Jaipur Engineering College and

Research Center

 Presentation on Computer Forensics & Digital

Evidence

Presented by:
VIKAS KHANDELWAL

7th sem section ‘B’

Computer science
1
 Computer Forensics &
Digital Evidence
Reconstructing what happened

12/08/21 PHIT 2005 2

Issues to think about…

 What’s Digital Evidence?

 Where’s the crime scene?

 What’s Computer Forensics & why is it

growing so fast?

3
 What’s Digital Evidence
& why is it important?

4
1st Why is Evidence important?
 In the legal world,
evidence is everything & the only thing
 Evidence is used to establish facts
 Evidence must be admissible in court or
legal action
 To be admissible, the investigator must
follow proper procedure

5
Digital Evidence

Forensics Uncover
Criminals Hide Evidence
Evidence
 Restore deleted files and
 Delete their files and emails emails – they are still really
there!

 Hide their files by  Find the hidden files through

encryption, password complex password, encryption
protection, or embedding programs, and searching
them in unrelated files (dll, techniques
os etc)
 Track them down through the
 Use Wi-Fi networks and digital trail - IP addresses to
cyber cafes to cover their ISPs to the offender
tracks

6
 What is CyberCrime?
 A crime that involves computers, digital devices,
or the Internet.
 A computer is:

• the target of an attack

• the tool used in an attack
• used to communicate or store data related to
criminal activity

7
Computer Crime
 Easy to commit—too many
vulnerable systems & gullible people
 Crime without punishment—too often
 Lots of media sensationalism &
public apathy

8
Types of Cyber Crime

 Unauthorized Access  Internet Fraud

 Denial of Service  Spoofing or “Imposter Sites”
 Extortion  Stock Manipulation
 Theft  Credit Card Fraud
 Computer Fraud  Identity theft
 Copyright Violation  Drug Trafficking
 Cyber terrorism

9
Issues to think about…

 What’s Computer Forensics

& why is it growing so fast?

10
What is Computer Forensics?
A process of applying scientific
& analytical techniques to
computers, networks, digital
devices, & files to discover or
recover admissible evidence.

11
 Definition

 Computer forensics, still a rather new discipline in computer

security, focuses on finding digital evidence after a computer
security incident has occurred.

 Computer Forensics is the application of science and engineering

to the legal problem of digital evidence. It is a synthesis of science
and law.

 Computer forensics is the scientific examination and analysis of

data held on, or retrieved from, computer storage media in such a
way that the information can be used as evidence in a court of
law.

12
Who needs Computer Forensics?
 The Victim!
 Businesses and government
 Financial sector
 Law Enforcement
 Anti-terrorist & National Security agencies
 Those in need of Data & Disaster Recovery

13
 Steps Of Computer Forensics

 According to many professionals, Computer Forensics is

a four (4) step process
 Acquisition
• Physically or remotely obtaining possession of the
computer, all network mappings from the system, and
external physical storage devices
 Identification
• This step involves identifying what data could be
recovered and electronically retrieving it by running
various Computer Forensic tools and software
suites
 Evaluation
• Evaluating the information/data recovered to
determine if and how it could be used again the
suspect for employment termination or prosecution
in court
14
Steps Of Computer Forensics (cont)

 Presentation
• This step involves the presentation of evidence
discovered in a manner which is understood by lawyers,
non-technically staff/management, and suitable as
evidence as determined by internal laws

15
Types of Computer Forensics

 Disk (data) Forensics

 Network Forensics
 Email Forensics
 Internet Forensics
 Portable Device Forensics (flash cards,
PDAs, Blackberries, email, pagers, cell
phones, IM devices, etc.)

16
Disk Forensics
 Disk forensics is the process of acquiring and
analyzing the data stored on some form of
physical storage media.
 Includes the recovery of hidden and
deleted data.

17
Network Forensics
 Network forensics is the process of examining
network traffic.
 After-the-fact analysis of transaction logs

 Real-time analysis via network monitoring

• Sniffers(Packet Analyzer)
• Real-time tracing

18
 Email Forensics
 Email forensics is the study of source and content of
electronic mail as evidence.
 identifying the actual sender and recipient of a
message, date/time it was sent.
 Often email is very incriminating.

19
Internet Forensics
 Internet or Web forensics is the process of
piecing together where and when a user has
been on the Internet.
 E.g.Michael Jackson

20
Source Code Forensics
 To determine software ownership or
software liability issues.
 Review of actual source code.
 Examination of the entire development
process, e.g., development procedures,
documentation review, and review of
source code revisions.

21
The Future of Computer Forensics

 Computer forensics is now part of criminal

investigations.
 Crimes & methods to hide crimes are
becoming more sophisticated.
 Computer forensics will be in demand for as
long as there are criminals and misbehaving
people.
 Will attract students and law professionals who
need to update their skills.

22
Protect our Computers!

 Use anti-virus software and  Don't share access to computers

firewalls - keep them up to with strangers
date
 If one have a wi-fi network,
 Keep operating system up to password protect it
date with critical security
updates and patches  Disconnect from the Internet
when not in use
 Don't open emails or
attachments from unknown
sources
 Reevaluate your security on a
regular basis
 Use hard-to-guess passwords.
Don’t use words found in a
dictionary. Remember that
password cracking tools exist

23
Technological progress is
like an axe in the hands of
a pathological criminal.

24