SlideShare a Scribd company logo

Presentation-DFI

Download as PPT, PDF
D
Duaa Shoukat

Duaa Shoukat presented on investigating a cyber crime case involving a former bank employee, Alina Smith. The objectives were to analyze Alina's computer hard drive using digital forensics techniques to find any evidence she stole confidential bank information. Analysis of her email files revealed 9 messages with identical image attachments containing hidden data, indicating the use of steganography. Her browser history also showed she researched and downloaded steganography software. The findings provided evidence that Alina attempted to steal bank loan details by hiding the data in image attachments sent via email.

1 of 24
Duaa Shoukat BSCS-11-60 Institute of Computing Bahauddin Zakariya University Multan, Punjab, 60,000 Pakistan Email: duaam.Shoukat@gmaol.com www.bzu.edu.pk Investigating Cyber Crimes Using Internet and E-mail Forensics 06 November 2015
Duaa Shoukat Presentation Overview  Project Scope and Objectives  Digital Forensics  Internet and Email Forensics  Contribution: Email and Internet analysis using Digital Forensics Techniques • Case Scenario • Challenges • Collection & Bit stream Image Creation • Analysis & Evidence Findings • Email Analysis • Internet Analysis  Conclusion 2
Duaa Shoukat 4 Scope of the project Digital Forensics are very useful in criminal investigation. This project is limited to the category internet and email Forensics. I focus on some of the common Email and Internet artifacts stored in a PC such as Outlook Data files, Index.dat files and other browser history files. Objective of project – Learning Internet and Email Forensics (Digital Forensics) – Data Collection from digital device by applying different Forensics techniques. – Experiment of a project by performing internet and email forensic techniques. – Extracting files from a device – Finding any useful data/evidence from suspected system. – Analyze and use them as an evidence in court of law. Project Scope and Objective
Duaa Shoukat According to the Ken Zatyko Digital Forensics is defined as: The application of computer science and investigative procedures for a legal purpose including the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation. Digital Forensics process – Collection • Search Authority • Chain of custody • Imaging/Hashing Functions – Examination • Examination of data • Tools validation – Analysis • Analysis of data and Repeatability (Quality Assurance) – Reporting • Final report and Possible Expert Presentation 4 Digital Forensics
Duaa Shoukat • Email Forensics – E-mail forensic analysis is used to study the source and content of e-mail message as evidence, identifying the actual sender, recipient and date and time it was sent, etc. to collect believable evidence to bring criminals to justice. • Internet Forensics – The investigation of criminal activity that has occurred on the Internet. It deals with the analysis of the origins, contents, patterns and transmission paths of email and Web pages as well as browser history and Web server scripts and header messages. • Goals • To discover why the suspect has chosen the target machine • To gather as much evidence of the criminal act as possible • To obtain information that may narrow the list of suspects • To document the damage caused by crime 5 Internet and Email Forensics (I)
Duaa Shoukat Internet and Email Analysis using Digital Forensics Techniques 6
Duaa Shoukat • Hardware used for investigation On hardware side I am using Toshiba laptop of following description: • Model: Toshiba Intel Core i3 • RAM: 4GB • Processor: 2.13GHz, 2.13GHz • Hard Drive(Internal): 500GB • Operating System: Windows 8 64-bit • Softwares used •Accessdata FTK imager 3.3.0.5. •Outlook OST File Viewer •Kernel for OST to PST - Evaluation Version •SysTools Outlook PST to PDF Converter •Steganography tool – QuickStego •BrowserHistorySpy 7 Environment setting
Duaa Shoukat  Alina Smith is working in HBL National Bank in Multan, Pakistan, for many years as a corporate loan officer.  She suddenly resigned from the bank recently, without any reason.  After two to three days of her resignation the CEO of the Bank, named John Marshall, suspected that Alina has used her position to send confidential loan information to someone outside the bank by using her official Email ID.  The bank has the policy to wipe the hard disk of resigned officer with unrecoverable wipe tool.  Before wiping the entire disk this investigation must be carried out in complete confidentiality due to FDIC Federal Deposit Insurance Corporation requirement. 8 Case Scenario (I)
