Computer forensics is a branch of digital forensic science involving the legal investigation and analysis of evidence found in computers and digital storage media. The objectives are to recover, analyze, and preserve digital evidence in a way that can be presented in a court of law, and to identify evidence and assess the identity and intent of perpetrators in a timely manner. Computer forensics techniques include live analysis, cross-drive analysis, and recovery of deleted files through specialized software tools. Applications include criminal, domestic, security, and marketing investigations.

1. Computer Forensics
Presented By:
Priya Manikpuri
M.Sc.(CS) 1St Semester
Shri.Shivaji Science college,
Nagpur

2. Introduction
Computer crime is a criminal act in which a
computer is the object of the offence or the tool
of its commission.
 Classification:
 Computer centered crime
 Computer assisted crime
 Incidental computer crime

3. What is computer forensics?
 A branch of digital forensic
science pertaining to legal
evidence found in
computers and digital
storage media
 A Scientific process of
preserving, identifying,
extracting, documenting,
and interpreting data on
computer

4. Objectives
 To recover, analyze, and preserve the computer and
related materials in a manner that can be presented as
evidence in a court of law
 To identify the evidence in a short amount of time,
estimate the potential impact of the malicious activity on
the victim, and assess the intent and identity of the
perpetrator

5. Digital Evidence
• Digital evidence or electronic evidence is any
probative information stored or transmitted
in digital form that a party to a court case may
use at trial.
• In the legal world, Evidence is EVERYTHING.
• Evidence is used to establish facts.
•

6. Where to find evidence?
 text documents,
 graphical images,
 calendar files,
 databases,
 audio and video files,
 Web sites and application programs.
 Even viruses, Trojan horses and
spyware
 E-mail records and instant
messaging logs,

7. Handling Information
 Information and data being sought after and
collected in the investigation must be properly
handled
 Volatile Information
– Network Information
• Communication between system and the network
– Active Processes
• Programs and daemons currently active on the
system
– Logged-on Users
• Users/employees currently using system
– Open Files
• Libraries in use; hidden files; Trojans (root kit)
loaded in system

8. Handling Information
• Non-Volatile Information
– This includes information, configuration
settings, system files and registry settings
that are available after reboot
– Accessed through drive mappings from
system
– This information should investigated and
reviewed from a backup copy

9. Forensic Phases:
• Acquisition
• Identification
• Evaluation
• Presentation

10. Forensic Techniques
 Live analysis:
• The examination of computers from within
the operating system using custom
forensics to extract evidence.
 Cross-drive analysis:
• forensic technique that correlates
information found on multiple hard drives.
• can be used to perform anomaly detection.

11. Forensic Techniques
 Example of Software Tools:
• EnCase
• WinHex
• ProDiscover
• S-tool
 Deleted files:
• recovery of deleted files
• Use of forensic software tools for recovering
or carving out deleted data.

12. Forensic Techniques
 Steganography:
• concealing a message, image, or file within
another message, image, or file.
• detection of steganographically encoded
packages is called steganalysis.
• the simplest method to detect modified files is to
compare them to known originals.

13. Applications of Computer Forensics
• Criminal
• Domestic
• Security
• Marketing

14. Advantages
 Ensures the overall integrity and continued existence of
an organization’s computer system and network
infrastructure.
 Helps the organization capture important information if
their computer systems or networks are compromised.
 Efficiently tracks down cyber criminals and terrorists from
different parts of the world.
 Tracks complicated cases such as child pornography
and e-mail spamming.

15. Disadvantages
Cost
Increasing storage space
New technologies
Anti-forensics
Legal issues
Administrative issues

16. Conclusion
• With computer becoming more and more
involved in our everyday lives, both
professionally and socially, there is a need
for computer forensics. This field will
enable crucial electronic evidence to be
found, whether it was lost, deleted,
damaged, or hidden, and used to
prosecute individuals that believe they
have successfully beaten the system.