SlideShare a Scribd company logo

Computer forensics and investigation module 1 topic 2

N
Neha Raju k

This document discusses the rules of computer forensics and types of computer forensic evidence. It outlines three main rules for computer forensic processes: rules for admissibility of evidence which requires evidence be relevant, identifiable, and authentic; rules for chain of custody which tracks who accessed evidence and when; and rules for evidence integrity which ensures evidence is not altered through techniques like hashing. The document also notes that computer forensic investigations follow a methodology to collect, preserve, and analyze potential evidence from various digital sources like hard drives, RAM, emails, and web histories.

Education
1 of 12
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
Computer Forensics And Investigation Module 1:Understand the importance of computer forensics Topic2:Rules of Computer Forensics, Computer Forensic Evidence By, Neha Raju K Assistant Professor BCA-Cloud Technology and Information Security Management
Contents Rules of Computer Forensics Computer Forensics Evidence
Rules of Computer Forensics • There are various rules employed during and after the forensic examination Process. Some of the most common rules are categorised as follows: • Rules for admissibility of evidences • Rules for Chain of custody • Rules for Evidence Integrity
1.Rules for Admissibility of Evidences • Rule 1: To be admissible in the court of law, all evidences must be relevant to the case in question. • Rule 2: To be identifiable and authentic, all evidences must be sufficient to support a claim, illustrative, self-authentication (without extrinsic evidences) such as public records, govt.official docs and govt.certified records with seal.
2.Rules for Chain of Custody • The chain of custody is important to the investigation process because it is the first step when authenticating digital audio and video evidence. • Identifying this chain of custody provides information about whether or not this evidence has been copied or cloned. • The chain of custody document contain the following information. 1.Who seized the evidence : Name, designation, e-mail,phone number,etc. 2.When the evidence was seized: Actual time and date, the system CMOS date and time . 3.Physical description of the evidence item: serial no,tag,make and model, etc.
3.Rules for Evidence Integrity • To ensure that the evidence is not altered, various methods are employed. Some of these are: 1)Bit by bit copy 2)Evidence is locked in safe and limited access cabinets called safes,or vaults. 3)The use of crypto graphic hashes like MD5,SHA1,SHA2,etc. to ensure the integrity of the original evidence media. 4)The use of write blocker to protect the evidence from modification. 5)To create and maintain chain of custody documents.
Computer Forensics Evidence
• Computer forensics investigation is an organised process just like any other traditional law enforcement investigation. • Specially trained forensics investigators follow specific computer forensics methodology. • Evidence must be relevant to a case in question and sufficient enough to prove a point.
Where can we find evidence? • During investigations, we need to collect ,preserve and analyse computer hard drives and media such as USB drives,floppy disks,zip drives and optical media like CDs and DVDs. • Data that is not found on the disk can be found in the RAM. • The information that is found in memory includes the user ids and passwords,encryption keys,chat sessions,unencrpted data,emails,unsaved documents,hidden code such as rootkits,registry information and other critical evidence. • This data can provide related information about the target’s activity on the computer.
• Evidence may be stored in 1)CDs/DVDs 2)Hard Disk Media 3)USB drives 4)Memory Cards 5)Text messages 6)Phone Records 7)E-mails 8)Digital images 9)Various application records 10)web-sites 11)Browser history
Conclusion • There are various rules employed during and after the forensic examination Process. • Evidences are not only related to eyewitness,Blood DNA etc. Digital evidences also make a big impact on the case.
THANK YOU

More Related Content

PDF
Computer forensics and Investigation
Neha Raju k
 
PDF
Information security fundamentals topic 2: Evolution of Information security
Neha Raju k
 
PPTX
Digital forensics
dentpress
 
PPTX
CYBERFORENSICS
Dr. Prashant Vats
 
PPTX
Computer crimes and forensics
Avinash Mavuru
 
PPTX
Digital&computforensic
Rahul Badekar
 
PPT
Chap 1 general introduction to computer forensics
Malobe Lottin Cyrille Marcel
 
