SlideShare a Scribd company logo

4.content (computer forensic)

JIEMS Akkalkuwa, profile picture
JIEMS Akkalkuwa

Computer forensics is expected to face significant changes over the next 5-50 years: - Within 5 years, storage capacity and processing speeds will increase dramatically, resulting in exponentially more data to analyze per case. Automated tools will help speed up initial processing but full analyses may still take similar time. - By 10 years, computers may be much smarter and interfaces more advanced, changing the examiner's role. Experts will need deeper knowledge of human-computer interactions. Malware threats will likely escalate as well. - Predicting 50 years is difficult but storage capacities may reach zettabytes, fit in dental fillings. Computers may surpass human intelligence. The legal system may remain

Engineering
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
COMPUTER FORENSIC JIEMS AKKALKUWA 1 CHAPTER 1 INTRODUCTION Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.
COMPUTER FORENSIC JIEMS AKKALKUWA 2 1.1 WHAT IS COMPUTER FORENSICS? Computer forensics is simply the application of disciplined investigative techniques in the automated environment and the search, discovery, and analysis of potential evidence. It is the method used to investigate and analyze data maintained on or retrieved from electronic data storage media for the purposes of presentation in a court of law, civil or administrative proceeding. Evidence may be sought in a wide range of computer crime or misuse cases. Computer forensics is rapidly becoming a science recognized on a par with other forensic sciences by the legal and law enforcement communities. As this trend continues, it will become even more important to handle and examine computer evidence properly. Not every department or organization has the resources to have trained computer forensic specialists on staff. 1.2 History of Computer Forensics Michael Anderson  Father of computer forensics  Special agent with IRS Meeting in 1988 (Portland, Oregon)  Creation of IACIS, the International Association of Computer Investigative Specialists  The first Seized Computer Evidence Recovery Specialists (SCERS) classes held
COMPUTER FORENSIC JIEMS AKKALKUWA 3 CHAPTER 2 Literature Survey Several criminal activities are being committed nowadays such as cyber terrorism, internet fraud, viruses, illegal downloads, falsification of document, child pornography, counterfeiting, economic espionage, benefit fraud, human resources/employment proceedings just to mention a few. As such, there is need for necessary legislation to help prosecute the perpetrators of these crimes. This is where the skills of a forensic expert come in to help build indisputable evidence against them. If the computer and its contents are examined by anyone other than a trained and experienced computer forensics specialist, the usefulness and credibility of that evidence will be tainted(Vacca , 2005). A highly skilled computer forensic analyst is someone who understands the discipline as well as understands the use of computer forensic tools. Network forensic investigators on the other hand uses log files to determine when users logged on and they also try to determine which URL’s users accessed, how they logged on to the network and from what location. In special cases, forensic experts use electron microscopes and other sophisticated equipments to retrieve information from machines that have been damage or formatted. The use of this method can be very capital intensive which may sometime exceed $20000. (Bill Nelson et al, 2008)A survey recently conducted reveals that both public and private agencies face serious threats from external and internal sources. (Computer Crime and Security Survey, 2003)There are three things to take into consideration when carrying out computer forensic. A computer can be the target of the crime, it can be the instrument of the crime or it can serve as an evidence repository storing valuable information about the crime. Knowing what role the computer played in the crime can of tremendous help when searching for evidence. This knowledge can also help reduce the time taken to package your evidence.
COMPUTER FORENSIC JIEMS AKKALKUWA 4 CHAPTER 3 Existing System FIG 3.1: VOGON FORENSIC SERVICES 3.3.1 Document the Hardware Configuration of the System It is assumed that the computer system will be moved to a secure location where a proper chain of custody can be maintained and the processing of evidence can begin. Before dismantling the computer, it is important that pictures are taken of the computer from all angles to document the system hardware components and how they are connected. Labeling each wire is also important so that the original computer configuration can be restored. Computer evidence should ideally be processed in a computer hardware environment that is identical to the original hardware configuration.
COMPUTER FORENSIC JIEMS AKKALKUWA 5 3.3.2 Transport the Computer System to a Secure Location This may seem basic but all too often seized evidence computers are stored in less than secure locations. It is imperative that the subject computer is treated as evidence and it should be stored out of reach of curious computer users. All too often, individuals operate seized computers without knowing that they are destroying potential computer evidence and the chain of custody. Furthermore, a seized computer left unintended can easily be compromised. Evidence can be planted on it and crucial evidence can be intentionally destroyed. A lack of a proper chain of custody can 'make the day' for a savvy defense attorney. Lacking a proper chain of custody, how can you say that relevant evidence was not planted on the computer after the seizure? The answer is that you cannot. Do not leave the computer unattended unless it is locked in a secure location! NTI provides a program named Seized to law enforcement computer specialists free of charge. It is also made available to NTI's business and government in various suites of software that are available for purchase. The program is simple but very effective in locking the seized computer and warning the computer operator that the computer contains evidence and should not be operated. 