SlideShare a Scribd company logo

Computer Forensics

Daksh Verma
Daksh Verma

Computer Forensics is the branch of digital forensics which deal with the evidence (data) obtained from computers to be produced in the court of law.

Technology
1 of 25
COMPUTER FORENSICS A Need of Modern Crimes -Daksh Verma
INTRODUCTION
O Computer Forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable. O Method used to investigate and analyze data maintained on or retrieved from electronic data storage media for the purposes of presentation in a court of law, civil or administrative proceeding.
Important Data Persistent Data Volatile Data O Data which is preserved when the computer is turned off. O Data stored on hard drives, external memory. O Data which is lost when the computer is turned off. O Data stored in registers, cache memory, RAM. Another categorization of data is Ambient Data and Active Data
NEED O To produce evidence in the court that can lead to punishment of the actual. O To ensure the integrity of the computer system. O To focus on the response to the hi-tech offences, started to intertwine.
ADVANTAGES O Catch the culprit or the criminal who is involved in the crime related to the computers. O To Organizations:  Recovering lost data  Advice on how to safeguard data from theft
CYBER CRIMES
O Cyber crimes occur when information technology is used to commit or conceal an offence. O “Digital Evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial.” O 2 Types:  Persistent Data  Volatile Data
Types of Cyber Crimes O Hacking O Theft O Cyber Stalking O Identity Theft O Malicious Software O Child soliciting and Abuse O Email-Spoofing O Copyright Violations
Characteristics of Digital Evidence O Admissible Must be able to be used in court O Authenticate Evidence relates to incident in relevant way O Complete Exculpatory evidence for alternate suspects O Reliable No question about authenticity and veracity O Believable Clear, easy to understand & believable by jury
Top Spots for Evidence O Temporary Files O File Slack O Unallocated Space O Internet History Files O E-mails O File Storage Dates O Settings, Folder Structures, File Names O Storage Devices
Popular Cases O BTK Serial Killer Evidence: File’s metadata on floppy disk O U.S. Navy Football Star Rape Case Evidence: IM keywords and HTML coding O Industrial Espionage Case Evidence: Stolen engineering drawings
THE PROCESS
ACQUISITION • Physically or remotely obtaining possession of computer, network mappings, external storage devices. IDENTIFICATION • Identifying what data could be recovered • Retrieving data using various tools EVALUATION • Evaluating how retrieved data can be used against the suspect. PRESENTATION • Presentation of evidence in a form understandable by non-technical persons.
Steps to Retrieve Evidence 1. Shut down the computer 2. Document the hardware configuration of the system 3. Transport the computer system to a secure location 4. Make bit stream backups of hard disks and storage devices 5. Mathematically authenticated data on all storage devices 6. Document the system date and time 7. Make a list of key search words
Steps to Retrieve Evidence 8. Evaluate the Windows swap file 9. Evaluate file slack 10. Evaluate unallocated space 11. Search files, file slack, unallocated space for key words 12. Document file names, date and time 13. Identify file, storage and program anomalies 14. Document your findings
TOOLS USED
GETFREE O Used to analyze Unallocated Space O Unallocated space contains the deleted files and the associated file slack O Automatically calculates the size of and captures the Unallocated space O Captures the contents of Windows swap file for analysis with other tools O Dos-based for speed and ease-of-use
GETSLACK O Used to analyze File Slack O Network logons and passwords or passwords used in file encryption can be found in file slack. O Calculates the size of and captures the File Slack O Dos-based for speed and ease-of-use
Forensic Graphics File Extractor O Automatically extract exact copies of graphics file images O Searches Windows Swap File and Unallocated Space for patterns of BMP, GIF and JPG file images O Reconstructs partial or complete image files in one highly accurate operation. The accuracy of this process is dependent upon the degree of fragmentation involved
APPLICATIONS O Financial Fraud Detection O Criminal Prosecution O Civil Litigation O Corporate Security Policy and Acceptable Use Violations
CONCLUSION O With increase in technology, cyber crimes increasing. O Computer forensics is a vital part of the computer security process. O As more knowledge is obtained about how crimes are committed with the use of computers, more forensic tools can be fine tuned to gather evidence more efficiently and combat the crime wave on technology.

Recommended

CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 

Recommended

CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools Jyothishmathi Institute of Technology and Science Karimnagar
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsOne97 Communications Limited
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensicsKabul Education University
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
Computer forensic
Computer forensicComputer forensic
Computer forensicSinggih Prasetya
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Mobile and SIM Forensics
Mobile and SIM ForensicsMobile and SIM Forensics
Mobile and SIM ForensicsYugal Pathak
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Sujit
SujitSujit
SujitSujit George
 

More Related Content

What's hot

Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Mobile and SIM Forensics
Mobile and SIM ForensicsMobile and SIM Forensics
Mobile and SIM ForensicsYugal Pathak
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 

What's hot (20)

Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Email investigation
Email investigationEmail investigation
Email investigation
 
