Amina Baha, profile picture
Uploaded byAmina Baha
PPTX, PDF587 views

DIGITAL FORENSICS_PRESENTATION

Digital forensics is the practice of determining past actions on a computer system using forensic techniques to understand artifacts. It began in 1984 with 3 cases handled by the FBI's Media Magnet Program and has expanded to include 16 regional computer forensics laboratories. Digital forensics can recover deleted files, determine programs run, and discover web and document histories. Tools used include forensic workstations, write blockers, anti-static bags, and software like EnCase and FTK. Becoming an examiner requires formal training, certifications, experience, and skills in forensic tools, practices, and methodologies along with an analytical and detail-oriented personality.

Embed presentation

Downloaded 18 times
DIGITAL FORENSICS An Overview
BASICS OF EVERY FORENSICS CASE 1. Make an Image 2. Conduct the Investigation 3. Bookmark relevant/important discoveries 4. Prepare a report of the findings
HISTORY • 1984 Started with the FBI’s Media Magnet Program • 3 Cases handled that year • 1991 The program later became the Computer Analysis Response Team (CART) • 1995 International Organization on Computer Evidence (IOCE) was formed. • 2001 CART renamed to Regional Computer Forensics Laboratory (RCFL) • FBI’s full service forensics laboratory devoted to examining and supporting criminal investigations. The RCFL’s support state, local and federal cases • 2001 Computer Forensics renamed to Digital Forensics – 16 centers as of today
WHAT IS IT? • The practice of determining the past actions that have taken place on a computer system using computer forensic techniques and understanding artifacts. • Science, and the techniques that you learn and, in the future, possibly discover must be documented, tested, and verified if you expect them to hold up to scrutiny. • Often confused with Incident Response (IR). • Incident Response is a function that strictly belongs within information technology support services and is often looking for a cause or the break associated with the violation as it relates to a system or network and the overall computer infrastructure, rather than the actions of a person; which is what Digital Forensic does.
WHAT CAN IT DO? • Recovering deleted files. • Determine what programs have been run. • Recover what web pages users have viewed. • Recover the webmail that users have read. • Determine what file servers users have used. • Discover the hidden history of documents. • Recover deleted private chat conversations between users. • Recover call records and Short Message Service (SMS) messages from mobile devices.
TOOLS & EQUIPMENTS • Forensic Workstations: There are many available on the market, but what is essential is that the workstations have the processing and memory power to perform the examination you need. As the business/lab grows, access to servers might be needed as well purchasing an actual forensics work station. • SIFT: Vmware developed by SANS for Ubuntu • Write Blockers: An external device that allows acquisition and allows read commands, but blocks writing commands. • Anti-static Bags: Prevent static and shock from damaging the evidence/components you have gathered for your investigation. • EnCase: Used for data acquisition and analysis • FTK: Forensics Tool Kit scans hard-drives looking for various information and even recovering items. This is also used to make computer images. • ProDiscover: Creates a computer image and can turn an image into a bootable VMware.
PREPARING FOR A CASE • What type of case is it? • Administrative, Civil, Criminal • Public/Private • What is being investigated? • Crime/Violation • OS/Device • Who will be involved & at what level?
PERFORMING & DOCUMENTING THE INVESTIGATION • Industry Tools, Processes & Guidelines Used within the investigation • Reporting Findings • Forensic Examiners do not make interpretation, but report their findings • If during a non criminal investigation certain information is uncovered, like child pornography, the case will become criminal and case will need to be revaluated • Preparing Reports for legal use • Outcome
RECENT & SAMPLE CASES • Target Data Breaches • Network Intrusion/Hacking • Personal and financial data was compromised • Resactor • Sold Credit Card Numbers • Timberwolves Player : Dante Cunningham • Romania Bank Transfer Case: Local Non-Profit • Zeus
HOW TO BECOME A FORENSICS EXAMINER? • Formal Training: Credibility • Academic • Certifications • Experience • Skillset: Competency • Tools • Industry Best Practices • Methodologies • Personality: Success • Analytical • Detailed • Strong/Emotional Stable • Patient
QUESTIONS? Amina.Baha@gmail.com

More Related Content

PPT
Digital Forensic Tools - Application Specific.
byguestcf6f5b
 
PPT
Computer forensics
byShreya Singireddy
 
PPTX
Computer forensics and its role
bySudeshna Basak
 
PPTX
computer forensics
byshivi123456
 
PPTX
Computer Forensics
byDaksh Verma
 
PPTX
Computer Forensic Softwares
byDhruv Seth
 
PPT
Chap 1 general introduction to computer forensics
byMalobe Lottin Cyrille Marcel
 
