Computer Forensics

Presented By:Priya ManikpuriM.Sc.(CS) 1St SemesterShri.Shivaji Science college, Nagpur

Introduction Computer crime is a criminal act in which a

computer is the object of the offence or the tool of its commission.

Classification:

Computer centered crime Computer assisted crime Incidental computer crime

What is computer forensics?

A branch of digital forensic science pertaining to legal evidence found in computers and digital storage media

A Scientific process of preserving, identifying, extracting, documenting, and interpreting data on computer

Objectives

To recover, analyze, and preserve the computer and related materials in a manner that can be presented as evidence in a court of law

To identify the evidence in a short amount of time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator

Digital Evidence• Digital evidence or electronic evidence is any

probative information stored or transmitted in digital form that a party to a court case may use at trial.

• In the legal world, Evidence is EVERYTHING. • Evidence is used to establish facts. •

Where to find evidence? text documents,graphical images,calendar files, databases, audio and video files,Web sites and application programs. Even viruses, Trojan horses and

spywareE-mail records and instant

messaging logs,

Handling Information Information and data being sought after and

collected in the investigation must be properly handled

Volatile Information– Network Information

• Communication between system and the network– Active Processes

• Programs and daemons currently active on the system

– Logged-on Users• Users/employees currently using system

– Open Files• Libraries in use; hidden files; Trojans (root kit)

loaded in system

Handling Information• Non-Volatile Information

– This includes information, configuration settings, system files and registry settings that are available after reboot

– Accessed through drive mappings from system

– This information should investigated and reviewed from a backup copy

Forensic Phases:• Acquisition• Identification• Evaluation• Presentation

Forensic Techniques

Live analysis:• The examination of computers from within

the operating system using custom forensics to extract evidence. 

Cross-drive analysis:• forensic technique that correlates

information found on multiple hard drives.• can be used to perform anomaly detection.

Forensic Techniques

Example of Software Tools:• EnCase• WinHex• ProDiscover• S-tool

Deleted files:• recovery of deleted files• Use of forensic software tools for recovering

or carving out deleted data.

Forensic Techniques

Steganography:• concealing a message, image, or file within

another message, image, or file.• detection of steganographically encoded

packages is called steganalysis.• the simplest method to detect modified files is to

compare them to known originals.

Applications of Computer Forensics

• Criminal• Domestic• Security• Marketing

Advantages

Ensures the overall integrity and continued existence of an organization’s computer system and network infrastructure.

Helps the organization capture important information if their computer systems or networks are compromised.

Efficiently tracks down cyber criminals and terrorists from different parts of the world.

Tracks complicated cases such as child pornography and e-mail spamming.

Disadvantages

CostIncreasing storage space New technologiesAnti-forensicsLegal issuesAdministrative issues

Conclusion

• With computer becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.