Cyber forensics involves applying scientific methods to digital evidence for legal purposes. It includes preserving, acquiring, analyzing, discovering, documenting, and presenting digital evidence. Common goals are to determine if unauthorized activity or crimes occurred using computer systems and networks. Cyber crimes are growing and can include hacking, cyber stalking, spamming, and intellectual property theft. Forensic investigations follow standard procedures including seizing evidence, making copies, and analyzing to find relevant information for legal cases.
2. OVERVIEW
Application of the scientific method to digital media
in order to establish factual information for judicial
review.
The process of extracting information and data from
computer storage media and guaranteeing its
accuracy and reliability.
Collection of people - processes – tools - measures
that support or refute certain allegations or
suspicions of misuse which involve a computer
system.
3. "PLAUSIBLE DENIABILITY" DEFENSE
"My machine had a backdoor installed.
Someone else must have loaded those child
pornography files on my system."
Cyber forensics may determine the accuracy of this
statement.
4. CRIME & UNAUTHORIZED ACTIVITY
Crime
Breach of federal, state or other forms of
established law.
Unauthorized Activity
Activities that are restricted by policies
5. ASPECTS OF ORGANIZATIONAL SECURITY
— IT Security‘
• Application security
• Computing security
• Data security
• Information security
• Network security
— Physical Security'
• Facilities security
• Human security
— Financial Security
• Security from frauds
— Legal Security
• National security
• Public security
6. FORENSIC INVESTIGATION
Process of Computer Forensics
1. Preservation
2. Acquisition
3. Analysis
4. Discovery
5. Documentation
6. Presentation of Evidence
7. PRESERVATION
Making sure the evidence is un-tampered with and
continues to be in the state in which it is found
9. ANALYSIS
Going through and discovering what type of
information and evidence that we have acquired
10. DISCOVERY
Breaking down the acquired evidence and isolating
what is called relevant or interesting evidence.
Evidence that is relational to the investigations that
you are going through.
11. DOCUMENTATION
Mostly for litigation purposes.
Documentation serve to prove that we followed due
diligence when performing the investigations from
beginning to the end.
Litigation: A controversy before a court or a
"lawsuit”.
12. PRESENTATION OF EVIDENCE
Mostly for litigation purposes
Convert everything that we have learned into
understandable terms when conveyed to an
interesting party (corporation or court of law)
13.
14. EVOLUTION OF COMPUTER FORENSICS
Francis Galton (1822-1911)
•Made the first recorded study of fingerprints
Leone Lattes (1887-1954)
•Discovered blood groupings (A,BAB, & o)
Calvin Goddard (1891-1955)
•Allowed Firearms and bullet comparison for solving
many pending court cases
Albert Osborn (1858-1946)
•Developed essential features of document examination
Hans Gross (1847-1915)
•Made use of scientific study to head criminal
investigations
FBI (1932)
•A lab was set up to provide forensic sendees to all field
agents and other law authorities across the country
15. EVOLUTION OF COMPUTER FORENSICS
CART (1984)
•Computer Analysis and Response Team (CART) was
developed to provide support to FBI field offices in the search of
computer evidence
1993
•First International Conference on computer evidence
held
IOCE(i995)
•International Organization on Computer Evidence
(IOCE) formed
1998
•International Forensic Science Symposium formed to
provide forum for forensic manager
2000
•First FBI Regional Computer Forensic Laboratory
established
19. CYBER CRIME
Cyber crime means any criminal activity in which a
computer or network is the source,
tool or target or place of crime.
The Cambridge English Dictionary defines cyber
crimes as crimes committed with the use of
computers or relating to computers, especially
through internet.
Crimes involving use of information or usage of
electronic means in furtherance of crime are
covered under the scope of cyber crime.
Cyber Crimes may be committed against persons,
property and government
20. COMPUTER FACILITATED CRIMES
Dependency on the computer has given way to new
crimes
Computers are used as a tool for committing crimes
Computer crimes pose new challenges for
investigators due to their
Speed
Anonymity
Fleeting nature of evidence
21. MODES OF ATTACK
1. Hacking - A hacker is an unauthorized user who
attempts to or gains access to an information
system. Hacking is a crime even if there is no visible
damage to the system, since it is an invasion
in to the privacy of data. There are different classes of
Hackers.
a) White Hat Hackers - They believe that information
sharing is good, and that it is their duty
to share their expertise by facilitating access to
information. However there are some white hat
hackers who are just "joy riding" on computer systems.
b) Black Hat Hackers - They cause damage after
intrusion. They may steal or modify data or
insert viruses or worms which damage the system. They
are also called 'crackers'.
