23
Computer Forensics In Fighting Crimes Paul Umoren

Computer Forensics in Fighting Crimes

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Computer Forensics in Fighting Crimes

Computer Forensics In Fighting Crimes

Paul Umoren

Page 2: Computer Forensics in Fighting Crimes

OUTLINES

DEFINITION OF COMPUTER

FORENSICS

COOMPUTER FORENSICS TECHNIGUES

SCOPE OF COMPUTER FORENSIC

COMPUTER FORENSICS PROCESS

IMPORTANCE OF COMPUTER

FORENSICS

COMPUTER FORENSICS TOOLS

Page 3: Computer Forensics in Fighting Crimes

ITEMS USE FOR EXAMINATION

COMPUTER FORENSICS CASES

COMMON MISTAKES MADE

DURING A COMPUTER FORENSIC

ANALYSIS

CONCLUSION

QUESTIONS

REFERENCES

Page 4: Computer Forensics in Fighting Crimes

DEFINITION:

This is the discovery,

collection, and analysis of

evidence found on

computers and networks to

investigate and establish

faces in criminal or civil

courts.

Page 5: Computer Forensics in Fighting Crimes

COMPUTER FORENSICS

TECHNIQUES:

Cross-drive analysis: A forensic

technique that correlates information

found on multiple HDD

Live analysis: The practice is useful

when dealing with Encrypting File

System and recovery of RAM data when

the system was shutdown

Deleted files: This is a common

technique use in computer forensics to

recover deleted files

Page 6: Computer Forensics in Fighting Crimes

TECHNIQUES CONTNUE:

Analysis of chat logs: This involves the

Analysis of log files

Reviewing of trace nodes

Page 7: Computer Forensics in Fighting Crimes

SCOPE OF COMPUTER FORENSIC:

It focuses on computers and

networks for finding crimes evidence

for government, private business

and other sectors of organization.Computers: (examination of computer media, program, data & log files, Internet messaging conversation, internet chat, e-mail, etc)

Page 8: Computer Forensics in Fighting Crimes

SCOPE CONTINUES:Networks: (analysis of server contents, server and router log files, packet traffic and information obtain from Internet access providers.)

It is critical for Law enforcement as

an evidence gathering and criminal

investigation tool

Page 9: Computer Forensics in Fighting Crimes

COMPUTER FORENSICS PROCESS:

Acquisition/Preserve the media (The

original drives need be imaged,

make copies of original)

Extract evidence (this depends on

the type of investigation,the

specialist needs to determine what

kind of information on the computer

is pertinent to the case)

Page 10: Computer Forensics in Fighting Crimes

PROCESS CONTUNUES:

Analysis: (The most tasking part,

the information retrieve can be

incriminating or exculpatory.)

Reporting/Documentation:

(Configuration of the computer and

BIOS settings to every step taken

and pertinent evidence that is found

should be reported and documented)

Page 11: Computer Forensics in Fighting Crimes

WHY COMPUTER FORENSICS?

Computer forensics allows for the

general integrity of your network

infrastructure and ensures that your

organization’s private information

remains private.

Protection From employee abuse, as well

as protects your company from violating

government regulations such as those

rules regarding customer data privacy.

Page 12: Computer Forensics in Fighting Crimes

WHY COMPUTER FORENSICS?

CONTS.

CUT DOWN COST: (Working with

professionals who have both

technological and practical

understandings of computer forensics

and electronic discovery can also cut

costs for your company)

ANTITERRORISM :It is important as an

antiterrorism tool for both criminal

persecution and intelligent gathering.

Page 13: Computer Forensics in Fighting Crimes

COMPUTER FORENSICS TOOLS:The Forensics Recovery of Digital Evidence

Guidance Software’s EnCase

Ultimate Toolkit

The FireChief hardware

A portable Tableau write blocker attached to a Hard Drive

Page 14: Computer Forensics in Fighting Crimes

SOME ITEMS USE FOR EXAMINATION:

Page 15: Computer Forensics in Fighting Crimes

COMPUTER FORENSICS CASES :

Soham murders

The alibi of the killer was disproved when

mobile phone records of the person he

claimed to be with showed she was out of

town at the time.

BTK Killer(Dennis Rader was convicted

of a string of serial killings that occurred

over a period of sixteen years)

Joseph E. Duncan III (

Forensic investigators found a

spreadsheet in which Duncan was

planning his murders; this helped prove

he was planning the crimes.)

Sharon Lopatka(After going through

hundreds of emails, investigators were

able to find her killer, Robert Glass.)

Dr. Conrad Murray (Michael Jackson’s

doctor was convicted partially by digital

evidence on his computer. This evidence

included medical documentation showing

lethal amounts of propofol.)

Page 16: Computer Forensics in Fighting Crimes

COMPUTER FORENSICS CASES

CONTS. :

Joseph E. Duncan III (

Forensic investigators found a

spreadsheet in which Duncan was

planning his murders; this helped prove

he was planning the crimes.)

Sharon Lopatka (After going through

hundreds of emails, investigators were

able to find her killer, Robert Glass.)

Page 17: Computer Forensics in Fighting Crimes

COMPUTER FORENSICS CASES

CONTS. :

Dr. Conrad Murray (Michael

Jackson’s doctor was convicted

partially by digital evidence on

his computer. This evidence

included medical documentation

showing lethal amounts of

propofol.)

Page 18: Computer Forensics in Fighting Crimes

COMMON MISTAKES MADE DURING A

COMPUTER FORENSIC ANALYSIS:

Using the internal IT staff to

conduct a computer forensics

investigation

Waiting until the last minute to

perform a computer forensics exam

Too narrowly limiting the scope of

computer forensics

Page 19: Computer Forensics in Fighting Crimes

COMMON MISTAKES CONTINUES:

Not being prepared to

preserve electronic evidence

Not selecting a qualified

computer forensics team

Page 21: Computer Forensics in Fighting Crimes

CONCLUSION:

Though this area is a bit new to

some people in computing, but it is

very important to battle cybercrimes

in the society which is difficult to

handle in the real world scenarios.

Large companies should be able to

train some of their IT staff in

computer forensics which could

become asset to the company.

Page 22: Computer Forensics in Fighting Crimes

QUESTIONS:

Page 23: Computer Forensics in Fighting Crimes

REFERENCES:Michael G. Noblett; Mark M. Pollitt, Lawrence A. Presley

(October 2000).

"Recovering and examining computer forensic evidence

Leigland, R (September 2004).

"A Formalization of Digital Forensics".

A Yasinsac; RF Erbacher, DG Marks, MM Pollitt (2003).

"Computer forensics education". IEEE Security &

Privacy. CiteSeerX: 10.1.1.1.9510.

www.google.com

Wikipedia, the free encyclopedia.htm

Shelly, Cashman Vermaat (2006);Discovery Computers

A Gateway To Information