This document provides an introduction to computer forensics. It defines computer forensics as the process of identifying, preserving, analyzing and presenting digital evidence in a legally acceptable manner. It discusses the need for computer forensics to produce evidence that can lead to punishment of criminals while ensuring system integrity. The document also outlines the history of computer forensics, types of cyber crimes and digital evidence, computer forensics methodology, and applications of computer forensics including financial fraud detection and criminal prosecution.

1. Infosecindia Pvt Ltd.
Presented by
Poonam Lagas

2. INTRODUCTION OF COMPUTER FORENSICS
 DEFINITION
“Forensic computing is the process Of identifying,
preserving, analyzing and presenting digital evidence in a
manner that is legally acceptable.”(Rodney Mckemmish 1999).

3. CHARECTERISTICS OF COMPUTER FORENSICS
 Identifying
 Preserving
 Analyzing
 Presenting

4. NEEDS OF COMPUTER FORENSICS
 To produce evidence in the court that
can lead to the punishment of the actual.
 To ensure the integrity of the computer
system.
 To focus on the response to hi-tech
offenses, started to intertwine.

5. HISTORY OF COMPUTER FORENSICS
 began to evolve more than 30 years ago in US
when law and military investigators started seeing
criminals get technical.
 Now a days, Software companies continue to
produce newer and more robust forensic software
programs. And law enforcement and the military
continue to identify and train more and more of
their personnel in the response to crimes involving
technology.

6.  GOAL OF COMPUTER FORENSICS
 The main goal of computer forensic
 experts is not only to find the criminal
 but also to find out the evidence and the
 presentation of the evidence in a
 manner that leads to legal action of the
 criminal.

7. CRIME &EVIDENCE
 CYBER CRIME
Cyber crime occurs when information
technology is used to commit or
conceal an offence.

8.  TYPES OF CYBER CRIME
 Child Porn
 Breech of Computer Security
 Fraud/Theft
 Threats
 Suicide
 Homicide
 Investigations
 Sexual Assault

9. DIGITAL EVIDENCE
“Any data that is recorded or preserved on any
medium in or by a computer system or other
similar device, that can be read or understand by a
person or a computer system or other similar
device. It includes a display, print out or other
output of that data.”

10. TYPES OF DIGITAL EVIDENCE
PERSISTANT DATA,
Meaning data that remains intact when the
Computer is turned off. E.g. hard drives, disk drives and removable
storage devices (such as USB drives or flash drive

11.  RULES OF EVIDENCES
1)Admissible,
Must be able to be used in court or elsewhere
2) Authentic,
 Evidence relates to incident in relevant way.
3) Complete (no tunnel vision),
Exculpatory evidence for alternative suspects.
4) Reliable,
 No question about authenticity & veracity.
5) Believable,
 Clear, easy to understand, and believable by a jury.

12. COMPUTER FORENSICS METHODOLOGY
 Shut Down the Computer
Document the Hardware Configuration
of The System
Transport the Computer System to A
Secure Location
Make Bit Stream Backups of Hard
Disks and Floppy Disks
Mathematically Verify Data on All
Storage Devices
 Document the System Date and Time
Make a List of Key Search Words

13. CONT…
Evaluate the Windows Swap File
Evaluate File Slack
Evaluate Unallocated Space (Erased Files)
Search Files, File Slack and Unallocated Space for
Key Words
Document File Names, Dates and Times

14. APPLICATIONS OF COMPUTER
FORENSICS
Financial fraud detection
 criminal prosecution
 civil litigation
 corporate security policy And acceptable use
violation

15. Forensics Application Skills Required
For Computer
 Programming or computer-related experience
Broad understanding of operating systems and
applications
Strong analytical skills
Strong computer science fundamentals
 Strong system administrative