SlideShare a Scribd company logo

Computer forensics toolkit

Milap Oza
Milap Oza
Technology
1 of 32
Computer Forensics: A Brief Overview  Scientific process of preserving, identifying, extracting, documenting, and interpreting data on computer  The field of computer forensics began to evolve more than 30 years ago in the United States.  With the growth of the Internet and increasing usage of technology devices connected to the Internet, computer crimes are increasing at a great speed.
Computer Crimes Pure computer crime Compute r crimes Computer is the medium of a crime Computer content related crime •Illegal access to a system or network •Illegal transmission of data •Data deletion, damage, alteration •Serious hindrance to computer •Identity theft •Fraud •E-theft •Incriminating information stored in computer •Child pornography •Information that unleashes hostility/violence
Tools for Computer Forensics Integrated GUI based tools Compute r forensic tools Specialized single task tools •Process information •Network connection information • List of processes •Process to port mapping •Service/driver information •Registry analysis •Executable file analysis
Three Branches  Network forensics  Database forensics  Mobile Device forensics
Network Forensics  Network Forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.  Two Systems: 1"Catch-it-as-you-can" systems, in which all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage, usually involving a RAID system. 2"Stop, look and listen" systems, in which each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires less storage but may require a faster processor to keep up with incoming traffic.
Database forensics  Forensic study of databases  Currently many database software tools are in general not reliable and precise enough to be used for forensic work
Mobile Device forensics  Using such things as cell phones, digital cameras, psp’s, and I pods to find stored evidence.  Mobile devices can be used to save several types of personal information like contacts, photos, calendar and notes.  Therefore it can be supposed that these devices will play an important role in forensics.
Computer Forensic Companies  AccessData  Computer Forensics  ACR Data Recovery, Inc.  Burgess Consulting and  Forensics  Center for Computer Forensics  Computer Forensics Associates    International Cyber Evidence Digital Mountain, Inc. Global Digital Forensics ManTech Security & Mission Assurance
When is it used?  In legal cases, computer forensic techniques are frequently     used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases). To recover data in the event of a hardware or software failure. To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did. To gather evidence against an employee that an organization wishes to terminate. To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.
Common cases  Financial crimes  Drug crimes  Child Pornography  Adultery  Murders/ Suicides
How it is Preformed  There are Five basic steps to the computer forensics  1. Preparation (of the investigator, not the data)  2. Collection (the data)  3. Examination  4. Analysis  5. Reporting
Preparation  The Investigator must have the proper training or the specific     operations of the investigation. Tools that are used to generate reports for court should be validated. There are many tools that are used in the field and the investigator needs determine the proper tool to be used based on the case. An interview with the user can yield valuable information about the system configuration, applications, encryption keys and methodology. In an investigation in which the owner of the digital evidence has not given consent to have his or her media examined special care must be taken to ensure that the forensic specialist has the legal authority to seize, copy, and examine the data. Sometimes authority stems from a search warrant.
Collection  Collection sources include computers, cell phones, digital cameras, hard drives, CD-ROM, and USB memory devices  Other sources include settings of digital thermometers, black boxes inside automobiles, RFID tags, and web pages  Special care must be taken when handling computer evidence. Most digital information is easily changed, and once changed it is usually impossible to detect that a change has taken place
Collection Practices  Imaging computer media using a write blocking tool to ensure that no data is added to the suspect device.  Establish and maintain the chain of custody.  Documenting everything that has been done.  Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability.
