pranjal dutta, profile picture
Uploaded bypranjal dutta
PPT, PDF3,928 views

Cyber forensics

This document outlines the field of computer forensics, detailing its definition, steps, tools, and applications in various sectors, including law enforcement and civil litigation. It covers the process of acquiring and analyzing digital evidence, emphasizing the importance of maintaining a chain of custody and proper handling techniques. Additionally, it highlights training needs and challenges faced within the discipline, such as rapid technological changes and certification requirements.

Embed presentation

Downloaded 74 times
Submitted by Name-Pranjal Dutta Roll-Gau-C-11/L-192
 Topics to be covered Defining Computer Forensics Reasons for gathering evidence Who uses Computer Forensics Steps of Computer Forensics Some forensics tools Handling Evidence Initiating an investigation Handling Information Computer forensics requirements Evidence processing guidelines Issues Conclusion
 What is Computer Forensics??  Computer forensics involves the preservation, identification, extraction, documentation of computer media for evidentiary and/or root cause analysis.  Evidence might be required for a wide range of computer crimes and misuses  Multiple methods of computer forensics-  Discovering data on computer system  Recovering deleted, encrypted, or damaged file information  Monitoring live activity etc.  Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity
 Wide range of computer crimes and misuses  Fraud(criminal deception intended to result in financial or personal gain)  Extortion(illegal use of ones official position or powers to obtain property, funds etc)  Industrial espionage(theft of trade secrets in a company for use by a competitor)  Sexual harassments  SPAM investigations  Virus/Trojan distribution  Unauthorized use of personal information  Forgery(imitating objects or documents with the intent to make usually large amount of money)  Software Piracy
 Criminal Prosecutors  Rely on evidence obtained from a computer to prosecute suspects and use as evidence  Civil Litigations (a legal proceeding in a court)  Personal and business data discovered on a computer can be used in fraud, divorce, harassment  Private Corporations  Obtained evidence from employee computers can be used as evidence in harassment, fraud, and embezzlement cases  Law Enforcement Officials  Rely on computer forensics to backup search warrants
 According to many professionals, Computer Forensics is a four (4) step process  Acquisition  Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices  Identification  This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites  Evaluation  Evaluating the information/data recovered to determine if and how it could be used against the suspect for employment termination or prosecution in court
 Presentation  This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non- technically staff/management.
 EnCase- software package which enables an investigator to image and examine data from hard disks, removable media.  SafeBack- SafeBack is used primarily for imaging the hard disks of Intel-based computer systems and restoring these images to other hard disks.  Data dumper- It is a command line tool, freely available utility for UNIX systems which can make exact copies of disks suitable for forensic analysis.  Md5sum- tool to check whether data is copied to another storage successfully or not.  Grep- allows files to be searched for a particular sequence of characters  The Coroner's Toolkit- free tools designed to be used in the forensic analysis of a UNIX machine.
1. When dealing with digital evidence, all of the general forensic and procedural principles must be applied. 2. Upon seizing digital evidence, actions taken should not change that evidence. 3. When it is necessary for a person to access original digital evidence, that person should be trained for the purpose. 4. All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review. 5. An Individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession. 6. Any agency, which is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles.
 DO NOT begin by exploring files on system randomly  Properly maintain the chain of custody  Collect email, DNS, and other network service logs  Capture exhaustive external TCP and UDP port scans of the host  Contact security personnel ,management, Federal and local enforcement, as well as affected sites or persons
Information and data being collected in the investigation must be properly handled. Volatile Information  Network Information  Communication between system and the network  Active Processes  Programs and daemons currently active on the system  Logged-on Users  Users/employees currently using system  Open Files  Libraries in use; hidden files; Trojans loaded in system
 Non-Volatile Information  This includes information, configuration settings, system files and registry settings that are available after reboot  Accessed through drive mappings from system  This information should be investigated and reviewed from a backup copy
 Hardware  Familiarity with all internal and external devices/components of a computer  Thorough understanding of hard drives and settings  Understanding motherboards and the various chipsets used  Power connections  Memory  BIOS(Basic Input Output system)  Understanding how the BIOS works  Familiarity with the various settings and limitations of the BIOS
 Operation Systems  Windows 3.1/95/98/NT/2000/2003/XP etc.  DOS  UNIX  LINUX  VAX/VMS VAX(Virtual Address eXtension- server computers from the Digital Equipment Corporation (DEC) and also introduced a new operating system, VMS(Virtual Memory System).  Software  Familiarity with most popular software packages such as Office  Forensic Tools  Familiarity with computer forensic techniques and the software packages that could be used
 There are basically 16 steps in processing evidence.  They offer training on properly handling each step  Step 1: Shut down the computer  Considerations must be given to volatile information  Prevents remote access to machine and destruction of evidence (manual or anti-forensic software)  Step 2: Document the Hardware Configuration of The System  Note everything about the computer configuration prior to re-locating
 Step 3: Transport the Computer System to A Secure Location  Do not leave the computer unattended unless it is locked in a secure location  Step 4: Make Bit Stream Backups of Hard Disks and Floppy Disks  Step 5: Mathematically Authenticate Data on All Storage Devices  Must be able to prove that you did not alter any of the evidence after the computer came into your possession  Step 6: Document the System Date and Time  Step 7: Make a List of Key Search Words  Step 8: Evaluate the Windows Swap File
 Step 9: Evaluate File Slack  File slack is a data storage area of which most computer users are unaware; a source of significant security leakage.  Step 10: Evaluate Unallocated Space (Erased Files)  Step 11: Search Files, File Slack and Unallocated Space for Key Words  Step 12: Document File Names, Dates and Times  Step 13: Identify File, Program and Storage Anomalies  Step 14: Evaluate Program Functionality  Step 15: Document Your Findings  Step 16: Retain Copies of Software Used
lack of certification for tools Lack of standards lack of certification for professionals lack of understanding by Judiciary lack of curriculum accreditation Rapid changes in technology! Immature Scientific Discipline
Cyber Forensics is a maturing forensic Science Excellent career opportunities  CF Technician  CF Investigator  CF Analyst/Examiner (lab)  CF Lab Director  CF Scientist Proper education & training is paramount!
Cyber forensics