Duaa Shoukat Case Scenario (II)  John Knows little bit about the forensic investigations and he has a relative namely Duaa Shoukat, who is researching on Digital Forensics.  John called her to investigate and prove Alina’s crime, which was considered as a theft of confidential data.  Investigator’s job on this case is to get all the case related data and proves about Alina Smith’s theft, if attempted. 9
Duaa Shoukat Case Challenges • As an investigator my main challenges are: • To find any data files that can prove the suspect’s theft. • To find files that have information about the theft attempted information. • To find theft related visited links and downloads • To examine all the data of hard drive in logical drive C. o Internet and email related data • Chain of custody of evidence media acquired in a report • Store original media or Hard disk in a secure location 10
Duaa Shoukat • After Search authority • I visited Alina Smith’s office and collected the digital device she regularly used for financial work and removed the hard drive from her computer SONY PCG-3E2L. • I placed the hard drive in an anti-static bag and transported it to my forensic laboratory. • Imaging • Imaging tool used: FTK Imager 3.3.0.5 • Image format selected: AFF • Hard Drive o Elapsed Time: 7 hours 32 minutes and 40 seconds o Image file size: 72 GB 11 Data Collection • Case Evidence Information
Duaa Shoukat Data Imaging / Hashing process 12 • Hashes Verification • Hashes matched • I stored the original hard drive in a secure location after imaging/hashing.
Duaa Shoukat • Tools validation • Tools checked and works fine. • I loaded evidence images into FTK imager and it showed files in Evidence tree window from images of hard drive taken. 13 Examining evidence image data(I) • Hard Drive Tree shows the following in root folder.
Duaa Shoukat • Files in Hard Drive (root Folder) 14 Examining and extracting data(II) • I exported out the users folder as it contains the information about internet and email activities, by default.
Duaa Shoukat • In users folder, I have found the folder named “Outlook” Users/Alina/AppData/Local/Default/Microsoft/Outlook • The folder contains only one outlook data file which contains all the data about email messages. 15 Examining extracted data • alinasmithusa@gmail.com.ost file found
Duaa Shoukat • Scanning .ost file in OST viewer 16 Evidence Analysis (I) • About 9 of files found, all with the same .png attachment containing no mail text
Duaa Shoukat • I then converted the .ost files to .pst files using osttopst converter for exporting them as evidence. It is also used to recover the corrupted files. • After converting the files I selected them to export in pdf format to see and analyze the attachment. 17 Evidence Analysis (II)
Duaa Shoukat • After exporting the files into PDF I checked the size of attachment. • A same file contains different sizes. No one can guess that data may be hidden in the image. Evidence Analysis (III) 18
Duaa Shoukat • A same attachment make sense that steganography may be applied on the picture to hide some sort of data. • She loaded the attachment picture into the QuickStego Evidence Analysis (IV) 19 • Every picture shows the different official data about bank loan.
Duaa Shoukat  I checked for her browser history to prove that Alina Smith has downloaded the steganography tool to attempt theft by applying steganography on a picture. UsersAlinaAppDataLocalGoogleChromeUser DataDefaultHistory Evidence Analysis (V) 20
Duaa Shoukat • Alina Smith visited these sites and downloaded the steganography tool from sourceforge.net • http://www.garykessler.net/library/steganography.html • http://listoffreeware.com/list-of-best-free-steganography-software-for-windows/ • http://www.quickcrypto.com/free-steganography-software.html Evidence Analysis (VI) 21 Chrome Web History Report by BrowserHistorySpy
Duaa Shoukat Case Findings • alinasmithusa@gmail.com.ost file is contained in outlook data folder. • This file contains Alina Smith’s sent messages. • In sent item folder: 9 e-mail messages with the same image attachment found Containing no text Data is hidden in the image attachment Applied steganography to hide confidential Data • Internet analysis shows the sites visited to get the knowledge about data hiding techniques. • Steganography tool downloaded from the site sourceforge.net 22
Duaa Shoukat Conclusion  This information used how to apply/use Digital Forensics Techniques and tools.  These skills help to find and analyze evidence from any suspected system.  This project tells that the use of email and internet is very suspicious for criminal in case of any crime.  Even the data is deleted from everywhere in your system, it will be found on the servers or path you are using. 23
Duaa Shoukat 24 Thanks for listening ! »Questions ?

