Unit 01
Unit 01
ISM09204
Dr. Nicodemus M. M.
Computer Forensics - Overview
• Digital crime refers to any criminal activity that involves the use of digital devices
or digital technologies.
• Digital crimes may encompass a wide range of illegal activities, including but not
limited to fraud, identity theft, intellectual property theft, unauthorized access to
computer systems, and distribution of illegal content (e.g., piracy, child
exploitation materials).
• Digital crime can occur both online and o ine, as long as it involves the use of
digital technologies.
ffl
Cyber-Crime
• Cybercrime speci cally refers to criminal activities that are conducted over
the internet or through computer networks.
• Digital devices often hold critical evidence in various forms such as emails,
documents, photos, and chat logs.
• Examples:
• TZ - BOT, CRDB, NMB, TCRA
• International - KROLL
fi
Computer Forensic Process
4 Stages
• Encrypted data can be di cult to access and decrypt, making it harder for
forensic investigators to collect evidence.
• There are often no clear guidelines or standards for dealing with digital
evidence in court, and the admissibility of evidence can be limited
ffi
Computer Forensics - Key Challenges
• Producing electronic records and storing them can be extremely costly, and
legal practitioners must have extensive computer knowledge to produce
authentic and convincing evidence
• Limited resources, such as time and budget, can hinder the investigation
process
ffi
ffi
Computer Forensics - Techniques
Cross-Drive Analysis
Such techniques have the potential to identify drives of interest from a large set
ff
fi
Computer Forensics - Techniques
Live Analysis
• Live analysis, also known as live forensics or volatile data analysis, is a digital
forensic technique that involves the real-time examination and analysis of
data residing in the volatile memory (RAM) of a running computer system.
• Live analysis deals with data that is actively present in the computer's
memory and is lost when the system is powered o or restarted.
ff
Computer Forensics - Techniques
Recovery of Deleted Files
• Modern forensic software have their own tools for recovering or carving out
deleted data.
• File carving involves searching for known le headers within the disk image
and reconstructing deleted materials.
fi
fi
fi
fi
Computer Forensics - Techniques
Steganography
• Steganography is the practice of
concealing secret information within a
carrier medium, such as an image, audio
le, video, or text, without attracting
attention to the existence of the hidden
data