.
  • 26. EXAMPLES • 2.Usurping USB Drives: On behalf of a bank, a computer forensic investigation was undertaken focusing on several computers owned by a bank customer suspected in a money laundering scheme. The initial review of the computers revealed that a large capacity USB drive was installed on the machine one day prior to turning over the computers pursuant to the court order. Upon further review of the USB drive, the engineers proved the individual had engaged in corporate financial fraud, stolen business funds and moved the money in foreign back accounts.
  • 27. Anti-Forensics • Software that limits and/or corrupts evidence that could be collected by an investigator • Performs data hiding and distortion • Exploits limitations of known and used forensic tools • Works both on Windows and LINUX based systems • In place prior to or post system acquisition
  • 28. Methods Of Hiding Data To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: steganography and marking. – Steganography: The art of storing information in such a way that the existence of the information is hidden.
  • 29. Methods Of Hiding Data • 1 To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: steganography and marking. The duck flies at midnight. Tame uncle Sam Simple but effective when done well
  • 30. Methods Of Hiding Data Watermarking: Hiding data within data – Information can be hidden in almost any file format. – File formats with more room for compression are best • Image files (JPEG, GIF) • Sound files (MP3, WAV) • Video files (MPG, AVI) – The hidden information may be encrypted, but not necessarily – Numerous software applications will do this for you: Many are freely available online
  • 31. CONCLUSION • Use a systematic approach to investigations • Plan a case by taking into account: – Nature of the case – Case requirements – Gathering evidence techniques • Do not forget that every case can go to court • Apply standard problem-solving techniques • Keep track of the chain of custody of your evidence • Produce a final report detailing what you did and found
  • 32. ACKNOWLEDGEMENT • .I wish to thank my faculty members of CSE department ,Dr. Sudhir Chandra Sur Degree Engineering College for guidance and useful suggestions, which helped us a lot in completing the presentation work, in time. We also took help from internet for ideas which made us able to complete this presentation.
  • 33.
  • 35. • . PRESENTED BY: OIESWARYA BHOWMIK SUDESHNA BASAK