SlideShare uma empresa Scribd logo

Computer Forensics.pptx

Transferir como PPTX, PDF
H
Happyness Mkumbo

Computer Forensics

Negócios
1 de 36
Class Presentation Course: ICSE 7101- Cyber Security Topic: Forensics Student: Happiness Lenard
COMPUTER/DIGITAL FORENSICS 2
Objectives 1. To introduce learners with the understanding of Computer Forensics Concepts 2. Understand key goal of Computer/Cyber Forensic 3. Acquire an understanding of Cardinal rules of Computer forensics 4. Understand the digital evidence. 5. Understand Digital forensics processes 6. Study how cyber forensics is used in cybercrime investigations 7. Understand and use Investigation tools in Cyber forensic
Learning Outcomes At the end of the course the learner should be able to: 1. Computer Forensics Concepts 2. Understand key goals of Computer Forensics 3. Understand of Cardinal rules of Computer forensics 4. Comprehend the digital evidence mean with the base term Forensics science 5. Understand how cyber forensics is used in cybercrime investigations. 6. Appreciate and apply different Investigation tools in Cyber forensics.
Outlines 1. Introduction 2. Rationale of Computer Forensics 3. The key role of the investigator 4. Cyber crime vs Digital Evidence 5. Chain of Custody 6. Computer Forensics Processes 7. Computer Forensics tools 8. Challenges
Introduction(1/2) • Forensics science is very old compared to Computer forensics, since it was discovered over 100 years passed on the fingerprint record. • This is the science, that involves scientific tests and techniques used in connection with the detection of crime. • Refer to scientific techniques used to explore wrong doings collect, preserve, and analyze scientific evidence during the course of an investigation
Introduction(2/2) • Different Categories of Forensic Science are:- • Forensic Accounting / Auditing • Computer /Digital/Cyber Forensics • Forensic Archaeology • Forensic Dentistry • Forensic Entomology • Forensic Graphology • Forensic Pathology • Forensic Psychology • Forensic Toxicology etc
Computer Forensics(1/2) • Computer forensics is a field of technology that uses investigative techniques to identify and store evidence from a computer device, that is admissible in the court of law. • Digital Forensic Research Workshop has defined digital forensics as “The use of scientifically derived and proven methods toward the preservation, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.”
Computer Forensics(2/2) • Computer Forensics, Digital Forensics and Cyber Forensics are terms that are used interchangeably.
Rationale for Computer Forensics • With the digital revolution, the increase in digital crimes is inevitable. • People who use electronic devices leave behind different footprints, traces and markings. These virtual or digital traces could be file fragments, activity logs, timestamps, metadata and so on • Computer Forensics is needed in:- oIdentifying the cause and possible intent of a cyber attack
Rationale for Computer Forensics oSafeguarding digital evidence used in the attack before it becomes obsolete oIncreasing security hygiene, retracing hacker steps, and finding hacker tools oSearching for data access/exfiltration oIdentifying the duration of unauthorized access on the network oGeolocating the logins and mapping them
Cybercrime(1/4) • Cybercrime is criminal activity done using computers and the Internet. It encompasses any criminal act dealing with computers and networks. • It also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing, Internet fraud, identity theft, credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet.
Cybercrime(2/4) • It includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts etc. • Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet.
Cybercrime(3/4) • The first noted computer crime happened in 1969 and 1970 when scholars burned computers at different universities. At the same period people were discovering techniques for gaining unauthorized access to large –time shared computers. • Therefore at this time it was the time where intrusion and fraud committed with the aid of computer were first to be extensively known as a new type of crime.
Cybercrime(4/4) Examples of Cyber Crime cases Investigated in Tanzania • Cyber Crimes Incidents in Financial Institutions of Tanzania available at https://www.researchgate.net/publication/275154064_Cyber_Crim es_Incidents_in_Financial_Institutions_of_Tanzania • Cybercrime and Criminal Investigation: challenges .Within The Tanzania Police Force Forensic Laboratory: available at http://scholar.mzumbe.ac.tz/bitstream/handle/11192.1/2405/MPA_JO HN%20MAYUNGA_2013.pdf?sequence=1
Digital Evidence(1/4) • Digital evidence is defined as “any information of probative (proof) value that is either stored or transmitted in a digital form”. • It includes files stored on computer hard drive, digital video, digital audio, network packets transmitted over local area network, etc • Depending on what facts the digital evidence is supposed to prove, it can fall into different classes of evidence.
Digital Evidence(2/4) • Digital images or software presented in court to prove the fact of possession are real evidence. • E-mail messages presented as proof of their content are documentary evidence. • Log files, file time stamps, all sorts of system information used to reconstruct sequence of events are circumstantial evidence. • Digital documents notarized using digital signature may fall into testimony category.
Digital Evidence(3/4) There are list of frameworks involved in essentially recognizing a piece of digital evidence:- • Physical context: it is required to be recognizable in its physical form, that is it should reside on a specific piece of media. • Logical context: It must be discoverable as to its logical position, that is where does it reside relative to the file system • Legal context The evidence is require to be in the correct context to read its meaning. This requires to look at the machine language.eg American Standard code for Information Interchange.(ASCII)
Digital Evidence(4/4) Understanding the digital path of the evidence Source: Bajaj, K.( 2014) “ Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal Perspectives ”
