SlideShare a Scribd company logo

Digital forensic science and its scope manesh t

Manesh T
Manesh T

Various categories of Digital Forensic Methods

Technology
1 of 42
Download to read offline
Presented By Manesh T Research Fellow UOC-Spain
Network Forensics-An Intro Introduction to Digital Forensics Agenda Classification & Terminologies Digital Crimes at a Glance Computer Security Vs. Forensics Steps in Digital Forensics Tools and Uses Research Contributions in Network Forensics Conclusions
Forensics Vs. Digital Forensics  Forensic science is the application of science to criminal and civil laws. Forensic Investigators collect, preserve, and analyze scientific evidence during the course of an investigation.  Digital Forensics is the collection, preservation, identification, extraction, interpretation and documentation of digital evidence which can be used in the court of law. - -Digital Forensics Sciences, -Computer Forensics 3
Digital Forensic Science (DFS) 4 The practice of scientifically derived and proven technical methods and tools toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of after-the-fact digital information derived from digital sources for the purpose of facilitating or furthering the reconstruction of events as forensic evidence
Computer Security Vs Digital Forensics Computer Security major’s job is to secure down systems and prevent hackers from gaining access Digital Forensics majors have the job of figuring out exactly what happened when the other failed. Security and forensics are so closely related that without one the other would be non-existent. 5
Classification & Terminologies Digital Forensics Disk Forensics Memory Forensics Mobile Forensics Intrusion Forensics Network Forensics Cloud /IoT Forensics Image Forensics Cyber Forensics 6
Terminologies Digital Forensic Sciences Computer Forensics Disk Forensics Memory Forensics Mobile Forensics Database Forensics Image Forensics Cyber Forensics Network Forensics IoT Forensics Web Forensics Cloud Forensics E mail Forensics7
What is Digital Crime?  Any crime where computer is a tool, target or both  Offences against computer data or systems  Unauthorized access, modification or impairment of a computer or digital system  Offences against the confidentiality, integrity and availability of computer data and systems  Conventional Crime Vs. Digital Crime  Examples of Digital Crime  Credit Card Fraud, Identity theft, Spam,DoS 8
What Forensics is not…… Pro-Active (Security) But reactive to an event or request About finding the bad guy/criminal But finding evidence of value Something you do for fun Expertise is needed Hacking Lawful Interception & Ethical Hacking 9
Offline Vs Online Forensics  Offline Forensics –Postmortem Forensics,  Performed on tampered or compromised digital objects or network environment  Online forensics- Live forensics  Performed during the malicious activity on digital artifacts or computer networks or in interconnected systems  Challenging  High speed packet capturing devices 10
Basic forensic methodology consists of:  Acquire the digital evidence without altering or damaging the original  Information stored or transmitted in binary forms, documents, images, voice and videos  Physical items or data objects( hard disk, CD, memory, computer etc.)  Admissible, Authentic, Complete, Reliable  Authenticate that your recovered evidence is the same as the originally seized data  Analyze the data without modifying it. 11
Disk Forensics 12 • Disk forensics is the science of extracting forensic information from hard disk images • The goal is to recover data from a disk image using a forensic analysis tool. • Encryption, file system Tools Used 1.Sleuth Kit 2.Autopsy Kit 3.Samdump
Disk Forensics-Autopsy 13
Memory Forensics 14 • Live Forensics • Capture the Memory • Analyze the Memory • Reconstruction of Memory State Tools Used 1.Memdump 2.Nigilant Kit 3.Memoryze
Mobile Forensics  Mobile forensics is a branch of digital forensics.  Simply, it is a science of recovering different kinds of evidence from mobile phones.  It helps investigators significantly to reach to the criminal. 15 - Contact numbers. - Record of calls, SMS, MMS and details about them. - Sounds. - Photographs. - Email messages. - Notes. - Calendar. Tools • EnCase Neutrino • Cell Dek Tech • Oxygen Forensics
Database Forensics  Prove or disprove the occurrence of a data security breach  Determine the scope of a database intrusion  Retrace user DML and DDL operations  Identify data pre- and post-transactions  Recover previously deleted database data 16 Tools • Logminer • Data Carve
Web Forensics Web application forensics (IIS, Tomcat, Wamp server) Post Mortem Investigation of compromised web application system  Traces web vulnerability attacks  Cross site scripting  SQL Injections  Session hijacking etc. 17 Tools • Encase • FTK •Splunk
Browser Forensics  People uses Web Browsers to search for information, shop online, banking, communicate through emails or instant messaging.  Losses due to crimes  Forensics Investigation to get browsing related data from computer  Tracing cache, history and cookies of browsers  Tools  AccessData FTK  Imager 3.1.3.2  Autopsy 3.0.6  Web browser Forensic Analyzer, Cache, History and Cookie viewers by Nirsoft 18