PPTX
Computer forensics
bySarwar Hossain Rafsan
 
Digital Forensic Tools - Application Specific.
byguestcf6f5b
 
Computer forensics
byShreya Singireddy
 
Computer forensics and its role
bySudeshna Basak
 
computer forensics
byshivi123456
 
Computer Forensics
byDaksh Verma
 
Computer Forensic Softwares
byDhruv Seth
 
Chap 1 general introduction to computer forensics
byMalobe Lottin Cyrille Marcel
 
Computer forensics
bySarwar Hossain Rafsan
 

What's hot

PPT
Computer forensics
byHiren Selani
 
PPTX
Processing Crimes and Incident Scenes
byprimeteacher32
 
PDF
01 Computer Forensics Fundamentals - Notes
byKranthi
 
PPT
Computer forensics
bySCREAM138
 
DOCX
Computer Forensics
byShreya Singireddy
 
PPTX
Chap 2 computer forensics investigation
byMalobe Lottin Cyrille Marcel
 
PDF
Ce hv6 module 57 computer forensics and incident handling
byVi Tính Hoàng Nam
 
PPTX
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
PPT
Understanding computer investigation
byOnline
 
PPTX
Digital forensics
byvishnuv43
 
PPT
computer forensics
byAkhil Kumar
 
PPTX
cyber Forensics
byMuzzammil Wani
 
PDF
Computer Forensic
byNovizul Evendi
 
PPTX
Digital forensics
byyash sawarkar
 
PPT
Codebits 2010
byTiago Henriques
 
DOCX
Digital forensics
byAdriana Backman
 
PPT
Computer Forensics
byalrawes
 
PDF
Uncover important digital evidence with digital forensic tools
byParaben Corporation
 
PPTX
CYBERFORENSICS
byDr. Prashant Vats
 
PPTX
Computer forensics toolkit
byMilap Oza
 
Computer forensics
byHiren Selani
 
Processing Crimes and Incident Scenes
byprimeteacher32
 
01 Computer Forensics Fundamentals - Notes
byKranthi
 
Computer forensics
bySCREAM138
 
Computer Forensics
byShreya Singireddy
 
Chap 2 computer forensics investigation
byMalobe Lottin Cyrille Marcel
 
Ce hv6 module 57 computer forensics and incident handling
byVi Tính Hoàng Nam
 
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
Understanding computer investigation
byOnline
 
Digital forensics
byvishnuv43
 
computer forensics
byAkhil Kumar
 
cyber Forensics
byMuzzammil Wani
 
Computer Forensic
byNovizul Evendi
 
Digital forensics
byyash sawarkar
 
Codebits 2010
byTiago Henriques
 
Digital forensics
byAdriana Backman
 
Computer Forensics
byalrawes
 
Uncover important digital evidence with digital forensic tools
byParaben Corporation
 
CYBERFORENSICS
byDr. Prashant Vats
 
Computer forensics toolkit
byMilap Oza
 

Similar to DIGITAL FORENSICS_PRESENTATION

PDF
Computer forencis
byTeja Bheemanapally
 
PPTX
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
byMoshoodKareemOlawale
 
PPTX
Digital Forensic ppt
bySuchita Rawat
 
PDF
The Realm Of Digital Forensics
byDonald Tabone
 
PPT
Introduction to computer forensic
byOnline
 
PPT
Digital forensics
byNicholas Davis
 
PPT
Digital Forensics
byNicholas Davis
 
PPTX
Draft current state of digital forensic and data science
byDamir Delija
 
PDF
digital forensics-9 of cyber security.pdf
byAdyakantaSahoo
 
PPTX
Digital Forensics best practices with the use of open source tools and admiss...
bySagar Rahurkar
 
PPTX
Digital Forensics
byMithileysh Sathiyanarayanan
 
PDF
180 184
byEditor IJARCET
 
PPTX
CYB 305 Forensics and Digital Computer Security.pptx
byMuhammad54342
 
PPTX
Introduction to Digital Forensics with Types.pptx
byGov.t University
 
PPTX
Digital forensics ahmed emam
byahmad abdelhafeez
 
PPT
Lecture2 Introduction to Digital Forensics.ppt
bySurajgroupsvideo
 
PPTX
3170725_Unit-1.pptx
byYashPatel132112
 
PPT
Forensic Lab Development
byamiable_indian
 
PDF
Social Issues in Computing : Forensics
byKaruna Kak
 
PPTX
Latest presentation
byAdetunji Adeoje
 
Computer forencis
byTeja Bheemanapally
 
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
byMoshoodKareemOlawale
 
Digital Forensic ppt
bySuchita Rawat
 
The Realm Of Digital Forensics
byDonald Tabone
 
Introduction to computer forensic
byOnline
 
Digital forensics
byNicholas Davis
 
Digital Forensics
byNicholas Davis
 
Draft current state of digital forensic and data science
byDamir Delija
 
digital forensics-9 of cyber security.pdf
byAdyakantaSahoo
 
Digital Forensics best practices with the use of open source tools and admiss...
bySagar Rahurkar
 