3.3.3 Evaluate Program Functionality Depending on the application software involved, running programs to learn their purpose may be necessary. NTI's training courses make this point by exposing the students to computer applications that do more than the anticipated task. When destructive processes are discovered that are tied to relevant evidence, this can be used to prove willfulness. Such destructive processes can be tied to 'hot keys' or the execution of common operating commands tied to the operating system or applications. Before and after comparisons can be made using the File List Pro program and/or mathematical authentication programs. All these tools are included in most of NTI's suites of forensic tools
COMPUTER FORENSIC JIEMS AKKALKUWA 6 CHAPTER 4 Proposed system Adding the ability to practice sound computer forensics will help you ensure the overall integrity and survivability of your network infrastructure. You can help your organization if you consider computer forensics as a new basic element in what is known as a “defense-in-depth”1 approach to network and computer security. For instance, understanding the legal and technical aspects of computer forensics will help you capture vital information if your network is compromised and will help you prosecute the case if the intruder is caught. Two basic types of data are collected in computer forensics. (a) Persistent data (b) Volatile data. RECOVER DATA THAT YOU THOUGHT WAS LOST FOREVER:- Computers systems may crash, files may be accidentally deleted, disks may accidentally be reformatted, viruses may corrupt files, file may be accidentally overwritten, disgruntled employees may try to destroy your files. All of this can lead to loss of your critical data, but computer forensic experts should be able to employ the latest tools and techniques to recover your data.  ADVICE YOU ON HOW TO KEEP YOUR DATA AND INFORMATION SAFE FROM THEFT OR ACCIDENTAL LOSS:- Business today relies on computers. Your sensitive records and trade secrets are vulnerable to intentional attacks from, for e.g. hackers, disgruntled employees, viruses, etc. also unintentional loss of data due to accidental deletion, h/w or s/w crashes are equally threatening. Computer forensic experts can advice you on how to safeguard your data by methods such as encryption and back-up. EXAMINE A COMPUTER TO FIND OUT WHAT ITS USER HAS BEEN DOING:- Whether you’re looking for evidence in a criminal prosecution, looking for evidence in a civil suit, or determining exactly what an employee has been up to. Your computer forensics expert should be equipped to find and interpret the clues left behind.
COMPUTER FORENSIC JIEMS AKKALKUWA 7  SWEEP YOUR OFFICE FOR LISTNENING DEVICES:- There are various micro-miniature recording and transmitting devices available in todays hi-tech world. The computer forensic expert should be equipped to conduct thorough electronic countermeasure (ECM) sweeps of your premises.  HI-TECH INVESTIGATION:- The forensic expert should have the knowledge and the experience to conduct hi-tech investigations involving cellular cloning, cellular subscription fraud, s/w piracy, data or information theft, trade secrets, computer crimes, misuse of computers by employees, or any other technology issue.
COMPUTER FORENSIC JIEMS AKKALKUWA 8 CHAPTER5 Advantages:  The main task or the advantage from the computer forensic is to catch the culprit or the criminal who is involved in the crime related to the computers.  Computer Forensics deals extensively to find the evidence in order to prove the crime and the culprit behind it in a court of law. The forensics provides the organization with a support and helps them recover their loss.  The important thing and the major advantage regarding the computer forensics is the preservation of the evidence that is collected during the process. The protection of evidence can be considered as critical.  The ethicality can be considered as an advantage of the forensics in computer systems. At last the computer forensics has emerged as important part in the disaster recovery management
COMPUTER FORENSIC JIEMS AKKALKUWA 9 Disadvantages:  Must prove that there is no tampering  All evidence must be fully accounted  Computer forensics specialist must have complete knowledge of legal requirements ,evidence handlings and storage and documents procedures  If the evidence have been misplaced then it may leads to a great loss to the forensics department
COMPUTER FORENSIC JIEMS AKKALKUWA 10 CHAPTER 6 APPLICATION OF COMPUTER FORENSICS System forensics is not different from any other forensic science when it comes to application. It can be applied to any activity, where other mainstream traditional forensics such as DNA mapping is used, if there has been an involvement of a system or computer in the event. Some of the common applications of computer forensics are:-  FINANCIAL FRAUD DETECTION:- Corporate and banks can be detect financial frauds with the help of evidence collected from systems. Also, insurance companies can detect possible fraud in accident, arson, and workman’s compensation cases with the help of computer evidence.   CRIMINAL PROSECUTION:- Prosecutors can use computer evidence to establish crimes such as homicides, drug and false record-keeping, financial frauds, and child pornography in the court of law.  CIVIL LITIGATION:- Personal and business records found on the computer systems related to fraud, discrimination, and harassment cases can be used in civil litigations.  CORPORATE SECURITY POLICY AND ACCEPTABLS USE VIOLATIONS:- A lot of computer forensic work done is to support management and human resources (HR) investigations of employee abuse. Besides cyber crimes and system crimes, criminals use computers for other criminal activities. In such cases, besides the traditional forensics, system forensic investigation also plays a vital role.