More Related Content

PDF
05 Duplication and Preservation of Digital evidence - Notes
byKranthi
 
PPT
Collecting and preserving digital evidence
byOnline
 
PPTX
Computer forensic ppt
byPriya Manik
 
PPTX
Computer forensics toolkit
byMilap Oza
 
PDF
Cyber Forensics Module 1
byManu Mathew Cherian
 
PPTX
Analysis of digital evidence
byrakesh mishra
 
PPTX
Digital forensics
byyash sawarkar
 
PDF
04 Evidence Collection and Data Seizure - Notes
byKranthi
 
05 Duplication and Preservation of Digital evidence - Notes
byKranthi
 
Collecting and preserving digital evidence
byOnline
 
Computer forensic ppt
byPriya Manik
 
Computer forensics toolkit
byMilap Oza
 
Cyber Forensics Module 1
byManu Mathew Cherian
 
Analysis of digital evidence
byrakesh mishra
 
Digital forensics
byyash sawarkar
 
04 Evidence Collection and Data Seizure - Notes
byKranthi
 

What's hot

PPTX
Cyber forensics ppt
byRoshiniVijayakumar1
 
PPTX
Network Forensics
byprimeteacher32
 
PPTX
Cyber Forensics Overview
byYansi Keim
 
PPT
Introduction to computer forensic
byOnline
 
PPTX
cyber security and forensic tools
bySonu Sunaliya
 
PDF
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
PPTX
Cybercrime investigation
byProf. (Dr.) Tabrez Ahmad
 