PPTX
Chap 2 computer forensics investigation
Malobe Lottin Cyrille Marcel
 
Computer forensics and Investigation
Neha Raju k
 
Information security fundamentals topic 2: Evolution of Information security
Neha Raju k
 
Digital forensics
dentpress
 
CYBERFORENSICS
Dr. Prashant Vats
 
Computer crimes and forensics
Avinash Mavuru
 
Digital&computforensic
Rahul Badekar
 
Chap 1 general introduction to computer forensics
Malobe Lottin Cyrille Marcel
 
Chap 2 computer forensics investigation
Malobe Lottin Cyrille Marcel
 

What's hot (20)

PPTX
Digital forensics
Roberto Ellis
 
PPTX
Digital investigation
unnilala11
 
PPTX
Module 8 security and ethical challenges
CRM
 
PPTX
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
FORnSECSolutions
 
PPTX
Computer forensic
bhavithd
 
PPTX
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
John Intindolo
 
PPTX
Digital forensics by vimal priya.s
S. VIMAL PRIYA
 
PPTX
Cyber evidence at crime scene
Applied Forensic Research Sciences
 
KEY
Computer crime hacking
tangytangling
 
PPTX
Cyber Security
Muktadir Shoaib
 
PDF
Digital Crime & Forensics - Report
prashant3535
 
PPTX
Computer forensics
Boun Yadyok
 
PPTX
Lect 5 computer forensics
Kabul Education University
 
PPT
Hacking
thajmohammed
 
PPTX
computer forensics
shivi123456
 
PPTX
PPIT Lecture 1
Kashif Sohail
 
PDF
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Katedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
PPTX
what is cyber crime and how it started
Navjyotsinh Jadeja
 
PPTX
Lect 6 computer forensics
Kabul Education University
 
PPTX
IT Ethics
Keith Putnam
 
Digital forensics
Roberto Ellis
 
Digital investigation
unnilala11
 
Module 8 security and ethical challenges
CRM
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
FORnSECSolutions
 
Computer forensic
bhavithd
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
John Intindolo
 
Digital forensics by vimal priya.s
S. VIMAL PRIYA
 
Cyber evidence at crime scene
Applied Forensic Research Sciences
 
Computer crime hacking
tangytangling
 
Cyber Security
Muktadir Shoaib
 
Digital Crime & Forensics - Report
prashant3535
 
Computer forensics
Boun Yadyok
 
Lect 5 computer forensics
Kabul Education University
 
Hacking
thajmohammed
 
computer forensics
shivi123456
 
PPIT Lecture 1
Kashif Sohail
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Katedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
what is cyber crime and how it started
Navjyotsinh Jadeja
 
Lect 6 computer forensics
Kabul Education University
 
IT Ethics
Keith Putnam
 
Ad

Similar to Computer forensics and investigation module 1 topic 2 (20)

PPTX
ppt for Module 5 cybersecuirty_023501.pptx
MayuraD1
 
PPTX
unit 5 understanding computer forensics.pptx
Dimple Relekar
 
PPTX
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
PPTX
Introduction to computer forensics in IT society
norhasiahakhir1
 
PPTX
Computer Forensics.pptx
Happyness Mkumbo
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
PDF
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
PDF
Cyber Forensics training by Forensic Academy
Forensic Academy
 
PPTX
computer forensics
Amit Singh
 
PPTX
Computer Forensics (1).pptx
Gautam708801
 
PPTX
Computer Forensics
One97 Communications Limited
 
DOCX
Ethical Hacking And Computer Forensics
ShanaAneevan
 
PPTX
computer forensics by amritanshu kaushik
amritanshu4u
 
PDF
computerforensicsppt-111006063922-phpapp01.pdf
Gnanavi2
 
PPTX
Computer forensics and its role
Sudeshna Basak
 
PPT
Computer Forensics
alrawes
 
PDF
Cyber forensics and auditing
Sweta Kumari Barnwal
 
PPTX
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
satyabwati
 
PPTX
Computer forensic
Shashi Mishra
 
ppt for Module 5 cybersecuirty_023501.pptx
MayuraD1
 
unit 5 understanding computer forensics.pptx
Dimple Relekar
 
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Introduction to computer forensics in IT society
norhasiahakhir1
 
