an introduction to cyber forensics and open source tools in cyber forensics
TRANSCRIPT
An Introduction to Cyber Forensics and Open Source Tools in Cyber Forensics
Anoop JohnFounder & CTOZyxware Technologies
Cyber Forensics OS Tools
What is Cyber Forensics
Cyber - A prefix used in a growing number of terms to describe new things that are being made possible by the spread of computers. Anything related to the Internet also falls under the cyber category.
Forensics – Scientific tests and techniques used in connection with the detection of crime
Cyber Forensics – Discipline that combines elements of law and computer science to collect and anlayze data from computer systems, mobiles, networks, communication systems, and storage devices in a way that is admissible in a court of law
Cyber Forensics OS Tools
What is Digital Evidence?
Information and data of value to an investigation
that is stored on,
received,
or transmitted
by an electronic device.
This evidence is acquired when
data or electronic devices
are seized
and secured for examination.
Cyber Forensics OS Tools
Where do you find Digital Evidence?
Digital Evidence may be found in
Storage devices like hard disc
CD
DVD
memory card
USB drive
mobile phones
SIM card
Online resources like mail servers
cloud servers / data centers
Cyber Forensics OS Tools
How can you hide Digital Evidence?
Digital Evidence can be hidden in
FilesPassword protected files
Encrypted files
Steganography files
Hard DrivesEncrypted drives
Formatted hard disc
HPA (Host Protected Area)
DCO (Device Configuration Overlay)
Cyber Forensics OS Tools
What can Digital Evidence be related to?
Digital Evidence could be related
Online fraud
Organized crime
Identity / Data theft
Unauthorized access
Malicious files / Virus attack / Cyber attack
Data alteration
Cyber defamation
Cyber pornography
Online gambling
Sale of illegal items
Cyber Forensics OS Tools
Phases in Cyber Forensics
Phase 1: Identification of storage media for potential evidence / Identification of transmission media for collection of potential evidence
Phase 2: Acquisition of the storage media / collection of transmitted information
Phase 3: Securing collected media / data and forensic analysis of the acquired media
Phase 4: Documentation & Reporting
Cyber Forensics OS Tools
Analyzing acquired media/data
Identifying traces of network / computer intrusion
Processing network packets, log files
Identifying & examining malicious files
Employing techniques to crack file & system passwords
Detecting steganography
Recovering deleted, fragmented, hidden & corrupted data
Analyzing online activities
Cyber Forensics OS Tools
Handling acquired media/data
Maintaining evidence custody procedures
Preventing tampering
Identifying tampering
Courtroom presentation
Cyber Forensics OS Tools
Pros of Open Source Tools
Low capital cost
Minimal / No operational cost
Minimal / No maintenance cost
Algorithm/logic is known to the user
Source code is freely available for access, editing & customization
Extensive support from the open source community
Free usage to any number of users
Cyber Forensics OS Tools
Cons of Proprietary Tools
High capital cost
High operational cost
High maintenance cost
Algorithm/logic not known. No access to source
Heavy dependency on the software manufacturer
Restricted usage
Cyber Forensics OS Tools
Open Source Initiatives
Belgian Federal Computer Crime Unit (FCCU)
http://www.lnx4n6.be/index.php
An advanced network forensic framework By: Australian Federal Police, Brisbane, Australia
http://sourceforge.net/projects/pyflag/files/
Project in The Software and Systems Division supported by Law Enforcement Standards Office and Department of Homeland Security
http://www.cftt.nist.gov/index.html
Cyber Forensics OS Tools
Open Source Initiatives (cont...)
The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency
http://ocfa.sourceforge.net/
ForeIndex: A Framework for Analysis and Triage of Data Forensics
http://www.basistech.com/wp-content/uploads/2014/04/osdf-2011-silva-foreindex.pdf
Cyber Forensics OS Tools
Open Source Tools in Acquisition Phase
Digital Forensics Framework
www.digital-forensic.org
CAINE
www.caine-live.net/
DEFT
www.deftlinux.net/
OCFA
http://sourceforge.net/projects/ocfa/
Sleuthkit
http://www.sleuthkit.org
Cyber Forensics OS Tools
Open Source / Free Tools in Analysis Phase
Digital Forensics Framework
www.digital-forensic.org
CAINE
www.caine-live.net
DEFT
www.deftlinux.net
SAFT Mobile Forensics
www.signalsec.com/saft
SANS Investigative Forensics Toolkit – SIFT
http://digital-forensics.sans.org/community/downloads
Cyber Forensics OS Tools
Open Source / Free Tools in Analysis Phase (cont...)
Sleuthkit
Autopsyhttp://www.sleuthkit.org/autopsy/
Sleuthkithttp://www.sleuthkit.org/sleuthkit/
Live View
http://liveview.sourceforge.net/
Cyber Forensics OS Tools
Open Source / Free Tools in Analysis Phase (cont...)
Analyzing RAM
CMAT http://sourceforge.net/projects/cmat
Volafoxhttps://www.volatilesystems.com/default/volatility
Volatilehttps://www.volatilesystems.com/default/volatility
Network Forensics
WireSharkhttp://www.wireshark.org
NetworkMinorhttp://networkminer.en.malavida.com/
Cyber Forensics OS Tools
Open Source / Free Tools in Analysis Phase (cont...)
Registry analysis
Registry Decoderhttp://www.digitalforensicssolutions.com/registrydecoder/
Password cracking Free Tools
http://www.openwall.com/john
Cracking Passwords for Windows, PDF, Word RAR , ZIP & Excel
http://pcsupport.about.com/od/toolsofthetrade/tp/password-cracker-recovery.htm
Cyber Forensics OS Tools
Open Source / Free Tools in Analysis Phase (cont...)
Detecting Pornography
Redlight Porn Scannerhttp://dfcsc.uri.edu/research/redLightTrial
http://www.nij.gov/topics/technology/pages/software-tools.aspx
Cyber Forensics OS Tools
[email protected]+91-9446069446
Cyber Forensics OS Tools
Thank you
Cyber Forensics OS Tools
Credits & References
http://www.slideshare.net/SagarRahurkar/digital-forensics-best-practices-with-the-use-of-open-source-tools-and-admissibility-of-digital-evidence-in-courts
https://en.wikipedia.org/wiki/Computer_forensics
http://www.slideshare.net/prashant3535/digital-crime-forensics-15360016
http://resources.infosecinstitute.com/computer-forensics-tools/
http://www.gfi.com/blog/top-20-free-digital-forensic-investigation-tools-for-sysadmins/
http://www.digitalforensicsassociation.org/opensource-tools/