Examination  Computer evidence represented by physical items such as chips, boards, central processing units, storage media, monitors, and printers can be described easily and correctly as a unique form of physical evidence  Forensic laboratories have detailed plans describing acceptable methods for handling physical evidence  Evidence, while stored in these physical items, is latent and exists only in a metaphysical electronic form  Procedures and techniques are software and hardware solutions to specific forensic problems
Procedures and techniques  Procedures are step by step instructions  A laboratory may require that examinations be conducted, if possible and practical, on copies of the original evidence  Digital evidence can be duplicated exactly to create a copy that is true and accurate  Examiner must make a decision as to how to implement this principle on a case-by-case basis.
Analysis  All digital evidence must be analyzed to determine the type of information that is stored upon it  Specialty tools are used that can display information  Analysis tools include: AccessData's FTK, Guidance Software's EnCase, Technology Pathways' ProDiscover, Dr. Golden Richard III's file carving tool Scalpel, and Brian Carrier's Sleuth Kit  Typical forensic analysis includes a manual review of material on the media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and pictures for review
Reporting  Once the analysis is complete, a report is generated.  This report may be a written report, oral testimony, or some combination of the two.
What tools are needed and what do they do?  CRCMD5  DIBS Forensic     Workstation DRIVESPY FileList FILTER/Filter I NTI-DOC
CRCMDS 5  Mathematically creates a unique signature for the contents of one, multiple or all files on a given storage device  Signatures such as these are used to identify whether or not the contents of one or more computer files have changed  This forensics tool relies upon 128 bit accuracy and can easily be run from a floppy diskette to benchmark the files on a specific storage device  Bench marking can help computer specialists isolate problems and deal with computer incidents after they occur ( such as altered evidence and modifications )
Other tools used            DiskSearch 32 DiskSig DM EnCase FileCNVT ForensiX FRED FREDDIE GetFree TCT TextSearch Plus            GetSlack IMAGE NTAView OnLineDFSTM PART Password Recovery Kit PDBLOCK ProDiscover DFT PTable Seized ShowFL
Hardware & Software Hardware Software  A Forensic Machine  Forensic Examination (GUI )  Write Blocker  Forensic Examination ( DOS  Media Reader  External Image Device       Base) Disk Editor Password Cracking Imaging Wiping Hash Routines Internet History
Forensic Machine  Includes USB, firewire, media reader, removable hard drive bays, internal write blocker, cd/dvd burner, floppy drive, connections for labtops, and lots of memory  Type: FRED-Digital Intelligence
Write Blocker  Devices that allow acquisition of information on a drive without creating the possibility of accidentally damaging the drive contents  They do this by allowing read commands to pass but by blocking write commands, hence their name  Types: Fast Block, Fire Fly, Tableau, My Key, and USB Write Blocker
Additional Items  Printer- to produce professional looking reports and good       Images Digital Camera and several Memory Cards DVD’S- for achieving case Hard Drives- several big ones Floppy Diskettes Electrical Wire Labels- used to label connections of cables to hard drives for easy reconnection after removing hard drive to Image Tool Kit- containing a screw driver with many heads, needle nose pliers, tweezers, flashlight, ect….
Forensic Examination GUI DOS Base  Encase  DriveSpy  FTK  Byteback  Ultimate toolkit  Maresware
Password Cracking  Process of recovering passwords from data that has been stored in or transmitted by a computer system  Types: Revelation, Password Recovery Toolkit, and Advanced Password Recovery Toolkit
Email  Email Examiner  DBXtract  Mailbag Assistant  Data Lifter  Neo Trace Pro (to help trace emails)  Visual Route (to help trace emails)
Internet History  Net Analysis  Data Lifter  Quick View Plus
Insurance  Yergey Insurance  A family owned and operated agency  Specialize in Private Investigators and Private Detectives, Background Investigators, Process Servers, Security Consultants, Security Guards, Technology and Computer Related Firms  http://www.yergeyins.com/private_investigator_insura nce.html
Related websites  Htcia.org  Paraben-forensics.com  Cops.org  Keycomputernetwork.  Forensic-intel.com  Usdoj.gov   Htcn.org   SamSpade.org   Dmares.com   Toolsthatwork.com   Mykeytech.com  com Wetstonetech.com Accessdata.com Cybercrimes.net Techcrime.com Computer Forensics.com Ics-qi.com

