2. Evolution of Computer Forensic
âą 1888: Francis Galton made the first-ever
recorded study of fingerprints to catch
potential criminals in crimes such as murders.
âą 1893: Hans Gross was the first person to
apply science to a criminal investigation.
âą 1910: Albert Osborn became the first person
to develop the essential features of
documenting evidence during the examination
process.
3. âą 1915: Leone Lattes was the first
person to use blood groupings to
connect criminals to a crime.
âą 1925: Calvin Goddard became the
first person to make use of firearms
and bullet comparisons for solving
many pending court cases.
âą 1932: The Federal Bureau of
Investigation (FBI) set up a laboratory
to provide forensic services to all
field agents and other law authorities.
Evolution of Computer Forensic
4. âą 1984: The Computer Analysis and
Response Team (CART) was developed
to provide support to FBI field offices
searching for computer evidence.
âą 1993: The first international conference on
computer evidence was held in the United States.
âą 1995: IOCE was formed to provide a
forum to global law enforcement
agencies for exchanging information
regarding cyber crime investigations
Evolution of Computer Forensic
5. Evolution of Computer Forensic
âą 1998: The International Forensic Science
Symposium was formed to provide a forum for
forensic managers and to exchange information.
âą 2000: The first FBI Regional Computer Forensic
Laboratory (RCFL) was established for the examination
of digital evidence in support of criminal investigations
such as identity theft, hacking, computer viruses,
terrorism, investment fraud, cyber stalking, drug
trafficking, phishing/spoofing, wrongful programming,
credit card fraud, online auction fraud, e-mail bombing
and spam, and property crime.
6. âapplication of physical sciences to law in the search
for truth in civil, criminal, and social behavioral matters
to the end that injustice shall not be done to any
member of the society.â
Define of Forensic Science
Based on Handbook of Forensic Pathology Book,
7. Detect a computer incident, identify the
intruder, and prosecute the perpetrator in a
court of law
The Function of Computer Forensics
8. Computer Forensic Methodologies
Preservation: The forensic investigator must
preserve the integrity of the original evidence. The
original evidence should not be modified or
damaged. The forensic examiner must make an
image or a copy of the original evidence and then
perform the analysis on that image or copy. The
examiner must also compare the copy with the
original evidence to identify any modifications or
damage.
9. Computer Forensic Methodologies
Extraction: After identifying the evidence, the
examiner must extract data from it. Since volatile
data can be lost at any point, the forensic
investigator must extract this data from the copy
made from the original evidence. This extracted
data must be compared with the original evidence
and analyzed.
10. Computer Forensic Methodologies
Identification: Before starting the investigation, the
forensic examiner must identify the evidence and its
location. For example, evidence may be contained in
hard disks, removable media, or log files. Every
forensic examiner must understand the difference
between actual evidence and evidence containers.
Locating and identifying information and data is a
challenge for the digital forensic investigator. Various
examination processes such as keyword searches,
log file analyses, and system checks help an
investigation.
11. Computer Forensic Methodologies
Interpretation: The most important role a forensic
examiner plays during investigations is to interpret
what he or she has actually found. The analysis and
inspection of the evidence must be interpreted in a
lucid manner.
12. Computer Forensic Methodologies
Documentation: From the beginning of the
investigation until the end (when the evidence is
presented before a court of law), forensic examiners
must maintain documentation relating to the
evidence. The documentation comprises the chain of
custody form and documents relating to the evidence
analysis.
13. Forensic readiness involves an organization having
specific incident response procedures in place, with
designated trained personnel assigned to handle any
investigation. It enables an organization to collect and
preserve digital evidence in a quick and efficient
manner with minimal investigation costs.
Forensic Readiness
14. Forensic Readiness Planning
1. Define the business scenarios that might require the collection of digital
evidence.
2. Identify the potential available evidence.
3. Determine the evidence collection requirement.
4. Designate procedures for securely collecting evidence that meets the
defined requirement in a forensically
acceptable manner.
5. Establish a policy for securely handling and storing the collected
evidence.
6. Ensure that the monitoring process is designed to detect and prevent
unexpected or adverse incidents.
7. Ensure investigative staff members are properly trained and capable of
completing any task related to
evidence collection and preservation.
8. Create step-by-step documentation of all activities performed and their
impact.
9. Ensure authorized review to facilitate action in response to the incident.
15. âany illegal act that involves a computer, its systems,
or its applications.â
Define of Cyber Crime
16. Modes of Attack
Insider attack occurs when there is a breach of trust from
employees within the organization. Insiders are likely to have
specific goals and objectives, and have legitimate access to the
system.
Insider Attack
These types of attacks originate from outside of an organization.
The attacker is either hired by an insider or an external entity to
destroy a competitorâs reputation.
Outsider Attack
17. Types of Attack
Identity theft
According to the U.S. Department of Justice (USDOJ), identity theft
refers to all types of crime in which someone wrongfully obtains and
uses another personâs personal data in a way that involves fraud or
deception, typically for economic gain. Common forms of identity
theft are shoulder surfing, dumpster diving, spamming, spoofing,
phishing, and skimming. The criminal steals a personâs identity by
stealing e-mail, information from computer databases, or
eavesdropping on transactions over the Internet.
18. Types of Attack
Hacking
Hacking is a practice used to obtain illegal access to computer
systems owned by private corporations or government agencies in
order to modify computer hardware and software. People who are
involved in hacking are often referred to as hackers.
19. Types of Attack
Computer Viruses And Worms
Viruses and worms are software programs with malicious code.
These programs are designed to spread from one computer to
another. Viruses can affect machines and seek to affect other
vulnerable systems through applications such as an e-mail client.
Worms seek to replicate themselves over the network, thereby
exhausting resources and creating malfunctions. Trojan horses and
backdoors are programs that allow an intruder to retain access to a
compromised machine.
20. Child pornography
Child pornography refers to the sexual exploitation or abuse of a
child. It can be defined as any means of depicting or promoting the
sexual exploitation of a child including written, audio, or video
material which focuses on the childâs sexual behavior or genitals.
The Internet provides a means for child pornographers to both find
children to exploit and to share pornographic material with others.
Types of Attack