Posts: 742
Threads: 424
Joined: Jan 2010
[attachment=1171]
digital forensic investigation is a investigation might follow.
form of digital investigation in which the process follow The process isnâ„¢t unlike that of a physical crime lows rules that allow the results to be entered into a scene investigation.1 In the physical word, investigalegal
courtâ€for example, by maintaining the digital tors first preserve the scene to prevent evidence from dataâ„¢s chain of custody. being lost. Next, they survey the scene and locate propose that most subscribers to this magazine
obvious evidenceâ€for example, by looking at the victim have conducted a form of digital investigation at some at a murder scene to determine whether she was shot
point in their careers. Debugging your software to decode or stabbed and, based on the obvious evidence, contermine how it got into a given digital state is a form
conducting ducting a detailed search to find more evidence,
Posts: 5,362
Threads: 2,998
Joined: Feb 2011
Presented By:
sauveer Pandey.
[attachment=9761]
Technical Definition: Digital Forensics
“Tools and techniques used to recover, preserve, and examine digital evidence on or transmitted by digital devices.”
Definition for the Masses
“Deleted” files, on almost any kind of digital storage media, are almost never completely “gone”.
Who Needs It?
Law enforcement officials
Prosecution of crimes which involve computers or other digital devices.
Defending the innocent & Prosecuting the guilty.
Security agencies (e.g. Secret Service, CIA, FBI, NSA)
Anti-terrorism efforts.
Digital espionage.
General
Employee misconduct in corporate cases.
For accidental deletion or malicious deletion of data by a user (or a program).
Military
Prosecution of internal computer-related crimes.
Insurance Companies
Evidence discovered on computer can be used to mollify costs (fraud in accident, arson & worker’s compensation cases etc.)
Digital Forensics-Possibilities & Limitations
What’s possible?
Recovery of deleted data.
Discovery of when files were modified, created, deleted, organized etc.
Can determine which storage devices were attached to a specific computer.
Which applications were installed, even if they were uninstalled by the user.
Which web sites a user visited…
What’s not…
If digital media is completely (physically) destroyed, recovery is impossible.
If digital media is securely overwritten, recovery is very, very complicated, or practically impossible.
A Digital Computer Forensics investigation, involves four major steps
Acquisition
Obtaining the original evidence.
Preservation
Protecting the original evidence.
Analysis
Finding relevant evidence.
Presentation
Presenting the evidence in court.
Traditional: Where’s the evidence?
Undeleted files
Deleted files
Windows registry
Print spool files
Hibernation files
Temp files (all those .TMP files!)
Slack space
Swap files
Browser caches
Alternate or “hidden” partitions
On a variety of removable media (floppies, ZIP, Jazz, tapes, …)
Sources of Digital Evidence
Computers
Email
Digital images
Documents
Spreadsheets
Chat logs
Illegally copied software or other copyrighted material
Wireless telephones
Numbers called
Incoming calls
Voice mail access numbers
Email addresses
Call forwarding numbers
PDAs/Smart Phones
Above, plus contacts, maps, pictures, passwords, documents, …
Landline Telephones/Answering machines
Incoming/outgoing messages
Numbers called
Incoming call info
Access codes for voice mail systems
Contact lists
Copiers
Especially digital copiers, which may store entire copy jobs.
“Deletion” Fallacies
“I deleted, the file, it’s gone.”
Deleted files are recoverable using digital forensics tools.
“I changed the name of the file, now no one will find it”
Digital forensics tools immediately identify files based on content—names don’t matter at all.
“I formatted the drive”
This destroys almost nothing.
“Deletion” Fallacies
“I cut the floppy into little pieces- Media Mutilation ”
At this point, it’s a question of how important it is to recover the data, because it is harder to recover the data.
“I use only web-based email”
Some email fragments are still present locally.
Tools of Digital Forensics
Encase –
includes tools for data acquisition, file recovery, indexing/search and file parsing.
Forensic Toolkit –
scans a hard drive looking for various information.
PTK Forensics –
runs as a GUI interface for The Sleuth Kit, acquiring and indexing digital media for investigation.
Tools of Digital Forensics
The Sleuth Kit –
provides a large number of specialized command-line based utilities.
The Coroner’s Toolkit –
analysis of data recovery from computer disasters.
Computer Online Forensic Evidence Extractor (COFEE) –
automated forensic tool during a live analysis.
CASE STUDY - I
Zacarias Moussaoui
20th hijacker in the 9/11 (2001) terrorist
attacks against the U.S.
His laptop, 4 computers, and several email accounts (pilotz123[at]hotmail.com) were searched for e-evidence.
FBI discovered that the 19 hijackers used Kinko's computers in various cities to gain access to the Internet to plan 9/11.
CASE STUDY - II
Digital Forensics tools found immense application in investigating
various digital media used in Mumbai Terror attack 26/11.
Future of Digital Forensics
Digital forensics is now part of criminal investigations.
Crimes & methods to hide crimes are becoming more sophisticated.
Digital forensics will be in demand for as long as there are criminals and misbehaving people.
Will attract students and law professionals who need to update their skills.
Conclusion
Digital Forensics has gained an important place in criminal investigations pertaining to digital media. Increasing number of computer crime means increasing demand for digital forensics services .
Today, everyone is exposed to potential attacks and has a responsibility to its network neighbors to minimize their own vulnerabilities in an effort to provide a more secure and stable network.
The digital forensic needs and challenges can be accomplished only with the cooperation of the private, public, and international sectors.