PPTX
Mobile Forensics
byprimeteacher32
 
PPTX
Digital forensics
byVidoushi B-Somrah
 
PDF
Computer forensic
bySinggih Prasetya
 
PPTX
Digital Forensic ppt
bySuchita Rawat
 
PPT
Network forensics1
bySantosh Khadsare
 
PPT
Digital Forensic
byCleverence Kombe
 
PDF
Digital forensic principles and procedure
bynewbie2019
 
PPTX
Digital Forensics
byMithileysh Sathiyanarayanan
 
PDF
Incident response methodology
byPiyush Jain
 
PPTX
Processing Crimes and Incident Scenes
byprimeteacher32
 
PDF
Cyber Security Vulnerabilities
bySiemplify
 
PPTX
Computer forensics powerpoint presentation
bySomya Johri
 
PPTX
Network forensics and investigating logs
byanilinvns
 
Cyber forensics ppt
byRoshiniVijayakumar1
 
Network Forensics
byprimeteacher32
 
Cyber Forensics Overview
byYansi Keim
 
Introduction to computer forensic
byOnline
 
cyber security and forensic tools
bySonu Sunaliya
 
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
Cybercrime investigation
byProf. (Dr.) Tabrez Ahmad
 
Mobile Forensics
byprimeteacher32
 
Digital forensics
byVidoushi B-Somrah
 
Computer forensic
bySinggih Prasetya
 
Digital Forensic ppt
bySuchita Rawat
 
Network forensics1
bySantosh Khadsare
 
Digital Forensic
byCleverence Kombe
 
Digital forensic principles and procedure
bynewbie2019
 
Digital Forensics
byMithileysh Sathiyanarayanan
 
Incident response methodology
byPiyush Jain
 
Processing Crimes and Incident Scenes
byprimeteacher32
 
Cyber Security Vulnerabilities
bySiemplify
 
Computer forensics powerpoint presentation
bySomya Johri
 
Network forensics and investigating logs
byanilinvns
 

Viewers also liked

PDF
02 Types of Computer Forensics Technology - Notes
byKranthi
 
PDF
construccion de cabañas de madera 24/31 Anexo 1
byArq Blue
 
PDF
Ethical it example_sla_v1
bySadomba Joel
 
PDF
Gestion de la sécurité sanitaire de l'eau et gestion patrimoniale des réseaux
byVincent Laurent
 
PPT
Wat doet Regeltante voor bedrijven?
byLinda Woudstra
 
PDF
2015_AnnualReport
byJo Anne Nelson
 
PPTX
An EFL teacher.
byguest724a7e7
 
PDF
Oracle soa trainining in hyderabad
bysreehari orienit
 
PDF
Industrial Website Template
byIngenyes
 
PDF
Incompatible publics presentation
byJodi Dean
 
PPT
The trail of broken promises walk
byWetlands Preservation Organization
 
PPTX
Same amount—different name 2
bycowhe1ek
 
PPT
ME
byemske
 
DOCX
COMO CREAR UNA ANIMACION EN GOANIMATE
byJaimeleguizamon
 
PPT
Hadoop World Oct 2009 Production Deep Dive With High Availability
byAlex Dorman
 
02 Types of Computer Forensics Technology - Notes
byKranthi
 
construccion de cabañas de madera 24/31 Anexo 1
byArq Blue
 
Ethical it example_sla_v1
bySadomba Joel
 
Gestion de la sécurité sanitaire de l'eau et gestion patrimoniale des réseaux
byVincent Laurent
 
Wat doet Regeltante voor bedrijven?
byLinda Woudstra
 
2015_AnnualReport
byJo Anne Nelson
 
An EFL teacher.
byguest724a7e7
 
Oracle soa trainining in hyderabad
bysreehari orienit
 
Industrial Website Template
byIngenyes
 
Incompatible publics presentation
byJodi Dean
 
The trail of broken promises walk
byWetlands Preservation Organization
 
Same amount—different name 2
bycowhe1ek
 
ME
byemske
 
COMO CREAR UNA ANIMACION EN GOANIMATE
byJaimeleguizamon
 
Hadoop World Oct 2009 Production Deep Dive With High Availability
byAlex Dorman
 

Similar to Cyber forensics

PPT
CF.ppt
byKhusThakkar
 
PPT
Basics of Digital Forensics Techniques.ppt
byNaeemAijazYousfani
 
PPTX
Computer forensics and its role
bySudeshna Basak
 
PPTX
cyber Forensics
byMuzzammil Wani
 
PPTX
Computer Forensics ppt
byOECLIB Odisha Electronics Control Library
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
byssuser2bf502
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
byDaniyaHuzaifa
 
