Post on 21-Jan-2017
Computer Forensics
Presented By:Priya ManikpuriM.Sc.(CS) 1St SemesterShri.Shivaji Science college, Nagpur
Introduction Computer crime is a criminal act in which a
computer is the object of the offence or the tool of its commission.
Classification:
Computer centered crime Computer assisted crime Incidental computer crime
What is computer forensics?
A branch of digital forensic science pertaining to legal evidence found in computers and digital storage media
A Scientific process of preserving, identifying, extracting, documenting, and interpreting data on computer
Objectives
To recover, analyze, and preserve the computer and related materials in a manner that can be presented as evidence in a court of law
To identify the evidence in a short amount of time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator
Digital Evidence• Digital evidence or electronic evidence is any
probative information stored or transmitted in digital form that a party to a court case may use at trial.
• In the legal world, Evidence is EVERYTHING. • Evidence is used to establish facts. •
Where to find evidence? text documents,graphical images,calendar files, databases, audio and video files,Web sites and application programs. Even viruses, Trojan horses and
spywareE-mail records and instant
messaging logs,
Handling Information Information and data being sought after and
collected in the investigation must be properly handled
Volatile Information– Network Information
• Communication between system and the network– Active Processes
• Programs and daemons currently active on the system
– Logged-on Users• Users/employees currently using system
– Open Files• Libraries in use; hidden files; Trojans (root kit)
loaded in system
Handling Information• Non-Volatile Information
– This includes information, configuration settings, system files and registry settings that are available after reboot
– Accessed through drive mappings from system
– This information should investigated and reviewed from a backup copy
Forensic Phases:• Acquisition• Identification• Evaluation• Presentation
Forensic Techniques
Live analysis:• The examination of computers from within
the operating system using custom forensics to extract evidence.
Cross-drive analysis:• forensic technique that correlates
information found on multiple hard drives.• can be used to perform anomaly detection.
Forensic Techniques
Example of Software Tools:• EnCase• WinHex• ProDiscover• S-tool
Deleted files:• recovery of deleted files• Use of forensic software tools for recovering
or carving out deleted data.
Forensic Techniques
Steganography:• concealing a message, image, or file within
another message, image, or file.• detection of steganographically encoded
packages is called steganalysis.• the simplest method to detect modified files is to
compare them to known originals.
Applications of Computer Forensics
• Criminal• Domestic• Security• Marketing
Advantages
Ensures the overall integrity and continued existence of an organization’s computer system and network infrastructure.
Helps the organization capture important information if their computer systems or networks are compromised.
Efficiently tracks down cyber criminals and terrorists from different parts of the world.
Tracks complicated cases such as child pornography and e-mail spamming.
Disadvantages
CostIncreasing storage space New technologiesAnti-forensicsLegal issuesAdministrative issues
Conclusion
• With computer becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.