SlideShare a Scribd company logo

Latihan4 comp-forensic-bab3

Download as PPT, PDF
S
sabtolinux

Computer forensic investigation involves collecting, examining, and analyzing digital evidence for legal cases or corporate inquiries. It includes developing policies and procedures for the computer forensic unit, such as case management and evidence handling. When investigating a potential company policy violation, the company must inform employees of relevant policies and enforce them to prevent wasted resources. Proper legal considerations are important before starting an investigation to ensure compliance with relevant statutes. A 10-step process for preparing for a computer forensic investigation includes securing relevant media, obtaining identifying information, maintaining a chain of custody, and creating search keywords.

Technology
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
Computer Investigation Process Presented By Sabto Prabowo
What is Computer Investigation Process? how to search for and collect evidence that can be used in a legal case or for a corporate inquiry, how to examine and analyze this evidence, and other matters related to forensic cases.
Policy and Procedure Development - A mission statement - The personnel requirements for the computer forensic unit - Administrative considerations - Submission and retrieval of computer forensic service requests - Implementation of case-management procedures - Handling of evidence - Development of case-processing procedures - Development of technical procedures
Investigating a Company Policy Violation Implementing and Enforcing Company Policy To effectively implement such policies, the company needs to inform each employee of the company policy. Employees who use company resources such as Internet or computer systems for personal use not only violate company policies but also waste resources, time, and money.
Before Starting the Investigation Legal Considerations Some important legal points an investigator should keep in mind are: • Ensuring the scope of the search • Checking for possible issues related to the federal statutes applicable (such as the Electronic Communications Privacy Act of 1986 [ECPA] and the Cable Communications Policy Act [CCPA], both as amended by the USA PATRIOT Act of 2001, and the Privacy Protection Act of 1980 [PPA]), state statutes, and local policies and laws
10 Steps to Prepare for a Computer Forensic Investigation 1. Do not turn the computer off or on, run any programs, or attempt to access data on the computer. An expert will have the appropriate tools and experience to prevent data overwriting, damage from static electricity, or other concerns. 2. Secure any relevant media—including hard drives, laptops, BlackBerrys, PDAs, cell phones, CDROMs, DVDs, USB drives, and MP3 players—the subject may have used. 3. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at the time of the issue.
10 Steps to Prepare for a Computer Forensic Investigation 4. Identify the type of data you are seeking, the information you are looking for, and the urgency level of the examination. 5. Once the machine is secured, obtain information about the machine, the peripherals, and the network to which it is connected. 6. If possible, obtain passwords to access encrypted or password-protected files. 7. Compile a list of names, e-mail addresses, and other identifying information about those with whom the subject might have communicated.
10 Steps to Prepare for a Computer Forensic Investigation 8. If the computer is accessed before the forensic expert is able to secure a mirror image, note the user(s) who accessed it, what files they accessed, and when the access occurred. If possible, find out why the computer was accessed. 9. Maintain a chain of custody for each piece of original media, indicating where the media has been, whose possession it has been in, and the reason for that possession. 10. Create a list of key words or phrases to use when searching for relevant data.
Collecting The Evidence - Obtaining a search warrant - Preparing for searched - Searches for warrant - Performing a Preliminary Assessment - Examining and Collecting Evidence - Acquiring the Subject Evidence - Methods of Collecting Evidence - Securing the Computer Evidence - Processing Location Assessment - Chain-of-Evidence Form
Examining the Digital Evidence - Understanding Bit-Stream Copies - Imaging - Making a Bit-Stream Copy Using MS-DOS - Acquiring a Bit-Stream Copy of a Floppy Disk Using Image - Making a Bit-Stream Copy of Evidence Using Image - Write Protection - Evidence Assessment
Examining the Digital Evidence - Evidence Examination - Analysis of Extracted Data - Time-Frame Analysis - Data-Hiding Analysis - Application and File Analysis - Ownership and Possession - Documenting and Reporting - The Final Report
THANKS FOR YOUR ATTENTION!

More Related Content

PPTX
computer forensics
shivi123456
 
PDF
Computer Forensic
Novizul Evendi
 
PPT
Codebits 2010
Tiago Henriques
 
PPTX
Computer forensics
Ramesh Ogania
 
PPTX
Lect 3 Computer Forensics
Kabul Education University
 
PDF
Computer forensic
Singgih Prasetya
 
PPTX
computer forensics
Vaibhav Tapse
 
PPTX
cyber Forensics
Muzzammil Wani
 
computer forensics
shivi123456
 
Computer Forensic
Novizul Evendi
 
Codebits 2010
Tiago Henriques
 
Computer forensics
Ramesh Ogania
 
Lect 3 Computer Forensics
Kabul Education University
 
Computer forensic
Singgih Prasetya
 
computer forensics
Vaibhav Tapse
 
cyber Forensics
Muzzammil Wani
 

What's hot (20)