The Chain of Custody (1) • Chain of custody refer the sequential(in order)documentation path that shows the appropriation, trusteeship, control, transfer, investigation and nature of evidence ,physical or electronic. • Generally the idea of the chain of custody is to ensure that the evidence is not altered/damaged. • The chain of custody wants that from the time the evidence is gathered, every transfer of the evidence from one person to another person need to be recorded as it helps to provide the truth that no anyone has accessed the evidence
The Chain of Custody (2) • It is encouraged to keep the number of evidences transfer as small as possible. • In larger views evidence comprises everything that is used to demonstrate or shows the truth of a claim. • The main reason of documenting the chain of custody is to establish that the supposed evidence is, truly, connected to the supposed crime. • The aim is to establish the Integrity of the evidence.
Computer Forensics Process(1) Source: Bajaj, K., 2014” . Cyber Security: Understanding Cyber Crimes, Computer Forensics And Legal Perspectives ” Computer Forensic Life Cycle
In summary, the digital forensics process involves the following steps:- 1. Identification It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format). Electronic storage media can be personal computers, Mobile phones, PDAs, etc. 2. Preservation In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with. Computer Forensics Process(2)
Computer Forensics Process(3) 3. Analysis In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory. 4. Documentation In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping. .
Computer Forensics Process(4) 5. Presentation In this last step, the process of summarization and explanation of conclusions is done. However, it should be written in a layperson’s terms using abstracted terminologies. All abstracted terminologies should reference the specific details
Computer Forensic Tools • There are Commercial and Open Source Tools. • The National Institute of Standards and Technology (NIST) has developed a Computer Forensics Tool Testing (CFTT) program that tests digital forensic tools and makes all findings available to the public. • More information on testing tools can be found via https://www.dhs.gov/science-and-technology/nist-cftt-reports.
Open Source Tools The Kali Linux • Kali Linux is a Certified EC-Council Instructor (CEI) for the Certified Ethical Hacker (CEH) software for the above mentioned professional courses. • This operating system is usually the star of the class due to its many impressive. Pushed security programs, ranging from scanning and reconnaissance tools to advanced exploitation tools and reporting tools. • Kali Linux can be used as a live-response forensic tool as it contains many of the tools required for full investigations.
Open Source Tools(1) Source: (Parasram,2020) Digital Forensics with kali Linux Kali Linux live view mode for forensics in bootable DVD or Flash drive
Open Source Tools(2) Screenshot showing computer forensic tools available in Kali Linux
Commercial forensics tools(1) 1. Belkasoft Evidence Center (EC) 2020 • Belkasoft EC is an automated incident response and forensic tool that is capable of analyzing acquired images of memory dumps, virtual machines, and cloud and mobile backups, as well as physical and logical drives. • The tool is also capable of recovering, and analyzing information from: Office documents, Browser activity and information, Email and Social media activity, Mobile applications, Messenger applications (WhatsApp, Facebook Messenger, and even BlackBerry Messenger) Website: https://belkasoft.com/ or https://belkasoft.com/get
Commercial forensics tools(2) 2. AccessData Forensic Toolkit (FTK) • This tool is used worldwide by professionally by forensic investigators and law enforcement agencies worldwide to accomplish the following: • Indexing of data, to allow faster and easier searching and analysis, Password cracking and file decryption, Automated analysis, Ability to perform customized data carving, Advanced data recovery • Website: https://accessdata.com/product- download/forensic-toolkit-ftk-internationalversion-7-0-0
Commercial forensics tools(3) 3. EnCase Forensic • This tool is used internationally by professionals and law enforcement agencies for almost two decades. • EnCase gives solution on incident response, e-discovery, and endpoint and mobile forensics.Below are the output provided: Website: https://www.guidancesoftware.com/encase- forensic
Challenges in computer Forensics(1) • Anonymity of digital information Digital information generated, stored, and transmitted between computing devices does not bear any physical imprints connecting it to the individual who caused its generation. Unless the information is a recording from external sensors capable of perceiving individualizing characteristics (e.g. speech recording, video, or photographs) or was generated using some secret known to a single person (e.g. digital signature) there is nothing intrinsic linking digits to a person.
Computer forensics challenges (2) Danger of damaged information • Like many other types of evidential material, digital information stored on magnetic and optical media can be damaged by a variety of causes. Dampness, strong magnetic fields, ultraviolet radiation, and incompetent use of storage devices and examination tools are some of the possibilities. • A single bit change may cause dramatic change in its interpretation.. • To minimise the impact of this problem, typical storage devices use checksumming and similar means allowing them to reasonably reliably detect accidental information damage.
Other Challenges • The increase of PC’s and extensive use of internet access • Easy availability of hacking tools • Lack of physical evidence makes prosecution difficult. • The large amount of storage space into Terabytes that makes this investigation job difficult. • Any technological changes require an upgrade or changes to solutions.
Bibliography • Bajaj, K. (2014). Cyber Security: Understanding Cyber Crimes, Computer Forensics And Legal Perspectives (2 ed.). Hoboken: John Wiley &Sons Asia Pte L.t.d. • Britz, M. T. (2016). Computer Forensics and Cyber Crime and Introduction (2 ed.). Repro: Repro Knowledge Cast L.t.d. • Mark Merkow, J. B. (2016). Information Security Principles and Practices (2 ed.). Repro: Ripro knowledge cast L.t.d. • Pande, J. (2017). Introduction to Cybersecurity (1 ed.). Haldwani: Uttarakhand Open University. • Parasram, S. V. (2020). Digital Forensics with Kali Linux . Birmingham-Mumbai: Packt Publishing . • https://online.norwich.edu/academic-programs/resources/5-steps-for- conducting-computer-forensics-investigations(Improve it)