Cloud Forensics  Cloud Computing – A transformative Technology  it is easier to share data  Access the files by using a computer, a smartphone or a tablet device  Choose between free and commercial solutions  Digital Forensics in Cloud Storage Services  Tools  DiskPulse tool to track the disk usage  RegShot and RegFromApp to track the registry changes 19
Cloud Forensics -Continued Drobox Installation Folder 20
Cloud Forensics -Continued 21 Drobox Decryptor
IoT Forensics Connected, Headless, diverse and small Sources of evidence on IoT can be categorized into three groups:  All evidence collected from smart devices and sensors;  All evidence collected from hardware and software that provide a communication between smart devices and the external world (e.g., computers, mobile, IPS, IDS and firewalls),  All evidence collected from hardware and software that are outside the network under investigation. (ISP, MSP) 22
Image Forensics  Digital image forensics aims at restoring some of the lost trustworthiness of digital images and revolves around the following two fundamental questions o From where is the image come from? o Has the image been processed after acquisition? o The forensic analysis of digital images (or digital image forensics) then refers to the reconstruction of the generation process of a given digital image, where the main focus lies on inference about the image’s authenticity and origin. o Forensic face recognition in computer vision. 23
Cyber Forensics The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.” Cyber crime means any criminal activity in which a computer or network is the source, tool or target or place of crime 24
Cyber Forensics 25
Steps in Digital Forensics • Search for Information about information we requireIdentification • Obtain Forensic Copies of all Digital evidencesAcquisition • Discriminating evidences based on integrityAuthentication • Logical interpretation of recovered data • Tentative evidences turn to actual evidencesAnalysis • Generate Forensic Report • Prosecution by Court of LawPresentation 26
Identification Phase Sub Phases Classify Digital Crime Information Harvesting Intelligence Gathering Data Inspection Functions Past/ Ongoing, Disk,Memroy, Cloud, Network forensics How?When?What?Who? Scene Audit, System Monitoring Encrypted, Steganography, Open 27
Acquisition Phase Sub Phases Pre acquisition process Acquisition Plan Post acquisition process Functions Implications, lawful interception, Custody Snapshot, online, offline, Log file, Memory, Network Packets, Disk Images Handle forensic data, seized evidences, conservation and transportation 28 Pro Discover Basic, EnCase
Authentication Phase Sub Phases Categorize Evidences Validate Evidences Discriminate Evidences Functions Persistent, Volatile Use Hashing of Images, other digital evidences for Integrity Admissible, Authentic, Complete, Reliable Best, Secondary, Direct Evidences 29
Forensic Analysis Phase Sub Phases Preparation Extraction (Physical) Extraction (Logical) Analysis (Time Line) Analysis (Data Hiding) Analysis of Application Reconstruct Files Functions Media, Type of Forensic analysis Filter, Packet header, File Carving, File system, File slack, Unallocated space Review Time, Date Stamps, Logs Correlate, Access to encrypted, protected assets Saved passwords, Emails, Cookies, attachments, History 30 Access Data Ultimate Toolkit
Presentation Phase Sub Phases Documentation, Expert Testimony Correlated Evidences, Impose Laws section Substantial Interpretations, Crime Report, Generate Digital Forensic Report Prosecution By Court 31
Scope of Computer Forensics 32
DFS-Tools Tool Platform License Description Magnet AXIOM Cross Platform Proprietary Complete Acquisition, analysis and presentation EnCase Windows Proprietary Multipurpose Forensic Tool SANS Investigative Forensics Toolkit - SIFT Ubuntu Proprietary Multi-purpose forensic operating system Digital Forensics Framework Cross Platform Proprietary Framework and user interfaces dedicated to Digital Forensics CANE Linux Linux Freeware Gnu/Linux computer forensics FTK Windows Proprietary Multipurpose Forensic Tool COFEE Windows Proprietary A suite of tools for Windows developed by Microsoft 33
Network Forensic –An Intro • Network forensics is the science that deals with capture, recording, and analysis of network traffic to retrace the content of the network session. 34
Computing Environment in My Research 35
Steps in Network Forensic Analysis 36 C • Collection & filtering R • Correlation Analysis L • Log file analysis S • Stream Reassembly A • Application layer viewer W • Workflow or case management
Paths to Careers in CF Certifications Associate Degree Bachelor Degree Post Grad Certificate Masters Doctorate 37
Job Functions CF Technician CF Investigator CF Analyst/Examiner (lab) CF Lab Director CF Scientist 38
Professional Opportunities Law Enforcement Private Sector Intelligence Community Military Academia 39
Conclusions • Basics of Digital Forensic Sciences, Classifications • Steps in Digital Forensics • Basics of Network Forensics, Steps • Forensic Tools • Research Challenges 40
Useful Links  Kerala Police- Kochi  http://kochicity.keralapolice.gov.in/  National Investigation Agency –NIA  http://www.nia.gov.in/  CBI  http://cbi.nic.in/  Cyberdome  http://cyberdome.kerala.gov.in/index.html  Cyber Cell  https://kerala.gov.in/cyber-cell  RCCF-CDAC  http://www.cyberforensics.in/?AspxAutoDe tectCookieSupport=1 41
Finish Thank you