COMPUTER FORENSIC JIEMS AKKALKUWA 11 CONCLUSION With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system. The computer forensic needs and challenges can be accomplished only with the cooperation of the private, public, and international sectors. All stakeholders must be more willing to exchange information on the effect economic and cyber crime has on them and the methods they are using to detect and prevent it.
COMPUTER FORENSIC JIEMS AKKALKUWA 12 Future work and scope By Steve Burgess A student asked me an interesting question today, regarding what I foresee in the field of computer Forensics in the coming years: 5, 10, & 50. Having not thought about it before, my answers surprised me a Bit. Mr. Burgess, I would like to thank you again for taking the time to speak with me. I would like to ask you another Question if you don't mind, it is regarding the future challenges and/or issues in the field of computer Forensics. In your expert opinion, how do you see it 5, 10, and 50 years from now? I am looking forward to your response. My response: An interesting question! First, let me say that I don't have an expert opinion about the future, just a personal and educated one. In my profession, I can only really have an expert opinion about stuff I've worked on and so can't have one about the future until I get my time machine fixed! .5years As for 5 years from now, I see three things continuing to advance at a rapid clip: 1: Hardware The size of storage media & memory and the speed of processors .I expect that in 5 years, computers will come standard with 5TB or more of storage and that portable media like flash drives will carry something like 250GB of data what the average hard drive was holding one or two years ago. In 5 years, computers will probably be 7 or 8 times faster. So these things will hold lots and lots more data and people will fill them up with lots &
COMPUTER FORENSIC JIEMS AKKALKUWA 13 lots more data. Therefore, each computer forensics job will require sorting through and analyzing many times more data than today 2: Computer Forensic Tools The capabilities, automated nature and cost of computer forensic tools. I expect that in 5 years, computer forensic tools will be about 5 times as fast, and twice as sophisticated. That means that even with all the additional data, the average, nonautomated job will take about the same effort as it does now. However, a lot of automated tools for collection and initial processing are starting to be released. These tools can be used by lesstrained people, so it may be that data collection and preliminary processing will be faster due to automation. I expect that the cost of computer forensic tools will not go down in relative terms. However, more Open Source forensic tools will be available for free for those willing to learn to use them. 3: Bad guys Ant forensics tools & schemes, sophistication of hackers There's always a race between how harmful software and cyber marauders Can be and the defenses against them. There is also software constantly being developed to stump investigation by erasing or scrambling traces of wrongdoing. This trend will continue accelerate and there will continue to be an uneasy balance between the two sides, with lots of collateral damage. In most cases, people will continue to forget to hide or cover all of their tracks and there will still usually be evidence to find. Ten Years. Ten years from now is much harder to predict. The field itself is not too much older than that. Everything I said for the 5year time frame will continue to be somewhat true. Tiny storage devices weighing an ounce will hold multiple Terabytes of data; hard drives or their replacements will hold Pet bytes and both kinds of devices will be very affordable. Computers themselves may be quite different than what we are used to, will probably understand human speech well and will probably be quite intelligent, speeding up the ability to use them. Because computers will be so smart, the role of the computer forensics examiner may change. Testifying experts will need to have an even more sophisticated knowledge of the software /hardware /wetware interactions and may have to specialize further.
COMPUTER FORENSIC JIEMS AKKALKUWA 14 Malware may have gotten the upper hand by then, or may not have it is very hard to say. Fifty Years Just about impossible for me to say sitting where I am right now. Computers will be much smarter than humans by then. If human computer forensics experts still testify in court, they'll be computer augmented, but then again, we probably all will be. Whatever replaces hard drives on your local device (if we have local devices) will store half a Zettabyte or more. We'll be carrying around 5 Exabyte’s in our pockets or dental fillings. That's if all storage isn't in the Cloud and is essentially unlimited. Although from where I sit, a Zettabyte seems pretty limitless. Fifty years from now, our adversarial legal system may not have changed much. On the other hand the capabilities of humans, computers, and hybrids of the two may be near unrecognizable, but still inevitable.
COMPUTER FORENSIC JIEMS AKKALKUWA 15 References  https://google.com  https://slideshare.com  https://wikipedia.com  https://studymafia.com