Recomendados

Computer forensic
Computer forensicComputer forensic
Computer forensic
bhavithd
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Neilg42
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
Marco Alamanni
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
Avinash Mavuru
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
Varun Sehgal
 

Recomendados

Computer forensic
Computer forensicComputer forensic
Computer forensic
bhavithd
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Neilg42
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
Marco Alamanni
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
Avinash Mavuru
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
Varun Sehgal
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Tawhidur Rahman
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
RoshiniVijayakumar1
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Roberto Ellis
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
Bhupeshkumar Nanhe
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
Anyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Mithileysh Sathiyanarayanan
 
Challenges in Cloud Forensics
Challenges in Cloud ForensicsChallenges in Cloud Forensics
Challenges in Cloud Forensics
Gayan Weerarathna
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
n|u - The Open Security Community
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
Prof. (Dr.) Tabrez Ahmad
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
 
Incident response process
Incident response processIncident response process
Incident response process
Bhupeshkumar Nanhe
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber Crime
Applied Forensic Research Sciences
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
Parsons Corporation
 
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptx
VaishnaviBorse8
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
Editor IJCTER
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Challenges in Cloud Forensics
Challenges in Cloud ForensicsChallenges in Cloud Forensics
Challenges in Cloud Forensics
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Incident response process
Incident response processIncident response process
Incident response process
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber Crime
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 

Semelhante a Computer Forensics.pptx

Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics Investigation
Universitas Pembangunan Panca Budi
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Security Experts
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
Kolluru N Rao
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation Model
CSCJournals
 

Semelhante a Computer Forensics.pptx (20)

Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptx
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics Investigation
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptx
 
Scope of Cyber forensics
Scope of Cyber forensicsScope of Cyber forensics
Scope of Cyber forensics
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
 
Anti-Forensic Techniques and Its Impact on Digital Forensic
Anti-Forensic Techniques and Its Impact on Digital ForensicAnti-Forensic Techniques and Its Impact on Digital Forensic
Anti-Forensic Techniques and Its Impact on Digital Forensic
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation Model
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 

Último

Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
ZurliaSoop
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
gargpaaro
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 

Último (20)

Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 

Computer Forensics.pptx

  • 1. Class Presentation Course: ICSE 7101- Cyber Security Topic: Forensics Student: Happiness Lenard
  • 3. Objectives 1. To introduce learners with the understanding of Computer Forensics Concepts 2. Understand key goal of Computer/Cyber Forensic 3. Acquire an understanding of Cardinal rules of Computer forensics 4. Understand the digital evidence. 5. Understand Digital forensics processes 6. Study how cyber forensics is used in cybercrime investigations 7. Understand and use Investigation tools in Cyber forensic
  • 4. Learning Outcomes At the end of the course the learner should be able to: 1. Computer Forensics Concepts 2. Understand key goals of Computer Forensics 3. Understand of Cardinal rules of Computer forensics 4. Comprehend the digital evidence mean with the base term Forensics science 5. Understand how cyber forensics is used in cybercrime investigations. 6. Appreciate and apply different Investigation tools in Cyber forensics.
  • 5. Outlines 1. Introduction 2. Rationale of Computer Forensics 3. The key role of the investigator 4. Cyber crime vs Digital Evidence 5. Chain of Custody 6. Computer Forensics Processes 7. Computer Forensics tools 8. Challenges
  • 6. Introduction(1/2) • Forensics science is very old compared to Computer forensics, since it was discovered over 100 years passed on the fingerprint record. • This is the science, that involves scientific tests and techniques used in connection with the detection of crime. • Refer to scientific techniques used to explore wrong doings collect, preserve, and analyze scientific evidence during the course of an investigation
  • 7. Introduction(2/2) • Different Categories of Forensic Science are:- • Forensic Accounting / Auditing • Computer /Digital/Cyber Forensics • Forensic Archaeology • Forensic Dentistry • Forensic Entomology • Forensic Graphology • Forensic Pathology • Forensic Psychology • Forensic Toxicology etc
  • 8. Computer Forensics(1/2) • Computer forensics is a field of technology that uses investigative techniques to identify and store evidence from a computer device, that is admissible in the court of law. • Digital Forensic Research Workshop has defined digital forensics as “The use of scientifically derived and proven methods toward the preservation, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.”
  • 9. Computer Forensics(2/2) • Computer Forensics, Digital Forensics and Cyber Forensics are terms that are used interchangeably.
  • 10. Rationale for Computer Forensics • With the digital revolution, the increase in digital crimes is inevitable. • People who use electronic devices leave behind different footprints, traces and markings. These virtual or digital traces could be file fragments, activity logs, timestamps, metadata and so on • Computer Forensics is needed in:- oIdentifying the cause and possible intent of a cyber attack
  • 11. Rationale for Computer Forensics oSafeguarding digital evidence used in the attack before it becomes obsolete oIncreasing security hygiene, retracing hacker steps, and finding hacker tools oSearching for data access/exfiltration oIdentifying the duration of unauthorized access on the network oGeolocating the logins and mapping them
  • 12. Cybercrime(1/4) • Cybercrime is criminal activity done using computers and the Internet. It encompasses any criminal act dealing with computers and networks. • It also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing, Internet fraud, identity theft, credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet.
  • 13. Cybercrime(2/4) • It includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts etc. • Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet.
  • 14. Cybercrime(3/4) • The first noted computer crime happened in 1969 and 1970 when scholars burned computers at different universities. At the same period people were discovering techniques for gaining unauthorized access to large –time shared computers. • Therefore at this time it was the time where intrusion and fraud committed with the aid of computer were first to be extensively known as a new type of crime.