22. MODES OF ATTACK
c) Grey Hat Hackers - Typically ethical but
occasionally violates hacker ethics Hackers will
hack into networks, stand-alone computers and
software. Network hackers try to gain unauthorized
access to private computer networks just for
challenge, curiosity, and distribution of information.
Crackers perform unauthorized intrusion with damage
like stealing or changing of information or inserting
malware (viruses or worms)
23. MODES OF ATTACK
2. Cyber Stalking - This crime involves use of
internet to harass someone. The behavior includes
false accusations, threats etc. Normally, majority of
cyber stalkers are men and the majority of victims are
women.
3. Spamming - Spamming is sending of
unsolicited bulk and commercial messages over the
internet. Although irritating to most email users, it is
not illegal unless it causes damage such as
overloading network and disrupting service to
subscribers or creates .negative impact on consumer
attitudes towards Internet Service Provider.
24. MODES OF ATTACK
4. Cyber Pornography - Women and children are
victims of sexual exploitation through
internet. Pedophiles use the internet to send photos
of illegal child pornography to targeted
children so as to attract children to such funs. Later
they are sexually exploited for gains.
5. Phishing - It is a criminally fraudulent process
of acquiring sensitive information such as
username, passwords and credit card details by
disguising as a trustworthy entity in an electronic
communication.
25. MODES OF ATTACK
6. Software Piracy - It is an illegal reproduction and
distribution of software for business or
personal use. This is considered to be a type of
infringement of copy right and a violation of a
license agreement. Since the unauthorized user is not
a party to the license agreement it is
difficult to find out remedies.
7. Corporate Espionage - It means theft of trade
secrets through illegal means such as wire taps
or illegal intrusions.
26. MODES OF ATTACK
9. Embezzlement - Unlawful misappropriation of
money, property or any other thing of value
that has been entrusted to the offender's care,
custody or control is called embezzlement. Internet
facilities are misused to commit this crime.
10. Password Sniffers - Password sniffers are
programmes that monitor and record the name and
password of network users as they log in,
jeopardizing security at a site. Whoever installs the
sniffer can impersonate an authorized user and log in
to access on restricted documents.
27. MODES OF ATTACK
12. Credit Card Fraud - In U.S.A. half a billion dollars
have been lost annually by consumers who have
credit cards and calling card numbers. These are
stolen from on-line databases.
13. Web Jacking - The term refers to forceful taking of
control of a web site by cracking the password.
14. Cyber terrorism - The use of computer resources
to intimidate or coerce government, the civilian
population or any segment thereof in furtherance of
political or social objectives is called cyber terrorism.
Individuals and groups quite often try to exploit
anonymous character of the internet to threaten
governments and terrorize the citizens of the country.
28. CYBER LAW
Cyber law refers to all the legal and regulatory aspects
of internet and the World Wide Web.
Cyber space is governed by a system of law and
regulations called cyber law.
Cyber law is needed because of the following reasons
(a) Today millions of people are using the internet all
over the world.
Because of global communications, internet is misused
for criminal activities which require regulation.
Today many disturbing and unethical things are
happening in the cyber space which are known as cyber
crimes.
People with intelligence and having bad intensions are
misusing the aspect of internet.
29. EXAMPLE OF CYBER CRIME
Fraud achieved by the manipulation of the
computer records
Spamming wherever outlawed completely or where
regulations controlling it are violated
Deliberate circumvention of the computer security
systems
Unauthorized access to or modification of computer
programs (see software cracking and hacking) or
data.
Intellectual property theft, including software piracy
Industrial espionage by means of access to or theft
of computer materials
31. TYPES OF COMPUTER CRIMES
Denial of Service attack
Debt Elimination
Web Jacking
Internet Extortion
Investment Fraud
Escrow Services Fraud
Cyber defamation
Software piracy
Counterfeit Cashier's
Check
Escrow Services Fraud
Embezzlement
32. KEY STEPS IN FORENSIC INVESTIGATION
Computer crime is suspected
Collect preliminary evidence
Obtain court warrant for seizure (if required)
Perform first responder procedures
Seize evidence at the crime scene
Transport them to the forensic laboratory
Create 2 bit stream copies of the evidence