0% found this document useful (0 votes)
26 views15 pages

Computer Forensics

Uploaded by

fbkiran518
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
26 views15 pages

Computer Forensics

Uploaded by

fbkiran518
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Definition

 What is Computer Forensics??


 Computer forensics involves the preservation,
identification, extraction, documentation, and
interpretation of computer media for evidentiary
and/or root cause analysis.
 Evidence might be required for a wide range of
computer crimes and misuses
 Multiple methods of
 Discovering data on computer system
 Recovering deleted, encrypted, or damaged file
information
 Monitoring live activity
 Detecting violations of corporate policy
 Information collected assists in arrests,
prosecution, termination of employment, and
preventing future illegal activity
Definition (cont)
 What Constitutes Digital Evidence?
 Any information being subject to human
intervention or not, that can be extracted from
a computer.
 Must be in human-readable format or capable
of being interpreted by a person with expertise
in the subject.
 Computer Forensics Examples
 Recovering thousands of deleted emails
 Performing investigation post employment
termination
 Recovering evidence post formatting hard
drive
 Performing investigation after multiple
users had taken over the system
Reasons For Evidence
 Wide range of computer crimes and misuses
 Non-Business Environment: evidence collected by
Federal, State and local authorities for crimes relating
to:
 Theft of trade secrets
 Fraud
 Extortion
 Industrial espionage
 Position of pornography
 SPAM investigations
 Virus/Trojan distribution
 Homicide investigations
 Intellectual property breaches
 Unauthorized use of personal information
 Forgery
 Perjury
Reasons For Evidence (cont)
 Computer related crime and violations
include a range of activities including:
 Business Environment:
 Theft of or destruction of intellectual property
 Unauthorized activity
 Tracking internet browsing habits
 Reconstructing Events
 Inferring intentions
 Selling company bandwidth
 Wrongful dismissal claims
 Sexual harassment
 Software Piracy
Who Uses Computer
Forensics?
 Criminal Prosecutors
 Rely on evidence obtained from a computer to
prosecute suspects and use as evidence
 Civil Litigations
 Personal and business data discovered on a
computer can be used in fraud, divorce,
harassment, or discrimination cases
 Insurance Companies
 Evidence discovered on computer can be
used to mollify costs (fraud, worker’s
compensation, arson, etc)
 Private Corporations
 Obtained evidence from employee computers can
be used as evidence in harassment, fraud, and
embezzlement cases
Who Uses Computer
Forensics? (cont)
 Law Enforcement Officials
 Rely on computer forensics to backup search
warrants and post-seizure handling
 Individual/Private Citizens
 Obtain the services of professional computer
forensic specialists to support claims of
harassment, abuse, or wrongful termination
from employment
Handling Evidence
 Admissibility of Evidence
 Legal rules which determine whether potential
evidence can be considered by a court
 Must be obtained in a manner which ensures the
authenticity and validity and that no tampering
had taken place
 No possible evidence is damaged,
destroyed, or otherwise compromised by
the procedures used to search the computer
 Preventing viruses from being introduced to
a computer during the analysis process
 Extracted / relevant evidence is properly
handled and protected from later
mechanical
or electromagnetic damage
Initiating An Investigation
 DO NOT begin by exploring files on
system randomly
 Establish evidence custodian - start a
detailed journal with the date and time
and date/information discovered
 If possible, designate suspected
equipment as “off-limits” to normal
activity. This includes back-ups, remotely
or locally scheduled
house-keeping, and configuration
changes
 Collect email, DNS, and other network
service logs
Incidence Response
 Identify, designate, or become evidence
custodian
 Review any existing journal of what has
been done to system already and/or how
intrusion was detected
 Begin new or maintain existing journal
 Install monitoring tools (sniffers, port
detectors, etc.)
 Without rebooting or affecting running
processes, perform a copy of physical disk
 Capture network information
Computer Forensic
Requirements
 Hardware
 Familiarity with all internal and external
devices/components of a computer
 Thorough understanding of hard drives and
settings
 Understanding motherboards and the various
chipsets used
 Power connections
 Memory
 BIOS
 Understanding how the BIOS works
 Familiarity with the various settings and
limitations of the BIOS
Computer Forensic
Requirements
 Operation Systems (cont)

 Windows 3.1/95/98/ME/NT/2000/2003/XP
 DOS
 UNIX
 LINUX
 VAX/VMS
 Software
 Familiarity with most popular software packages
such as Office
 Forensic Tools
 Familiarity with computer forensic techniques
and the software packages that could be used
Types of electronic devices or MEDIA
that may contain digital evidence

 Personal computer, laptop  Personal Data Assistants


 External hard drives (USB (PDAs, iPods, Palm)
connection)  Cellular phones
 DVD, CD, floppy disks  MP3 Players
 Flash drives (thumb, USB)  Smart Phones
 Memory sticks (Blackberry/iPhone/Android)
 Digital cameras  iPads, tablets
 SD Cards  Many unusual pieces of media
Other Items of Evidence at Scene

 Computer media relevant to crime


 Documents surrounding computer
 Documents in the printer, scanner, trash
 Web camera (usually on top of monitor)
 PDA, cell phones with charger/data cable
 Related software
 Related cables / power cords / chargers
Thank you

You might also like