Computer Forensics

Presented By:

Anam Sattar Anum Ijaz Tayyaba Shaffqat Daniyal Qadeer Butt Usman Rashid

The Field of Computer Forensics

What is Computer Forensics?

Scientific process of preserving, identifying, extracting, documenting and interpreting data on computers.

  used to obtain potential legal evidence.  computer forensic is the application of computer

investigation and analysis techniques in the interests  of determining potential legal evidence.

  computer forensic is also called digital forensic, network

forensic, or cyber forensic.

History of Computer Forensics 1.father of computer Forensic "Michael Enderson"

2.meeting in 1988 (Portland ,Oregon)      Creation of IACIS.

Advantages of Computer Forensics

Ability to search through a massive amount of data

Quickly Thoroughly In any language

Disadvantages of Computer Forensics

1.privacy concern

2.data corruption

Importance of computer forensic. Computer evidence are popular in cases such

as fraud, harassment, theft of trade secrets.

Computer forensic experts are often the only ones that can crack technology-based cases. Anyone can turn on a computer and do a basic search for a missing file but not everyone can find a missing file that someone else doesn’t want found. So if you want a wining case, hiring highly qualified experts makes all the difference.

Computer Forensics process

Computer Forensics process

Can be simple or complex depending upon circumstances.

Specialist looks for the information related to the incident.

It may be limited by a search warrant or time.

Gathering of Information

First Step: Gathering of Information

Investigator is guided by search warrant to seize all the material.

Corporate forensics specialist is guided by the availability of equipment.

Despite of provided guidelines, many items are considered for collection & examination.

Items needed to be considered for collection

Computer Media:

1.Hard Disk2.Removable Hard Disk3.USB flash drives4.Flash memory card5.Optical disc

Computers and Peripherals

Computers and Peripherals

Every part of the computer needs to be considered for examination.

& all the equipment must be taken under possession.

Other computer and network hardware

Other computer and network hardware

The computers forensics should also include digital devices like routers, digital cameras, smart phones and other personal mobile devices.

Should also look for computers connected with wireless connection.

Computer software

Computer software

Its is impossible to examine files without the proper application software.

The user of the suspect computer might have installed specialized, custom or a very old software.

So the specialist should also look out for the proper software.

Step 2: In the computer Forensics Lab

In the computer Forensics Lab

When the gathered material are in the forensics lab, the investigation can begin.

It compromises of following steps1.Preserve the media2.Extract evidence3.Analyze computer media4.Document results

During this process We should make sure that

1. No information is modified.

2. The original hard disk should never be used to boot a computer.

3. Specialized tools must be used to maintain the integrity of the data and make sure that it stays in its original form.

Computer Forensics Tools

Computer Forensics Tools

A computer forensic tool refers to software used in the investigations of computer-related crimes, include software for:-

Disk imaging Forensic media preparation Mobile devices String search

The Forensic Recovery Of Digital Evidence:

Workstation

Imaging application

Analysis tools

Fire chief hardware:

Working

How it can use?

Connected with computer via fire wire connection

Fire fly hardware:

It can plug directly into an Eide ,IDE ,SAS or SATA hard disk.

It is more preferable than the road master easier way of transferring data than

road master

Working of computer forenics The purpose of computer forensics

techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial.

Many of the techniques detectives use in crime scene investigations have digital counterparts but there are also some unique aspects to computer investigations.

Working

Analyzing deleted files

Traking packet routes

Analyzing network traffic

Working

Analyzing internet provider logs

Analyzing chat logs

Analyzing packet trace

working

Analyzing personal mobile devices

Analyzing browser history logs

Conclusion Computer forensics is

very important. The procedures are

important to follow, because doing so ensures evidence will be admitted and suspects will be more likely to face the consequences if found guilty.

Questions??The End.