Lect 1 computer forensics
Download as PPTX, PDF5 likes1,562 views
The document presents an introduction to computer forensics, highlighting its evolution, objectives, advantages, and disadvantages. It emphasizes the importance of digital evidence in legal proceedings and discusses cybercrime, including types, modes of attack, and relevant examples. Additionally, it outlines steps for forensic readiness planning to effectively manage digital evidence and investigations.
![Forensics Science
• Forensics Science is a science which proves to a court that the suspected
was involved or not, in the criminal activities, in order to find out the truth
that injustice shall not be occurred.
• Application of physical sciences to law
• in the search for truth in
• civil,
• criminal,
• and social behavioral matters
• In order to end that injustice shall not be done to any member of society. [CHFI]
• To prove that a person was present or not at the place of crime](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-3-320.jpg)
![Computer Forensics
• It is the combination of law and computer science
• Computer forensics is a process of gathering related data or
information from the digital appliances involved in the crime and
preserved those data or information in a way that is acceptable to
court of law.
• A methodical series of techniques and procedures for gathering
evidence, from computing equipment and various storage devices
and digital media that can be presented in a court of law in a
coherent and meaningful format. [Dr. H.B. Wolfe]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-4-320.jpg)
![Computer Forensics
• Forensics computing is thee science of capturing, processing, and
investigating data from computers using a methodology whereby any
evidence discovered is acceptable in a court of law. [CHFI]
• The preservation, identification, extraction, interpretation, and
documentation of computer evidence, to include the rules of
evidence, legal processes, integrity of evidence, factual reporting of
the information found, and providing of expert opinion in a court of
law or other legal and/or administrative proceeding as to what was
found [CSI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-5-320.jpg)
![Aspects of Organizational Security [CHFI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-6-320.jpg)
![Evolution of Computer Forensics [CHFI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-8-320.jpg)
![Need for Computer Forensics [CHFI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-12-320.jpg)
![Benefits of Forensics Readiness [CHFI]
• Evidence can be gathered to act in the company’s defense if subject to a
law suit
• In the event of a major incident, a fast and efficient investigation can be
conducted and corresponding actions can be followed with minimal
disruption to the business.
• Forensics readiness can extend the target of information security to the
wider threat from cybercrime such as intellectual property protection,
fraud, or extortion.
• Fixed and structured approach for storage of evidence can considerably
reduce the expense and time of an internal investigation
• It can improve and simplify law enforcement interface
• In case of a major incident, proper and in-depth investigation can be
conducted](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-14-320.jpg)
![Goals of Forensics Readiness [CHFI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-15-320.jpg)
![Cyber Crime Investigation [CHFI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-22-320.jpg)
![Key Steps in Forensics Investigation [CHFI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-23-320.jpg)
![Key Steps in Forensics Investigation [CHFI]](https://image.slidesharecdn.com/lect1computerforensics-170306165845/85/Lect-1-computer-forensics-24-320.jpg)
Lect 1 computer forensics
- 1. Intro to Computer Forensics Mr. Islahuddin Jalal MS (Cyber Security) – UKM Malaysia Research Title – 3C-CSIRT Model for Afghanistan BAKHTAR UNIVERSITY باخترپوهنتون د
- 2. Outline • Computer forensics • Evolution, objective, advantages and disadvantages of CF • Forensics Readiness Planning • Cybercrime and its types • Cybercrime investigation
- 3. Forensics Science • Forensics Science is a science which proves to a court that the suspected was involved or not, in the criminal activities, in order to find out the truth that injustice shall not be occurred. • Application of physical sciences to law • in the search for truth in • civil, • criminal, • and social behavioral matters • In order to end that injustice shall not be done to any member of society. [CHFI] • To prove that a person was present or not at the place of crime
- 4. Computer Forensics • It is the combination of law and computer science • Computer forensics is a process of gathering related data or information from the digital appliances involved in the crime and preserved those data or information in a way that is acceptable to court of law. • A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media that can be presented in a court of law in a coherent and meaningful format. [Dr. H.B. Wolfe]
- 5. Computer Forensics • Forensics computing is thee science of capturing, processing, and investigating data from computers using a methodology whereby any evidence discovered is acceptable in a court of law. [CHFI] • The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing of expert opinion in a court of law or other legal and/or administrative proceeding as to what was found [CSI]
- 6. Aspects of Organizational Security [CHFI]
- 7. Evolution of Computer Forensics • Francis Galton (1982 – 1911): Made the first recorded study of fingerprints • Leone Lattes (1887 – 1954): Discovered Blood groupings • Calvin Goddard (1891 – 1955): allowed firearms and bullet comparison for solving many pending court cases • Albert Osborn (1858 – 1946): Developed essential feature of document examination • Hans Gross (1847 – 1915): Made use of scientific study to head criminal investigations • FBI (1932): A lab was set up to provide forensics services to all field agents and other law authorities across the country.