Recommended

A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
Prof. (Dr.) Tabrez Ahmad
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Shreya Singireddy
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
yash sawarkar
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Vidoushi B-Somrah
 

Recommended

A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
Prof. (Dr.) Tabrez Ahmad
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Shreya Singireddy
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
yash sawarkar
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Vidoushi B-Somrah
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Mithileysh Sathiyanarayanan
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Priya Manik
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Incident response process
Incident response processIncident response process
Incident response process
Bhupeshkumar Nanhe
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
Ambuj Kumar
 
computer forensics
computer forensicscomputer forensics
computer forensics
Akhil Kumar
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imaging
Marco Alamanni
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
DINESH KAMBLE
 
Data recovery
Data recoveryData recovery
Data recovery
Mir Majid
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Roberto Ellis
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
DINESH KAMBLE
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
Avinash Mavuru
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
Ambuj Kumar
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
Parsons Corporation
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
Alchemist095
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
gamemaker762
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
BhagyasriPatel2
 

More Related Content

What's hot

computer forensics
computer forensicscomputer forensics
computer forensics
Akhil Kumar
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
Alchemist095
 

What's hot (20)

Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Incident response process
Incident response processIncident response process
Incident response process
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imaging
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
 
Data recovery
Data recoveryData recovery
Data recovery
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 

Similar to Digital forensic science and its scope manesh t

computerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdfcomputerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdf
Gnanavi2
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Security Experts
 

Similar to Digital forensic science and its scope manesh t (20)

Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
computerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdfcomputerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdf
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023
 
IT forensic
IT forensicIT forensic
IT forensic
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its tools
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptx
 
Scope of Cyber forensics
Scope of Cyber forensicsScope of Cyber forensics
Scope of Cyber forensics
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
N.sai kiran IIITA AP
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA AP
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Digital forensic science and its scope manesh t

