Cyber forensics involves applying scientific methods to digital evidence for legal purposes. It includes preserving, acquiring, analyzing, discovering, documenting, and presenting digital evidence. Common goals are to determine if unauthorized activity or crimes occurred using computer systems and networks. Cyber crimes are growing and can include hacking, cyber stalking, spamming, and intellectual property theft. Forensic investigations follow standard procedures including seizing evidence, making copies, and analyzing to find relevant information for legal cases.

1. CYBER FORENSIC

2. OVERVIEW
 Application of the scientific method to digital media
in order to establish factual information for judicial
review.
 The process of extracting information and data from
computer storage media and guaranteeing its
accuracy and reliability.
 Collection of people - processes – tools - measures
that support or refute certain allegations or
suspicions of misuse which involve a computer
system.

3. "PLAUSIBLE DENIABILITY" DEFENSE
 "My machine had a backdoor installed.
Someone else must have loaded those child
pornography files on my system."
 Cyber forensics may determine the accuracy of this
statement.

4. CRIME & UNAUTHORIZED ACTIVITY
 Crime
 Breach of federal, state or other forms of
established law.
 Unauthorized Activity
 Activities that are restricted by policies

5. ASPECTS OF ORGANIZATIONAL SECURITY
— IT Security‘
• Application security
• Computing security
• Data security
• Information security
• Network security
— Physical Security'
• Facilities security
• Human security
— Financial Security
• Security from frauds
— Legal Security
• National security
• Public security

6. FORENSIC INVESTIGATION
 Process of Computer Forensics
1. Preservation
2. Acquisition
3. Analysis
4. Discovery
5. Documentation
6. Presentation of Evidence

7. PRESERVATION
 Making sure the evidence is un-tampered with and
continues to be in the state in which it is found

8. ACQUISITION
 The Process of acquiring or gaining the evidence

9. ANALYSIS
 Going through and discovering what type of
information and evidence that we have acquired

10. DISCOVERY
 Breaking down the acquired evidence and isolating
what is called relevant or interesting evidence.
 Evidence that is relational to the investigations that
you are going through.

11. DOCUMENTATION
 Mostly for litigation purposes.
 Documentation serve to prove that we followed due
diligence when performing the investigations from
beginning to the end.
 Litigation: A controversy before a court or a
"lawsuit”.

12. PRESENTATION OF EVIDENCE
 Mostly for litigation purposes
 Convert everything that we have learned into
understandable terms when conveyed to an
interesting party (corporation or court of law)

14. EVOLUTION OF COMPUTER FORENSICS
Francis Galton (1822-1911)
•Made the first recorded study of fingerprints
Leone Lattes (1887-1954)
•Discovered blood groupings (A,BAB, & o)
Calvin Goddard (1891-1955)
•Allowed Firearms and bullet comparison for solving
many pending court cases
Albert Osborn (1858-1946)
•Developed essential features of document examination
Hans Gross (1847-1915)
•Made use of scientific study to head criminal
investigations
FBI (1932)
•A lab was set up to provide forensic sendees to all field
agents and other law authorities across the country

15. EVOLUTION OF COMPUTER FORENSICS
CART (1984)
•Computer Analysis and Response Team (CART) was
developed to provide support to FBI field offices in the search of
computer evidence
1993
•First International Conference on computer evidence
held
IOCE(i995)
•International Organization on Computer Evidence
(IOCE) formed
1998
•International Forensic Science Symposium formed to
provide forum for forensic manager
2000
•First FBI Regional Computer Forensic Laboratory
established

16. OBJECTIVES OF COMPUTER FORENSICS

17. NEED FOR COMPUTER FORENSICS

18. GOALS OF FORENSIC READINESS

19. CYBER CRIME
 Cyber crime means any criminal activity in which a
computer or network is the source,
tool or target or place of crime.
 The Cambridge English Dictionary defines cyber
crimes as crimes committed with the use of
computers or relating to computers, especially
through internet.
 Crimes involving use of information or usage of
electronic means in furtherance of crime are
covered under the scope of cyber crime.
 Cyber Crimes may be committed against persons,
property and government

20. COMPUTER FACILITATED CRIMES
 Dependency on the computer has given way to new
crimes
 Computers are used as a tool for committing crimes
 Computer crimes pose new challenges for
investigators due to their
 Speed
 Anonymity
 Fleeting nature of evidence

21. MODES OF ATTACK
1. Hacking - A hacker is an unauthorized user who
attempts to or gains access to an information
system. Hacking is a crime even if there is no visible
damage to the system, since it is an invasion
in to the privacy of data. There are different classes of
Hackers.
a) White Hat Hackers - They believe that information
sharing is good, and that it is their duty
to share their expertise by facilitating access to
information. However there are some white hat
hackers who are just "joy riding" on computer systems.
b) Black Hat Hackers - They cause damage after
intrusion. They may steal or modify data or
insert viruses or worms which damage the system. They
are also called 'crackers'.

