Anshul Tayal, profile picture
Uploaded byAnshul Tayal
PPTX, PDF437 views

Cyber forensic investigation & Analysis

The document outlines the key aspects of digital forensics, including its definition, branches, objectives, and rules for handling digital evidence. It details the steps involved in a digital forensic investigation, which consists of identification, preservation, collection, examination, analysis, and reporting. Emphasis is placed on the importance of maintaining the integrity of evidence throughout the investigation process.

Embed presentation

Downloaded 39 times
“Cyber Forensic Investigation & Analysis” Session By: Anshul Tayal
Outline • Introduction What is Digital Forensics? Branches of Digital Forensics. Objectives of Digital Forensics. Difference between Cyber Forensics and Cyber Security. • Digital Evidence Rules for Digital Evidence. Handling Digital Evidence. • Process of Digital Forensic Investigation. • Things You Should Remember 2
Introduction • What is digital forensics? Digital Forensics or Cyber Forensics is the process of detecting, and analyzing the attacks that jeopardizes the Confidentiality, Integrity, and Availability of an IT System. 3
Continued… • Branches of Digital Forensics There are four main branches of digital forensics – o Computer Forensics. o Network Forensics. o Mobile Device Forensics. o Database Forensics. o Cloud Forensics o Email and Social Media Forensics o Malware Forensics etc. 4
Continued… • Objectives of Digital Forensics The main objective of Digital Forensics is to find out the answer of these three mysterious questions - What? Why? And How? To gather Digital Evidences to ensure, that the answers you have found for above questions are correct and you can present them in the court. 5
Digital Evidences Digital evidence is any information or data of value to an investigation that is stored on, received by, or transmitted by an electronic device. Text messages, emails, pictures, videos, and internet searches are some of the most common types of digital evidence. 6
Continued… • Rules for Digital Evidence Admissible- Must be able to be used in court or elsewhere. Authentic- Evidence must be relevant to the case. Complete- Must not lack any information. Reliable- No question about authenticity. Believable- Clear, easy to understand, and believable by a jury. 7
Continued… • Handling Digital Evidence o No possible evidence should be damaged, destroyed, or otherwise compromised by the procedures used to search the computer. o Preventing viruses from being introduced to a computer during the analysis process. o Extracted / relevant evidence is properly handled and protected from later mechanical or electromagnetic damage. o Establishing and maintaining a continuing chain of custody. o Limiting the amount of time business operations are affected. 8
Process of Digital Forensic Investigation The investigative process encompasses- 9 Fig. 1 Digital Forensic Investigation Process
Continued… 10 • Identification In the Identification phase these processes took place- 1. Event/Crime Detection. 2. Complaints. 3. Approach Formulation. 4. Case Analysis.
Continued… 11 • Preservation In the Preservation phase these processes took place- 1. Crime Scene Preservation. 2. Chain of Custody. 3. Client permission Form. 4. Case Management. 5. Time Sync.
Demonstration 12
Continued… 13 • Collection In the Collection phase these processes took place- 1. Preservation. 2. Acquire. 3. Recognize and Collect Evidence. 4. Data Preservation.
Demonstration 14
Continued… • Examination In the Examination phase these processes took place- 1. Preservation. 2. Filtering. 3. Pattern Matching. 4. Data Recovery (Hidden Data). 5. Data Extraction. 15
Continued… • Analysis In the Analysis phase these processes took place- 1. Preservation. 2. Determine Significance. 3. Validation. 4. Find the Link. 5. Draw Conclusion. 16
Demonstration 17
Continued… • Presentation/Reporting In the Reporting phase these processes took place- 1. Documentation. 2. Expert Testimony. 3. Recommended Countermeasures. 4. Statistical Interpretation. 18
Things You Should Remember! 1. Avoid changing date/time stamps (of files for example)or changing data itself. 2. Overwriting of unallocated space (which can happen on re-boot for example). 3. Always calculate/generate hash value of each information/data, collected during the investigation. 19
Cyber forensic investigation & Analysis

