Ppt Computer Forensics

7/31/2019 Ppt Computer Forensics

1/18

COMPUTER FORENSICS


2/18

Generally forensics refer as

The use of science &technology to investigate &

establish facts in criminal courts of law.

Cumming to computer forensics

It is study of extracting,analyzing,documentingevidence from computer system or network.


3/18


4/18

HISTORY OF COMPUTER FORENSICS :

Michael Anderson Father of computer forensics

special agent with IRS

Meeting in 1988 (Portland, Oregon) creation of IACIS, the International Association of Computer

Investigative Specialists

the first Seized Computer Evidence Recovery Specialists

(SCERS) classes held


5/18

PRESENT SCENARIO OF COMPUTER

FORENSICS

It has been used in a number of high profile cases and is

becoming widely accepted as reliable within US and European

court systems.

Computer forensics is a growing field world over and India is

also trying to use computer forensics for its legal and judicial

purposes.


6/18

To examine digital media in a forensically sound manner withaim of

Identifying Preserving

Recovering

analyzing

Presenting facts &opinions about the information.

GOAL OF COMPUTER FORENSICS


7/18

WORKING PROCESS :

Methods of hiding Data :To human eyes, data usually containsknown forms, like images, e-mail, sounds, and text.

Most Internet data naturally includes gratuitous headers, too.

These are media exploited using new controversial logical

encodings: Steganography and marking.

Steganography: The art of storing information in such

a way that the existence of the information is hidden.

Watermarking: Hiding data within data.


8/18

Hard Drive/File System manipulation:

WORKING PROCESS : Method of Hiding Data

Slack Space

Partition waste space

Hidden drive Space

Bad sectors

Extra Tracks

Change file names and extensions


9/18

Methods Of Detecting/Recovering Data :

Steganalysis - the art of detecting and decoding hidden data.

Steganalysis Methods - Detection

o Human Observation.

o Software Analysis.

o Disk Analysis.

o RAM Slack.

o Firewall/Router Filters.

o Statistical Analysis.

o Frequent Scanning.


10/18

Methods Of Detecting/Recovering Data :

Steganalysis MethodsRecovery

Recovery of watermarked data is extremely hard.

Currently, there are very few methods to recover hidden,

encrypted data.

Data hidden on disk is much easier to find. Once found, if

unencrypted, it is already recovered.

Deleted data can be reconstructed.

Software Tools

Scan for and reconstruct deleted data

Break encryption

Destroy hidden information (overwrite)


11/18

TECHNICAL APPLICATIONS :

Understanding of

storage technology

operating system features

Windows

Linux

Unix

Mac OS file systems


12/18

How Computer Forensics are Used ?

Criminal Prosecutors

Civil Litigations

Insurance Companies

Large Corporations

Law Enforcement

Any Individual


13/18

ADVANTAGES OF COMPUTER FORENSICS :

Ability to search through

a massive amount of data

QuicklyThoroughly

In any language


14/18

DISADVANTAGES OF COMPUTER FORENSICS :

Digital evidence acceptedinto court:

must prove that there is no

tampering

all evidence must be fullyaccounted for

computer forensic

specialists must have

complete knowledge of legalrequirements, evidence

handling and storage and

documentation procedures


15/18

DISADVANTAGES OF COMPUTER FORENSICS :

Costs

producing electronic records & preserving them is

extremely costly.

Sattar vs. Motorola Inc

Presents the potential for exposing privileged documents.

Legal practitioners must have extensive computer

knowledge.


16/18

CONCLUSION :

With computers becoming more and more involved in oureveryday lives, both professionally and socially, there is a need

for computer forensics. This field will enable crucial electronic

evidence to be found, whether it was lost, deleted, damaged, or

hidden, and used to prosecute individuals that believe they have

successfully beaten the system.


17/18

Bibliography :

All State Investigations, Inc. January 2005http://www.allstateinvestigation.com/ComputerForensicServices.htm

Computer Forensics, Inc. http://www.forensics.com/

Computer Forensic Services, LLC. January 2005.

http://www.computer-forensic.com/index.htmlInternational Association of Computer Investigative

Specialists. January 2005. http://www.cops.org/

Middlesex County Computer Technology. January 2005.

http://www.respond.com/countyguides/1800000002/NJ/023Virtue, Emily. Computer Forensics: Implications for

Litigation and Dispute Resolutions. April 2003.http://ncf.canberra.edu.au/publications/emilyvirtue1.pdf
http://www.allstateinvestigation.com/ComputerForensicServices.htmhttp://www.allstateinvestigation.com/ComputerForensicServices.htmhttp://www.forensics.com/http://www.computer-forensic.com/index.htmlhttp://www.cops.org/http://www.respond.com/countyguides/1800000002/NJ/023http://ncf.canberra.edu.au/publications/emilyvirtue1.pdfhttp://ncf.canberra.edu.au/publications/emilyvirtue1.pdfhttp://www.respond.com/countyguides/1800000002/NJ/023http://www.cops.org/http://www.computer-forensic.com/index.htmlhttp://www.computer-forensic.com/index.htmlhttp://www.computer-forensic.com/index.htmlhttp://www.forensics.com/http://www.allstateinvestigation.com/ComputerForensicServices.htmhttp://www.allstateinvestigation.com/ComputerForensicServices.htm


18/18

Documents

Ppt Computer Forensics