  • 15. Cybercrime(4/4) Examples of Cyber Crime cases Investigated in Tanzania • Cyber Crimes Incidents in Financial Institutions of Tanzania available at https://www.researchgate.net/publication/275154064_Cyber_Crim es_Incidents_in_Financial_Institutions_of_Tanzania • Cybercrime and Criminal Investigation: challenges .Within The Tanzania Police Force Forensic Laboratory: available at http://scholar.mzumbe.ac.tz/bitstream/handle/11192.1/2405/MPA_JO HN%20MAYUNGA_2013.pdf?sequence=1
  • 16. Digital Evidence(1/4) • Digital evidence is defined as “any information of probative (proof) value that is either stored or transmitted in a digital form”. • It includes files stored on computer hard drive, digital video, digital audio, network packets transmitted over local area network, etc • Depending on what facts the digital evidence is supposed to prove, it can fall into different classes of evidence.
  • 17. Digital Evidence(2/4) • Digital images or software presented in court to prove the fact of possession are real evidence. • E-mail messages presented as proof of their content are documentary evidence. • Log files, file time stamps, all sorts of system information used to reconstruct sequence of events are circumstantial evidence. • Digital documents notarized using digital signature may fall into testimony category.
  • 18. Digital Evidence(3/4) There are list of frameworks involved in essentially recognizing a piece of digital evidence:- • Physical context: it is required to be recognizable in its physical form, that is it should reside on a specific piece of media. • Logical context: It must be discoverable as to its logical position, that is where does it reside relative to the file system • Legal context The evidence is require to be in the correct context to read its meaning. This requires to look at the machine language.eg American Standard code for Information Interchange.(ASCII)
  • 19. Digital Evidence(4/4) Understanding the digital path of the evidence Source: Bajaj, K.( 2014) “ Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal Perspectives ”
  • 20. The Chain of Custody (1) • Chain of custody refer the sequential(in order)documentation path that shows the appropriation, trusteeship, control, transfer, investigation and nature of evidence ,physical or electronic. • Generally the idea of the chain of custody is to ensure that the evidence is not altered/damaged. • The chain of custody wants that from the time the evidence is gathered, every transfer of the evidence from one person to another person need to be recorded as it helps to provide the truth that no anyone has accessed the evidence
  • 21. The Chain of Custody (2) • It is encouraged to keep the number of evidences transfer as small as possible. • In larger views evidence comprises everything that is used to demonstrate or shows the truth of a claim. • The main reason of documenting the chain of custody is to establish that the supposed evidence is, truly, connected to the supposed crime. • The aim is to establish the Integrity of the evidence.
  • 22. Computer Forensics Process(1) Source: Bajaj, K., 2014” . Cyber Security: Understanding Cyber Crimes, Computer Forensics And Legal Perspectives ” Computer Forensic Life Cycle
  • 23. In summary, the digital forensics process involves the following steps:- 1. Identification It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format). Electronic storage media can be personal computers, Mobile phones, PDAs, etc. 2. Preservation In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with. Computer Forensics Process(2)
  • 24. Computer Forensics Process(3) 3. Analysis In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory. 4. Documentation In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping. .
  • 25. Computer Forensics Process(4) 5. Presentation In this last step, the process of summarization and explanation of conclusions is done. However, it should be written in a layperson’s terms using abstracted terminologies. All abstracted terminologies should reference the specific details
  • 26. Computer Forensic Tools • There are Commercial and Open Source Tools. • The National Institute of Standards and Technology (NIST) has developed a Computer Forensics Tool Testing (CFTT) program that tests digital forensic tools and makes all findings available to the public. • More information on testing tools can be found via https://www.dhs.gov/science-and-technology/nist-cftt-reports.