More Related Content

PPT
Introduction to computer forensic
Online
 
PDF
Computer forensic
ibraheem ogundele
 
PDF
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
PDF
Cyber forensics and auditing
Sweta Kumari Barnwal
 
PDF
180 184
Editor IJARCET
 
PDF
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
cscpconf
 
PPT
Codebits 2010
Tiago Henriques
 
PPTX
computer forensics
shivi123456
 
Introduction to computer forensic
Online
 
Computer forensic
ibraheem ogundele
 
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
Cyber forensics and auditing
Sweta Kumari Barnwal
 
180 184
Editor IJARCET
 
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
cscpconf
 
Codebits 2010
Tiago Henriques
 
computer forensics
shivi123456
 

What's hot (20)

PDF
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
PPTX
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
PPT
Role of a Forensic Investigator
Agape Inc
 
PPTX
Lect 1 computer forensics
Kabul Education University
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PPTX
computer forensics
Vaibhav Tapse
 
PPTX
Computer forensics
deaneal
 
PPT
Secure Computer Forensics and its tools
Kathirvel Ayyaswamy
 
PDF
Computer Forensic
Novizul Evendi
 
PDF
Ce hv6 module 57 computer forensics and incident handling
Vi Tính Hoàng Nam
 
PDF
06 Computer Image Verification and Authentication - Notes
Kranthi
 
PDF
Computer forensic
Singgih Prasetya
 
PPTX
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
PPT
Legal aspects of handling cyber frauds
Sagar Rahurkar
 
PDF
Cyber forensic readiness cybercon2012 adv j fick
Jacqueline Fick
 
DOCX
Forensics
Laura Aviles
 
PDF
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
PPTX
Computer forensics
Ramesh Ogania
 
PDF
IOT Forensic Challenges
AnukaJinadasa
 
PDF
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
Role of a Forensic Investigator
Agape Inc
 
Lect 1 computer forensics
Kabul Education University
 
Computer forensics powerpoint presentation
Somya Johri
 
computer forensics
Vaibhav Tapse
 
Computer forensics
deaneal
 
Secure Computer Forensics and its tools
Kathirvel Ayyaswamy
 
Computer Forensic
Novizul Evendi
 
Ce hv6 module 57 computer forensics and incident handling
Vi Tính Hoàng Nam
 
06 Computer Image Verification and Authentication - Notes
Kranthi
 
Computer forensic
Singgih Prasetya
 
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
Legal aspects of handling cyber frauds
Sagar Rahurkar
 
Cyber forensic readiness cybercon2012 adv j fick
Jacqueline Fick
 
Forensics
Laura Aviles
 
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
Computer forensics
Ramesh Ogania
 
IOT Forensic Challenges
AnukaJinadasa
 
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
Ad

Similar to 4.content (computer forensic) (20)

PDF
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
PDF
Computer forencis
Teja Bheemanapally
 
PDF
III year VI sem CYber forensics material
prakashv818087
 
PPT
Computer Forensics
alrawes
 
PPT
Digital forensics
Nicholas Davis
 
PPT
Digital Forensics
Nicholas Davis
 
PPT
Computer forensics
Lalit Garg
 
PDF
computerforensicppt-160201192341.pdf
Gnanavi2
 
PPTX
Computer forensic ppt
Priya Manik
 
PPTX
cyber Forensics
Muzzammil Wani
 
PPT
CF.ppt
KhusThakkar
 
PPTX
Computer forensics and its role
Sudeshna Basak
 
PDF
Computer Forensics-An Introduction of New Face to the Digital World
rahulmonikasharma
 
PPTX
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
PPTX
cyber forensics
Ambuj Kumar
 
PPT
Computer forensics 1
Jinalkakadiya
 
PPTX
Computer forensic
Shashi Mishra
 
PPT
cyber forensics - TYPES OF CYBER FORENSICS.ppt
mcjaya2024
 
PDF
Cyber Forensics Module 2
Manu Mathew Cherian
 
PPTX
Computer forensics Slides
Varun Sehgal
 
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
Computer forencis
Teja Bheemanapally
 