Recommended

Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its toolsKathirvel Ayyaswamy
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools Jyothishmathi Institute of Technology and Science Karimnagar
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsShreya Singireddy
 

Recommended

Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its toolsKathirvel Ayyaswamy
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools Jyothishmathi Institute of Technology and Science Karimnagar
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsShreya Singireddy
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic Ravi Nayak
 
Facebook Forensics Toolkit(FFT)
Facebook Forensics Toolkit(FFT)Facebook Forensics Toolkit(FFT)
Facebook Forensics Toolkit(FFT)Shuvo Sarker
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsShreya Singireddy
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20worldAqib Memon
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensicsKabul Education University
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic SoftwaresDhruv Seth
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsAnyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
Diana warnerclothingdesig003
Diana warnerclothingdesig003Diana warnerclothingdesig003
Diana warnerclothingdesig003Lindsey Keslar
 
Grupo 8. informatica exposicion
Grupo 8. informatica exposicionGrupo 8. informatica exposicion
Grupo 8. informatica exposicionJeanpi Strada
 

More Related Content

What's hot

Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic Ravi Nayak
 
Facebook Forensics Toolkit(FFT)
Facebook Forensics Toolkit(FFT)Facebook Forensics Toolkit(FFT)
Facebook Forensics Toolkit(FFT)Shuvo Sarker
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20worldAqib Memon
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic SoftwaresDhruv Seth
 

What's hot (20)

Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic
 
Facebook Forensics Toolkit(FFT)
Facebook Forensics Toolkit(FFT)Facebook Forensics Toolkit(FFT)
Facebook Forensics Toolkit(FFT)
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensics
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 

Viewers also liked

Diana warnerclothingdesig003
Diana warnerclothingdesig003Diana warnerclothingdesig003
Diana warnerclothingdesig003Lindsey Keslar
 
Grupo 8. informatica exposicion
Grupo 8. informatica exposicionGrupo 8. informatica exposicion
Grupo 8. informatica exposicionJeanpi Strada
 
ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2Anton Kochkov
 
Developing interactive learning resources
Developing interactive learning resourcesDeveloping interactive learning resources
Developing interactive learning resourcesAlexander Mikroyannidis
 
Samsung Gear S3 SM-R770- SM-760- Final User Manual
Samsung Gear S3 SM-R770- SM-760- Final User ManualSamsung Gear S3 SM-R770- SM-760- Final User Manual
Samsung Gear S3 SM-R770- SM-760- Final User ManualTizenExperts
 
Los 7 hábitos de un community manager exitoso
Los 7 hábitos de un community manager exitosoLos 7 hábitos de un community manager exitoso
Los 7 hábitos de un community manager exitosolauracanterla
 
Eliz historia socioeconomica de venezuela
Eliz historia socioeconomica de venezuelaEliz historia socioeconomica de venezuela
Eliz historia socioeconomica de venezuelaElisa Kadrian
 
Mapeamento de Fluxo de Valor
Mapeamento de Fluxo de ValorMapeamento de Fluxo de Valor
Mapeamento de Fluxo de ValorCaio Santiago
 
Poder Moral Republicano
Poder Moral RepublicanoPoder Moral Republicano
Poder Moral RepublicanoLuis Hera
 
Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.
Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.
Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.Chaire_Retailing 4.0
 
Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.
Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.
Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.Chaire_Retailing 4.0
 

Viewers also liked (14)

Diana warnerclothingdesig003
Diana warnerclothingdesig003Diana warnerclothingdesig003
Diana warnerclothingdesig003
 
Grupo 8. informatica exposicion
Grupo 8. informatica exposicionGrupo 8. informatica exposicion
Grupo 8. informatica exposicion
 
ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2
 
Developing interactive learning resources
Developing interactive learning resourcesDeveloping interactive learning resources
Developing interactive learning resources
 
Samsung Gear S3 SM-R770- SM-760- Final User Manual
Samsung Gear S3 SM-R770- SM-760- Final User ManualSamsung Gear S3 SM-R770- SM-760- Final User Manual
Samsung Gear S3 SM-R770- SM-760- Final User Manual
 
Los 7 hábitos de un community manager exitoso
Los 7 hábitos de un community manager exitosoLos 7 hábitos de un community manager exitoso
Los 7 hábitos de un community manager exitoso
 
MiPhone Hosted PBX Cost Savings Presentation
MiPhone Hosted PBX Cost Savings PresentationMiPhone Hosted PBX Cost Savings Presentation
MiPhone Hosted PBX Cost Savings Presentation
 
Eliz historia socioeconomica de venezuela
Eliz historia socioeconomica de venezuelaEliz historia socioeconomica de venezuela
Eliz historia socioeconomica de venezuela
 
Mapeamento de Fluxo de Valor
Mapeamento de Fluxo de ValorMapeamento de Fluxo de Valor
Mapeamento de Fluxo de Valor
 
Poder Moral Republicano
Poder Moral RepublicanoPoder Moral Republicano
Poder Moral Republicano
 
Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.
Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.
Crosscanalité - Pr. Olivier Badot - Petit-déjeuner du Commerce 4.0.
 
Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.
Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.
Logistique 4.0 - Pr. Aurélien Rouquet - Petit-Déjeuner du Commerce 4.0.
 