Recommended

Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 

Recommended

Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 

More Related Content

What's hot

Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 

What's hot (20)

Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media Forensics
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imaging
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh t
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 

Viewers also liked

Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic SoftwaresDhruv Seth
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Advances in File Carving
Advances in File CarvingAdvances in File Carving
Advances in File CarvingRob Zirnstein
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnovComputer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnovEric Vanderburg
 

Viewers also liked (20)

Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Advances in File Carving
Advances in File CarvingAdvances in File Carving
Advances in File Carving
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1
 
Incident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEOIncident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEO
 
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnovComputer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnov
 

Similar to Computer forensics toolkit

Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
E discovery2
E discovery2E discovery2
E discovery2elijaht
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 

Similar to Computer forensics toolkit (20)

Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
E discovery2
E discovery2E discovery2
E discovery2
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Computer forensics toolkit

  • 1.
  • 2. Computer Forensics: A Brief Overview  Scientific process of preserving, identifying, extracting, documenting, and interpreting data on computer  The field of computer forensics began to evolve more than 30 years ago in the United States.  With the growth of the Internet and increasing usage of technology devices connected to the Internet, computer crimes are increasing at a great speed.
  • 3. Computer Crimes Pure computer crime Compute r crimes Computer is the medium of a crime Computer content related crime •Illegal access to a system or network •Illegal transmission of data •Data deletion, damage, alteration •Serious hindrance to computer •Identity theft •Fraud •E-theft •Incriminating information stored in computer •Child pornography •Information that unleashes hostility/violence
  • 4. Tools for Computer Forensics Integrated GUI based tools Compute r forensic tools Specialized single task tools •Process information •Network connection information • List of processes •Process to port mapping •Service/driver information •Registry analysis •Executable file analysis
  • 5. Three Branches  Network forensics  Database forensics  Mobile Device forensics
  • 6. Network Forensics  Network Forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.  Two Systems: 1"Catch-it-as-you-can" systems, in which all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage, usually involving a RAID system. 2"Stop, look and listen" systems, in which each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires less storage but may require a faster processor to keep up with incoming traffic.
  • 7. Database forensics  Forensic study of databases  Currently many database software tools are in general not reliable and precise enough to be used for forensic work
  • 8. Mobile Device forensics  Using such things as cell phones, digital cameras, psp’s, and I pods to find stored evidence.  Mobile devices can be used to save several types of personal information like contacts, photos, calendar and notes.  Therefore it can be supposed that these devices will play an important role in forensics.
  • 9. Computer Forensic Companies  AccessData  Computer Forensics  ACR Data Recovery, Inc.  Burgess Consulting and  Forensics  Center for Computer Forensics  Computer Forensics Associates    International Cyber Evidence Digital Mountain, Inc. Global Digital Forensics ManTech Security & Mission Assurance
  • 10. When is it used?  In legal cases, computer forensic techniques are frequently     used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases). To recover data in the event of a hardware or software failure. To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did. To gather evidence against an employee that an organization wishes to terminate. To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.
  • 11. Common cases  Financial crimes  Drug crimes  Child Pornography  Adultery  Murders/ Suicides
  • 12. How it is Preformed  There are Five basic steps to the computer forensics  1. Preparation (of the investigator, not the data)  2. Collection (the data)  3. Examination  4. Analysis  5. Reporting
  • 13. Preparation  The Investigator must have the proper training or the specific     operations of the investigation. Tools that are used to generate reports for court should be validated. There are many tools that are used in the field and the investigator needs determine the proper tool to be used based on the case. An interview with the user can yield valuable information about the system configuration, applications, encryption keys and methodology. In an investigation in which the owner of the digital evidence has not given consent to have his or her media examined special care must be taken to ensure that the forensic specialist has the legal authority to seize, copy, and examine the data. Sometimes authority stems from a search warrant.