PPTX
Business Intelligence (BI) Tools For Computer Forensic
byDhiren Gala
 
PPTX
Computer forensics Slides
byVarun Sehgal
 
PPT
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
byAlchemist095
 
PDF
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
byGnanavi2
 
PPT
Computer Forensic
byTawhidur Rahman
 
PDF
computerforensics-140529094816-phpapp01 (1).pdf
byGnanavi2
 
PPTX
Computer forensics
bydeaneal
 
PPT
cyber forensics - TYPES OF CYBER FORENSICS.ppt
bymcjaya2024
 
PPTX
Chapter 3 cmp forensic
byshahhardik27
 
PDF
Computer forencis
byTeja Bheemanapally
 
PDF
A Review on Recovering and Examining Computer Forensic Evidences
byBRNSSPublicationHubI
 
DOCX
Ethical Hacking And Computer Forensics
byShanaAneevan
 
PPTX
PACE-IT, Security+ 2.4: Basic Forensic Procedures
byPace IT at Edmonds Community College
 
CF.ppt
byKhusThakkar
 
Basics of Digital Forensics Techniques.ppt
byNaeemAijazYousfani
 
Computer forensics and its role
bySudeshna Basak
 
cyber Forensics
byMuzzammil Wani
 
Computer Forensics ppt
byOECLIB Odisha Electronics Control Library
 
computer-forensics-8727-OHvDvOm.pptx
byssuser2bf502
 
computer-forensics-8727-OHvDvOm.pptx
byDaniyaHuzaifa
 
Business Intelligence (BI) Tools For Computer Forensic
byDhiren Gala
 
Computer forensics Slides
byVarun Sehgal
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
byAlchemist095
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
byGnanavi2
 
Computer Forensic
byTawhidur Rahman
 
computerforensics-140529094816-phpapp01 (1).pdf
byGnanavi2
 
Computer forensics
bydeaneal
 
cyber forensics - TYPES OF CYBER FORENSICS.ppt
bymcjaya2024
 
Chapter 3 cmp forensic
byshahhardik27
 
Computer forencis
byTeja Bheemanapally
 
A Review on Recovering and Examining Computer Forensic Evidences
byBRNSSPublicationHubI
 
Ethical Hacking And Computer Forensics
byShanaAneevan
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
byPace IT at Edmonds Community College
 

Recently uploaded

PPT
Solidification and Phase Diagram_Alber07.ppt
byMohamedKareemElAdham
 
PPTX
TR334_Foundation_Engineering_I_Slope stability _i.pptx
byalexander402774
 
PPTX
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
PPTX
Basics of internal combustio nengines, vapor compression cycle
byPrashantPatunkar1
 
PPTX
STM Unit 2 Complete notes for engineering students for better understanding
byLakshmiVivekaKesanap
 
PPTX
AI INTRODUCTION New Microsoft Office PowerPoint Presentation.pptx
byb23cs183
 
PPTX
Introduction to Control Systems Chapter 2.pptx
byJosephHassen
 
PPTX
Unit 5 - THERMO ELECTRIC ENERGY BASED PROCESSES .pptx
byarivazhaganrajangam
 
PPTX
chapterOverview - embedded systems .pptx
bysamyukthakg2020
 
PPTX
Forouzan6e_ch02_PPTs_Physical.pptxmcgrawhill
byshaiviadesh
 
PPT
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 
PPTX
STM Unit 1 Complete notes for engineering students for better understanding
byLakshmiVivekaKesanap
 