Tensorflow
TensorflowTensorflow
Tensorflow
 
Data Analytics for IoT
Data Analytics for IoT Data Analytics for IoT
Data Analytics for IoT
 

Similar to Presentation-DFI

Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Investigating Cooridinated Data Exfiltration
Investigating Cooridinated Data ExfiltrationInvestigating Cooridinated Data Exfiltration
Investigating Cooridinated Data ExfiltrationAndrew Case
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptxKomalNagre4
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsAlchemist095
 
Forensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxForensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxFatemaAkter78
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingAmbuj Kumar
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringSuraj Khetani
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Final Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisFinal Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisalisondakintxt
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Please i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kindPlease i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kindtaminklsperaw
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collectiongagan deep
 

Similar to Presentation-DFI (20)

Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Investigating Cooridinated Data Exfiltration
Investigating Cooridinated Data ExfiltrationInvestigating Cooridinated Data Exfiltration
Investigating Cooridinated Data Exfiltration
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
 
Forensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxForensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptx
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hacking
 
File000117
File000117File000117
File000117
 
Forensic
ForensicForensic
Forensic
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineering
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Final Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisFinal Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete this
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Please i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kindPlease i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kind
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 

Presentation-DFI

  • 1. Duaa Shoukat BSCS-11-60 Institute of Computing Bahauddin Zakariya University Multan, Punjab, 60,000 Pakistan Email: duaam.Shoukat@gmaol.com www.bzu.edu.pk Investigating Cyber Crimes Using Internet and E-mail Forensics 06 November 2015
  • 2. Duaa Shoukat Presentation Overview  Project Scope and Objectives  Digital Forensics  Internet and Email Forensics  Contribution: Email and Internet analysis using Digital Forensics Techniques • Case Scenario • Challenges • Collection & Bit stream Image Creation • Analysis & Evidence Findings • Email Analysis • Internet Analysis  Conclusion 2
  • 3. Duaa Shoukat 4 Scope of the project Digital Forensics are very useful in criminal investigation. This project is limited to the category internet and email Forensics. I focus on some of the common Email and Internet artifacts stored in a PC such as Outlook Data files, Index.dat files and other browser history files. Objective of project – Learning Internet and Email Forensics (Digital Forensics) – Data Collection from digital device by applying different Forensics techniques. – Experiment of a project by performing internet and email forensic techniques. – Extracting files from a device – Finding any useful data/evidence from suspected system. – Analyze and use them as an evidence in court of law. Project Scope and Objective
  • 4. Duaa Shoukat According to the Ken Zatyko Digital Forensics is defined as: The application of computer science and investigative procedures for a legal purpose including the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation. Digital Forensics process – Collection • Search Authority • Chain of custody • Imaging/Hashing Functions – Examination • Examination of data • Tools validation – Analysis • Analysis of data and Repeatability (Quality Assurance) – Reporting • Final report and Possible Expert Presentation 4 Digital Forensics
  • 5. Duaa Shoukat • Email Forensics – E-mail forensic analysis is used to study the source and content of e-mail message as evidence, identifying the actual sender, recipient and date and time it was sent, etc. to collect believable evidence to bring criminals to justice. • Internet Forensics – The investigation of criminal activity that has occurred on the Internet. It deals with the analysis of the origins, contents, patterns and transmission paths of email and Web pages as well as browser history and Web server scripts and header messages. • Goals • To discover why the suspect has chosen the target machine • To gather as much evidence of the criminal act as possible • To obtain information that may narrow the list of suspects • To document the damage caused by crime 5 Internet and Email Forensics (I)
  • 6. Duaa Shoukat Internet and Email Analysis using Digital Forensics Techniques 6
  • 7. Duaa Shoukat • Hardware used for investigation On hardware side I am using Toshiba laptop of following description: • Model: Toshiba Intel Core i3 • RAM: 4GB • Processor: 2.13GHz, 2.13GHz • Hard Drive(Internal): 500GB • Operating System: Windows 8 64-bit • Softwares used •Accessdata FTK imager 3.3.0.5. •Outlook OST File Viewer •Kernel for OST to PST - Evaluation Version •SysTools Outlook PST to PDF Converter •Steganography tool – QuickStego •BrowserHistorySpy 7 Environment setting
