Computer forensics Slides
Download as PPTX, PDF3 likes685 views
This document provides an overview of computer forensics. It defines computer forensics as identifying, preserving, analyzing and presenting digital evidence in a legally acceptable manner. The objective is to find evidence related to cyber crimes. Computer forensics has a history in investigating financial fraud, such as the Enron case. It describes the types of digital evidence, tools used, and steps involved in computer forensic investigations. Key points are avoiding altering metadata and overwriting unallocated space when collecting evidence.
Computer forensics Slides
- 2. Index Computer Forensics & it’s objective. Why Computer Forensics? History of Computer Forensics. Who uses computer forensics? Digital Evidences & it’s types. Computer Forensics Algorithm. What shouldn’t be done during Investigation? Computer Forensics Tools. Computer Forensics Applications. Advantages of Computer Forensics. Disadvantages of Computer Forensics. Conclusions.
- 3. What is Computer Forensics? “Computer Forensics is the process of identifying, preserving, analyzing and presenting the digital evidence in such a manner that the evidences are legally acceptable”.
- 4. Objective of Computer Forensics The main objective is to find the criminal which is directly or indirectly related to cyber world. To find out the digital evidences. Presenting evidences in a manner that leads to legal action of the criminal.
- 5. Why Computer Forensics? Employee internet abuse. Unauthorized disclosure of corporate information. Industrial espionage. Damage assessment. Criminal fraud and deception cases. Countless others!
- 6. History of Computer Forensics Bankruptcy in Enron in December 2001. Hundreds of employees were left jobless while some executives seemed to benefit from the company's collapse. The United States Congress decided to investigate and a specialized detective force began to search through hundreds of Enron employee computers using computer forensics.
- 7. WHO USES COMPUTER FORENSICS? Criminal Prosecutors - Rely on evidence obtained from a computer to prosecute suspects and use as evidence. Civil Litigations - Personal and business data discovered on a computer can be used in fraud, harassment, or discrimination cases.
- 8. DIGITAL EVIDENCES “Any data that is recorded or preserved on any medium in or by a computer system or other similar device, that can be read or understand by a person or a computer system or other similar device”.
- 9. TYPE OF DIGITAL EVIDENCES PERSISTANT DATA- Data that remains unaffected when the computer is turned off. Example- Hard Drives & storage media. VOLATILE DATA- Data that would be lost if the computer is turned off. Example-Deleted files, computer history, the computer's registry, temporary files and web browsing history.
- 10. RULES FOR DIGITAL EVIDENCES Admissible-Must be able to be used in court or elsewhere. Authentic-Evidence must be relevant to the case. Complete-Must not lack any information. Reliable-No question about authenticity. Believable-Clear, easy to understand, and believable by a jury.
- 11. Steps of Collection of Evidence Find the evidence; where is it stored. Find relevant data – recovery. Create order of volatility. Collect evidence – use tools. Good documentation of all the actions.
- 12. Algorithm Cross-Drive Analysis Algorithm -> Correlates information found on multiple hard drives. -> Identify social networks & perform anomaly detection. -> Still being researched. Live Analysis Algorithm -> Examine computers from within the operating system. -> Use custom forensics tools to extract various evidence. -> Useful when dealing with Encrypting File Systems.
- 13. Steps of Investigation in Live Analysis Acquisition: Physically or remotely obtaining possession of the computer and external physical storage devices. Identification: This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites.
- 14. Contd. Evaluation: Evaluating the data recovered to determine if and how it could be used again the suspect for prosecution in court. Presentation: Presentation of evidence discovered in a manner which is understood by lawyers, non- technically staff/management, and suitable as evidence as determined by laws.
- 15. What not to be done during investigation? Avoid changing date/time stamps (of files for example)or changing data itself. Overwriting of unallocated space (which can happen on re-boot for example).
- 16. Computer Forensics Tools Disk imaging software. Hashing tools. File recovery programs. Encryption decoding software. Password cracking software.
- 17. COMPUTER FORENSICS APPLICATION Financial fraud detection. Corporate security policy. Criminal prosecution.
- 18. SKILLLS REQUIRED FOR COMPUTER FORENSICS Proper knowledge of computer. Strong computer science fundamentals. Strong system administrative skills. Knowledge of the latest forensic tools.
- 19. Advantages Digital Forensics help to protect from and solve cases involving: Theft of intellectual property- This is related to any act that allows access to customer data and any confidential information. Financial Fraud- This is related to anything that uses fraudulent purchase of victims information to conduct fraudulent transactions.
- 20. Disadvantages Digital evidence accepted into court must prove that there is no tampering. Costs- producing electronic records & preserving them is extremely costly. Legal practitioners must have extensive computer knowledge.
- 21. Conclusion This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.
- 22. Thank You