Computer Forensics
-
Upload
madhuri-toppo -
Category
Documents
-
view
8 -
download
0
description
Transcript of Computer Forensics
COMPUTER FORENSICS
Presented ByParitosh Goldar
P08CO979
Guided ByDR Patel
INDEX• Introduction• Components of Computer Forensic
Analysis• The Forensic Investigation Process• Objectives of the Investigative Process.• Applications of Computer Forensics • Security Incidence• Computer Forensic Tools• Conclusion• References
Introduction
• computer forensics is the collection, preservation, analysis, and presentation of computer-related evidence.
• Real scientific discipline for crime investigation.
• The use of science and technology to investigate and establish facts in criminal or civil courts of law.
Introduction• Proper Acquisition and Preservation of Computer Evidence.• Authentication of Collected Data for Court Presentation.• Recovery of All Available Data, Including delete files. Computer forensics creates opportunities
to uncover evidence impossible to find using a manual process
Components of Computer Forensic Analysis
• Preservation– Involves making a forensic copy of the
original data and conducting a comparison between the copy and the original
–Examine the live computer system if possible
– Inspect the surroundings, collect all pertinent physical evidence
–Photograph all devices before examination–Fully document the hardware configuration
Components of Computer Forensic Analysis
• Identification– Identify the potential containers of
electronic evidence (e.g. hard drives, etc.)– Identify the data pertinent to the case under
investigation• Extraction
–Making electronic and hard copies of relevant data
Components of Computer Forensic Analysis
• Interpretation–Results of investigation based on data and
tools used must be interpreted by forensic experts
• Documentation–Document everything from start to finish
Components of Computer Forensic Analysis
• Rules of Evidence–Forensic investigators must consider local
rules of evidence (define conditions for admissibility, reliability, and relevance) that apply to the situation at hand
The Forensic Investigation Process– Recovery of evidence: recovery of hidden and
deleted information, recovery of evidence from damaged equipment
– Harvesting: Obtaining data about data– Data reduction: Eliminate/filter evidence– Organization and search: Focus on
arguments– Analysis: Analysis of evidence to support
positions– Reporting: Record of the investigation– Persuasion and testimony: In the courts
Objectives of the Investigative Process• Acceptance: Process has wide
acceptance• Reliability: Methods used can be trusted
to support findings• Repeatability: Process can be
replicated• Integrity: Trust that the evidence has not
been altered• Cause & Effect: Logical relationship
between suspects, events, evidence• Documentation: Recording of evidence
Applications of Computer Forensics
• High Tech Crime Investigations• Incident Response• Email Recovery & Analysis• Document & File recovery• Law enforcement agencies e.g.
cybercrime• Civil Litigators e.g. IP infringement• Insurance companies
Security Incidents
• Incident: "A computer security incident, is any adverse event whereby some aspect of computer security could be threatened: loss of data confidentiality, disruption of data or system integrity, or disruption or denial of availability.“
• any security relevant adverse event that might threaten the security of a computer system or a network.
Security Incidence
Types of Incidents
• Most incidents point towards: 1. Confidentiality, 2. Integrity, 3. Availability.
Main Categories of Incidents• Compromise of integrity
–Such as when a virus infects a program or the discovery of a serious system vulnerability.
• Denial of service–Such as when an attacker has
disabled a system or a network worm has saturated network bandwidth.
Main Categories of Incidents• Misuse
–Such as when an intruder (or insider) makes unauthorized use of an account or information.
• Damage–Such as when a virus destroys
data.• Intrusions
–Such as when an intruder penetrates system security.
Examples of IncidentsDifferent types of incidents:• Repudiation,• Harassment,• Pornography trafficking,• Organized crime activity,• Subversion.
Incident Response Methodology
Preparation Detection Containment Analysis Eradication Recovery Follow-up
Feed Back
Digital Forensics/Evidence Management
Types of Digital Forensics
• “Network” Analysis–Communication analysis–Log analysis–Path tracing
Types of Digital Forensics• Media Analysis
–Disk imaging–MAC time analysis (Modify,
Access, Create)–Content analysis–Slack space analysis–Steganography
Types of Digital Forensics
• Code Analysis–Reverse engineering–Malicious code review–Exploit Review
Computer Forensics Tools
• Filter and search software• Password recovery software• Data recovery• Data elimination• Hashing tools to validate accuracy of
forensic copies
Computer Forensics Tools
• Imaging Softwares ex. EnCase, SafeBack.
• Data extraction or data mining softwares
Example of Crime Solved by Computer Forensics
TYPE OF CRIME TYPE OF E-EVIDENCE
Murder Files on computer hard drives and a PDA
Double murder GPS data from his car and cell phone; Internet history
Terrorism E-mail, files from his computers
Example of Crime Solved by Computer Forensics
TYPE OF CRIME TYPE OF E-EVIDENCE
Serial killer Deleted files on a pen drive used by the criminal at his computer
Kidnapping E-mail communication between the victim and criminal—tracing an IP address to a computer at criminal’s home
Snipers Digital recordings on a device in suspects’ car
Rape E-evidence of pornography on his computer
Conclusion• Several unique opportunities give
computer forensics the ability to uncover evidence that would be extremely difficult to find using a manual process
• Computer forensics also has a unique set of challenges that are not found in standard evidence gathering, including volume of electronic evidence, how it is scattered in numerous locations, and its dynamic content
ReferencesBooks :1. Computer Forensics For Dummies®2. Cyber Forensics- A Field Manual for
Collecting, Examining, and Preserving Evidence of Computer Crimes
3. Computer Forensics Computer Crime Scene Investigation
References
Websites1. http://computer-forensics.safemode.org2. http://www.cybersecurityinstitute.biz/
forensics.htm 3. www.forensics-intl.com4. www.cybersecurityinstitute.biz
COMPUTER FORENSICS
Questions???
andTHANK YOU!!