Transcript MadliKajuSlides
An Introduction to Digital Forensics
Madli Kaju, 104992IABM MSc in Business Information Technology
Agenda
Introduction
Approach and process of Digital Forensics Digital Forensics tools State of play of Digital Forensics Conclusion
Digital Forensics is processes of analysing and evaluating digital data as evidence The science of locating, extracting and analysing different types of data from different devices, which specialists then interpret to server as legal evidence (Marcella, Menendez 2008) The practice of
scientifically derived
and
proven technical methods collection, validation, identification, analysis, interpretation, documentation
and and tools toward the
presentation preservation,
of after-the-fact digital information derived from digital sources for the purpose of facilitating or furthering the reconstruction of events as forensic evidence (Willassen, Mjolsnes 2005)
After 40 years of history, Digital Forensics is heading towards a crisis
Early years (1970s 1990s)
•Hardware, software, and application diversity •A proliferation of data file formats •Heavy reliance on time-sharing and centralized computing facilities •Absence of formal process, tools, and training „
Golden years“ (1990s-2000s)
•The widespread use of Microsoft Windows, and specifically Windows XP •Relatively few file formats of forensic interest •Examinations largely confined to a single computer system belonging to the subject of the investigation •Storage devices equipped with standard interfaces (IDE/ ATA)
Era of crisis (2010s-...)
•Growing size of storage devices •Increasing prevalence of embedded flash storage •Proliferation of hardware interfaces •Proliferation of operating systems and file formats •Pervasive encryption •Use of the “cloud” for remote processing and storage, splitting a single data structure into elements Source: Garfinkel, SimsonL., „Digital Forensics Research: The Next 10 years“, 2010
Agenda Introduction
Approach and process of Digital Forensics
Digital Forensics tools State of play of Digital Forensics Conclusion
Digital Forensics consists of various steps and techniques The process of digital forensics is typically as follows: Preservation of the state of the device Survey and analysis of the data for evidence Event reconstruction
Main techniques used are forensic duplication and live incident response
Forensic investigation Forensic duplication Live incident response
Agenda Introduction Approach and process of Digital Forensics
Digital Forensics tools
State of play of Digital Forensics Conclusion
Several commercial and open source tools for digital forensics are available
Commerical
EnCase
Open source
DFF FTK Helix ...
LiveView The Sleuth Kit ...
Agenda Introduction Approach and process of Digital Forensics Digital Forensics tools
State of play of Digital Forensics
Conclusion
Digital Forensics tools have not kept up with technology and cyber crime Current digital forensics tools were designed to help examiners find specific evidence, not to assist in investigations for solving crimes committed against people where the evidence is located on a computer, not to assist in solving typical crimes committed with computers or against computers Today's tools cannot deal with increasing complexity arising due to the cloud era Source: Garfinkel, SimsonL., „Digital Forensics Research: The Next 10 years“, 2010
Agenda Introduction Approach and process of Digital Forensics Digital Forensics tools State of play of Digital Forensics
Conclusion
Conclusion Digital forensics is important for solving crimes with digital devices against digitial devices against people where evidence may reside in a device Several sound tools and techniques exist to search and analyse digital data Regardless of existing tools, evolving digital age and development of technology requires heavier research in digital forensics
Thank you for your attention!