PDF
Computer Forensics: You can run but you can't hide
Antonio Sanz Alcober
 
PPT
Computer Forensics
Neilg42
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PDF
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
PPTX
Lect 5 computer forensics
Kabul Education University
 
PPTX
Computer Forensics
Daksh Verma
 
PDF
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
PPTX
Computer forensic
bhavithd
 
PPTX
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
PPTX
Digital&computforensic
Rahul Badekar
 
PPTX
Computer Forensics
One97 Communications Limited
 
PDF
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
DOCX
E discovery2
elijaht
 
PPTX
Lect 6 computer forensics
Kabul Education University
 
PPTX
Digital investigation
unnilala11
 
PPTX
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
PDF
Computer forensic
ibraheem ogundele
 
PPTX
Intro to cyber forensics
Chaitanya Dhareshwar
 
PPTX
Digital Forensics Workshop
Tim Fletcher
 
PPTX
Cyber forensic 1
anilinvns
 
Computer Forensics: You can run but you can't hide
Antonio Sanz Alcober
 
Computer Forensics
Neilg42
 
Computer forensics powerpoint presentation
Somya Johri
 
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Lect 5 computer forensics
Kabul Education University
 
Computer Forensics
Daksh Verma
 
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
Computer forensic
bhavithd
 
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
Digital&computforensic
Rahul Badekar
 
Computer Forensics
One97 Communications Limited
 
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
E discovery2
elijaht
 
Lect 6 computer forensics
Kabul Education University
 
Digital investigation
unnilala11
 
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Computer forensic
ibraheem ogundele
 
Intro to cyber forensics
Chaitanya Dhareshwar
 
Digital Forensics Workshop
Tim Fletcher
 
Cyber forensic 1
anilinvns
 
Ad

Viewers also liked (11)

PDF
Uu kup-001-13-uu kup 2013-00 mobile
Farah Nabilah
 
PPT
Latihan8 comp-forensic-bab5
sabtolinux
 
PPT
Latihan2 comp-forensic
sabtolinux
 
PPT
Kasus cybercrime
sabtolinux
 
PPT
Latihan7 comp-forensic-bab6
sabtolinux
 
PDF
BriMor Labs Live Response Collection
BriMorLabs
 
PDF
Gummer BruCON0x07
xgusix
 
PPT
Latihan9 comp-forensic-bab6
sabtolinux
 
PDF
Building an enterprise forensics response service
Seccuris Inc.
 
PPTX
Computer forensic 101 - OWASP Khartoum
OWASP Khartoum
 
PPTX
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Uu kup-001-13-uu kup 2013-00 mobile
Farah Nabilah
 
Latihan8 comp-forensic-bab5
sabtolinux
 
Latihan2 comp-forensic
sabtolinux
 
Kasus cybercrime
sabtolinux
 
Latihan7 comp-forensic-bab6
sabtolinux
 
BriMor Labs Live Response Collection
BriMorLabs
 
Gummer BruCON0x07
xgusix
 
Latihan9 comp-forensic-bab6
sabtolinux
 
Building an enterprise forensics response service
Seccuris Inc.
 
Computer forensic 101 - OWASP Khartoum
OWASP Khartoum
 
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Ad

Similar to Latihan4 comp-forensic-bab3 (20)

PPT
Chapter 2 - Understanding Computer Investigations.ppt
kong100
 
PPT
CF.ppt
KhusThakkar
 
PPTX
Computer forensics and its role
Sudeshna Basak
 
PDF
File000115
Desmond Devendran
 
PPTX
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
PPT
Cyber forensics
pranjal dutta
 
PPTX
PACE-IT, Security+ 2.4: Basic Forensic Procedures
Pace IT at Edmonds Community College
 
PDF
Computer forencis
Teja Bheemanapally
 
PPT
Cyber forensic standard operating procedures
Soumen Debgupta
 
PPT
Ch 3C Processing Crime and Incident Scenes.ppt
whbwi21Basri
 
PPTX
Analysis of digital evidence
rakesh mishra
 
PPT
cyber forensics - TYPES OF CYBER FORENSICS.ppt
mcjaya2024
 
PDF
Test Bank for Guide to Computer Forensics and Investigations, 5th Edition
kaytibhurke
 
PPTX
Chap 2 computer forensics investigation
Malobe Lottin Cyrille Marcel
 
PPT
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
CTIN
 
PPT
Evidence Seizure
CTIN
 
PPTX
Chapter 3 cmp forensic
shahhardik27
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
PPT
Cyber Crime Evidence Collection Ifsa 2009
University of Southern Mississippi
 
Chapter 2 - Understanding Computer Investigations.ppt
kong100
 
CF.ppt
KhusThakkar
 
Computer forensics and its role
Sudeshna Basak
 
File000115
Desmond Devendran
 
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
Cyber forensics
pranjal dutta
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
Pace IT at Edmonds Community College
 
