Upload
isaiah-edem
View
111
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Computer Forensics In Fighting Crimes
Paul Umoren
OUTLINES
DEFINITION OF COMPUTER
FORENSICS
COOMPUTER FORENSICS TECHNIGUES
SCOPE OF COMPUTER FORENSIC
COMPUTER FORENSICS PROCESS
IMPORTANCE OF COMPUTER
FORENSICS
COMPUTER FORENSICS TOOLS
ITEMS USE FOR EXAMINATION
COMPUTER FORENSICS CASES
COMMON MISTAKES MADE
DURING A COMPUTER FORENSIC
ANALYSIS
CONCLUSION
QUESTIONS
REFERENCES
DEFINITION:
This is the discovery,
collection, and analysis of
evidence found on
computers and networks to
investigate and establish
faces in criminal or civil
courts.
COMPUTER FORENSICS
TECHNIQUES:
Cross-drive analysis: A forensic
technique that correlates information
found on multiple HDD
Live analysis: The practice is useful
when dealing with Encrypting File
System and recovery of RAM data when
the system was shutdown
Deleted files: This is a common
technique use in computer forensics to
recover deleted files
TECHNIQUES CONTNUE:
Analysis of chat logs: This involves the
Analysis of log files
Reviewing of trace nodes
SCOPE OF COMPUTER FORENSIC:
It focuses on computers and
networks for finding crimes evidence
for government, private business
and other sectors of organization.Computers: (examination of computer media, program, data & log files, Internet messaging conversation, internet chat, e-mail, etc)
SCOPE CONTINUES:Networks: (analysis of server contents, server and router log files, packet traffic and information obtain from Internet access providers.)
It is critical for Law enforcement as
an evidence gathering and criminal
investigation tool
COMPUTER FORENSICS PROCESS:
Acquisition/Preserve the media (The
original drives need be imaged,
make copies of original)
Extract evidence (this depends on
the type of investigation,the
specialist needs to determine what
kind of information on the computer
is pertinent to the case)
PROCESS CONTUNUES:
Analysis: (The most tasking part,
the information retrieve can be
incriminating or exculpatory.)
Reporting/Documentation:
(Configuration of the computer and
BIOS settings to every step taken
and pertinent evidence that is found
should be reported and documented)
WHY COMPUTER FORENSICS?
Computer forensics allows for the
general integrity of your network
infrastructure and ensures that your
organization’s private information
remains private.
Protection From employee abuse, as well
as protects your company from violating
government regulations such as those
rules regarding customer data privacy.
WHY COMPUTER FORENSICS?
CONTS.
CUT DOWN COST: (Working with
professionals who have both
technological and practical
understandings of computer forensics
and electronic discovery can also cut
costs for your company)
ANTITERRORISM :It is important as an
antiterrorism tool for both criminal
persecution and intelligent gathering.
COMPUTER FORENSICS TOOLS:The Forensics Recovery of Digital Evidence
Guidance Software’s EnCase
Ultimate Toolkit
The FireChief hardware
A portable Tableau write blocker attached to a Hard Drive
SOME ITEMS USE FOR EXAMINATION:
COMPUTER FORENSICS CASES :
Soham murders
The alibi of the killer was disproved when
mobile phone records of the person he
claimed to be with showed she was out of
town at the time.
BTK Killer(Dennis Rader was convicted
of a string of serial killings that occurred
over a period of sixteen years)
Joseph E. Duncan III (
Forensic investigators found a
spreadsheet in which Duncan was
planning his murders; this helped prove
he was planning the crimes.)
Sharon Lopatka(After going through
hundreds of emails, investigators were
able to find her killer, Robert Glass.)
Dr. Conrad Murray (Michael Jackson’s
doctor was convicted partially by digital
evidence on his computer. This evidence
included medical documentation showing
lethal amounts of propofol.)
COMPUTER FORENSICS CASES
CONTS. :
Joseph E. Duncan III (
Forensic investigators found a
spreadsheet in which Duncan was
planning his murders; this helped prove
he was planning the crimes.)
Sharon Lopatka (After going through
hundreds of emails, investigators were
able to find her killer, Robert Glass.)
COMPUTER FORENSICS CASES
CONTS. :
Dr. Conrad Murray (Michael
Jackson’s doctor was convicted
partially by digital evidence on
his computer. This evidence
included medical documentation
showing lethal amounts of
propofol.)
COMMON MISTAKES MADE DURING A
COMPUTER FORENSIC ANALYSIS:
Using the internal IT staff to
conduct a computer forensics
investigation
Waiting until the last minute to
perform a computer forensics exam
Too narrowly limiting the scope of
computer forensics
COMMON MISTAKES CONTINUES:
Not being prepared to
preserve electronic evidence
Not selecting a qualified
computer forensics team
COMPUTER FORENSIC
CERTIFICATIONS:
ISFCE Certified Computer Examine
IACRB Certified Computer Forensics Exa
mine
IACIS offers the
Certified Computer Forensic Examiner
(CFCE) program.
Asian School of Cyber Laws offers
international level certifications in
Digital Evidence Analysis and in
Digital Forensic Investigation
CONCLUSION:
Though this area is a bit new to
some people in computing, but it is
very important to battle cybercrimes
in the society which is difficult to
handle in the real world scenarios.
Large companies should be able to
train some of their IT staff in
computer forensics which could
become asset to the company.
QUESTIONS:
REFERENCES:Michael G. Noblett; Mark M. Pollitt, Lawrence A. Presley
(October 2000).
"Recovering and examining computer forensic evidence
”
Leigland, R (September 2004).
"A Formalization of Digital Forensics".
A Yasinsac; RF Erbacher, DG Marks, MM Pollitt (2003).
"Computer forensics education". IEEE Security &
Privacy. CiteSeerX: 10.1.1.1.9510.
www.google.com
Wikipedia, the free encyclopedia.htm
Shelly, Cashman Vermaat (2006);Discovery Computers
A Gateway To Information