Computer Forensics.pptx
Happyness Mkumbo
 
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
Cyber Forensics training by Forensic Academy
Forensic Academy
 
computer forensics
Amit Singh
 
Computer Forensics (1).pptx
Gautam708801
 
Computer Forensics
One97 Communications Limited
 
Ethical Hacking And Computer Forensics
ShanaAneevan
 
computer forensics by amritanshu kaushik
amritanshu4u
 
computerforensicsppt-111006063922-phpapp01.pdf
Gnanavi2
 
Computer forensics and its role
Sudeshna Basak
 
Computer Forensics
alrawes
 
Cyber forensics and auditing
Sweta Kumari Barnwal
 
Akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02
satyabwati
 
Computer forensic
Shashi Mishra
 
Ad

Recently uploaded (20)

PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Pre independence Education in Inndia.pdf
goofy5603
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
master seminar digital applications in india
ananyaray35
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 

Computer forensics and investigation module 1 topic 2

  • 1. Computer Forensics And Investigation Module 1:Understand the importance of computer forensics Topic2:Rules of Computer Forensics, Computer Forensic Evidence By, Neha Raju K Assistant Professor BCA-Cloud Technology and Information Security Management
  • 2. Contents Rules of Computer Forensics Computer Forensics Evidence
  • 3. Rules of Computer Forensics • There are various rules employed during and after the forensic examination Process. Some of the most common rules are categorised as follows: • Rules for admissibility of evidences • Rules for Chain of custody • Rules for Evidence Integrity
  • 4. 1.Rules for Admissibility of Evidences • Rule 1: To be admissible in the court of law, all evidences must be relevant to the case in question. • Rule 2: To be identifiable and authentic, all evidences must be sufficient to support a claim, illustrative, self-authentication (without extrinsic evidences) such as public records, govt.official docs and govt.certified records with seal.
  • 5. 2.Rules for Chain of Custody • The chain of custody is important to the investigation process because it is the first step when authenticating digital audio and video evidence. • Identifying this chain of custody provides information about whether or not this evidence has been copied or cloned. • The chain of custody document contain the following information. 1.Who seized the evidence : Name, designation, e-mail,phone number,etc. 2.When the evidence was seized: Actual time and date, the system CMOS date and time . 3.Physical description of the evidence item: serial no,tag,make and model, etc.
  • 6. 3.Rules for Evidence Integrity • To ensure that the evidence is not altered, various methods are employed. Some of these are: 1)Bit by bit copy 2)Evidence is locked in safe and limited access cabinets called safes,or vaults. 3)The use of crypto graphic hashes like MD5,SHA1,SHA2,etc. to ensure the integrity of the original evidence media. 4)The use of write blocker to protect the evidence from modification. 5)To create and maintain chain of custody documents.
  • 8. • Computer forensics investigation is an organised process just like any other traditional law enforcement investigation. • Specially trained forensics investigators follow specific computer forensics methodology. • Evidence must be relevant to a case in question and sufficient enough to prove a point.
  • 9. Where can we find evidence? • During investigations, we need to collect ,preserve and analyse computer hard drives and media such as USB drives,floppy disks,zip drives and optical media like CDs and DVDs. • Data that is not found on the disk can be found in the RAM. • The information that is found in memory includes the user ids and passwords,encryption keys,chat sessions,unencrpted data,emails,unsaved documents,hidden code such as rootkits,registry information and other critical evidence. • This data can provide related information about the target’s activity on the computer.
  • 10. • Evidence may be stored in 1)CDs/DVDs 2)Hard Disk Media 3)USB drives 4)Memory Cards 5)Text messages 6)Phone Records 7)E-mails 8)Digital images 9)Various application records 10)web-sites 11)Browser history
  • 11. Conclusion • There are various rules employed during and after the forensic examination Process. • Evidences are not only related to eyewitness,Blood DNA etc. Digital evidences also make a big impact on the case.