DR.

SNS RAJALAKHSMI COLLEGE OF ARTS AND SCIENCE

(AN AUTONOMOUS CO-EDUCATION INSTITUTION)
COIMBATORE – 641049
WWW.DRSNSRCAS.AC.IN

COMPUTER
FORENSICS
Presentation by
Dr.NC SACHITHANANTHAM
Assistant Professor
Department of Information Technology
[email protected]
Department of

IT
Information
Technology
CONTENTS
• Introduction
• What is Computer Forensics?
• Characteristics
• Needs
• History
• Goal
• Cyber Crime & Evidence
• Computer Forensics Methodology
• Applications of Computer Forensics
• Who Uses Computer Forensics
• Skills Requirements for Computer Forensics 2
• Conclusion
INTRODUCTION
“Forensic computing is the process of identifying,
preserving, analyzing and presenting digital evidence in
a manner that is legally acceptable.”(Rodney
Mckemmish 1999).
 “Forensic computing is the process of identifying,
WHAT IS COMPUTER FORENSICS?

preserving, analyzing and presenting digital evidence in

a manner that is legally acceptable.”(Rodney
Mckemmish 1999).
 Evidence might be required for a wide range of
computer crimes and misuses.
 Information collected assists in arrests, prosecution,
termination of employment, and preventing future
illegal activity

4
CHARACTERISTICS

 IDENTIFYING
 PRESERVING
 ANALYZING
 PRESENTING

5
NEEDS OF COMPUTER FORENSICS
o To produce evidence in the court that can lead to the
punishment of the actual.
o To ensure the integrity of the computer system.
o To focus on the response to hi-tech offenses, started to
intertwine.

6
HISTORY OF COMPUTER FORENSICS
o Began to evolve more than 30 years ago in US when law

enforcement and military investigators started seeing

criminals get technical.
o Over the next decades, and up to today, the field has

exploded. Law enforcement and the military continue to

have a large presence in the information security and
computer forensic field at the local, state and federal
level.
o Now a days, Software companies continue to produce

newer and more robust forensic software programs. And

law enforcement and the military continue to identify
and train more and more of their personnel in the 7

response to crimes involving technology.

GOAL OF COMPUTER FORENSICS
 The main goal of computer forensic experts is not only
to find the criminal but also to find out the evidence and
the presentation of the evidence in a manner that leads to
legal action of the criminal.

8
CYBER CRIME & EVIDENCE
 CYBER CRIME
 Cyber crime occurs when information technology is
used to commit or conceal an offence.

9
TYPES OF CYBER CRIME
o Forgery
o Breech of Computer Security
o Fraud/Theft
o Copyright Violations
o Identity Theft
o Threats
o Burglary
o Homicide
o Administrative Investigations
o Cyber Terrorism
10
o Sales and Investment Fraud
o Electronic Fund Transfer Fraud
EVIDENCE

 An item does not become officially a piece of evidence

until a court admits it.
 Much of forensics practice concerns how to collect,
preserve and analyze these items without compromising
their potential to be admitted as evidence in a court of
law.

11
 DIGITAL EVIDENCE

 “Any data that is recorded or preserved on

any medium in or by a computer system or
other similar device, that can be read or
understand by a person or a computer
system or other similar device. It includes a
display, print out or other output of that
data.”

12
TYPES OF DIGITAL EVIDENCE
1) PERSISTANT DATA
Meaning data that remains intact when the
computer is turned off. E.g. hard drives, disk drives and
removable storage devices (such as USB drives or flash
drives).

2) VOLATILE DATA,
Meaning data that would be lost if the computer
is turned off. E.g. deleted files, computer history, the
computer's registry, temporary files and web browsing
history.
13
5 RULES OF EVIDENCES
1) Admissible
 Must be able to be used in court or elsewhere.

2) Authentic
 Evidence relates to incident in relevant way.

3) Complete (no tunnel vision)

 Exculpatory evidence for alternative suspects.

4) Reliable
 No question about authenticity & veracity.

5) Believable
 Clear, easy to understand, and believable by a jury.
14
TOP 10 LOCATION FOR EVIDENCE
1) Internet History Files
2) Temporary Internet Files
3) Slack/Unallocated Space
4) Buddy lists, personal chat room records, others saved
areas
5) News groups/club lists/posting
6) Settings, folder structure, file names
7) File Storage Dates
8) Software/Hardware added
9) File Sharing ability
15
10) E-mails
METHODOLOGY
1) Shut Down the Computer
2) Document the Hardware Configuration of The
System
3) Transport the Computer System to A Secure
Location
4) Make Bit Stream Backups of Hard Disks and
Floppy Disks
5) Mathematically Verify Data on All Storage
Devices
6) Document the System Date and Time
7) Make a List of Key Search Words

16
APPLICATIONS
 FINANCIAL FRAUD DETECTION
 CRIMINAL PROSECUTION

 CIVIL LITIGATION

 “CORPORATE SECURITY POLICY AND

VIOLATIONS”

17
WHO USES COMPUTER FORENSICS?
 Criminal Prosecutors
 Rely on evidence obtained from a computer to
prosecute suspects and use as evidence.

 Civil Litigations
 Personal and business data discovered on a
computer can be used in fraud, harassment, or
discrimination cases.

 Private Corporations
 Obtained evidence from employee computers can
be used as evidence in harassment, fraud, and 18

embezzlement cases.
WHO USES COMPUTER FORENSICS?
(CONT..)
 Law Enforcement Officials
 Rely on computer forensics to backup search warrants
and post-seizure handling.

 Individual/Private Citizens
 Obtain the services of professional computer forensic
specialists to support claims of harassment, abuse, or
wrongful termination from employment.

19
CONCLUSION
 With computers becoming more and more involved in
our everyday lives, both professionally and socially,
there is a need for computer forensics.
 This field will enable crucial electronic evidence to be

found, whether it was lost, deleted, damaged, or hidden,

and used to prosecute individuals that believe they have
successfully beaten the system.
THANK YOU

21