Computer forencis
Teja Bheemanapally
 
Cyber forensic standard operating procedures
Soumen Debgupta
 
Ch 3C Processing Crime and Incident Scenes.ppt
whbwi21Basri
 
Analysis of digital evidence
rakesh mishra
 
cyber forensics - TYPES OF CYBER FORENSICS.ppt
mcjaya2024
 
Test Bank for Guide to Computer Forensics and Investigations, 5th Edition
kaytibhurke
 
Chap 2 computer forensics investigation
Malobe Lottin Cyrille Marcel
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
CTIN
 
Evidence Seizure
CTIN
 
Chapter 3 cmp forensic
shahhardik27
 
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
Cyber Crime Evidence Collection Ifsa 2009
University of Southern Mississippi
 

More from sabtolinux (6)

PPT
Latihan7 comp-forensic-bab6
sabtolinux
 
PPT
Latihan6 comp-forensic-bab5
sabtolinux
 
PPT
Latihan3 comp-forensic-bab2
sabtolinux
 
PPT
Latihan1 comp-forensic
sabtolinux
 
PPT
Latihan 1 computer forensic
sabtolinux
 
PDF
Macam2 sertifikasi linux
sabtolinux
 
Latihan7 comp-forensic-bab6
sabtolinux
 
Latihan6 comp-forensic-bab5
sabtolinux
 
Latihan3 comp-forensic-bab2
sabtolinux
 
Latihan1 comp-forensic
sabtolinux
 
Latihan 1 computer forensic
sabtolinux
 
Macam2 sertifikasi linux
sabtolinux
 

Recently uploaded (20)

PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
KodekX | Application Modernization Development
KodekX
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Approach and Philosophy of On baking technology
30anthuong17
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

Latihan4 comp-forensic-bab3

  • 2. What is Computer Investigation Process? how to search for and collect evidence that can be used in a legal case or for a corporate inquiry, how to examine and analyze this evidence, and other matters related to forensic cases.
  • 3. Policy and Procedure Development - A mission statement - The personnel requirements for the computer forensic unit - Administrative considerations - Submission and retrieval of computer forensic service requests - Implementation of case-management procedures - Handling of evidence - Development of case-processing procedures - Development of technical procedures
  • 4. Investigating a Company Policy Violation Implementing and Enforcing Company Policy To effectively implement such policies, the company needs to inform each employee of the company policy. Employees who use company resources such as Internet or computer systems for personal use not only violate company policies but also waste resources, time, and money.
  • 5. Before Starting the Investigation Legal Considerations Some important legal points an investigator should keep in mind are: • Ensuring the scope of the search • Checking for possible issues related to the federal statutes applicable (such as the Electronic Communications Privacy Act of 1986 [ECPA] and the Cable Communications Policy Act [CCPA], both as amended by the USA PATRIOT Act of 2001, and the Privacy Protection Act of 1980 [PPA]), state statutes, and local policies and laws
  • 6. 10 Steps to Prepare for a Computer Forensic Investigation 1. Do not turn the computer off or on, run any programs, or attempt to access data on the computer. An expert will have the appropriate tools and experience to prevent data overwriting, damage from static electricity, or other concerns. 2. Secure any relevant media—including hard drives, laptops, BlackBerrys, PDAs, cell phones, CDROMs, DVDs, USB drives, and MP3 players—the subject may have used. 3. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at the time of the issue.
  • 7. 10 Steps to Prepare for a Computer Forensic Investigation 4. Identify the type of data you are seeking, the information you are looking for, and the urgency level of the examination. 5. Once the machine is secured, obtain information about the machine, the peripherals, and the network to which it is connected. 6. If possible, obtain passwords to access encrypted or password-protected files. 7. Compile a list of names, e-mail addresses, and other identifying information about those with whom the subject might have communicated.
  • 8. 10 Steps to Prepare for a Computer Forensic Investigation 8. If the computer is accessed before the forensic expert is able to secure a mirror image, note the user(s) who accessed it, what files they accessed, and when the access occurred. If possible, find out why the computer was accessed. 9. Maintain a chain of custody for each piece of original media, indicating where the media has been, whose possession it has been in, and the reason for that possession. 10. Create a list of key words or phrases to use when searching for relevant data.
  • 9. Collecting The Evidence - Obtaining a search warrant - Preparing for searched - Searches for warrant - Performing a Preliminary Assessment - Examining and Collecting Evidence - Acquiring the Subject Evidence - Methods of Collecting Evidence - Securing the Computer Evidence - Processing Location Assessment - Chain-of-Evidence Form
  • 10. Examining the Digital Evidence - Understanding Bit-Stream Copies - Imaging - Making a Bit-Stream Copy Using MS-DOS - Acquiring a Bit-Stream Copy of a Floppy Disk Using Image - Making a Bit-Stream Copy of Evidence Using Image - Write Protection - Evidence Assessment
  • 11. Examining the Digital Evidence - Evidence Examination - Analysis of Extracted Data - Time-Frame Analysis - Data-Hiding Analysis - Application and File Analysis - Ownership and Possession - Documenting and Reporting - The Final Report