The Need for Computer Forensics

• To collect, examine, and safeguard evidence.

• To help solve cyber crimes and to recover important
compromised data.
• How computer forensics works
• Device identification
• Data preservation
• Forensic analysis
• Reporting
Chain of Custody
• In a legal context, the chain of custody process refers to
acquiring, storing, safeguarding and transferring of an asset,
whether digital or physical
• It’s a documentation of the ownership of a digital asset, such
as data, as it transfers from one person or organization to
another, the exact date and time of the transfer, and the
purpose of the transfer.
• More specifically, tracking and documenting each transfer of
the asset as it moves from one place to another. While being a
long and tedious process, chain of custody is vital as it ensures
the authenticity of the acquired asset, increases transparency,
and allows the personnel involved to be held accountable for
the actions taken on the asset
Forensics Analysis of E-Mail
• The two most important components of an E-Mail system are
the E-Mail server and the E-Mail gateway.
• Forensics Analysis of E-Mail helps to establish the authenticity
of an email when suspected.
• Email consists of two parts the header and the body. Message
headers are the important part for investigating E-Mail
messages.
• The "header" of an E-Mail is very important from forensics
point of view - a full header view of an E-Mail provides the
entire path of E-Mail's journey from its origin to its destination.
• SPF (Sender Policy Framework) is an email authentication
standard that helps protect senders and recipients from spam,
spoofing, and phishing.
• DKIM is a standard email authentication method that adds a
digital signature to outgoing messages.
• DMARC is a standard email authentication method. DMARC
helps mail administrators prevent hackers and other attackers
from spoofing their organization and domain.
Digital Forensics Life Cycle
Digital Forensics Process
The Phases in Computer Forensics/ Digital
Forensics
• Preparation and Identification
• Collection and Recording
• Storing and transporting
• examination and investigation
• analysis, interpretation and attribution
• reporting
• testifying