Scribd
Upload
303 views

Computer Forensics

This document provides an introduction to computer forensics. It defines computer forensics as the practice of collecting, analyzing, and reporting digital data in a legally admissible way. The goals of computer forensics are to conduct a structured investigation to determine what happened on a digital system and who was responsible, by following standard methodologies of acquiring evidence without altering it, authenticating the data, and analyzing and reporting findings. Computer forensics is used by law enforcement, private organizations, the military, and others to investigate crimes where digital evidence plays a role.

Uploaded by

Shaistha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
303 views

Computer Forensics

This document provides an introduction to computer forensics. It defines computer forensics as the practice of collecting, analyzing, and reporting digital data in a legally admissible way. The goals of computer forensics are to conduct a structured investigation to determine what happened on a digital system and who was responsible, by following standard methodologies of acquiring evidence without altering it, authenticating the data, and analyzing and reporting findings. Computer forensics is used by law enforcement, private organizations, the military, and others to investigate crimes where digital evidence plays a role.

Uploaded by

Shaistha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 14

Introduction to Computer

Forensics

Fall 2007
Definitions
 What is Computer Forensics??
 Computer forensics is the practice of
collecting,analysing and reporting on
digital data in a way that is legally
admissible.
 it can be used in the dectection and
prevention of crime and in any
disputenwhere evidence is stored digitally
 Evidence might be required for a wide range
of computer crimes and misuses
Definitions (cont)
 What Constitutes Digital Evidence?
Any information being subject to human
intervention or not, that can be extracted from
a computer.
 Must be in human-readable format or capable
of being interpreted by a person with
expertise in the subject.
 Computer Forensics Examples
 Recovering thousands of deleted emails
 Performing investigation post employment
termination
 Recovering evidence post formatting hard
drive
Computer Forensic Capabilities
 Recover deleted files
 Find out what external devices have been attached and
what users accessed them
 Determine what programs ran
 Recover webpages
 Recover emails and users who read them
 Recover chat logs
 Determine file servers used
 Discover document’s hidden history
 Recover phone records and SMS text messages from
mobile devices
 Find malware and data collected
Purpose of Computer Forensics
 Classic Forensics
 Computer forensics uses technology to search for digital
evidence of a crime
 Attempts to retrieve information even if it has been
altered or erased so it can be used in the pursuit of an
attacker or a criminal
 Incident Response
 Live System Analysis
 Computer Forensics
 Post-Mortem Analysis
Computer Security Incident
 Unauthorized or unlawful intrusions into
computing systems
 Scanning a system - the systematic probing of
ports to see which ones are open
 Denial–of–Service (DoS) attack - any attack
designed to disrupt the ability of authorized users to
access data .
 Malicious Code – any program or procedure that
makes unauthorized modifications or triggers
unauthorized actions (virus, worm, Trojan horse)
Typical Investigations
 Theft of Company Secrets
 Employee Sabotage
 Credit Card Fraud
 Financial Crimes
 Embezzlement (money or information)
 Economic Crimes
 Harassment
 Major Crimes
 Identity Theft
Computer Forensics Users
 Law Enforcement
 Private Computer Forensic Organizations
 Military
 University Programs
 Computer Security and IT Professionals
Important Factors
 Legal procedures
 Not compromising evidence
 Treat every piece of evidence as it will be used in
court
 Documentation*
 Chain of Custody
 Write Blocks
 Imaging
 Bit by bit copy of a piece of electronic media
(Hard drive
The Goal
The goal of computer forensics
is to do a structured
investigation and find out
exactly what happened on a
digital system, and who was
responsible for it.
Methodology
 Treat every case as if it will end up in the court [1]
 Forensics Methodology [1]:
 Acquire the evidence without altering or damaging the
origin
 Authenticate that your recovered evidence is the same as
the originally seized data
 Analyze the data without modifying it
 There are essentially three phases for recovering evidence
from a computer system or storage medium. Those phases are:
 (1) acquire,
 (2) analyze,
 (3) report
Course Curriculum
 Introduction to Criminal Justice
 Computer Ethics
 Computer Organization
 Binary System
 Encryption and Computer Forensics
 Steganography: Data Hiding
 Introduction to Computer Security: Handling Security
Incidents, Malicious Code
 Computer Forensics Evidence and Analysis
 More….
Conclusion
 With computers becoming more and more
involved in our everyday lives, both
professionally and socially, there is a need for
computer forensics.
 This field will be found wheather it was lost,
deleted, damaged or hidden and used to
prosecute individuals that belives they have
successfully beaten the system.
References
[1] Computer Forensics, Incident Response Essentials, Warren
G. Kruse II, Jay G. Heiser, Addison-Wesley
[2] Incident Responce and Computer Forensics, Kevin Mandia,
Chris Prosise, Matt Pepe, McGraw-Hill
[3] Information Security Illuminated, Michael G. Solomon, Mike
Chapple, Jones and Bartlett Publishers, Inc
[4] Computer Forensics, Computer Crime Scene Investigation,
John R. Vacca, Charles River Media Inc
[5] Forensic Computing, A Practitioner's Guide, Tony Sammes
and Brian Jenkinson, Springer.
[6] Mark Pollitt, Computer Forensics: An Approach to Evidence
in Cyberspace,
http://www.digitalevidencepro.com/Resources/Approach.pdf

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy