SlideShare a Scribd company logo

Cyber&digital forensics report

Download as DOCX, PDF
Y
yash sawarkar

This document is a report on cyber and digital forensics submitted by three students from G.H. Raisoni College of Engineering in Nagpur, India. The report discusses digital forensic methodology, tools used in digital analysis like Backtrack and Nuix, techniques such as live analysis and analyzing deleted files, analyzing USB device history from the Windows registry, and concludes that digital forensics is an evolving field with no set standards yet and constant updates are needed to investigate modern cyber crimes.

Technology
1 of 9
CYBER & DIGITAL FORENSICS Yash sawarkar kunal kawale Anup Singh Student of IT department, Student of IT department, student of ITdepartment, G.H. Raisoni college of engineering, G.H. Raisoni college of engineering, G.H.raisoni college of Nagpur, India. Nagpur, India. Nagpur,india.
G.H.RAISONI COLLEGE OF ENGINEERING (AN AUTONOMOUS INSTITUTION UNDER UGC ACT 1956) A REPORT ON “CYBER & DIGITAL FORENSICS” TEACHER ASSESSMENT EXAM NAME: KUNAL KAWALE (83) : YASH SAWARKAR (82) : ANUP SINGH GAHLOD SECTION:A BRANCH: INFORMATION TECHNOLOGY
INDEX 1. Title……………………………………………………………………..1 2. Abstract……………………………………………………………….2 3. Introduction ……………………………………………………….2 4. Methodology……………………………………………………….3 5. Digital analysis tools……………………………………………3 6. Technique …………………………………………………………..4 7. Related work………………………………………………………..5 8. Analysis………………………………………………………………..6 9. Conclusion…………………………………………………………..15 10. Reference………………………………………………………….16
2. ABSTRACT In this Report we show how to conduct digital forensics on computers, Now days internet continues to grow in day to day life of every human for social networks, information source, research, communication and all that thinks that made easy to do. Due to its rapid development and lacking of proper regulation the cyber crime increase in recent past years and investigators have been facing the difficulty of digital evidence.Digital evidence is stored in computer can play a major role in a wide range of crimes including murder, rape, hacked pc’s and servers etc.Digital forensics can be classified into live and dead analysis a live can be performed while the system is being running or not shutdown and dead analysis can be performed after the machine goes to off condition in that case the data can also be lost. 3. INTRODUCTION The increasing criminal activities using digital information as the means or target warrant for a structured manner in dealing with them. As more information is stored in digital form it is very likely that the evidence needed to process the criminal is also in digital form. For this paper computer or digital forensics is defined as the use of an expert to preserve, analyse and produce data from volatile and non volatile media storage. Computer forensics is in the early stages of development and as a result problems are emerging forensic analysis of computer system is a field that has been focused on a digital investigation of any source of information. forensics investigation techniques has focused mostly on evidence contained within the hard disk. But recently there has been demand for more tools and technique to be developed for capturing memory images and analysing their content that is because user input information that may be recovered from memory allocation.
4. METHODOLOGY Defining computer forensic require one more clarification. Many argue about whether computer forensic is a science or art the argument is unnecessary, however the tools and methods are scientific hence the word technique is often used to sidestep the unproductive science/art dispute. 5. DIGITAL FORENSIC TOOLS A number of open source and commercial tools exist for computer forensic typically analysis include a manual review of material on the media, reviewing the windows registry for suspect information discovering and cracking password. 1>Name- backtrack 5r2 (linux operating system)-This OS has many forensic tools for analysis of any compromised system or find security holes in that a large amount of open source bundled packages are installed in that OS. 2>Ophcrack-This tool use to crack the hashes which generated by sam files of windows this tools use rainbow tables to crack the hashes. 3>registry recon-That rebuild windows registry from anywhere on a hard drive and parses them for deep analysis. 4>Nuix-A fraud prevention software. Full text search extract emails, credit cards numbers, emails, ip address, URL’s skins tone analysis.
6. TECHNIQUE Live incident response-Collects all of the revelent data from the system that will be used to confirm whether that incident occurred. Live incident response include collecting volatile and non volatile data. Volatile data is information we would lose if we walked up to a device and disconnected the power cord. Nonvolatile data includes data that would be very useful to collect during digital forensic collection such as system event logs, user logons, and patch levels, among many others. Volatile vs. Nonvolatile data- Some of the volatile data that should be collected includes system date and time, current network connections, open TCP and UDP ports, which executables are opening UDP and TCP ports, cached NETBIOS name table, users currently logged on, the internal routing table, running processes, scheduled jobs, open files, and process memory dumps. This list is not all inclusive as a forensic investigator must consider any and all possible variables during collection. However, one thing that all these have in common is that they would be lost if the power were removed from your target machine. Cross-drive analysis- A forensic technique that correlates information found on multiple hard drives. The process, still being researched, can be used to identify social networks and for perform anomaly detection Live analysis- The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems, for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged before the computer is shut down. Deleted files- A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Most operating systems and file systems do not always erase physical file data, allowing investigators to reconstruct it from the physical disk sectors. File carving involves searching for known file headers within the disk image and reconstructing deleted materials. Steganography- One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. This process is often used to hide pornographic images of children as well as information that a given criminal does not want to have discovered. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image While the image appears exactly the same, the hashchanges as the data changes.
7. RELATED WORK UNIX Live Response- Any forensic investigator should be prepared to encounter non-windows operating systems such as DOS, Linux, and UNIX. This section will concentrate on UNIX live response. In order to collect volatile data, we can utilize the following commands during a UNIX live response: a. System date and time – date b. Current network connections – netstat View USB History in Windows- 1. Windows stores information in the registry about every USB device plugged into the box. We can view this information with the following command c:userab>reg query hklnsystemcurrentcontrolsetenumusbstor /s 1>now open ur power shell command prompt 2>if to read the name is more complicated then use this command in power shell PS c:> Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetEnumUSBSTOR**' | Select FriendlyName 2. for user friendly view PS c:> Get-ChildItem HKLM:SYSTEMControlSet001EnumUSBSTOR | Select-Object PSChildname
8. ANALYSIS The approach for a digital investigation is performed on the basis of the physical crime scene investigation process In the present case, a digital crime scene involves software- and hardware- based digital environment. The process consists of three key stages: system preservation, evidence searching and event reconstruction. These stages do not require occurring one after one, and their flow is depicted in Figure 2 Moreover, it is possible to use this procedure during investigation of both live and dead systems Dead analysis works with trusted application in a trusted operation system in order to find the evidence. Dead analysis seems to be better since the live analysis may result in obtaining false information Figure 2 9. CONCLUSION It is hoped that this papers are helpful in introduction to computer forensic and the digital forensic methodology. Currently there is still no authoritative technology standered so a large quantity of thinks is waiting to be done This article and flow chart may serve as useful tool to guide discussion among personal making forensic cyber crime lab in the computer crime and intellectual property section is always available for consulation a combination of new techonology and changing habits of use means that the forensic examiner must strive too keep up to date with the latest development this paper has illustrated some of the technique to ensure a greater understanding of the value of the the digital evidence available to ensure a stronger case for the prosecution.
10. Reference link M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence. Retrieved 2 August 2010. Carrier, Brian D (2007). "Basic Digital Forensic Investigation Concepts" Aaron Phillip; David Cowen, Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. p. 544. ISBN 0-07-162677-8. Retrieved 27 August 2010.

Recommended

Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifacts
gaurang17
 
VPN Network
VPN NetworkVPN Network
VPN Network
Wani Zahoor
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
anupriti
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
One97 Communications Limited
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domain
ppd1961
 

Recommended

Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifacts
gaurang17
 
VPN Network
VPN NetworkVPN Network
VPN Network
Wani Zahoor
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
anupriti
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
One97 Communications Limited
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domain
ppd1961
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case Study
MyAssignmenthelp.com
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Computer forensic
Computer forensicComputer forensic
Computer forensicSinggih Prasetya
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
gamemaker762
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
SomuPatil8
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
Neha Raju k
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
IOT Forensics
IOT ForensicsIOT Forensics
IOT Forensics
MuhammadAwaisQureshi6
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
unnilala11
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
Digital signature
Digital signatureDigital signature
Digital signature
Nisha Menon K
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
ArunJS5
 
HMAC - HASH FUNCTION AND DIGITAL SIGNATURES
HMAC - HASH FUNCTION AND DIGITAL SIGNATURESHMAC - HASH FUNCTION AND DIGITAL SIGNATURES
HMAC - HASH FUNCTION AND DIGITAL SIGNATURES
PACHIYAPPAN PACHIYAPPAS
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsSagar Rahurkar
 
Automated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionAutomated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data Acquisition
IJERA Editor
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
smile790243
 

More Related Content

What's hot

Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case Study
MyAssignmenthelp.com
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
gamemaker762
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
SomuPatil8
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
Neha Raju k
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
IOT Forensics
IOT ForensicsIOT Forensics
IOT Forensics
MuhammadAwaisQureshi6
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
unnilala11
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
Digital signature
Digital signatureDigital signature
Digital signature
Nisha Menon K
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
ArunJS5
 
