28-02-2010, 09:50 PM
[attachment=2484]
What is Computer Forensics
Acquisition of Computer Evidence
Preservation
Analysis
Court Presentation
What constitutes digital evidence
“ Any information being subject to human intervention or not, that can be extracted from a computer.
“ Must be in human-readable format or capable of being interpreted by a person with expertise in the subject.
History & Development
¢ Francis Galton (1822-1911)
“ First definitive study of fingerprints
¢ Leone Lattes (1887-1954)
“ Discovered blood groupings (A,B,AB, & 0)
¢ Calvin Goddard (1891-1955)
“ Firearms and bullet comparison
¢ Albert Osborn (1858-1946)
“ Developed principles of document examination
¢ Hans Gross (1847-1915)
“ First treatise on using scientific disciplines in criminal investigations.
Computer Forensics examples
“ Recovering thousands of deleted emails
“ Performing investigation post employment
termination
“ Recovering evidence post formatting hard
drive
“ Performing investigation after multiple
users had taken over the system
Types of Cyber crime
¢ Unauthorized Access
¢ Denial of Service
¢ Extortion
¢ Theft
¢ Spoofing or Imposter Sites
¢ Sabotage
¢ Espionage
¢ Computer Fraud
¢ Copyright Violation
¢ Cyber terrorism
¢ Forgery and Counterfeiting
¢ Internet Fraud
¢ SEC Fraud and Stock Manipulation
¢ Child Pornography
¢ Stalking & Harassment
¢ Credit Card Fraud & Skimming
¢ Identity theft
¢ Tsunami fraud
Types of Computer Forensics
¢ Disk (data) Forensics
¢ Network Forensics
¢ Email Forensics
¢ Internet Forensics
¢ Portable Device Forensics (flash cards, PDAs, Blackberries, email, pagers, cell phones, IM devices, etc.)
Disk Forensics
Disk forensics is the process of acquiring and analyzing the data stored on some form of physical storage media.
Includes the recovery of hidden and deleted data.
Network Forensics
Network forensics is the process of examining network traffic.
After-the-fact analysis of transaction logs
Real-time analysis via network monitoring
1.Sniffers
2.Real-time tracing
Email Forensics
Email forensics is the study of source and content of electronic mail as evidence.
identifying the actual sender and recipient of a message, date/time it was sent.
Often email is very incriminating.
Tracking down the email evidence
Reading Email Headers
How to interpret Email Headers
How do I get my email program to reveal the full, unmodified email
Internet Forensics
Internet or Web forensics is the process of piecing together where and when a user has been on the Internet.
E.g., Scott Peterson,
Michael Jackson
Source Code Forensics
To determine software ownership or software liability issues.
Review of actual source code.
Examination of the entire development process
e.g., development procedures, documentation review, and review of source code revisions.
Computer Forensics evidence processing guidelines
1. Understand the suspects
2. Electronic evidence considerations
3. Secure the machine and the data
4. Examine the Live System and record open applications
5. Power down carefully
6. Inspect for traps
7. Fully document hardware configuration
8. Duplicate the hard drives
9. E-mail review
Who Uses Computer Forensics
¢ Criminal Prosecutors
“ Rely on evidence obtained from a computer to prosecute suspects and use as evidence
¢ Civil Litigations
“ Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases
¢ Insurance Companies
“ Evidence discovered on computer can be
used to mollify costs (fraud, workerâ„¢s
compensation, arson, etc)
¢ Private Corporations
“ Obtained evidence from employee computers can
be used as evidence in harassment, fraud, and embezzlement cases
¢ Law Enforcement Officials
“ Rely on computer forensics to backup search warrants and post-seizure handling
¢ Individual/Private Citizens
“ Obtain the services of professional computer forensic specialists to support claims of harassment, abuse, or wrongful termination from employment
Computer Forensics requirements
¢ Hardware
“ Familiarity with all internal and external devices/components of a computer
“ Thorough understanding of hard drives and settings
“ Understanding motherboards and the various chipsets used
“ Power connections
“ Memory
¢ BIOS
“ Understanding how the BIOS works
“ Familiarity with the various settings and limitations of the BIOS
¢ Operation Systems
“ Windows 3.1/95/98/ME/NT/2000/2003/XP
“ DOS
“ UNIX
“ LINUX
“ VAX/VMS
¢ Software
“ Familiarity with most popular software packages
such as Office
¢ Forensic Tools
“ Familiarity with computer forensic techniques and the software packages that could be used
Future of Computer Forensics
¢ Computer forensics is now part of criminal investigations.
¢ Crimes & methods to hide crimes are becoming more sophisticated.
¢ Computer forensics will be in demand for as long as there are criminals and misbehaving people.
¢ Will attract students and law professionals who need to update their skills.