SlideShare ist ein Scribd-Unternehmen logo

Chapter 3 cmp forensic

Als PPTX, PDF herunterladen
S
shahhardik27
Technologie
1 von 38
Computer Forensics
Computer Forensics
Computer Forensics A process of applying scientific and analytical techniques to computer Operating Systems and File Structures to determining the potential Legal Evidence.
Computer Forensics  It is the practice of lawfully establishing evidence and facts. This is science involving legal evidence that is found in digital storage mediums and in computers.  Subdivisions: - Disk forensics Network forensics Mobile forensics
Role of Computer forensic investigator  Evidence Collection and Chain of Custody  Who Who handled the evidence?  What  What procedures were performed on the evidence?  When  When was the evidence collected and/or transferred to another party?  Where  Where was the evidence collected and stored?  How  How was the evidence collected and stored?  Why  For what purpose was the evidence collected?
Forensics process  Acquire data to be examined  Photographs  Make an image  Review of logical file structure  Review of unallocated space and file slack  Recover deleted data (If any)  Report  Expert testimony
Importance of Evidence "Evidence" is anything the judge allows a jury to consider in reaching a verdict. This can include the testimony of witnesses, photographs of the scene and "demonstrative evidence" such as charts or sample equipment.
Source of Evidence  Slack, Free, Swap, Recycle Bin  Event Logs  Registry  Application files, temp files  E-mail  Browser history and cache
Types of Forensics Live Forensics Non - Live Forensics Post Acquisition Analysis Technologies
Live Forensics Non - Live Forensics •Recovery of volatile data •Imaging •Gathering system information •Cloning •Gathering USB device history •System Explorer •Imaging and Cloning Post Acquisition Analysis •Mathematical authentication of data (Hash) •Virtualization •Malware analysis •Detection of obscene content •Image ballistics •Use of spyware (keyloggers) in investigations •Digital Evidence Analysis
Forensic Imaging & Cloning
Select source medium
Select source medium
Select destination for the image file
Post Acquisition Analysis
Mathematical Authentication of Data
Mathematical Authentication of Data
Select the algorithm •The Information Technology (Certifying Authorities) Amendment Rules, 2009 amended Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 •It is advised that mathematical authentication of digital evidence must be done using either SHA-1 or SHA-2. •MD5 must not be used as such evidence may be unacceptable in a court of law.
Mathematical authentication of digital evidence achieved by using SHA-2.
Mathematical authentication of data Input SHA1 Hash Digest Apple 476432a3e85a0aa21c23f5abd2975a89b6820d63 apple d0be2dc421be4fcd0172e5afceea3970e2f3d940 Apple 476432a3e85a0aa21c23f5abd2975a89b6820d63 a 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
Mathematical Authentication of Data www.crypo.com
Virtualization
Life Cycle of Computer Evidence
Evidence Life Cycle Management Document Management Electronic Discovery Services Create Capture Preserve Collect Process Review Produce Enterprise Document Creation Destroy Evidence Preservation Obligation Repositorie Repository Document Production s Request
Evidence Rule  Admissible  Reliable  Authentic  Complete (no tunnel vision)  Believable
Types of Evidence  Direct Evidence  Real Evidence  Documentary Evidence  Demonstrative Evidence
Computer Evidence Processing Guidelines  Pull the Plug  Document the Hardware Configuration of the System  Transport the Computer System to a Secure Location (Forensics lab)  Make Bit Stream Backups of Hard Disks and Floppy Disks
Computer Evidence Processing Guidelines  Mathematically Authenticate Data on all storage devices (Hash)  Document the System Date and Time  Make a List of Key Search Words  Evaluate the Windows Swap File  Evaluate File Slack
Computer Evidence Processing Guidelines  Evaluate Unallocated Space (Erased Files)  Search Files, File Slack and Unallocated Space for Key Words  Document File Names, Dates and Times  Identify File, Program and Storage
Computer Evidence Processing Guidelines  Evaluate Program Functionality  Document Your Findings  Retain Copies of Software Used
Incidence Response Computer security Incident
Why forensics?  Confirms or dispels whether an incident occurred  Promotes accumulation of accurate information  Establishes controls for proper retrieval and handling of evidence  Protects privacy rights established by law and policy  Minimizes disruption to business and network operations
Why forensics?  Allows for criminal or civil action against perpetrators  Provides accurate reports and useful recommendations  Provides rapid detection and containment  Minimizes exposure and compromise of proprietary data
Why forensics?  Protects your organization’s reputation and assets  Educates senior management  Promotes rapid detection and/or prevention of such incidents in the future (via lessons learned, policy changes, and so on)
Cyber Crime Investigation Lifecycle Incident Expert Witness Awareness Testimony Preliminary Analysis Consultation Prevention Deposition/ Technologies Affidavit Improved Processes Image New Security Policies Acquisition/ Improved Configurations Recovery Preliminary/ Containment Detailed Final Report Analysis Presentation