III year VI sem CYber forensics material
prakashv818087
 
Computer Forensics
alrawes
 
Digital forensics
Nicholas Davis
 
Digital Forensics
Nicholas Davis
 
Computer forensics
Lalit Garg
 
computerforensicppt-160201192341.pdf
Gnanavi2
 
Computer forensic ppt
Priya Manik
 
cyber Forensics
Muzzammil Wani
 
CF.ppt
KhusThakkar
 
Computer forensics and its role
Sudeshna Basak
 
Computer Forensics-An Introduction of New Face to the Digital World
rahulmonikasharma
 
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
cyber forensics
Ambuj Kumar
 
Computer forensics 1
Jinalkakadiya
 
Computer forensic
Shashi Mishra
 
cyber forensics - TYPES OF CYBER FORENSICS.ppt
mcjaya2024
 
Cyber Forensics Module 2
Manu Mathew Cherian
 
Computer forensics Slides
Varun Sehgal
 
Ad

More from JIEMS Akkalkuwa (20)

PDF
4.report (gi fi technology)
JIEMS Akkalkuwa
 
PDF
3.acknowledgement (gi fi technology)
JIEMS Akkalkuwa
 
PDF
2.index (gi fi technology)
JIEMS Akkalkuwa
 
PDF
1.frontpage (gi fi technology)
JIEMS Akkalkuwa
 
PDF
4 (data security in local network using)
JIEMS Akkalkuwa
 
PDF
3 (data security in local network using)
JIEMS Akkalkuwa
 
PDF
2 (data security in local network using)
JIEMS Akkalkuwa
 
PDF
1 (data security in local network using)
JIEMS Akkalkuwa
 
PDF
4.report (biometric security system)
JIEMS Akkalkuwa
 
PDF
3.abstact (biometric security system)
JIEMS Akkalkuwa
 
PDF
2.index (biometric security system)
JIEMS Akkalkuwa
 
PDF
1.front page (biometric security system)
JIEMS Akkalkuwa
 
PDF
4 (mobile computing)
JIEMS Akkalkuwa
 
PDF
3 (mobile computing)
JIEMS Akkalkuwa
 
PDF
2 (mobile computing)
JIEMS Akkalkuwa
 
PDF
1 (mobile computing)
JIEMS Akkalkuwa
 
PDF
4.content (stenography)
JIEMS Akkalkuwa
 
PDF
3.abstract (stenography)
JIEMS Akkalkuwa
 
PDF
2.index (stenography)
JIEMS Akkalkuwa
 
PDF
1.front (stenography)
JIEMS Akkalkuwa
 
4.report (gi fi technology)
JIEMS Akkalkuwa
 
3.acknowledgement (gi fi technology)
JIEMS Akkalkuwa
 
2.index (gi fi technology)
JIEMS Akkalkuwa
 
1.frontpage (gi fi technology)
JIEMS Akkalkuwa
 
4 (data security in local network using)
JIEMS Akkalkuwa
 
3 (data security in local network using)
JIEMS Akkalkuwa
 
2 (data security in local network using)
JIEMS Akkalkuwa
 
1 (data security in local network using)
JIEMS Akkalkuwa
 
4.report (biometric security system)
JIEMS Akkalkuwa
 
3.abstact (biometric security system)
JIEMS Akkalkuwa
 
2.index (biometric security system)
JIEMS Akkalkuwa
 
1.front page (biometric security system)
JIEMS Akkalkuwa
 
4 (mobile computing)
JIEMS Akkalkuwa
 
3 (mobile computing)
JIEMS Akkalkuwa
 
2 (mobile computing)
JIEMS Akkalkuwa
 
1 (mobile computing)
JIEMS Akkalkuwa
 
4.content (stenography)
JIEMS Akkalkuwa
 
3.abstract (stenography)
JIEMS Akkalkuwa
 
2.index (stenography)
JIEMS Akkalkuwa
 
1.front (stenography)
JIEMS Akkalkuwa
 

Recently uploaded (20)

PDF
Well-logging-methods_new................
ZafriFarid
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPT
introduction to datamining and warehousing
ssuser4ab3a2
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PPTX
web development for engineering and engineering
keshriji700
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPT
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
Well-logging-methods_new................
ZafriFarid
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
introduction to datamining and warehousing
ssuser4ab3a2
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
web development for engineering and engineering
keshriji700
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Project quality management in manufacturing
BarMusaTetik
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 

4.content (computer forensic)