  • 14. Collection  Collection sources include computers, cell phones, digital cameras, hard drives, CD-ROM, and USB memory devices  Other sources include settings of digital thermometers, black boxes inside automobiles, RFID tags, and web pages  Special care must be taken when handling computer evidence. Most digital information is easily changed, and once changed it is usually impossible to detect that a change has taken place
  • 15. Collection Practices  Imaging computer media using a write blocking tool to ensure that no data is added to the suspect device.  Establish and maintain the chain of custody.  Documenting everything that has been done.  Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability.
  • 16. Examination  Computer evidence represented by physical items such as chips, boards, central processing units, storage media, monitors, and printers can be described easily and correctly as a unique form of physical evidence  Forensic laboratories have detailed plans describing acceptable methods for handling physical evidence  Evidence, while stored in these physical items, is latent and exists only in a metaphysical electronic form  Procedures and techniques are software and hardware solutions to specific forensic problems
  • 17. Procedures and techniques  Procedures are step by step instructions  A laboratory may require that examinations be conducted, if possible and practical, on copies of the original evidence  Digital evidence can be duplicated exactly to create a copy that is true and accurate  Examiner must make a decision as to how to implement this principle on a case-by-case basis.
  • 18. Analysis  All digital evidence must be analyzed to determine the type of information that is stored upon it  Specialty tools are used that can display information  Analysis tools include: AccessData's FTK, Guidance Software's EnCase, Technology Pathways' ProDiscover, Dr. Golden Richard III's file carving tool Scalpel, and Brian Carrier's Sleuth Kit  Typical forensic analysis includes a manual review of material on the media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and pictures for review
  • 19. Reporting  Once the analysis is complete, a report is generated.  This report may be a written report, oral testimony, or some combination of the two.
  • 20. What tools are needed and what do they do?  CRCMD5  DIBS Forensic     Workstation DRIVESPY FileList FILTER/Filter I NTI-DOC
  • 21. CRCMDS 5  Mathematically creates a unique signature for the contents of one, multiple or all files on a given storage device  Signatures such as these are used to identify whether or not the contents of one or more computer files have changed  This forensics tool relies upon 128 bit accuracy and can easily be run from a floppy diskette to benchmark the files on a specific storage device  Bench marking can help computer specialists isolate problems and deal with computer incidents after they occur ( such as altered evidence and modifications )
  • 22. Other tools used            DiskSearch 32 DiskSig DM EnCase FileCNVT ForensiX FRED FREDDIE GetFree TCT TextSearch Plus            GetSlack IMAGE NTAView OnLineDFSTM PART Password Recovery Kit PDBLOCK ProDiscover DFT PTable Seized ShowFL
  • 23. Hardware & Software Hardware Software  A Forensic Machine  Forensic Examination (GUI )  Write Blocker  Forensic Examination ( DOS  Media Reader  External Image Device       Base) Disk Editor Password Cracking Imaging Wiping Hash Routines Internet History
  • 24. Forensic Machine  Includes USB, firewire, media reader, removable hard drive bays, internal write blocker, cd/dvd burner, floppy drive, connections for labtops, and lots of memory  Type: FRED-Digital Intelligence
  • 25. Write Blocker  Devices that allow acquisition of information on a drive without creating the possibility of accidentally damaging the drive contents  They do this by allowing read commands to pass but by blocking write commands, hence their name  Types: Fast Block, Fire Fly, Tableau, My Key, and USB Write Blocker
  • 26. Additional Items  Printer- to produce professional looking reports and good       Images Digital Camera and several Memory Cards DVD’S- for achieving case Hard Drives- several big ones Floppy Diskettes Electrical Wire Labels- used to label connections of cables to hard drives for easy reconnection after removing hard drive to Image Tool Kit- containing a screw driver with many heads, needle nose pliers, tweezers, flashlight, ect….
  • 27. Forensic Examination GUI DOS Base  Encase  DriveSpy  FTK  Byteback  Ultimate toolkit  Maresware
  • 28. Password Cracking  Process of recovering passwords from data that has been stored in or transmitted by a computer system  Types: Revelation, Password Recovery Toolkit, and Advanced Password Recovery Toolkit
  • 29. Email  Email Examiner  DBXtract  Mailbag Assistant  Data Lifter  Neo Trace Pro (to help trace emails)  Visual Route (to help trace emails)
  • 30. Internet History  Net Analysis  Data Lifter  Quick View Plus
  • 31. Insurance  Yergey Insurance  A family owned and operated agency  Specialize in Private Investigators and Private Detectives, Background Investigators, Process Servers, Security Consultants, Security Guards, Technology and Computer Related Firms  http://www.yergeyins.com/private_investigator_insura nce.html
  • 32. Related websites  Htcia.org  Paraben-forensics.com  Cops.org  Keycomputernetwork.  Forensic-intel.com  Usdoj.gov   Htcn.org   SamSpade.org   Dmares.com   Toolsthatwork.com   Mykeytech.com  com Wetstonetech.com Accessdata.com Cybercrimes.net Techcrime.com Computer Forensics.com Ics-qi.com

Editor's Notes

  1. *European Union Convention on Cyber Crimes