Empfohlen

Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Computer forensic
Computer forensicComputer forensic
Computer forensicSinggih Prasetya
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic InvestigatorAgape Inc
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsShreya Singireddy
 

Empfohlen

Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Computer forensic
Computer forensicComputer forensic
Computer forensicSinggih Prasetya
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic InvestigatorAgape Inc
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsShreya Singireddy
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
computer forensics
computer forensicscomputer forensics
computer forensicsVaibhav Tapse
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
computer forensics
computer forensics computer forensics
computer forensics samantha jarrett
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Cyber Crimes & Cyber Forensics
Cyber Crimes & Cyber ForensicsCyber Crimes & Cyber Forensics
Cyber Crimes & Cyber Forensicsjahanzebmunawar
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Muzzammil Wani
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Cyber Crimes & Cyber Forensics
Cyber Crimes & Cyber ForensicsCyber Crimes & Cyber Forensics
Cyber Crimes & Cyber Forensicsjahanzebmunawar
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Muzzammil Wani
 

Was ist angesagt? (20)

Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computer forensics
computer forensics computer forensics
computer forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Cyber Crimes & Cyber Forensics
Cyber Crimes & Cyber ForensicsCyber Crimes & Cyber Forensics
Cyber Crimes & Cyber Forensics
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
 

Ähnlich wie Chapter 3 cmp forensic

Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 
Automated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionAutomated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionIJERA Editor
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgJohn M. Kennedy
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
computerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdfcomputerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdfGnanavi2
 
Lessons learned from the Digital Trenches: the experiences of two archivists ...
Lessons learned from the Digital Trenches: the experiences of two archivists ...Lessons learned from the Digital Trenches: the experiences of two archivists ...
Lessons learned from the Digital Trenches: the experiences of two archivists ...samalanmeister
 
Presentation
PresentationPresentation
Presentationwzad
 
Chapter 12Searching the Network1Purpose of Inves.docx
Chapter 12Searching the Network1Purpose of Inves.docxChapter 12Searching the Network1Purpose of Inves.docx
Chapter 12Searching the Network1Purpose of Inves.docxketurahhazelhurst
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Compter Forensics Intro for Students
Compter Forensics Intro for Students Compter Forensics Intro for Students
Compter Forensics Intro for Students Ernest Staats
 
Security From The Big Data and Analytics Perspective
Security From The Big Data and Analytics PerspectiveSecurity From The Big Data and Analytics Perspective
Security From The Big Data and Analytics PerspectiveAll Things Open
 

Ähnlich wie Chapter 3 cmp forensic (20)

Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
 
Automated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionAutomated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data Acquisition
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
computerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdfcomputerforensicppt-160201192341.pdf
computerforensicppt-160201192341.pdf
 
Lessons learned from the Digital Trenches: the experiences of two archivists ...
Lessons learned from the Digital Trenches: the experiences of two archivists ...Lessons learned from the Digital Trenches: the experiences of two archivists ...
Lessons learned from the Digital Trenches: the experiences of two archivists ...
 
Presentation
PresentationPresentation
Presentation
 
IT forensic
IT forensicIT forensic
IT forensic
 
Access data
Access dataAccess data
Access data
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Chapter 12Searching the Network1Purpose of Inves.docx
Chapter 12Searching the Network1Purpose of Inves.docxChapter 12Searching the Network1Purpose of Inves.docx
Chapter 12Searching the Network1Purpose of Inves.docx
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh t
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
 
Compter Forensics Intro for Students
Compter Forensics Intro for Students Compter Forensics Intro for Students
Compter Forensics Intro for Students
 