PPT
DECISION MAKING SYSTEMS Modelling and Support
byAnu S S
 
PPTX
MOD 1 (concrete technology -cement,aggregates .pptx
bytkmmullonkal
 
PPT
Escape-17-plenary-gani-grossmann-final.ppt
bynewjourneynewlife201
 
PPTX
Introduction to Physical Metallurgy II.pptx
byOcheriCyril2
 
PPTX
CIS cloud computing introduction with explation.pptx
bykswanthana
 
PPTX
MET 464 /MOD 2/MIRCO AND NANO MANUFACTURING/SESSION 1.pptx
byVINAY B
 
PPTX
psoc UNIT-3-PPT.pptx unit 3 psoc notes for anna univ regulatuin
bypandyselvieee
 
PDF
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 
Solidification and Phase Diagram_Alber07.ppt
byMohamedKareemElAdham
 
TR334_Foundation_Engineering_I_Slope stability _i.pptx
byalexander402774
 
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
Basics of internal combustio nengines, vapor compression cycle
byPrashantPatunkar1
 
STM Unit 2 Complete notes for engineering students for better understanding
byLakshmiVivekaKesanap
 
AI INTRODUCTION New Microsoft Office PowerPoint Presentation.pptx
byb23cs183
 
Introduction to Control Systems Chapter 2.pptx
byJosephHassen
 
Unit 5 - THERMO ELECTRIC ENERGY BASED PROCESSES .pptx
byarivazhaganrajangam
 
chapterOverview - embedded systems .pptx
bysamyukthakg2020
 
Forouzan6e_ch02_PPTs_Physical.pptxmcgrawhill
byshaiviadesh
 
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 
STM Unit 1 Complete notes for engineering students for better understanding
byLakshmiVivekaKesanap
 