  • 1. COMPUTER FORENSIC JIEMS AKKALKUWA 1 CHAPTER 1 INTRODUCTION Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.
  • 2. COMPUTER FORENSIC JIEMS AKKALKUWA 2 1.1 WHAT IS COMPUTER FORENSICS? Computer forensics is simply the application of disciplined investigative techniques in the automated environment and the search, discovery, and analysis of potential evidence. It is the method used to investigate and analyze data maintained on or retrieved from electronic data storage media for the purposes of presentation in a court of law, civil or administrative proceeding. Evidence may be sought in a wide range of computer crime or misuse cases. Computer forensics is rapidly becoming a science recognized on a par with other forensic sciences by the legal and law enforcement communities. As this trend continues, it will become even more important to handle and examine computer evidence properly. Not every department or organization has the resources to have trained computer forensic specialists on staff. 1.2 History of Computer Forensics Michael Anderson  Father of computer forensics  Special agent with IRS Meeting in 1988 (Portland, Oregon)  Creation of IACIS, the International Association of Computer Investigative Specialists  The first Seized Computer Evidence Recovery Specialists (SCERS) classes held
  • 3. COMPUTER FORENSIC JIEMS AKKALKUWA 3 CHAPTER 2 Literature Survey Several criminal activities are being committed nowadays such as cyber terrorism, internet fraud, viruses, illegal downloads, falsification of document, child pornography, counterfeiting, economic espionage, benefit fraud, human resources/employment proceedings just to mention a few. As such, there is need for necessary legislation to help prosecute the perpetrators of these crimes. This is where the skills of a forensic expert come in to help build indisputable evidence against them. If the computer and its contents are examined by anyone other than a trained and experienced computer forensics specialist, the usefulness and credibility of that evidence will be tainted(Vacca , 2005). A highly skilled computer forensic analyst is someone who understands the discipline as well as understands the use of computer forensic tools. Network forensic investigators on the other hand uses log files to determine when users logged on and they also try to determine which URL’s users accessed, how they logged on to the network and from what location. In special cases, forensic experts use electron microscopes and other sophisticated equipments to retrieve information from machines that have been damage or formatted. The use of this method can be very capital intensive which may sometime exceed $20000. (Bill Nelson et al, 2008)A survey recently conducted reveals that both public and private agencies face serious threats from external and internal sources. (Computer Crime and Security Survey, 2003)There are three things to take into consideration when carrying out computer forensic. A computer can be the target of the crime, it can be the instrument of the crime or it can serve as an evidence repository storing valuable information about the crime. Knowing what role the computer played in the crime can of tremendous help when searching for evidence. This knowledge can also help reduce the time taken to package your evidence.
  • 4. COMPUTER FORENSIC JIEMS AKKALKUWA 4 CHAPTER 3 Existing System FIG 3.1: VOGON FORENSIC SERVICES 3.3.1 Document the Hardware Configuration of the System It is assumed that the computer system will be moved to a secure location where a proper chain of custody can be maintained and the processing of evidence can begin. Before dismantling the computer, it is important that pictures are taken of the computer from all angles to document the system hardware components and how they are connected. Labeling each wire is also important so that the original computer configuration can be restored. Computer evidence should ideally be processed in a computer hardware environment that is identical to the original hardware configuration.
  • 5. COMPUTER FORENSIC JIEMS AKKALKUWA 5 3.3.2 Transport the Computer System to a Secure Location This may seem basic but all too often seized evidence computers are stored in less than secure locations. It is imperative that the subject computer is treated as evidence and it should be stored out of reach of curious computer users. All too often, individuals operate seized computers without knowing that they are destroying potential computer evidence and the chain of custody. Furthermore, a seized computer left unintended can easily be compromised. Evidence can be planted on it and crucial evidence can be intentionally destroyed. A lack of a proper chain of custody can 'make the day' for a savvy defense attorney. Lacking a proper chain of custody, how can you say that relevant evidence was not planted on the computer after the seizure? The answer is that you cannot. Do not leave the computer unattended unless it is locked in a secure location! NTI provides a program named Seized to law enforcement computer specialists free of charge. It is also made available to NTI's business and government in various suites of software that are available for purchase. The program is simple but very effective in locking the seized computer and warning the computer operator that the computer contains evidence and should not be operated. 3.3.3 Evaluate Program Functionality Depending on the application software involved, running programs to learn their purpose may be necessary. NTI's training courses make this point by exposing the students to computer applications that do more than the anticipated task. When destructive processes are discovered that are tied to relevant evidence, this can be used to prove willfulness. Such destructive processes can be tied to 'hot keys' or the execution of common operating commands tied to the operating system or applications. Before and after comparisons can be made using the File List Pro program and/or mathematical authentication programs. All these tools are included in most of NTI's suites of forensic tools