- 8. Evolution of Computer Forensics [CHFI]
- 9. Objective of Computer Forensics • To find out the criminal which is directly or indirectly related to cyber region. • To recover, analyze and preserve computer and related materials in such a way that they can be presented as evidence in a court of law. • To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator.
- 10. Advantages of Computer Forensics • Help to protect from and solve cases involving • Theft of intellectual property • This is related to any act that allows access to customer data and any confidential information • Financial Fraud • This is related to anything that uses fraudulent purchase of victims information to conduct fraudulent transactions.
- 11. Disadvantages of Computer Forensics • Digital evidence accepted into court must prove that there is no tampering • Costs • Producing electronic records and preserving them is extremely costly • Legal practitioners must have extensive computer knowledge
- 12. Need for Computer Forensics [CHFI]
- 13. Forensics Readiness? • It is defined as the ability of an organization to maximize its potential to use digital evidence whilst minimizing the costs of an investigation.
- 14. Benefits of Forensics Readiness [CHFI] • Evidence can be gathered to act in the company’s defense if subject to a law suit • In the event of a major incident, a fast and efficient investigation can be conducted and corresponding actions can be followed with minimal disruption to the business. • Forensics readiness can extend the target of information security to the wider threat from cybercrime such as intellectual property protection, fraud, or extortion. • Fixed and structured approach for storage of evidence can considerably reduce the expense and time of an internal investigation • It can improve and simplify law enforcement interface • In case of a major incident, proper and in-depth investigation can be conducted
- 15. Goals of Forensics Readiness [CHFI]
- 16. Forensics Readiness Planning 1) Define the business states that need digital evidence 2) Identify the potential evidence available 3) Determine the evidence collection requirement 4) Decide the procedure for securely collecting the evidence that meets the requirement in a forensically sound manner 5) Establish a policy for securely handling and storing the collected evidence 6) Ensure that the observation process is aimed to detect and prevent the important incidents 7) Ensure investigative staff are capable to complete any task related to handling and preserving the evidence 8) Document all the activities performed and their impact 9) Ensure authorized review to facilitate action in response to the incident
- 17. Cyber Crime • Cyber crime is an illegal action against any entity using computer, its systems and its applications. • Crime directed against a computer • Crime where the computer contains evidence • Crime where the computer is used as a tool to commit the crime • A cyber crime is intentional and not accidental
- 18. Cyber crime • Computer and networks make a healthy environment for the cyber criminal to perform their illegal actions due to the following factors • Speed • Anonymity • Different cyber laws • It is also a great challenges for the investigators as well.
- 19. Modes of Attacks • There are generally two main types of attacks • Internal Attacks • Breach of trust from employees within the organization • External Attacks • Attackers either hired by an insider or by an external entity to destroy the competitor’s reputation
- 20. Examples of Cyber crime 1) Fraud achieved by the manipulation of the computer network 2) Deliberate circumvention of the computer systems 3) Unauthorized access to or modification of programs and data 4) Intellectual property theft, including software piracy 5) Industrial espionage by means of access to or theft of computer materials 6) Identity theft, which is accomplished by the use of fraudulent computer 7) Writing or spreading computer viruses or worms 8) Salami slicing is the practice of stealing money repeatedly in small quantities 9) Denial of service attack, where the company’s websites are flooded with service requests and their website is overloaded and either slowed or is crashed completely 10) Making and digitally distributing child pornography
- 21. CHFI
- 22. Cyber Crime Investigation [CHFI]
- 23. Key Steps in Forensics Investigation [CHFI]
- 24. Key Steps in Forensics Investigation [CHFI]
- 25. Thank You For Your Patience