22. MODES OF ATTACK
c) Grey Hat Hackers - Typically ethical but
occasionally violates hacker ethics Hackers will
hack into networks, stand-alone computers and
software. Network hackers try to gain unauthorized
access to private computer networks just for
challenge, curiosity, and distribution of information.
Crackers perform unauthorized intrusion with damage
like stealing or changing of information or inserting
malware (viruses or worms)

23. MODES OF ATTACK
2. Cyber Stalking - This crime involves use of
internet to harass someone. The behavior includes
false accusations, threats etc. Normally, majority of
cyber stalkers are men and the majority of victims are
women.
3. Spamming - Spamming is sending of
unsolicited bulk and commercial messages over the
internet. Although irritating to most email users, it is
not illegal unless it causes damage such as
overloading network and disrupting service to
subscribers or creates .negative impact on consumer
attitudes towards Internet Service Provider.

24. MODES OF ATTACK
4. Cyber Pornography - Women and children are
victims of sexual exploitation through
internet. Pedophiles use the internet to send photos
of illegal child pornography to targeted
children so as to attract children to such funs. Later
they are sexually exploited for gains.
5. Phishing - It is a criminally fraudulent process
of acquiring sensitive information such as
username, passwords and credit card details by
disguising as a trustworthy entity in an electronic
communication.

25. MODES OF ATTACK
6. Software Piracy - It is an illegal reproduction and
distribution of software for business or
personal use. This is considered to be a type of
infringement of copy right and a violation of a
license agreement. Since the unauthorized user is not
a party to the license agreement it is
difficult to find out remedies.
7. Corporate Espionage - It means theft of trade
secrets through illegal means such as wire taps
or illegal intrusions.

26. MODES OF ATTACK
9. Embezzlement - Unlawful misappropriation of
money, property or any other thing of value
that has been entrusted to the offender's care,
custody or control is called embezzlement. Internet
facilities are misused to commit this crime.
10. Password Sniffers - Password sniffers are
programmes that monitor and record the name and
password of network users as they log in,
jeopardizing security at a site. Whoever installs the
sniffer can impersonate an authorized user and log in
to access on restricted documents.

27. MODES OF ATTACK
12. Credit Card Fraud - In U.S.A. half a billion dollars
have been lost annually by consumers who have
credit cards and calling card numbers. These are
stolen from on-line databases.
13. Web Jacking - The term refers to forceful taking of
control of a web site by cracking the password.
14. Cyber terrorism - The use of computer resources
to intimidate or coerce government, the civilian
population or any segment thereof in furtherance of
political or social objectives is called cyber terrorism.
Individuals and groups quite often try to exploit
anonymous character of the internet to threaten
governments and terrorize the citizens of the country.

28. CYBER LAW
 Cyber law refers to all the legal and regulatory aspects
of internet and the World Wide Web.
 Cyber space is governed by a system of law and
regulations called cyber law.
 Cyber law is needed because of the following reasons
(a) Today millions of people are using the internet all
over the world.
 Because of global communications, internet is misused
for criminal activities which require regulation.
 Today many disturbing and unethical things are
happening in the cyber space which are known as cyber
crimes.
 People with intelligence and having bad intensions are
misusing the aspect of internet.

29. EXAMPLE OF CYBER CRIME
 Fraud achieved by the manipulation of the
computer records
 Spamming wherever outlawed completely or where
regulations controlling it are violated
 Deliberate circumvention of the computer security
systems
 Unauthorized access to or modification of computer
programs (see software cracking and hacking) or
data.
 Intellectual property theft, including software piracy
 Industrial espionage by means of access to or theft
of computer materials

30. TYPES OF COMPUTER CRIMES
 Identity Theft
 Hacking
 Computer Viruses
 Cyber stalking
 Drug Trafficking
 Phishing/Spoofing
 Wrongful Programming
 Credit Card Fraud
 On-Line Auction Fraud
 Email bombing and SPAM
 Theft of Intellectual
Property'

31. TYPES OF COMPUTER CRIMES
 Denial of Service attack
 Debt Elimination
 Web Jacking
 Internet Extortion
 Investment Fraud
 Escrow Services Fraud
 Cyber defamation
 Software piracy
 Counterfeit Cashier's
Check
 Escrow Services Fraud
 Embezzlement

32. KEY STEPS IN FORENSIC INVESTIGATION
 Computer crime is suspected
 Collect preliminary evidence
 Obtain court warrant for seizure (if required)
 Perform first responder procedures
 Seize evidence at the crime scene
 Transport them to the forensic laboratory
 Create 2 bit stream copies of the evidence