4. What is Digital Forensics
The science of identifying, preserving, recovering, analyzing and
presenting facts about digital evidence found on computers or digital
storage media devices.
5. Goal Of Digital Forensics
The main goal of computer forensic experts is not only to find the criminal but also to find out the
evidence, the presentation of the evidence in a manner that leads to legal action of the criminal.
6. What is Evidence ?
Evidence is anything that can be used to determine whether a crime has been
committed. Evidence may link a suspect to a scene, corroborate or refute an alibi or
statement, identify a perpetrator or victim, exonerate the innocent, induce a
confession, or direct further investigation.
8. Types Of Evidence(s)
1.PERSISTANT DATA
data that remains intact when the computer is turned off. E.g. hard drives, disk drives
and removable storage devices (such as USB drives or flash drives).
2.VOLATILE DATA
data that would be lost if the computer is
turned off. E.g. deleted files, computer history, the
computer's registry, temporary files and web browsing history.
9.
10. Phases of Digital Forensics
Identification
>>Identify Evidence
>>Identify type of information available
11. Phases of Digital Forensics
Preservation
>>Preserve evidence with least
amount of change possible
>>Must be able to account for
any change
>>Chain of custody
13. Phases of Digital Forensics
Analysis
>> Extracting facts(data/information)
Methods for extracting Facts(data/information)
1. Bit stream Disk to image
2. Bit stream Disk to Disk
14. Phases of Digital Forensics
Presentation/Documentation
Evidence will be accepted in court on:-
>> Manner of presentation
>> Qualifications of the presenter
>> Credibility of the processes used
to preserve and analyze evidence