  • 2. Network Forensics-An Intro Introduction to Digital Forensics Agenda Classification & Terminologies Digital Crimes at a Glance Computer Security Vs. Forensics Steps in Digital Forensics Tools and Uses Research Contributions in Network Forensics Conclusions
  • 3. Forensics Vs. Digital Forensics  Forensic science is the application of science to criminal and civil laws. Forensic Investigators collect, preserve, and analyze scientific evidence during the course of an investigation.  Digital Forensics is the collection, preservation, identification, extraction, interpretation and documentation of digital evidence which can be used in the court of law. - -Digital Forensics Sciences, -Computer Forensics 3
  • 4. Digital Forensic Science (DFS) 4 The practice of scientifically derived and proven technical methods and tools toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of after-the-fact digital information derived from digital sources for the purpose of facilitating or furthering the reconstruction of events as forensic evidence
  • 5. Computer Security Vs Digital Forensics Computer Security major’s job is to secure down systems and prevent hackers from gaining access Digital Forensics majors have the job of figuring out exactly what happened when the other failed. Security and forensics are so closely related that without one the other would be non-existent. 5
  • 8. What is Digital Crime?  Any crime where computer is a tool, target or both  Offences against computer data or systems  Unauthorized access, modification or impairment of a computer or digital system  Offences against the confidentiality, integrity and availability of computer data and systems  Conventional Crime Vs. Digital Crime  Examples of Digital Crime  Credit Card Fraud, Identity theft, Spam,DoS 8
  • 9. What Forensics is not…… Pro-Active (Security) But reactive to an event or request About finding the bad guy/criminal But finding evidence of value Something you do for fun Expertise is needed Hacking Lawful Interception & Ethical Hacking 9
  • 10. Offline Vs Online Forensics  Offline Forensics –Postmortem Forensics,  Performed on tampered or compromised digital objects or network environment  Online forensics- Live forensics  Performed during the malicious activity on digital artifacts or computer networks or in interconnected systems  Challenging  High speed packet capturing devices 10
  • 11. Basic forensic methodology consists of:  Acquire the digital evidence without altering or damaging the original  Information stored or transmitted in binary forms, documents, images, voice and videos  Physical items or data objects( hard disk, CD, memory, computer etc.)  Admissible, Authentic, Complete, Reliable  Authenticate that your recovered evidence is the same as the originally seized data  Analyze the data without modifying it. 11
  • 12. Disk Forensics 12 • Disk forensics is the science of extracting forensic information from hard disk images • The goal is to recover data from a disk image using a forensic analysis tool. • Encryption, file system Tools Used 1.Sleuth Kit 2.Autopsy Kit 3.Samdump
  • 14. Memory Forensics 14 • Live Forensics • Capture the Memory • Analyze the Memory • Reconstruction of Memory State Tools Used 1.Memdump 2.Nigilant Kit 3.Memoryze
  • 15. Mobile Forensics  Mobile forensics is a branch of digital forensics.  Simply, it is a science of recovering different kinds of evidence from mobile phones.  It helps investigators significantly to reach to the criminal. 15 - Contact numbers. - Record of calls, SMS, MMS and details about them. - Sounds. - Photographs. - Email messages. - Notes. - Calendar. Tools • EnCase Neutrino • Cell Dek Tech • Oxygen Forensics
  • 16. Database Forensics  Prove or disprove the occurrence of a data security breach  Determine the scope of a database intrusion  Retrace user DML and DDL operations  Identify data pre- and post-transactions  Recover previously deleted database data 16 Tools • Logminer • Data Carve
  • 17. Web Forensics Web application forensics (IIS, Tomcat, Wamp server) Post Mortem Investigation of compromised web application system  Traces web vulnerability attacks  Cross site scripting  SQL Injections  Session hijacking etc. 17 Tools • Encase • FTK •Splunk
  • 18. Browser Forensics  People uses Web Browsers to search for information, shop online, banking, communicate through emails or instant messaging.  Losses due to crimes  Forensics Investigation to get browsing related data from computer  Tracing cache, history and cookies of browsers  Tools  AccessData FTK  Imager 3.1.3.2  Autopsy 3.0.6  Web browser Forensic Analyzer, Cache, History and Cookie viewers by Nirsoft 18
  • 19. Cloud Forensics  Cloud Computing – A transformative Technology  it is easier to share data  Access the files by using a computer, a smartphone or a tablet device  Choose between free and commercial solutions  Digital Forensics in Cloud Storage Services  Tools  DiskPulse tool to track the disk usage  RegShot and RegFromApp to track the registry changes 19
  • 20. Cloud Forensics -Continued Drobox Installation Folder 20