HMAC - HASH FUNCTION AND DIGITAL SIGNATURES
HMAC - HASH FUNCTION AND DIGITAL SIGNATURESHMAC - HASH FUNCTION AND DIGITAL SIGNATURES
HMAC - HASH FUNCTION AND DIGITAL SIGNATURES
PACHIYAPPAN PACHIYAPPAS
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsSagar Rahurkar
 

What's hot (20)

Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case Study
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
IOT Forensics
IOT ForensicsIOT Forensics
IOT Forensics
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Cryptography
CryptographyCryptography
Cryptography
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
 
Kerberos
KerberosKerberos
Kerberos
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
HMAC - HASH FUNCTION AND DIGITAL SIGNATURES
HMAC - HASH FUNCTION AND DIGITAL SIGNATURESHMAC - HASH FUNCTION AND DIGITAL SIGNATURES
HMAC - HASH FUNCTION AND DIGITAL SIGNATURES
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
 

Similar to Cyber&digital forensics report

Automated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionAutomated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data Acquisition
IJERA Editor
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
smile790243
 
Techniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery PerspectiveTechniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery Perspective
CSCJournals
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docx
write4
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
deaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
Gnanavi2
 
A Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsA Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows Systems
IRJET Journal
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
Samantha Vargas
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
Adetunji Adeoje
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
IJCSIS Research Publications
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Lalit Garg
 
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdfHow to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
uzair
 
6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx
priestmanmable
 
6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx
blondellchancy
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Forensics
ForensicsForensics
Forensics
Ghariani Tewfik
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the Archive
GarethKnight
 

Similar to Cyber&digital forensics report (20)

Automated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionAutomated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data Acquisition
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
 
Techniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery PerspectiveTechniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery Perspective
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docx
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
A Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsA Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows Systems
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdfHow to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
 
6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx
 
6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx6950SafeAssign Originality ReportDigital Fore.docx
6950SafeAssign Originality ReportDigital Fore.docx
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Forensics
ForensicsForensics
Forensics
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the Archive
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 

Recently uploaded

Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Cyber&digital forensics report