  • 8. Duaa Shoukat  Alina Smith is working in HBL National Bank in Multan, Pakistan, for many years as a corporate loan officer.  She suddenly resigned from the bank recently, without any reason.  After two to three days of her resignation the CEO of the Bank, named John Marshall, suspected that Alina has used her position to send confidential loan information to someone outside the bank by using her official Email ID.  The bank has the policy to wipe the hard disk of resigned officer with unrecoverable wipe tool.  Before wiping the entire disk this investigation must be carried out in complete confidentiality due to FDIC Federal Deposit Insurance Corporation requirement. 8 Case Scenario (I)
  • 9. Duaa Shoukat Case Scenario (II)  John Knows little bit about the forensic investigations and he has a relative namely Duaa Shoukat, who is researching on Digital Forensics.  John called her to investigate and prove Alina’s crime, which was considered as a theft of confidential data.  Investigator’s job on this case is to get all the case related data and proves about Alina Smith’s theft, if attempted. 9
  • 10. Duaa Shoukat Case Challenges • As an investigator my main challenges are: • To find any data files that can prove the suspect’s theft. • To find files that have information about the theft attempted information. • To find theft related visited links and downloads • To examine all the data of hard drive in logical drive C. o Internet and email related data • Chain of custody of evidence media acquired in a report • Store original media or Hard disk in a secure location 10
  • 11. Duaa Shoukat • After Search authority • I visited Alina Smith’s office and collected the digital device she regularly used for financial work and removed the hard drive from her computer SONY PCG-3E2L. • I placed the hard drive in an anti-static bag and transported it to my forensic laboratory. • Imaging • Imaging tool used: FTK Imager 3.3.0.5 • Image format selected: AFF • Hard Drive o Elapsed Time: 7 hours 32 minutes and 40 seconds o Image file size: 72 GB 11 Data Collection • Case Evidence Information
  • 12. Duaa Shoukat Data Imaging / Hashing process 12 • Hashes Verification • Hashes matched • I stored the original hard drive in a secure location after imaging/hashing.
  • 13. Duaa Shoukat • Tools validation • Tools checked and works fine. • I loaded evidence images into FTK imager and it showed files in Evidence tree window from images of hard drive taken. 13 Examining evidence image data(I) • Hard Drive Tree shows the following in root folder.
  • 14. Duaa Shoukat • Files in Hard Drive (root Folder) 14 Examining and extracting data(II) • I exported out the users folder as it contains the information about internet and email activities, by default.
  • 15. Duaa Shoukat • In users folder, I have found the folder named “Outlook” Users/Alina/AppData/Local/Default/Microsoft/Outlook • The folder contains only one outlook data file which contains all the data about email messages. 15 Examining extracted data • alinasmithusa@gmail.com.ost file found
  • 16. Duaa Shoukat • Scanning .ost file in OST viewer 16 Evidence Analysis (I) • About 9 of files found, all with the same .png attachment containing no mail text
  • 17. Duaa Shoukat • I then converted the .ost files to .pst files using osttopst converter for exporting them as evidence. It is also used to recover the corrupted files. • After converting the files I selected them to export in pdf format to see and analyze the attachment. 17 Evidence Analysis (II)
  • 18. Duaa Shoukat • After exporting the files into PDF I checked the size of attachment. • A same file contains different sizes. No one can guess that data may be hidden in the image. Evidence Analysis (III) 18
  • 19. Duaa Shoukat • A same attachment make sense that steganography may be applied on the picture to hide some sort of data. • She loaded the attachment picture into the QuickStego Evidence Analysis (IV) 19 • Every picture shows the different official data about bank loan.
  • 20. Duaa Shoukat  I checked for her browser history to prove that Alina Smith has downloaded the steganography tool to attempt theft by applying steganography on a picture. UsersAlinaAppDataLocalGoogleChromeUser DataDefaultHistory Evidence Analysis (V) 20
  • 21. Duaa Shoukat • Alina Smith visited these sites and downloaded the steganography tool from sourceforge.net • http://www.garykessler.net/library/steganography.html • http://listoffreeware.com/list-of-best-free-steganography-software-for-windows/ • http://www.quickcrypto.com/free-steganography-software.html Evidence Analysis (VI) 21 Chrome Web History Report by BrowserHistorySpy
  • 22. Duaa Shoukat Case Findings • alinasmithusa@gmail.com.ost file is contained in outlook data folder. • This file contains Alina Smith’s sent messages. • In sent item folder: 9 e-mail messages with the same image attachment found Containing no text Data is hidden in the image attachment Applied steganography to hide confidential Data • Internet analysis shows the sites visited to get the knowledge about data hiding techniques. • Steganography tool downloaded from the site sourceforge.net 22
  • 23. Duaa Shoukat Conclusion  This information used how to apply/use Digital Forensics Techniques and tools.  These skills help to find and analyze evidence from any suspected system.  This project tells that the use of email and internet is very suspicious for criminal in case of any crime.  Even the data is deleted from everywhere in your system, it will be found on the servers or path you are using. 23
  • 24. Duaa Shoukat 24 Thanks for listening ! »Questions ?