More Related Content

PPTX
Digital forensics
byVidoushi B-Somrah
 
PPTX
Digital forensics
byvishnuv43
 
PDF
Incident response methodology
byPiyush Jain
 
PPTX
First Responder Officer in Cyber Crime
byApplied Forensic Research Sciences
 
PPTX
cyber security and forensic tools
bySonu Sunaliya
 
PPTX
cyber forensics
byAmbuj Kumar
 
PPTX
Analysis of digital evidence
byrakesh mishra
 
PDF
Digital forensic principles and procedure
bynewbie2019
 
Digital forensics
byVidoushi B-Somrah
 
Digital forensics
byvishnuv43
 
Incident response methodology
byPiyush Jain
 
First Responder Officer in Cyber Crime
byApplied Forensic Research Sciences
 
cyber security and forensic tools
bySonu Sunaliya
 
cyber forensics
byAmbuj Kumar
 
Analysis of digital evidence
byrakesh mishra
 
Digital forensic principles and procedure
bynewbie2019
 

What's hot

PDF
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
PPTX
Network Forensics
byprimeteacher32
 
PPTX
Digital Forensics
byMithileysh Sathiyanarayanan
 
PPTX
Digital Forensic Case Study
byMyAssignmenthelp.com
 
PPTX
Phishing
bySagar Rai
 
PDF
Social Media Forensics
byJohn J. Carney, Esq.
 
PPT
Cyber crime and forensic
bySANTANU KUMAR DAS
 
PPTX
mobile forensic.pptx
byAmbuj Kumar
 
PPT
Computer forensics
byLalit Garg
 
PPTX
Credit card frauds
byJeetendra Khilnani
 
PPTX
Cyber Forensics Overview
byYansi Keim
 
PPTX
L6 Digital Forensic Investigation Tools.pptx
byBhupeshkumar Nanhe
 
PDF
Network Forensic
bySujeet Kumar
 
PPTX
Mobile Phone Seizure Guide by Raghu Khimani
byDr Raghu Khimani
 
PPTX
Cybercrime And Cyber forensics
bysunanditaAnand
 
PPTX
Digital forensics
byyash sawarkar
 
PPSX
Cloud Forensics
bysdavis532
 
PPTX
CYBERCRIME INVESTIGATION AND ANALYSIS.pptx
byOlusegun Mosugu
 
PPTX
Email investigation
byAnimesh Shaw
 
PPTX
Malware forensic
bySumeraHangi
 
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
Network Forensics
byprimeteacher32
 
Digital Forensics
byMithileysh Sathiyanarayanan
 
Digital Forensic Case Study
byMyAssignmenthelp.com
 
Phishing
bySagar Rai
 
Social Media Forensics
byJohn J. Carney, Esq.
 
Cyber crime and forensic
bySANTANU KUMAR DAS
 
mobile forensic.pptx
byAmbuj Kumar
 
Computer forensics
byLalit Garg
 
Credit card frauds
byJeetendra Khilnani
 
Cyber Forensics Overview
byYansi Keim
 
L6 Digital Forensic Investigation Tools.pptx
byBhupeshkumar Nanhe
 
Network Forensic
bySujeet Kumar
 
Mobile Phone Seizure Guide by Raghu Khimani
byDr Raghu Khimani
 
Cybercrime And Cyber forensics
bysunanditaAnand
 
Digital forensics
byyash sawarkar
 
Cloud Forensics
bysdavis532
 
CYBERCRIME INVESTIGATION AND ANALYSIS.pptx
byOlusegun Mosugu
 
Email investigation
byAnimesh Shaw
 
Malware forensic
bySumeraHangi
 

Similar to Cyber forensic investigation & Analysis

DOCX
reserach paper on Study Of Digital Forensics Process.docx
byNavneetSaluja5
 
PPTX
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
PDF
Digital forensic
byChandan Sah
 