  • 6. COMPUTER FORENSIC JIEMS AKKALKUWA 6 CHAPTER 4 Proposed system Adding the ability to practice sound computer forensics will help you ensure the overall integrity and survivability of your network infrastructure. You can help your organization if you consider computer forensics as a new basic element in what is known as a “defense-in-depth”1 approach to network and computer security. For instance, understanding the legal and technical aspects of computer forensics will help you capture vital information if your network is compromised and will help you prosecute the case if the intruder is caught. Two basic types of data are collected in computer forensics. (a) Persistent data (b) Volatile data. RECOVER DATA THAT YOU THOUGHT WAS LOST FOREVER:- Computers systems may crash, files may be accidentally deleted, disks may accidentally be reformatted, viruses may corrupt files, file may be accidentally overwritten, disgruntled employees may try to destroy your files. All of this can lead to loss of your critical data, but computer forensic experts should be able to employ the latest tools and techniques to recover your data.  ADVICE YOU ON HOW TO KEEP YOUR DATA AND INFORMATION SAFE FROM THEFT OR ACCIDENTAL LOSS:- Business today relies on computers. Your sensitive records and trade secrets are vulnerable to intentional attacks from, for e.g. hackers, disgruntled employees, viruses, etc. also unintentional loss of data due to accidental deletion, h/w or s/w crashes are equally threatening. Computer forensic experts can advice you on how to safeguard your data by methods such as encryption and back-up. EXAMINE A COMPUTER TO FIND OUT WHAT ITS USER HAS BEEN DOING:- Whether you’re looking for evidence in a criminal prosecution, looking for evidence in a civil suit, or determining exactly what an employee has been up to. Your computer forensics expert should be equipped to find and interpret the clues left behind.
  • 7. COMPUTER FORENSIC JIEMS AKKALKUWA 7  SWEEP YOUR OFFICE FOR LISTNENING DEVICES:- There are various micro-miniature recording and transmitting devices available in todays hi-tech world. The computer forensic expert should be equipped to conduct thorough electronic countermeasure (ECM) sweeps of your premises.  HI-TECH INVESTIGATION:- The forensic expert should have the knowledge and the experience to conduct hi-tech investigations involving cellular cloning, cellular subscription fraud, s/w piracy, data or information theft, trade secrets, computer crimes, misuse of computers by employees, or any other technology issue.
  • 8. COMPUTER FORENSIC JIEMS AKKALKUWA 8 CHAPTER5 Advantages:  The main task or the advantage from the computer forensic is to catch the culprit or the criminal who is involved in the crime related to the computers.  Computer Forensics deals extensively to find the evidence in order to prove the crime and the culprit behind it in a court of law. The forensics provides the organization with a support and helps them recover their loss.  The important thing and the major advantage regarding the computer forensics is the preservation of the evidence that is collected during the process. The protection of evidence can be considered as critical.  The ethicality can be considered as an advantage of the forensics in computer systems. At last the computer forensics has emerged as important part in the disaster recovery management
  • 9. COMPUTER FORENSIC JIEMS AKKALKUWA 9 Disadvantages:  Must prove that there is no tampering  All evidence must be fully accounted  Computer forensics specialist must have complete knowledge of legal requirements ,evidence handlings and storage and documents procedures  If the evidence have been misplaced then it may leads to a great loss to the forensics department
  • 10. COMPUTER FORENSIC JIEMS AKKALKUWA 10 CHAPTER 6 APPLICATION OF COMPUTER FORENSICS System forensics is not different from any other forensic science when it comes to application. It can be applied to any activity, where other mainstream traditional forensics such as DNA mapping is used, if there has been an involvement of a system or computer in the event. Some of the common applications of computer forensics are:-  FINANCIAL FRAUD DETECTION:- Corporate and banks can be detect financial frauds with the help of evidence collected from systems. Also, insurance companies can detect possible fraud in accident, arson, and workman’s compensation cases with the help of computer evidence.   CRIMINAL PROSECUTION:- Prosecutors can use computer evidence to establish crimes such as homicides, drug and false record-keeping, financial frauds, and child pornography in the court of law.  CIVIL LITIGATION:- Personal and business records found on the computer systems related to fraud, discrimination, and harassment cases can be used in civil litigations.  CORPORATE SECURITY POLICY AND ACCEPTABLS USE VIOLATIONS:- A lot of computer forensic work done is to support management and human resources (HR) investigations of employee abuse. Besides cyber crimes and system crimes, criminals use computers for other criminal activities. In such cases, besides the traditional forensics, system forensic investigation also plays a vital role.
