akash seminar
TRANSCRIPT
-
8/2/2019 Akash Seminar
1/20
COMPUTER FORENSICS
Presentation by:-Akash Kumar
IT 3rd Yr
0930913003
-
8/2/2019 Akash Seminar
2/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1. Contents
1.1. Introduction to Computer Forensics 1.2. History of Computer Forensics
1.3. Definition
1.4. Need of Computer Forensics
1.5. Computer Forensics Flaws and Risks
1.6. Digital Evidence
1.7. Modes of Attacks
1.8. Role of Computer Forensics
1.9.Conclusion
-
8/2/2019 Akash Seminar
3/20
1.1 INTRODUCTIONTO COMPUTERFORENSICS
-
8/2/2019 Akash Seminar
4/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1.1 INTRODUCTIONTO COMPUTER FORENSICS
The digital age has produced many new professions, but oof the most unusual is computer forensics.
Computer forensics deals with the application of law to ascience.
Although it is similar to other forms of legal forensics, thecomputer forensics process requires a vast knowledge o
computer hardware and software in order to avoid theaccidental invalidation or destruction of evidence and topreserve the evidence for later analysis.
-
8/2/2019 Akash Seminar
5/20
1.2 HISTORYOF COMPUTERFORENSICS
-
8/2/2019 Akash Seminar
6/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1.2.2 EVOLUTION COMPUTER FORENSICS
1984 - FBI Computer Analysis and Response Team (CARTemerged
1991 - International Law Enforcement meeting wasconducted to discuss computer forensics & the need forstandardized approach
1994 Department of Justice (DOJ) - Federal Guidelines
for Searching & Seizing Computers
1997 - FBI- Scientific Working Group on Digital Evidence(SWGDE) was established to develop standards incomputer forensics.
2001 - USAF - Digital Forensics Research Workshop washeld,
2003 - Academic - International Journal of Di ital Forensic
-
8/2/2019 Akash Seminar
7/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
Computer forensics is defined as a methodical series oftechniques and procedures forgathering evidence, from
computing equipment and various storage devices anddigital media, that can be presented in a court of law in a
coherent and meaningful format (Dr. H.B. Wolfe)
A ccording to Steve Hailey, Cybersecurity Institute,
computer forensics is The preservation, identification,extraction,interpretation, and documentation of computerevidence, to include the rules of evidence, legal processes
integrity of evidence, factual reporting of the information
found, and providing expert opinion in a court of law orother legal and/or administrative proceeding as to what wa
found.
1.2.4 Definition of Computer Forensics
-
8/2/2019 Akash Seminar
8/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
Need for computer forensics arises from:
Presence of a majority of electronic documents nowaday
According to a University of California study, during 1999
93% of information was generated in digital form, oncomputers
7% of information originated in other media, such aspaper
Search and identify data in a computer
Increasing trail of activities by perpetrators left on
computers. Digital Evidence is delicate in nature; therefore they mus
be recorded as early as possible to avoid loss of valuab
1.2.6 Need for Computer Forensics
-
8/2/2019 Akash Seminar
9/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
Law enforcement officials, network and systemadministrators of IT firms, attorney and also private
investigators depend upon qualified computer forensicexperts to investigate their and civil cases.
An appropriate computer forensics specialist is calledand extend them as much cooperative assistance as
possible because if there is to be any chance ofrecovering property, locating and successfullyprosecuting the criminal, there must be evidence ofsufficient quantity and quality.
For recoveringDeleted,Encrypted or,
1.2.6 Need for Computer Forensics (Cont.)
-
8/2/2019 Akash Seminar
10/20
1.3 COMPUTER FORENSICS FLAWSAND RISKS
-
8/2/2019 Akash Seminar
11/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1.3 COMPUTER FORENSICS FLAWSAND RISKS Computer forensics is in its early or development stages
It is different from other forensic sciences as digital
evidence is examined
There is a little theoretical knowledge to base assumptionsfor analysis and standard empirical hypothesis testing whecarried out
lacks of proper training
no standardization of tools
Designations are not entirely professional
It is still more of an Art than a Science
-
8/2/2019 Akash Seminar
12/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1.3 COMPUTER FORENSICS FLAWSAND RISKS (CONT.)
According to EC-Council, Corporate Espionage Statistic
Corporate computer security budgets increased at anaverage of 48% in 2002
62% of the corporate companies had their systemscompromised by virus
FBI statistics reveal that more than 100 nations areengaged in corporate espionage against US companies
More than 2230 documented incidents of corporateespionage by the year 2003
-
8/2/2019 Akash Seminar
13/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1.4.2 DIGITAL EVIDENCE What is Digital Evidence? Information of probative value stored or transmitted in
digital form Probative Value - evidence which is sufficiently useful t
prove something important in a trial Type of Digital Evidence What to seize?
Storage Media (i.e.. floppies, CDs, thumb drives) Computer (CPU)
Laptops (always seize power supply)
External Drives & Media
Corresponding Devices i.e. tape/tape drive, jaz disk/jaz drive
Unique software and operating manuals
-
8/2/2019 Akash Seminar
14/20
1.6 MODESFOR ATTACKS
-
8/2/2019 Akash Seminar
15/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1.6 MODESFORATTACKS Cyber crime falls into two categories depending on the
ways attack take place
Following are the two types of attacks
Insider Attacks
Attack from the employee within an organization
External Attacks
Attack from the outside by persons who are not withinthe company
These involve hackers hired by either an insider or anexternal entity whose aim is to destroy a competitors
reputation.
-
8/2/2019 Akash Seminar
16/20
1.7 ROLEOF COMPUTER FORENSICS
-
8/2/2019 Akash Seminar
17/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
1.7.2 RULESOF COMPUTER FORENSIC A good forensic investigator should always follow these
rules:
Minimize the option of examining the original evidence
Instead, examine the duplicate evidence
Obey rules of evidence and do not tamper with the
evidence Always prepare a chain of custody, and handle evidence
with care
Never exceed the knowledge base of the forensic
investigation
Document any changes in evidence
1 7 3 Th 3 A f C t F i
-
8/2/2019 Akash Seminar
18/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
The 3 As of computer forensics methodologies
Acquireevidence without modification orcorruption Authenticatethat the recovered evidence is sameas th
originally seized data
Analyzedata without any alterations
1.7.3 The 3 As of Computer ForensicsMethodology
-
8/2/2019 Akash Seminar
19/20
Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II
CONCLUSION
With computers becoming more and more involved in our everyda
lives, both professionally and socially, there is a need for compute
forensics. This field will enable crucial electronic evidence to b
found, whether it was lost, deleted, damaged, or hidden, and used tprosecute individuals that believe they have successfully beaten th
system.
-
8/2/2019 Akash Seminar
20/20