PPT
Digital Forensic
byCleverence Kombe
 
DOCX
Digital forensics Steps
bygamemaker762
 
PPT
L11 - Intro to Computer Forensics.ppt
byRebeccaMunasheChimhe
 
PPTX
Network and computer forensics
byJohnson Ubah
 
PPTX
unit 5 understanding computer forensics.pptx
byDimple Relekar
 
PPTX
Computer Forensics.pptx
byHappyness Mkumbo
 
PPTX
cujgh fhgtfh frtrtfh fghfh xtyh hapter-3.pptx
byShubhangi Kirange
 
PPTX
ppt for Module 5 cybersecuirty_023501.pptx
byMayuraD1
 
PPTX
3170725_Unit-1.pptx
byYashPatel132112
 
PDF
Digital forensic science and its scope manesh t
byManesh T
 
PPTX
Review on Cyber Forensics - Copy.pptx
byVaishnaviBorse8
 
PPT
Lecture-2 Introduction to Digital Forensics.ppt
byamansinght675
 
DOCX
What is Digital Forensics.docx
byAliAshraf68199
 
PPT
CS426_forensics_tools to analyse and deve
byvikashagarwal874473
 
PPT
Network Forensics Basic lecture for Everyone
byBurhanKhan774154
 
PPT
CS426_forensics.ppt
byOkviNugroho1
 
PPT
CS426_forensics.ppt
byPrabithGupta1
 
reserach paper on Study Of Digital Forensics Process.docx
byNavneetSaluja5
 
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
Digital forensic
byChandan Sah
 
Digital Forensic
byCleverence Kombe
 
Digital forensics Steps
bygamemaker762
 
L11 - Intro to Computer Forensics.ppt
byRebeccaMunasheChimhe
 
Network and computer forensics
byJohnson Ubah
 
unit 5 understanding computer forensics.pptx
byDimple Relekar
 
Computer Forensics.pptx
byHappyness Mkumbo
 
cujgh fhgtfh frtrtfh fghfh xtyh hapter-3.pptx
byShubhangi Kirange
 
ppt for Module 5 cybersecuirty_023501.pptx
byMayuraD1
 
3170725_Unit-1.pptx
byYashPatel132112
 
Digital forensic science and its scope manesh t
byManesh T
 
Review on Cyber Forensics - Copy.pptx
byVaishnaviBorse8
 
Lecture-2 Introduction to Digital Forensics.ppt
byamansinght675
 
What is Digital Forensics.docx
byAliAshraf68199
 
CS426_forensics_tools to analyse and deve
byvikashagarwal874473
 
Network Forensics Basic lecture for Everyone
byBurhanKhan774154
 
CS426_forensics.ppt
byOkviNugroho1
 
CS426_forensics.ppt
byPrabithGupta1
 

Recently uploaded

PPTX
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
PDF
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
PPTX
West Hatch High School - GCSE Media Studies
byWestHatch
 
PPTX
Definition of communication skills and it's process.
bypurvrajsinhsarvaiya0
 
PPTX
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
PPTX
"Aristotle : Father Of Western Philosophy"
bymitalbarathod28
 
PPTX
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
PDF
Beak Modifications by Dr. Ramzan Virani pptx.pdf
byDr. Ramzan Virani
 
PDF
Risks and opportunities of artificial intelligence in education: A critical view
byYannis
 
PDF
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
PPTX
Unit 3- Culture.pptx....................
byAkanksha Kotangale
 
PPTX
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
PPTX
literary theory and criticism by Vivek p
byvivekrathodborda
 
PPTX
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
PPTX
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
PPTX
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
PPTX
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
PPTX
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
PPTX
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
PPTX
" Jaya : Silence as Resistance " - That long silence
bydharabhandari35
 
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
West Hatch High School - GCSE Media Studies
byWestHatch
 
Definition of communication skills and it's process.
bypurvrajsinhsarvaiya0
 
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
"Aristotle : Father Of Western Philosophy"
bymitalbarathod28
 
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
Beak Modifications by Dr. Ramzan Virani pptx.pdf
byDr. Ramzan Virani
 
Risks and opportunities of artificial intelligence in education: A critical view
byYannis
 
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
Unit 3- Culture.pptx....................
byAkanksha Kotangale
 
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
literary theory and criticism by Vivek p
byvivekrathodborda
 
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
" Jaya : Silence as Resistance " - That long silence
bydharabhandari35
 

