Download - Ppt Computer Forensics
-
7/31/2019 Ppt Computer Forensics
1/18
COMPUTER FORENSICS
-
7/31/2019 Ppt Computer Forensics
2/18
Generally forensics refer as
The use of science &technology to investigate &
establish facts in criminal courts of law.
Cumming to computer forensics
It is study of extracting,analyzing,documentingevidence from computer system or network.
-
7/31/2019 Ppt Computer Forensics
3/18
-
7/31/2019 Ppt Computer Forensics
4/18
HISTORY OF COMPUTER FORENSICS :
Michael Anderson Father of computer forensics
special agent with IRS
Meeting in 1988 (Portland, Oregon) creation of IACIS, the International Association of Computer
Investigative Specialists
the first Seized Computer Evidence Recovery Specialists
(SCERS) classes held
-
7/31/2019 Ppt Computer Forensics
5/18
PRESENT SCENARIO OF COMPUTER
FORENSICS
It has been used in a number of high profile cases and is
becoming widely accepted as reliable within US and European
court systems.
Computer forensics is a growing field world over and India is
also trying to use computer forensics for its legal and judicial
purposes.
-
7/31/2019 Ppt Computer Forensics
6/18
To examine digital media in a forensically sound manner withaim of
Identifying Preserving
Recovering
analyzing
Presenting facts &opinions about the information.
GOAL OF COMPUTER FORENSICS
-
7/31/2019 Ppt Computer Forensics
7/18
WORKING PROCESS :
Methods of hiding Data :To human eyes, data usually containsknown forms, like images, e-mail, sounds, and text.
Most Internet data naturally includes gratuitous headers, too.
These are media exploited using new controversial logical
encodings: Steganography and marking.
Steganography: The art of storing information in such
a way that the existence of the information is hidden.
Watermarking: Hiding data within data.
-
7/31/2019 Ppt Computer Forensics
8/18
Hard Drive/File System manipulation:
WORKING PROCESS : Method of Hiding Data
Slack Space
Partition waste space
Hidden drive Space
Bad sectors
Extra Tracks
Change file names and extensions
-
7/31/2019 Ppt Computer Forensics
9/18
Methods Of Detecting/Recovering Data :
Steganalysis - the art of detecting and decoding hidden data.
Steganalysis Methods - Detection
o Human Observation.
o Software Analysis.
o Disk Analysis.
o RAM Slack.
o Firewall/Router Filters.
o Statistical Analysis.
o Frequent Scanning.
-
7/31/2019 Ppt Computer Forensics
10/18
Methods Of Detecting/Recovering Data :
Steganalysis MethodsRecovery
Recovery of watermarked data is extremely hard.
Currently, there are very few methods to recover hidden,
encrypted data.
Data hidden on disk is much easier to find. Once found, if
unencrypted, it is already recovered.
Deleted data can be reconstructed.
Software Tools
Scan for and reconstruct deleted data
Break encryption
Destroy hidden information (overwrite)
-
7/31/2019 Ppt Computer Forensics
11/18
TECHNICAL APPLICATIONS :
Understanding of
storage technology
operating system features
Windows
Linux
Unix
Mac OS file systems
-
7/31/2019 Ppt Computer Forensics
12/18
How Computer Forensics are Used ?
Criminal Prosecutors
Civil Litigations
Insurance Companies
Large Corporations
Law Enforcement
Any Individual
-
7/31/2019 Ppt Computer Forensics
13/18
ADVANTAGES OF COMPUTER FORENSICS :
Ability to search through
a massive amount of data
QuicklyThoroughly
In any language
-
7/31/2019 Ppt Computer Forensics
14/18
DISADVANTAGES OF COMPUTER FORENSICS :
Digital evidence acceptedinto court:
must prove that there is no
tampering
all evidence must be fullyaccounted for
computer forensic
specialists must have
complete knowledge of legalrequirements, evidence
handling and storage and
documentation procedures
-
7/31/2019 Ppt Computer Forensics
15/18
DISADVANTAGES OF COMPUTER FORENSICS :
Costs
producing electronic records & preserving them is
extremely costly.
Sattar vs. Motorola Inc
Presents the potential for exposing privileged documents.
Legal practitioners must have extensive computer
knowledge.
-
7/31/2019 Ppt Computer Forensics
16/18
CONCLUSION :
With computers becoming more and more involved in oureveryday lives, both professionally and socially, there is a need
for computer forensics. This field will enable crucial electronic
evidence to be found, whether it was lost, deleted, damaged, or
hidden, and used to prosecute individuals that believe they have
successfully beaten the system.
-
7/31/2019 Ppt Computer Forensics
17/18
Bibliography :
All State Investigations, Inc. January 2005http://www.allstateinvestigation.com/ComputerForensicServices.htm
Computer Forensics, Inc. http://www.forensics.com/
Computer Forensic Services, LLC. January 2005.
http://www.computer-forensic.com/index.htmlInternational Association of Computer Investigative
Specialists. January 2005. http://www.cops.org/
Middlesex County Computer Technology. January 2005.
http://www.respond.com/countyguides/1800000002/NJ/023Virtue, Emily. Computer Forensics: Implications for
Litigation and Dispute Resolutions. April 2003.http://ncf.canberra.edu.au/publications/emilyvirtue1.pdf
http://www.allstateinvestigation.com/ComputerForensicServices.htmhttp://www.allstateinvestigation.com/ComputerForensicServices.htmhttp://www.forensics.com/http://www.computer-forensic.com/index.htmlhttp://www.cops.org/http://www.respond.com/countyguides/1800000002/NJ/023http://ncf.canberra.edu.au/publications/emilyvirtue1.pdfhttp://ncf.canberra.edu.au/publications/emilyvirtue1.pdfhttp://www.respond.com/countyguides/1800000002/NJ/023http://www.cops.org/http://www.computer-forensic.com/index.htmlhttp://www.computer-forensic.com/index.htmlhttp://www.computer-forensic.com/index.htmlhttp://www.forensics.com/http://www.allstateinvestigation.com/ComputerForensicServices.htmhttp://www.allstateinvestigation.com/ComputerForensicServices.htm -
7/31/2019 Ppt Computer Forensics
18/18