Diving into Digital Forensics
•
2 likes•115 views
Slides from my session Introduction to digital forensics AT NullAhmedabad meetup
Recommended
More Related Content
What's hot
What's hot (10)
Similar to Diving into Digital Forensics
Similar to Diving into Digital Forensics (20)
Recently uploaded
Recently uploaded (20)
Diving into Digital Forensics
- 2. Who Am I ? • Mozillian • Founder of Cyberhex
- 3. What is Digital Forensics
- 4. What is Digital Forensics The science of identifying, preserving, recovering, analyzing and presenting facts about digital evidence found on computers or digital storage media devices.
- 5. Goal Of Digital Forensics The main goal of computer forensic experts is not only to find the criminal but also to find out the evidence, the presentation of the evidence in a manner that leads to legal action of the criminal.
- 6. What is Evidence ? Evidence is anything that can be used to determine whether a crime has been committed. Evidence may link a suspect to a scene, corroborate or refute an alibi or statement, identify a perpetrator or victim, exonerate the innocent, induce a confession, or direct further investigation.
- 7. What is Evidence ?
- 8. Types Of Evidence(s) 1.PERSISTANT DATA data that remains intact when the computer is turned off. E.g. hard drives, disk drives and removable storage devices (such as USB drives or flash drives). 2.VOLATILE DATA data that would be lost if the computer is turned off. E.g. deleted files, computer history, the computer's registry, temporary files and web browsing history.
- 10. Phases of Digital Forensics Identification >>Identify Evidence >>Identify type of information available
- 11. Phases of Digital Forensics Preservation >>Preserve evidence with least amount of change possible >>Must be able to account for any change >>Chain of custody
- 12. Phases of Digital Forensics(contd.) Preservation >>Chain of custody
- 13. Phases of Digital Forensics Analysis >> Extracting facts(data/information) Methods for extracting Facts(data/information) 1. Bit stream Disk to image 2. Bit stream Disk to Disk
- 14. Phases of Digital Forensics Presentation/Documentation Evidence will be accepted in court on:- >> Manner of presentation >> Qualifications of the presenter >> Credibility of the processes used to preserve and analyze evidence
- 15. Branches of Digital Forensics
- 16. Skills required for Digital Forensics • Networking skills, including TCP/IP-based network communications (much of modern forensics involves reading network traces) • Windows, *nix operating systems • C, Python or any programming language(s) • Computer hardware and software systems • Cryptography principles • eDiscovery tools (NUIX, Relativity, Clearwell, etc.) • Forensic software applications (e.g. TSK, FTK, Helix, Cellebrite etc.) • Data processing skills in electronic disclosure environments • Evidence handling procedures • Cloud computing
- 17. Forensics Tools (Commercial/Proprietary) • UFED • Oxygen • Santoku • Belkasoft • CyberCheck • OSForensics • FTK Imager
- 18. Forensics Tools (Free/Opensource) • Volatility • GRR • DFF • Autospy/TSK • Regripper • Caine Distro • HashMyFiles