akcomputerforensics 130222081008-phpapp02-140809110602-phpapp02

Click here to load reader

Post on 30-Jul-2015




0 download

Embed Size (px)


1. BY:-Anil KumarCSE Year0903CS1210171 2. CONTENTS:-Defining Computer ForensicsCharacteristicsNeedsHistoryGoalCyber Crime & EvidenceRules Of Handling EvidenceTop 10 Location For EvidenceComputer Forensics MethodologyApplications of Computer ForensicsWho Uses Computer ForensicsSkills Requirements for Computer Forensics 2 3. What is Computer Forensics? Forensic computing is the process of identifying,preserving, analyzing and presenting digital evidence in amanner that is legally acceptable.(Rodney Mckemmish1999). Evidence might be required for a wide range of computercrimes and misuses. Information collected assists in arrests, prosecution,termination of employment, and preventing future illegalactivity3 4. CHARECTERISTICS OFCOMPUTER FORENSICS IDENTIFYING PRESERVING ANALYZING PRESENTING4 5. NEEDS OF COMPUTER FORENSICSoTo produce evidence in the court that canlead to the punishment of the actual.oTo ensure the integrity of the computersystem.oTo focus on the response to hi-techoffenses, started to intertwine.5 6. HISTORY OF COMPUTER FORENSICSo Began to evolve more than 30 years ago in US when lawenforcement and military investigators started seeingcriminals get technical.o Over the next decades, and up to today, the field hasexploded. Law enforcement and the military continue tohave a large presence in the information security andcomputer forensic field at the local, state and federallevel.o Now a days, Software companies continue to producenewer and more robust forensic software programs. Andlaw enforcement and the military continue to identifyand train more and more of their personnel in theresponse to crimes involving technology. 6 7. GOAL OF COMPUTER FORENSICS The main goal of computer forensicexperts is not only to find the criminal butalso to find out the evidence and thepresentation of the evidence in a mannerthat leads to legal action of the criminal.7 8. CYBER CRIME & EVIDENCE CYBER CRIME Cyber crime occurs when informationtechnology is used to commit or conceal anoffence.8 9. TYPES OF CYBER CRIMEo Forgeryo Breech of Computer Securityo Fraud/Thefto Copyright Violationso Identity Thefto Threatso Burglaryo Homicideo Administrative Investigationso Cyber Terrorismo Sales and Investment Fraudo Electronic Fund Transfer Fraud 9 10. 10 11. Cybercrime: Top 20 Countries11 12. Evidence An item does not become officially a piece of evidenceuntil a court admits it. Much of forensics practice concerns how to collect,preserve and analyze these items without compromisingtheir potential to be admitted as evidence in a court oflaw.12 13. DIGITAL EVIDENCE Any data that is recorded or preserved on any mediumin or by a computer system or other similar device, thatcan be read or understand by a person or a computersystem or other similar device. It includes a display, printout or other output of that data.13 14. TYPES OF DIGITAL EVIDENCE1) PERSISTANT DATAMeaning data that remains intact when thecomputer is turned off. E.g. hard drives, disk drives andremovable storage devices (such as USB drives or flashdrives).2) VOLATILE DATA,Meaning data that would be lost if the computer isturned off. E.g. deleted files, computer history, thecomputer's registry, temporary files and web browsinghistory. 14 15. 5 RULES OF EVIDENCES1) Admissible Must be able to be used in court or elsewhere.2) Authentic Evidence relates to incident in relevant way.3) Complete (no tunnel vision) Exculpatory evidence for alternative suspects.4) Reliable No question about authenticity & veracity.5) Believable Clear, easy to understand, and believable by a jury.15 16. TOP 10 LOCATION FOR EVIDENCE1) Internet History Files2) Temporary Internet Files3) Slack/Unallocated Space4) Buddy lists, personal chat room records, others savedareas5) News groups/club lists/posting6) Settings, folder structure, file names7) File Storage Dates8) Software/Hardware added9) File Sharing ability10) E-mails16 17. COMPUTER FORENSICS METHODOLOGY1) Shut Down the Computer2) Document the Hardware Configuration ofThe System3) Transport the Computer System to A SecureLocation4) Make Bit Stream Backups of Hard Disks andFloppy Disks5) Mathematically Verify Data on All StorageDevices6) Document the System Date and Time7) Make a List of Key Search Words 17 18. CONT8) Evaluate the Windows Swap File9) Evaluate File Slack10) Evaluate Unallocated Space (Erased Files)11) Search Files, File Slack and UnallocatedSpace for Key Words12) Document File Names, Dates and Times13) Identify File, Program and StorageAnomalies14) Evaluate Program Functionality15) Document Your Findings18 19. APPLICATIONS :- FINANCIAL FRAUD DETECTION CRIMINAL PROSECUTION CIVIL LITIGATION CORPORATE SECURITY POLICY AND VIOLATIONS19 20. Who Uses Computer Forensics?Criminal ProsecutorsRely on evidence obtained from a computer toprosecute suspects and use as evidence.Civil LitigationsPersonal and business data discovered on a computercan be used in fraud, harassment, or discriminationcases.Private CorporationsObtained evidence from employee computers can beused as evidence in harassment, fraud, andembezzlement cases. 20 21. Who Uses Computer Forensics? (cont..)Law Enforcement OfficialsRely on computer forensics to backup search warrantsand post-seizure handling.Individual/Private CitizensObtain the services of professional computer forensicspecialists to support claims of harassment, abuse, orwrongful termination from employment.21 22. Skills Required ForComputer Forensics Applicationo Programming or computer-related experienceo Broad understanding of operating systems andapplicationso Strong analytical skillso Strong computer science fundamentalso Strong system administrative skillso Knowledge of the latest intruder toolso Knowledge of cryptography and steganographyo Strong understanding of the rules of evidence andevidence handlingo Ability to be an expert witness in a court of law22 23. `23