Computer Forensics

Download Report

Transcript Computer Forensics

Computer Forensics
Presented By:





Anam Sattar
Anum Ijaz
Tayyaba Shaffqat
Daniyal Qadeer Butt
Usman Rashid
The Field of
Computer Forensics
What is Computer Forensics?

Scientific process of preserving, identifying, extracting,
documenting and interpreting data on computers.

used to obtain potential legal evidence.

computer forensic is the application of computer investigation
and analysis techniques in the interests of determining
potential legal evidence.

computer forensic is also called digital forensic, network
forensic, or cyber forensic.
History of Computer Forensics
1.father of computer Forensic
 "Michael Enderson"


2.meeting in 1988 (Portland ,Oregon)
Creation of IACIS.
Advantages of Computer Forensics
Ability to search
through a massive
amount of data
 Quickly
 Thoroughly
 In
any language
Disadvantages of
Computer Forensics
1.privacy concern
2.data corruption
Importance of
computer forensic.

Computer evidence are popular in cases such as
fraud, harassment, theft of trade secrets.

Computer forensic experts are often the only ones
that can crack technology-based cases. Anyone
can turn on a computer and do a basic search for
a missing file but not everyone can find a missing
file that someone else doesn’t want found. So if
you want a wining case, hiring highly qualified
experts makes all the difference.
Computer Forensics process
Computer Forensics process

Can be simple or complex depending upon
circumstances.

Specialist looks for the information related
to the incident.

It may be limited by a search warrant or
time.
Gathering of Information
First Step: Gathering of
Information

Investigator is guided by search warrant
to seize all the material.

Corporate forensics specialist is guided by
the availability of equipment.

Despite of provided guidelines, many
items are considered for collection &
examination.
Items needed to be considered
for collection

1.
2.
3.
4.
5.
Computer Media:
Hard Disk
Removable Hard Disk
USB flash drives
Flash memory card
Optical disc
Computers and Peripherals
Computers and Peripherals

Every part of the computer needs to be
considered for examination.
& all the equipment
must be taken under
possession.

Other computer and network
hardware
Other computer and network
hardware

The computers forensics should also include
digital devices like routers, digital cameras,
smart phones and other personal mobile
devices.

Should also look for computers connected
with wireless connection.
Computer software
Computer software

Its is impossible to examine files without the
proper application software.

The user of the suspect computer might
have installed specialized, custom or a very
old software.

So the specialist should also look out for the
proper software.
Step 2: In the computer
Forensics Lab
In the computer Forensics Lab

When the gathered material are in the
forensics lab, the investigation can begin.
It compromises of following steps
1. Preserve the media
2. Extract evidence
3. Analyze computer media
4. Document results

During this process

We should make sure that
1.
No information is modified.
2.
The original hard disk should never be used to
boot a computer.
3.
Specialized tools must be used to maintain the
integrity of the data and make sure that it stays
in its original form.
Computer Forensics Tools
Computer Forensics Tools

A computer forensic tool refers
to software used in the investigations
of computer-related crimes, include
software for:-
Disk imaging
 Forensic media preparation
 Mobile devices
 String search

The Forensic Recovery Of Digital
Evidence:

Workstation

Imaging application

Analysis tools
Fire chief hardware:

Working

How it can use?

Connected with computer
via fire wire connection
Fire fly hardware:
It can plug directly into an
Eide ,IDE ,SAS or
SATA hard disk.

It is more preferable than
the road master
 easier way of transferring data than road
master

Working of computer forenics

The purpose of computer forensics
techniques is to search, preserve and
analyze information on computer systems to
find potential evidence for a trial.

Many of the techniques detectives use
in crime scene investigations have digital
counterparts but there are also some unique
aspects to computer investigations.
Working

Analyzing deleted files

Traking packet routes

Analyzing network traffic
Working

Analyzing internet provider logs

Analyzing chat logs

Analyzing packet trace
working

Analyzing personal mobile devices

Analyzing browser history logs
Conclusion


Computer forensics is very
important.
The
procedures
are
important
to
follow,
because doing so ensures
evidence will be admitted
and suspects will be more
likely
to
face
the
consequences if found
guilty.
The End.
Questions??