DECISION MAKING SYSTEMS Modelling and Support
byAnu S S
 
MOD 1 (concrete technology -cement,aggregates .pptx
bytkmmullonkal
 
Escape-17-plenary-gani-grossmann-final.ppt
bynewjourneynewlife201
 
Introduction to Physical Metallurgy II.pptx
byOcheriCyril2
 
CIS cloud computing introduction with explation.pptx
bykswanthana
 
MET 464 /MOD 2/MIRCO AND NANO MANUFACTURING/SESSION 1.pptx
byVINAY B
 
psoc UNIT-3-PPT.pptx unit 3 psoc notes for anna univ regulatuin
bypandyselvieee
 
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 

Cyber forensics

  • 1.
  • 2.
     Topics tobe covered Defining Computer Forensics Reasons for gathering evidence Who uses Computer Forensics Steps of Computer Forensics Some forensics tools Handling Evidence Initiating an investigation Handling Information Computer forensics requirements Evidence processing guidelines Issues Conclusion
  • 3.
     What isComputer Forensics??  Computer forensics involves the preservation, identification, extraction, documentation of computer media for evidentiary and/or root cause analysis.  Evidence might be required for a wide range of computer crimes and misuses  Multiple methods of computer forensics-  Discovering data on computer system  Recovering deleted, encrypted, or damaged file information  Monitoring live activity etc.  Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity
  • 5.
     Wide rangeof computer crimes and misuses  Fraud(criminal deception intended to result in financial or personal gain)  Extortion(illegal use of ones official position or powers to obtain property, funds etc)  Industrial espionage(theft of trade secrets in a company for use by a competitor)  Sexual harassments  SPAM investigations  Virus/Trojan distribution  Unauthorized use of personal information  Forgery(imitating objects or documents with the intent to make usually large amount of money)  Software Piracy
  • 6.
     Criminal Prosecutors Rely on evidence obtained from a computer to prosecute suspects and use as evidence  Civil Litigations (a legal proceeding in a court)  Personal and business data discovered on a computer can be used in fraud, divorce, harassment  Private Corporations  Obtained evidence from employee computers can be used as evidence in harassment, fraud, and embezzlement cases  Law Enforcement Officials  Rely on computer forensics to backup search warrants
  • 7.
     According tomany professionals, Computer Forensics is a four (4) step process  Acquisition  Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices  Identification  This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites  Evaluation  Evaluating the information/data recovered to determine if and how it could be used against the suspect for employment termination or prosecution in court
  • 8.
     Presentation  Thisstep involves the presentation of evidence discovered in a manner which is understood by lawyers, non- technically staff/management.
  • 9.
     EnCase- softwarepackage which enables an investigator to image and examine data from hard disks, removable media.  SafeBack- SafeBack is used primarily for imaging the hard disks of Intel-based computer systems and restoring these images to other hard disks.  Data dumper- It is a command line tool, freely available utility for UNIX systems which can make exact copies of disks suitable for forensic analysis.  Md5sum- tool to check whether data is copied to another storage successfully or not.  Grep- allows files to be searched for a particular sequence of characters  The Coroner's Toolkit- free tools designed to be used in the forensic analysis of a UNIX machine.
  • 10.
    1. When dealingwith digital evidence, all of the general forensic and procedural principles must be applied. 2. Upon seizing digital evidence, actions taken should not change that evidence. 3. When it is necessary for a person to access original digital evidence, that person should be trained for the purpose. 4. All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review. 5. An Individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession. 6. Any agency, which is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles.
  • 11.
     DO NOTbegin by exploring files on system randomly  Properly maintain the chain of custody  Collect email, DNS, and other network service logs  Capture exhaustive external TCP and UDP port scans of the host  Contact security personnel ,management, Federal and local enforcement, as well as affected sites or persons
  • 12.
    Information and databeing collected in the investigation must be properly handled. Volatile Information  Network Information  Communication between system and the network  Active Processes  Programs and daemons currently active on the system  Logged-on Users  Users/employees currently using system  Open Files  Libraries in use; hidden files; Trojans loaded in system
  • 13.
     Non-Volatile Information This includes information, configuration settings, system files and registry settings that are available after reboot  Accessed through drive mappings from system  This information should be investigated and reviewed from a backup copy
  • 14.
     Hardware  Familiaritywith all internal and external devices/components of a computer  Thorough understanding of hard drives and settings  Understanding motherboards and the various chipsets used  Power connections  Memory  BIOS(Basic Input Output system)  Understanding how the BIOS works  Familiarity with the various settings and limitations of the BIOS
  • 15.
     Operation Systems Windows 3.1/95/98/NT/2000/2003/XP etc.  DOS  UNIX  LINUX  VAX/VMS VAX(Virtual Address eXtension- server computers from the Digital Equipment Corporation (DEC) and also introduced a new operating system, VMS(Virtual Memory System).  Software  Familiarity with most popular software packages such as Office  Forensic Tools  Familiarity with computer forensic techniques and the software packages that could be used
  • 16.
     There arebasically 16 steps in processing evidence.  They offer training on properly handling each step  Step 1: Shut down the computer  Considerations must be given to volatile information  Prevents remote access to machine and destruction of evidence (manual or anti-forensic software)  Step 2: Document the Hardware Configuration of The System  Note everything about the computer configuration prior to re-locating
  • 17.
     Step 3:Transport the Computer System to A Secure Location  Do not leave the computer unattended unless it is locked in a secure location  Step 4: Make Bit Stream Backups of Hard Disks and Floppy Disks  Step 5: Mathematically Authenticate Data on All Storage Devices  Must be able to prove that you did not alter any of the evidence after the computer came into your possession  Step 6: Document the System Date and Time  Step 7: Make a List of Key Search Words  Step 8: Evaluate the Windows Swap File
  • 18.
     Step 9:Evaluate File Slack  File slack is a data storage area of which most computer users are unaware; a source of significant security leakage.  Step 10: Evaluate Unallocated Space (Erased Files)  Step 11: Search Files, File Slack and Unallocated Space for Key Words  Step 12: Document File Names, Dates and Times  Step 13: Identify File, Program and Storage Anomalies  Step 14: Evaluate Program Functionality  Step 15: Document Your Findings  Step 16: Retain Copies of Software Used
  • 19.
    lack of certificationfor tools Lack of standards lack of certification for professionals lack of understanding by Judiciary lack of curriculum accreditation Rapid changes in technology! Immature Scientific Discipline
  • 20.
    Cyber Forensics isa maturing forensic Science Excellent career opportunities  CF Technician  CF Investigator  CF Analyst/Examiner (lab)  CF Lab Director  CF Scientist Proper education & training is paramount!