  • 1. CYBER & DIGITAL FORENSICS Yash sawarkar kunal kawale Anup Singh Student of IT department, Student of IT department, student of ITdepartment, G.H. Raisoni college of engineering, G.H. Raisoni college of engineering, G.H.raisoni college of Nagpur, India. Nagpur, India. Nagpur,india.
  • 2. G.H.RAISONI COLLEGE OF ENGINEERING (AN AUTONOMOUS INSTITUTION UNDER UGC ACT 1956) A REPORT ON “CYBER & DIGITAL FORENSICS” TEACHER ASSESSMENT EXAM NAME: KUNAL KAWALE (83) : YASH SAWARKAR (82) : ANUP SINGH GAHLOD SECTION:A BRANCH: INFORMATION TECHNOLOGY
  • 3. INDEX 1. Title……………………………………………………………………..1 2. Abstract……………………………………………………………….2 3. Introduction ……………………………………………………….2 4. Methodology……………………………………………………….3 5. Digital analysis tools……………………………………………3 6. Technique …………………………………………………………..4 7. Related work………………………………………………………..5 8. Analysis………………………………………………………………..6 9. Conclusion…………………………………………………………..15 10. Reference………………………………………………………….16
  • 4. 2. ABSTRACT In this Report we show how to conduct digital forensics on computers, Now days internet continues to grow in day to day life of every human for social networks, information source, research, communication and all that thinks that made easy to do. Due to its rapid development and lacking of proper regulation the cyber crime increase in recent past years and investigators have been facing the difficulty of digital evidence.Digital evidence is stored in computer can play a major role in a wide range of crimes including murder, rape, hacked pc’s and servers etc.Digital forensics can be classified into live and dead analysis a live can be performed while the system is being running or not shutdown and dead analysis can be performed after the machine goes to off condition in that case the data can also be lost. 3. INTRODUCTION The increasing criminal activities using digital information as the means or target warrant for a structured manner in dealing with them. As more information is stored in digital form it is very likely that the evidence needed to process the criminal is also in digital form. For this paper computer or digital forensics is defined as the use of an expert to preserve, analyse and produce data from volatile and non volatile media storage. Computer forensics is in the early stages of development and as a result problems are emerging forensic analysis of computer system is a field that has been focused on a digital investigation of any source of information. forensics investigation techniques has focused mostly on evidence contained within the hard disk. But recently there has been demand for more tools and technique to be developed for capturing memory images and analysing their content that is because user input information that may be recovered from memory allocation.
  • 5. 4. METHODOLOGY Defining computer forensic require one more clarification. Many argue about whether computer forensic is a science or art the argument is unnecessary, however the tools and methods are scientific hence the word technique is often used to sidestep the unproductive science/art dispute. 5. DIGITAL FORENSIC TOOLS A number of open source and commercial tools exist for computer forensic typically analysis include a manual review of material on the media, reviewing the windows registry for suspect information discovering and cracking password. 1>Name- backtrack 5r2 (linux operating system)-This OS has many forensic tools for analysis of any compromised system or find security holes in that a large amount of open source bundled packages are installed in that OS. 2>Ophcrack-This tool use to crack the hashes which generated by sam files of windows this tools use rainbow tables to crack the hashes. 3>registry recon-That rebuild windows registry from anywhere on a hard drive and parses them for deep analysis. 4>Nuix-A fraud prevention software. Full text search extract emails, credit cards numbers, emails, ip address, URL’s skins tone analysis.
  • 6. 6. TECHNIQUE Live incident response-Collects all of the revelent data from the system that will be used to confirm whether that incident occurred. Live incident response include collecting volatile and non volatile data. Volatile data is information we would lose if we walked up to a device and disconnected the power cord. Nonvolatile data includes data that would be very useful to collect during digital forensic collection such as system event logs, user logons, and patch levels, among many others. Volatile vs. Nonvolatile data- Some of the volatile data that should be collected includes system date and time, current network connections, open TCP and UDP ports, which executables are opening UDP and TCP ports, cached NETBIOS name table, users currently logged on, the internal routing table, running processes, scheduled jobs, open files, and process memory dumps. This list is not all inclusive as a forensic investigator must consider any and all possible variables during collection. However, one thing that all these have in common is that they would be lost if the power were removed from your target machine. Cross-drive analysis- A forensic technique that correlates information found on multiple hard drives. The process, still being researched, can be used to identify social networks and for perform anomaly detection Live analysis- The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems, for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged before the computer is shut down. Deleted files- A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Most operating systems and file systems do not always erase physical file data, allowing investigators to reconstruct it from the physical disk sectors. File carving involves searching for known file headers within the disk image and reconstructing deleted materials. Steganography- One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. This process is often used to hide pornographic images of children as well as information that a given criminal does not want to have discovered. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image While the image appears exactly the same, the hashchanges as the data changes.
  • 7. 7. RELATED WORK UNIX Live Response- Any forensic investigator should be prepared to encounter non-windows operating systems such as DOS, Linux, and UNIX. This section will concentrate on UNIX live response. In order to collect volatile data, we can utilize the following commands during a UNIX live response: a. System date and time – date b. Current network connections – netstat View USB History in Windows- 1. Windows stores information in the registry about every USB device plugged into the box. We can view this information with the following command c:userab>reg query hklnsystemcurrentcontrolsetenumusbstor /s 1>now open ur power shell command prompt 2>if to read the name is more complicated then use this command in power shell PS c:> Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetEnumUSBSTOR**' | Select FriendlyName 2. for user friendly view PS c:> Get-ChildItem HKLM:SYSTEMControlSet001EnumUSBSTOR | Select-Object PSChildname
  • 8. 8. ANALYSIS The approach for a digital investigation is performed on the basis of the physical crime scene investigation process In the present case, a digital crime scene involves software- and hardware- based digital environment. The process consists of three key stages: system preservation, evidence searching and event reconstruction. These stages do not require occurring one after one, and their flow is depicted in Figure 2 Moreover, it is possible to use this procedure during investigation of both live and dead systems Dead analysis works with trusted application in a trusted operation system in order to find the evidence. Dead analysis seems to be better since the live analysis may result in obtaining false information Figure 2 9. CONCLUSION It is hoped that this papers are helpful in introduction to computer forensic and the digital forensic methodology. Currently there is still no authoritative technology standered so a large quantity of thinks is waiting to be done This article and flow chart may serve as useful tool to guide discussion among personal making forensic cyber crime lab in the computer crime and intellectual property section is always available for consulation a combination of new techonology and changing habits of use means that the forensic examiner must strive too keep up to date with the latest development this paper has illustrated some of the technique to ensure a greater understanding of the value of the the digital evidence available to ensure a stronger case for the prosecution.
  • 9. 10. Reference link M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence. Retrieved 2 August 2010. Carrier, Brian D (2007). "Basic Digital Forensic Investigation Concepts" Aaron Phillip; David Cowen, Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. p. 544. ISBN 0-07-162677-8. Retrieved 27 August 2010.