  • 27. Open Source Tools The Kali Linux • Kali Linux is a Certified EC-Council Instructor (CEI) for the Certified Ethical Hacker (CEH) software for the above mentioned professional courses. • This operating system is usually the star of the class due to its many impressive. Pushed security programs, ranging from scanning and reconnaissance tools to advanced exploitation tools and reporting tools. • Kali Linux can be used as a live-response forensic tool as it contains many of the tools required for full investigations.
  • 28. Open Source Tools(1) Source: (Parasram,2020) Digital Forensics with kali Linux Kali Linux live view mode for forensics in bootable DVD or Flash drive
  • 29. Open Source Tools(2) Screenshot showing computer forensic tools available in Kali Linux
  • 30. Commercial forensics tools(1) 1. Belkasoft Evidence Center (EC) 2020 • Belkasoft EC is an automated incident response and forensic tool that is capable of analyzing acquired images of memory dumps, virtual machines, and cloud and mobile backups, as well as physical and logical drives. • The tool is also capable of recovering, and analyzing information from: Office documents, Browser activity and information, Email and Social media activity, Mobile applications, Messenger applications (WhatsApp, Facebook Messenger, and even BlackBerry Messenger) Website: https://belkasoft.com/ or https://belkasoft.com/get
  • 31. Commercial forensics tools(2) 2. AccessData Forensic Toolkit (FTK) • This tool is used worldwide by professionally by forensic investigators and law enforcement agencies worldwide to accomplish the following: • Indexing of data, to allow faster and easier searching and analysis, Password cracking and file decryption, Automated analysis, Ability to perform customized data carving, Advanced data recovery • Website: https://accessdata.com/product- download/forensic-toolkit-ftk-internationalversion-7-0-0
  • 32. Commercial forensics tools(3) 3. EnCase Forensic • This tool is used internationally by professionals and law enforcement agencies for almost two decades. • EnCase gives solution on incident response, e-discovery, and endpoint and mobile forensics.Below are the output provided: Website: https://www.guidancesoftware.com/encase- forensic
  • 33. Challenges in computer Forensics(1) • Anonymity of digital information Digital information generated, stored, and transmitted between computing devices does not bear any physical imprints connecting it to the individual who caused its generation. Unless the information is a recording from external sensors capable of perceiving individualizing characteristics (e.g. speech recording, video, or photographs) or was generated using some secret known to a single person (e.g. digital signature) there is nothing intrinsic linking digits to a person.
  • 34. Computer forensics challenges (2) Danger of damaged information • Like many other types of evidential material, digital information stored on magnetic and optical media can be damaged by a variety of causes. Dampness, strong magnetic fields, ultraviolet radiation, and incompetent use of storage devices and examination tools are some of the possibilities. • A single bit change may cause dramatic change in its interpretation.. • To minimise the impact of this problem, typical storage devices use checksumming and similar means allowing them to reasonably reliably detect accidental information damage.
  • 35. Other Challenges • The increase of PC’s and extensive use of internet access • Easy availability of hacking tools • Lack of physical evidence makes prosecution difficult. • The large amount of storage space into Terabytes that makes this investigation job difficult. • Any technological changes require an upgrade or changes to solutions.
  • 36. Bibliography • Bajaj, K. (2014). Cyber Security: Understanding Cyber Crimes, Computer Forensics And Legal Perspectives (2 ed.). Hoboken: John Wiley &Sons Asia Pte L.t.d. • Britz, M. T. (2016). Computer Forensics and Cyber Crime and Introduction (2 ed.). Repro: Repro Knowledge Cast L.t.d. • Mark Merkow, J. B. (2016). Information Security Principles and Practices (2 ed.). Repro: Ripro knowledge cast L.t.d. • Pande, J. (2017). Introduction to Cybersecurity (1 ed.). Haldwani: Uttarakhand Open University. • Parasram, S. V. (2020). Digital Forensics with Kali Linux . Birmingham-Mumbai: Packt Publishing . • https://online.norwich.edu/academic-programs/resources/5-steps-for- conducting-computer-forensics-investigations(Improve it)