  • 22. IoT Forensics Connected, Headless, diverse and small Sources of evidence on IoT can be categorized into three groups:  All evidence collected from smart devices and sensors;  All evidence collected from hardware and software that provide a communication between smart devices and the external world (e.g., computers, mobile, IPS, IDS and firewalls),  All evidence collected from hardware and software that are outside the network under investigation. (ISP, MSP) 22
  • 23. Image Forensics  Digital image forensics aims at restoring some of the lost trustworthiness of digital images and revolves around the following two fundamental questions o From where is the image come from? o Has the image been processed after acquisition? o The forensic analysis of digital images (or digital image forensics) then refers to the reconstruction of the generation process of a given digital image, where the main focus lies on inference about the image’s authenticity and origin. o Forensic face recognition in computer vision. 23
  • 24. Cyber Forensics The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.” Cyber crime means any criminal activity in which a computer or network is the source, tool or target or place of crime 24
  • 26. Steps in Digital Forensics • Search for Information about information we requireIdentification • Obtain Forensic Copies of all Digital evidencesAcquisition • Discriminating evidences based on integrityAuthentication • Logical interpretation of recovered data • Tentative evidences turn to actual evidencesAnalysis • Generate Forensic Report • Prosecution by Court of LawPresentation 26
  • 27. Identification Phase Sub Phases Classify Digital Crime Information Harvesting Intelligence Gathering Data Inspection Functions Past/ Ongoing, Disk,Memroy, Cloud, Network forensics How?When?What?Who? Scene Audit, System Monitoring Encrypted, Steganography, Open 27
  • 28. Acquisition Phase Sub Phases Pre acquisition process Acquisition Plan Post acquisition process Functions Implications, lawful interception, Custody Snapshot, online, offline, Log file, Memory, Network Packets, Disk Images Handle forensic data, seized evidences, conservation and transportation 28 Pro Discover Basic, EnCase
  • 29. Authentication Phase Sub Phases Categorize Evidences Validate Evidences Discriminate Evidences Functions Persistent, Volatile Use Hashing of Images, other digital evidences for Integrity Admissible, Authentic, Complete, Reliable Best, Secondary, Direct Evidences 29
  • 30. Forensic Analysis Phase Sub Phases Preparation Extraction (Physical) Extraction (Logical) Analysis (Time Line) Analysis (Data Hiding) Analysis of Application Reconstruct Files Functions Media, Type of Forensic analysis Filter, Packet header, File Carving, File system, File slack, Unallocated space Review Time, Date Stamps, Logs Correlate, Access to encrypted, protected assets Saved passwords, Emails, Cookies, attachments, History 30 Access Data Ultimate Toolkit
  • 31. Presentation Phase Sub Phases Documentation, Expert Testimony Correlated Evidences, Impose Laws section Substantial Interpretations, Crime Report, Generate Digital Forensic Report Prosecution By Court 31
  • 32. Scope of Computer Forensics 32
  • 33. DFS-Tools Tool Platform License Description Magnet AXIOM Cross Platform Proprietary Complete Acquisition, analysis and presentation EnCase Windows Proprietary Multipurpose Forensic Tool SANS Investigative Forensics Toolkit - SIFT Ubuntu Proprietary Multi-purpose forensic operating system Digital Forensics Framework Cross Platform Proprietary Framework and user interfaces dedicated to Digital Forensics CANE Linux Linux Freeware Gnu/Linux computer forensics FTK Windows Proprietary Multipurpose Forensic Tool COFEE Windows Proprietary A suite of tools for Windows developed by Microsoft 33
  • 34. Network Forensic –An Intro • Network forensics is the science that deals with capture, recording, and analysis of network traffic to retrace the content of the network session. 34
  • 35. Computing Environment in My Research 35
  • 36. Steps in Network Forensic Analysis 36 C • Collection & filtering R • Correlation Analysis L • Log file analysis S • Stream Reassembly A • Application layer viewer W • Workflow or case management
  • 37. Paths to Careers in CF Certifications Associate Degree Bachelor Degree Post Grad Certificate Masters Doctorate 37
  • 38. Job Functions CF Technician CF Investigator CF Analyst/Examiner (lab) CF Lab Director CF Scientist 38
  • 39. Professional Opportunities Law Enforcement Private Sector Intelligence Community Military Academia 39
  • 40. Conclusions • Basics of Digital Forensic Sciences, Classifications • Steps in Digital Forensics • Basics of Network Forensics, Steps • Forensic Tools • Research Challenges 40
  • 41. Useful Links  Kerala Police- Kochi  http://kochicity.keralapolice.gov.in/  National Investigation Agency –NIA  http://www.nia.gov.in/  CBI  http://cbi.nic.in/  Cyberdome  http://cyberdome.kerala.gov.in/index.html  Cyber Cell  https://kerala.gov.in/cyber-cell  RCCF-CDAC  http://www.cyberforensics.in/?AspxAutoDe tectCookieSupport=1 41