Mobile and SIM Forensics
Mobile and SIM ForensicsMobile and SIM Forensics
Mobile and SIM Forensics
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic Images
 
computer forensics
computer forensicscomputer forensics
computer forensics
 

Similar to Computer Forensics

Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02satyabwati
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
computer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikcomputer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikamritanshu4u
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxDaniyaHuzaifa
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxssuser2bf502
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsBense Tony
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...pable2
 
computerforensicsppt-111006063922-phpapp01.pdf
computerforensicsppt-111006063922-phpapp01.pdfcomputerforensicsppt-111006063922-phpapp01.pdf
computerforensicsppt-111006063922-phpapp01.pdfGnanavi2
 

Similar to Computer Forensics (20)

Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Sujit
SujitSujit
Sujit
 
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
computer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikcomputer forensics by amritanshu kaushik
computer forensics by amritanshu kaushik
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...computer forensics, involves the preservation, identification, extraction, an...
computer forensics, involves the preservation, identification, extraction, an...
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital forensics.abdallah
Digital forensics.abdallahDigital forensics.abdallah
Digital forensics.abdallah
 
computerforensicsppt-111006063922-phpapp01.pdf
computerforensicsppt-111006063922-phpapp01.pdfcomputerforensicsppt-111006063922-phpapp01.pdf
computerforensicsppt-111006063922-phpapp01.pdf
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Computer Forensics

  • 1. COMPUTER FORENSICS A Need of Modern Crimes -Daksh Verma
  • 3. O Computer Forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable. O Method used to investigate and analyze data maintained on or retrieved from electronic data storage media for the purposes of presentation in a court of law, civil or administrative proceeding.
  • 4. Important Data Persistent Data Volatile Data O Data which is preserved when the computer is turned off. O Data stored on hard drives, external memory. O Data which is lost when the computer is turned off. O Data stored in registers, cache memory, RAM. Another categorization of data is Ambient Data and Active Data
  • 5. NEED O To produce evidence in the court that can lead to punishment of the actual. O To ensure the integrity of the computer system. O To focus on the response to the hi-tech offences, started to intertwine.
  • 6. ADVANTAGES O Catch the culprit or the criminal who is involved in the crime related to the computers. O To Organizations:  Recovering lost data  Advice on how to safeguard data from theft
  • 8. O Cyber crimes occur when information technology is used to commit or conceal an offence. O “Digital Evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial.” O 2 Types:  Persistent Data  Volatile Data
  • 9. Types of Cyber Crimes O Hacking O Theft O Cyber Stalking O Identity Theft O Malicious Software O Child soliciting and Abuse O Email-Spoofing O Copyright Violations
  • 10.
  • 11.
  • 12.
  • 13. Characteristics of Digital Evidence O Admissible Must be able to be used in court O Authenticate Evidence relates to incident in relevant way O Complete Exculpatory evidence for alternate suspects O Reliable No question about authenticity and veracity O Believable Clear, easy to understand & believable by jury
  • 14. Top Spots for Evidence O Temporary Files O File Slack O Unallocated Space O Internet History Files O E-mails O File Storage Dates O Settings, Folder Structures, File Names O Storage Devices
  • 15. Popular Cases O BTK Serial Killer Evidence: File’s metadata on floppy disk O U.S. Navy Football Star Rape Case Evidence: IM keywords and HTML coding O Industrial Espionage Case Evidence: Stolen engineering drawings
  • 17. ACQUISITION • Physically or remotely obtaining possession of computer, network mappings, external storage devices. IDENTIFICATION • Identifying what data could be recovered • Retrieving data using various tools EVALUATION • Evaluating how retrieved data can be used against the suspect. PRESENTATION • Presentation of evidence in a form understandable by non-technical persons.
  • 18. Steps to Retrieve Evidence 1. Shut down the computer 2. Document the hardware configuration of the system 3. Transport the computer system to a secure location 4. Make bit stream backups of hard disks and storage devices 5. Mathematically authenticated data on all storage devices 6. Document the system date and time 7. Make a list of key search words
  • 19. Steps to Retrieve Evidence 8. Evaluate the Windows swap file 9. Evaluate file slack 10. Evaluate unallocated space 11. Search files, file slack, unallocated space for key words 12. Document file names, date and time 13. Identify file, storage and program anomalies 14. Document your findings
  • 21. GETFREE O Used to analyze Unallocated Space O Unallocated space contains the deleted files and the associated file slack O Automatically calculates the size of and captures the Unallocated space O Captures the contents of Windows swap file for analysis with other tools O Dos-based for speed and ease-of-use
  • 22. GETSLACK O Used to analyze File Slack O Network logons and passwords or passwords used in file encryption can be found in file slack. O Calculates the size of and captures the File Slack O Dos-based for speed and ease-of-use
  • 23. Forensic Graphics File Extractor O Automatically extract exact copies of graphics file images O Searches Windows Swap File and Unallocated Space for patterns of BMP, GIF and JPG file images O Reconstructs partial or complete image files in one highly accurate operation. The accuracy of this process is dependent upon the degree of fragmentation involved
  • 24. APPLICATIONS O Financial Fraud Detection O Criminal Prosecution O Civil Litigation O Corporate Security Policy and Acceptable Use Violations
  • 25. CONCLUSION O With increase in technology, cyber crimes increasing. O Computer forensics is a vital part of the computer security process. O As more knowledge is obtained about how crimes are committed with the use of computers, more forensic tools can be fine tuned to gather evidence more efficiently and combat the crime wave on technology.