Digital Forensics
byMithileysh Sathiyanarayanan
 
180 184
byEditor IJARCET
 
CYB 305 Forensics and Digital Computer Security.pptx
byMuhammad54342
 
Introduction to Digital Forensics with Types.pptx
byGov.t University
 
Digital forensics ahmed emam
byahmad abdelhafeez
 
Lecture2 Introduction to Digital Forensics.ppt
bySurajgroupsvideo
 
3170725_Unit-1.pptx
byYashPatel132112
 
Forensic Lab Development
byamiable_indian
 
Social Issues in Computing : Forensics
byKaruna Kak
 
Latest presentation
byAdetunji Adeoje
 

DIGITAL FORENSICS_PRESENTATION

  • 1.
  • 2.
    BASICS OF EVERYFORENSICS CASE 1. Make an Image 2. Conduct the Investigation 3. Bookmark relevant/important discoveries 4. Prepare a report of the findings
  • 3.
    HISTORY • 1984 Startedwith the FBI’s Media Magnet Program • 3 Cases handled that year • 1991 The program later became the Computer Analysis Response Team (CART) • 1995 International Organization on Computer Evidence (IOCE) was formed. • 2001 CART renamed to Regional Computer Forensics Laboratory (RCFL) • FBI’s full service forensics laboratory devoted to examining and supporting criminal investigations. The RCFL’s support state, local and federal cases • 2001 Computer Forensics renamed to Digital Forensics – 16 centers as of today
  • 4.
    WHAT IS IT? •The practice of determining the past actions that have taken place on a computer system using computer forensic techniques and understanding artifacts. • Science, and the techniques that you learn and, in the future, possibly discover must be documented, tested, and verified if you expect them to hold up to scrutiny. • Often confused with Incident Response (IR). • Incident Response is a function that strictly belongs within information technology support services and is often looking for a cause or the break associated with the violation as it relates to a system or network and the overall computer infrastructure, rather than the actions of a person; which is what Digital Forensic does.
  • 5.
    WHAT CAN ITDO? • Recovering deleted files. • Determine what programs have been run. • Recover what web pages users have viewed. • Recover the webmail that users have read. • Determine what file servers users have used. • Discover the hidden history of documents. • Recover deleted private chat conversations between users. • Recover call records and Short Message Service (SMS) messages from mobile devices.
  • 6.
    TOOLS & EQUIPMENTS •Forensic Workstations: There are many available on the market, but what is essential is that the workstations have the processing and memory power to perform the examination you need. As the business/lab grows, access to servers might be needed as well purchasing an actual forensics work station. • SIFT: Vmware developed by SANS for Ubuntu • Write Blockers: An external device that allows acquisition and allows read commands, but blocks writing commands. • Anti-static Bags: Prevent static and shock from damaging the evidence/components you have gathered for your investigation. • EnCase: Used for data acquisition and analysis • FTK: Forensics Tool Kit scans hard-drives looking for various information and even recovering items. This is also used to make computer images. • ProDiscover: Creates a computer image and can turn an image into a bootable VMware.
  • 7.
    PREPARING FOR ACASE • What type of case is it? • Administrative, Civil, Criminal • Public/Private • What is being investigated? • Crime/Violation • OS/Device • Who will be involved & at what level?
  • 8.
    PERFORMING & DOCUMENTINGTHE INVESTIGATION • Industry Tools, Processes & Guidelines Used within the investigation • Reporting Findings • Forensic Examiners do not make interpretation, but report their findings • If during a non criminal investigation certain information is uncovered, like child pornography, the case will become criminal and case will need to be revaluated • Preparing Reports for legal use • Outcome
  • 9.
    RECENT & SAMPLECASES • Target Data Breaches • Network Intrusion/Hacking • Personal and financial data was compromised • Resactor • Sold Credit Card Numbers • Timberwolves Player : Dante Cunningham • Romania Bank Transfer Case: Local Non-Profit • Zeus
  • 10.
    HOW TO BECOMEA FORENSICS EXAMINER? • Formal Training: Credibility • Academic • Certifications • Experience • Skillset: Competency • Tools • Industry Best Practices • Methodologies • Personality: Success • Analytical • Detailed • Strong/Emotional Stable • Patient
  • 11.