  • 11. COMPUTER FORENSIC JIEMS AKKALKUWA 11 CONCLUSION With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system. The computer forensic needs and challenges can be accomplished only with the cooperation of the private, public, and international sectors. All stakeholders must be more willing to exchange information on the effect economic and cyber crime has on them and the methods they are using to detect and prevent it.
  • 12. COMPUTER FORENSIC JIEMS AKKALKUWA 12 Future work and scope By Steve Burgess A student asked me an interesting question today, regarding what I foresee in the field of computer Forensics in the coming years: 5, 10, & 50. Having not thought about it before, my answers surprised me a Bit. Mr. Burgess, I would like to thank you again for taking the time to speak with me. I would like to ask you another Question if you don't mind, it is regarding the future challenges and/or issues in the field of computer Forensics. In your expert opinion, how do you see it 5, 10, and 50 years from now? I am looking forward to your response. My response: An interesting question! First, let me say that I don't have an expert opinion about the future, just a personal and educated one. In my profession, I can only really have an expert opinion about stuff I've worked on and so can't have one about the future until I get my time machine fixed! .5years As for 5 years from now, I see three things continuing to advance at a rapid clip: 1: Hardware The size of storage media & memory and the speed of processors .I expect that in 5 years, computers will come standard with 5TB or more of storage and that portable media like flash drives will carry something like 250GB of data what the average hard drive was holding one or two years ago. In 5 years, computers will probably be 7 or 8 times faster. So these things will hold lots and lots more data and people will fill them up with lots &
  • 13. COMPUTER FORENSIC JIEMS AKKALKUWA 13 lots more data. Therefore, each computer forensics job will require sorting through and analyzing many times more data than today 2: Computer Forensic Tools The capabilities, automated nature and cost of computer forensic tools. I expect that in 5 years, computer forensic tools will be about 5 times as fast, and twice as sophisticated. That means that even with all the additional data, the average, nonautomated job will take about the same effort as it does now. However, a lot of automated tools for collection and initial processing are starting to be released. These tools can be used by lesstrained people, so it may be that data collection and preliminary processing will be faster due to automation. I expect that the cost of computer forensic tools will not go down in relative terms. However, more Open Source forensic tools will be available for free for those willing to learn to use them. 3: Bad guys Ant forensics tools & schemes, sophistication of hackers There's always a race between how harmful software and cyber marauders Can be and the defenses against them. There is also software constantly being developed to stump investigation by erasing or scrambling traces of wrongdoing. This trend will continue accelerate and there will continue to be an uneasy balance between the two sides, with lots of collateral damage. In most cases, people will continue to forget to hide or cover all of their tracks and there will still usually be evidence to find. Ten Years. Ten years from now is much harder to predict. The field itself is not too much older than that. Everything I said for the 5year time frame will continue to be somewhat true. Tiny storage devices weighing an ounce will hold multiple Terabytes of data; hard drives or their replacements will hold Pet bytes and both kinds of devices will be very affordable. Computers themselves may be quite different than what we are used to, will probably understand human speech well and will probably be quite intelligent, speeding up the ability to use them. Because computers will be so smart, the role of the computer forensics examiner may change. Testifying experts will need to have an even more sophisticated knowledge of the software /hardware /wetware interactions and may have to specialize further.
  • 14. COMPUTER FORENSIC JIEMS AKKALKUWA 14 Malware may have gotten the upper hand by then, or may not have it is very hard to say. Fifty Years Just about impossible for me to say sitting where I am right now. Computers will be much smarter than humans by then. If human computer forensics experts still testify in court, they'll be computer augmented, but then again, we probably all will be. Whatever replaces hard drives on your local device (if we have local devices) will store half a Zettabyte or more. We'll be carrying around 5 Exabyte’s in our pockets or dental fillings. That's if all storage isn't in the Cloud and is essentially unlimited. Although from where I sit, a Zettabyte seems pretty limitless. Fifty years from now, our adversarial legal system may not have changed much. On the other hand the capabilities of humans, computers, and hybrids of the two may be near unrecognizable, but still inevitable.
  • 15. COMPUTER FORENSIC JIEMS AKKALKUWA 15 References  https://google.com  https://slideshare.com  https://wikipedia.com  https://studymafia.com