Embed Size (px)
Citation preview
COMPUTER
FORENSICS
Varun Sehgal
1208213037
Index Computer Forensics & it’s objective.Why Computer Forensics? History of Computer Forensics.Who uses computer forensics? Digital Evidences & it’s types. Computer Forensics Algorithm.What shouldn’t be done during Investigation? Computer Forensics Tools.Computer Forensics Applications. Advantages of Computer Forensics. Disadvantages of Computer Forensics. Conclusions.
What is Computer Forensics?“Computer Forensics is the process of identifying,preserving, analyzing and presenting the digitalevidence in such a manner that the evidences arelegally acceptable”.
Objective of Computer ForensicsThe main objective is to find the criminal which is
directly or indirectly related to cyber world. To find out the digital evidences. Presenting evidences in a manner that leads to
legal action of the criminal.
Why Computer Forensics? Employee internet abuse. Unauthorized disclosure of corporate information. Industrial espionage. Damage assessment. Criminal fraud and deception cases. Countless others!
History of Computer Forensics Bankruptcy in Enron in December 2001. Hundreds of employees were left jobless while some
executives seemed to benefit from the company'scollapse. The United States Congress decided to investigate and
a specialized detective force began to search throughhundreds of Enron employee computers using computerforensics.
WHO USES COMPUTER FORENSICS?
Criminal Prosecutors - Rely on evidence obtainedfrom a computer to prosecute suspects and use asevidence. Civil Litigations - Personal and business data
discovered on a computer can be used in fraud,harassment, or discrimination cases.
DIGITAL EVIDENCES“Any data that is recorded or preserved on anymedium in or by a computer system or other similardevice, that can be read or understand by a person ora computer system or other similar device”.
TYPE OF DIGITAL EVIDENCES PERSISTANT DATA- Data that remains unaffected
when the computer is turned off.Example- Hard Drives & storage media.
VOLATILE DATA- Data that would be lost if the computer is turned off. Example-Deleted files, computer history, the computer's registry, temporary files and web browsing history.
RULES FOR DIGITAL EVIDENCESAdmissible-Must be able to be used in court or
elsewhere.Authentic-Evidence must be relevant to the case.Complete-Must not lack any information.Reliable-No question about authenticity.Believable-Clear, easy to understand, and
believable by a jury.
Steps of Collection of Evidence Find the evidence; where is it stored. Find relevant data – recovery. Create order of volatility. Collect evidence – use tools. Good documentation of all the actions.
AlgorithmCross-Drive Analysis Algorithm
-> Correlates information found on multiple hard drives.-> Identify social networks & perform anomaly detection.-> Still being researched.
Live Analysis Algorithm-> Examine computers from within the operating system.-> Use custom forensics tools to extract various evidence.-> Useful when dealing with Encrypting File Systems.
Steps of Investigation in Live Analysis Acquisition: Physically or remotely obtainingpossession of the computer and external physicalstorage devices. Identification: This step involves identifyingwhat data could be recovered and electronicallyretrieving it by running various Computer Forensictools and software suites.
Contd. Evaluation: Evaluating the data recovered to
determine if and how it could be used again the suspectfor prosecution in court.
Presentation: Presentation of evidence discoveredin a manner which is understood by lawyers, non-technically staff/management, and suitable as evidenceas determined by laws.
What not to be done during investigation?
Avoid changing date/time stamps (of files for example)or changing data itself.Overwriting of unallocated space (which can
happen on re-boot for example).
Computer Forensics ToolsDisk imaging software. Hashing tools.File recovery programs. Encryption decoding software.Password cracking software.
COMPUTER FORENSICS APPLICATION
Financial fraud detection. Corporate security policy.Criminal prosecution.
SKILLLS REQUIRED FOR COMPUTERFORENSICS
Proper knowledge of computer.Strong computer science fundamentals.Strong system administrative skills.Knowledge of the latest forensic tools.
AdvantagesDigital Forensics help to protect from and solve cases
involving:Theft of intellectual property- This is related to any act
that allows access to customer data and any confidentialinformation.Financial Fraud- This is related to anything that uses
fraudulent purchase of victims information to conductfraudulent transactions.
Disadvantages Digital evidence accepted into court must
prove that there is no tampering.Costs- producing electronic records &
preserving them is extremely costly.Legal practitioners must have extensive
computer knowledge.
ConclusionThis field will enable crucial electronic evidence tobe found, whether it was lost, deleted, damaged, orhidden, and used to prosecute individuals thatbelieve they have successfully beaten the system.
Thank You