Cyber forensic investigation & Analysis

  • 1.
    “Cyber Forensic Investigation &Analysis” Session By: Anshul Tayal
  • 2.
    Outline • Introduction What isDigital Forensics? Branches of Digital Forensics. Objectives of Digital Forensics. Difference between Cyber Forensics and Cyber Security. • Digital Evidence Rules for Digital Evidence. Handling Digital Evidence. • Process of Digital Forensic Investigation. • Things You Should Remember 2
  • 3.
    Introduction • What isdigital forensics? Digital Forensics or Cyber Forensics is the process of detecting, and analyzing the attacks that jeopardizes the Confidentiality, Integrity, and Availability of an IT System. 3
  • 4.
    Continued… • Branches ofDigital Forensics There are four main branches of digital forensics – o Computer Forensics. o Network Forensics. o Mobile Device Forensics. o Database Forensics. o Cloud Forensics o Email and Social Media Forensics o Malware Forensics etc. 4
  • 5.
    Continued… • Objectives ofDigital Forensics The main objective of Digital Forensics is to find out the answer of these three mysterious questions - What? Why? And How? To gather Digital Evidences to ensure, that the answers you have found for above questions are correct and you can present them in the court. 5
  • 6.
    Digital Evidences Digital evidenceis any information or data of value to an investigation that is stored on, received by, or transmitted by an electronic device. Text messages, emails, pictures, videos, and internet searches are some of the most common types of digital evidence. 6
  • 7.
    Continued… • Rules forDigital Evidence Admissible- Must be able to be used in court or elsewhere. Authentic- Evidence must be relevant to the case. Complete- Must not lack any information. Reliable- No question about authenticity. Believable- Clear, easy to understand, and believable by a jury. 7
  • 8.
    Continued… • Handling DigitalEvidence o No possible evidence should be damaged, destroyed, or otherwise compromised by the procedures used to search the computer. o Preventing viruses from being introduced to a computer during the analysis process. o Extracted / relevant evidence is properly handled and protected from later mechanical or electromagnetic damage. o Establishing and maintaining a continuing chain of custody. o Limiting the amount of time business operations are affected. 8
  • 9.
    Process of DigitalForensic Investigation The investigative process encompasses- 9 Fig. 1 Digital Forensic Investigation Process
  • 10.
    Continued… 10 • Identification In theIdentification phase these processes took place- 1. Event/Crime Detection. 2. Complaints. 3. Approach Formulation. 4. Case Analysis.
  • 11.
    Continued… 11 • Preservation In thePreservation phase these processes took place- 1. Crime Scene Preservation. 2. Chain of Custody. 3. Client permission Form. 4. Case Management. 5. Time Sync.
  • 12.
  • 13.
    Continued… 13 • Collection In theCollection phase these processes took place- 1. Preservation. 2. Acquire. 3. Recognize and Collect Evidence. 4. Data Preservation.
  • 14.
  • 15.
    Continued… • Examination In theExamination phase these processes took place- 1. Preservation. 2. Filtering. 3. Pattern Matching. 4. Data Recovery (Hidden Data). 5. Data Extraction. 15
  • 16.
    Continued… • Analysis In theAnalysis phase these processes took place- 1. Preservation. 2. Determine Significance. 3. Validation. 4. Find the Link. 5. Draw Conclusion. 16
  • 17.
  • 18.
    Continued… • Presentation/Reporting In theReporting phase these processes took place- 1. Documentation. 2. Expert Testimony. 3. Recommended Countermeasures. 4. Statistical Interpretation. 18
  • 19.
    Things You ShouldRemember! 1. Avoid changing date/time stamps (of files for example)or changing data itself. 2. Overwriting of unallocated space (which can happen on re-boot for example). 3. Always calculate/generate hash value of each information/data, collected during the investigation. 19

Editor's Notes

  • #4 Confidentiality: The principle of Confidentiality specifies that only the sender and the intended receiver(s) should be able to access the contents of a message. Integrity: The principle of Integrity specifies the Correctness of Data. Availability: The principle of Availability states that resources should be available to authorizes parties at all times.
  • #13 Show all the Forms and Demonstrate Cryptool for calculating Hash and Write Blocker (Mannual)
  • #15 Demonstration of Website Acquisition, Memory Acquisition and HDD Acquisition
  • #18 Demonstrate Log Analysis