computer forensic ppt
TRANSCRIPT
COMPUTER FORENSIC
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 1
COMPUTER FORENSIC
“Computer Forensic is the process of identifying, preserving, analyzing and presenting the digital evidence in such a manner that the evidences are legally acceptable”. ANALYSIS
ACQUISTION
EVIDENCE
REPORTING
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 2
OBJECTIVES
To find out the criminal which is directly or indirectly related to cyber world.
To find out the digital evidence.
Presenting evidences in a manner that legal action of the criminal.
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 3
WHY COMPUTER FORENSIC?
Employee internet abuse
Unauthorized disclosure of corporate information.
Industrial espionage
Damage assessment
Criminal fraud and deception cases© AIR LAW ACADEMY & RESEARCH CENTRE,
NAGPUR4
WHO USES COMPUTER FORENSIC?
Criminal Prosecutors: Rely on evidence obtained from a computer to prosecute suspects and use as evidence.
Civil Litigations: Personal and business data discovered on a computer can be used in fraud, harassment, or discrimination cases.
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 5
DIGITAL EVIDENCES
“Any data that is recorded or preserved on any medium in or by a computer system or other similar devices, that can be read and understand by a person or a computer system or other similar devices”.
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR
6
TYPES OF DIGITAL EVIDENCE
Persistent Data: Data that remains unaffected when the computer is turned off.Example: Hard Drive and storage media.
Volatile Data: Data that would be lost if the computer is turned off.Example: Deleted files, computer history, the computer’s registry, temporary files and web browsing history.
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 7
RULES FOR DIGITAL EVIDENCE
Admissible- Must be able to be used in court or elsewhere.
Authentic- Evidence must be relevant to the case.
Complete- Must not lack any information. Reliable- No question about authenticity. Believable- Clear, easy to understand
and believable by a court.© AIR LAW ACADEMY & RESEARCH CENTRE,
NAGPUR 8
STEPS OF COLLECTING EVIDENCE
Find the evidence, where it is stored.
Find relevant data- recovery.
Create order of volatility.
Collect evidence- use tools.
Good documentation of all the actions© AIR LAW ACADEMY & RESEARCH CENTRE,
NAGPUR 9
STEPS OF INVESTIGATION
Acquisition: Physically or remotely obtaining possession of the computer and external physical storage devices.
Identification: This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites.© AIR LAW ACADEMY & RESEARCH CENTRE,
NAGPUR 10
STEPS OF INVESTIGATION
Evaluation: Evaluating the data recovered to determine if and how it could be used again the suspect for prosecution in court.
Presentation: Presentation of evidence discovered in a manner which is understood by lawyers, no technically staff/management, and suitable as evidence as determined by laws.© AIR LAW ACADEMY & RESEARCH CENTRE,
NAGPUR 11
COMPUTER FORENSIC TOOLS
Disk imaging software
Hashing tools
File recovery programme
Encryption decoding software
Password cracking software© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 12
SKILLS REQUIRED FOR COMPUTER FORENSIC
Proper knowledge of computer.
Strong computer science fundamentals.
Strong system administrative skills.
Knowledge of the latest forensic tools.© AIR LAW ACADEMY & RESEARCH CENTRE,
NAGPUR 13
ADVANTAGES
Digital forensics help to protect from and solve cases involving:
Theft of intellectual property: This is related to any act that allow access to customer data and any confidential information.
Financial Fraud: This is related to anything that uses fraudulent purchase of victims information to conduct fraudulent transactions.
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 14
DISADVANTAGES
Digital evidence accepted into court must prove that there is no tampering.
Costs- Producing electronic records and preserving them is extremely costly.
Legal practitioners must have extensive computer knowledge.
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR 15
© AIR LAW ACADEMY & RESEARCH CENTRE, NAGPUR
16
THANK YOU