Security From The Big Data and Analytics Perspective
Security From The Big Data and Analytics PerspectiveSecurity From The Big Data and Analytics Perspective
Security From The Big Data and Analytics Perspective
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 

Kürzlich hochgeladen

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Kürzlich hochgeladen (20)

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Chapter 3 cmp forensic

  • 3. Computer Forensics A process of applying scientific and analytical techniques to computer Operating Systems and File Structures to determining the potential Legal Evidence.
  • 4. Computer Forensics  It is the practice of lawfully establishing evidence and facts. This is science involving legal evidence that is found in digital storage mediums and in computers.  Subdivisions: - Disk forensics Network forensics Mobile forensics
  • 5. Role of Computer forensic investigator  Evidence Collection and Chain of Custody  Who Who handled the evidence?  What  What procedures were performed on the evidence?  When  When was the evidence collected and/or transferred to another party?  Where  Where was the evidence collected and stored?  How  How was the evidence collected and stored?  Why  For what purpose was the evidence collected?
  • 6. Forensics process  Acquire data to be examined  Photographs  Make an image  Review of logical file structure  Review of unallocated space and file slack  Recover deleted data (If any)  Report  Expert testimony
  • 7. Importance of Evidence "Evidence" is anything the judge allows a jury to consider in reaching a verdict. This can include the testimony of witnesses, photographs of the scene and "demonstrative evidence" such as charts or sample equipment.
  • 8. Source of Evidence  Slack, Free, Swap, Recycle Bin  Event Logs  Registry  Application files, temp files  E-mail  Browser history and cache
  • 9. Types of Forensics Live Forensics Non - Live Forensics Post Acquisition Analysis Technologies
  • 10. Live Forensics Non - Live Forensics •Recovery of volatile data •Imaging •Gathering system information •Cloning •Gathering USB device history •System Explorer •Imaging and Cloning Post Acquisition Analysis •Mathematical authentication of data (Hash) •Virtualization •Malware analysis •Detection of obscene content •Image ballistics •Use of spyware (keyloggers) in investigations •Digital Evidence Analysis
  • 14. Select destination for the image file
  • 18. Select the algorithm •The Information Technology (Certifying Authorities) Amendment Rules, 2009 amended Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 •It is advised that mathematical authentication of digital evidence must be done using either SHA-1 or SHA-2. •MD5 must not be used as such evidence may be unacceptable in a court of law.
  • 19. Mathematical authentication of digital evidence achieved by using SHA-2.
  • 20. Mathematical authentication of data Input SHA1 Hash Digest Apple 476432a3e85a0aa21c23f5abd2975a89b6820d63 apple d0be2dc421be4fcd0172e5afceea3970e2f3d940 Apple 476432a3e85a0aa21c23f5abd2975a89b6820d63 a 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
  • 21. Mathematical Authentication of Data www.crypo.com
  • 23.
  • 24.
  • 25.
  • 26. Life Cycle of Computer Evidence
  • 27. Evidence Life Cycle Management Document Management Electronic Discovery Services Create Capture Preserve Collect Process Review Produce Enterprise Document Creation Destroy Evidence Preservation Obligation Repositorie Repository Document Production s Request
  • 28. Evidence Rule  Admissible  Reliable  Authentic  Complete (no tunnel vision)  Believable
  • 29. Types of Evidence  Direct Evidence  Real Evidence  Documentary Evidence  Demonstrative Evidence
  • 30. Computer Evidence Processing Guidelines  Pull the Plug  Document the Hardware Configuration of the System  Transport the Computer System to a Secure Location (Forensics lab)  Make Bit Stream Backups of Hard Disks and Floppy Disks
  • 31. Computer Evidence Processing Guidelines  Mathematically Authenticate Data on all storage devices (Hash)  Document the System Date and Time  Make a List of Key Search Words  Evaluate the Windows Swap File  Evaluate File Slack
  • 32. Computer Evidence Processing Guidelines  Evaluate Unallocated Space (Erased Files)  Search Files, File Slack and Unallocated Space for Key Words  Document File Names, Dates and Times  Identify File, Program and Storage
  • 33. Computer Evidence Processing Guidelines  Evaluate Program Functionality  Document Your Findings  Retain Copies of Software Used
  • 35. Why forensics?  Confirms or dispels whether an incident occurred  Promotes accumulation of accurate information  Establishes controls for proper retrieval and handling of evidence  Protects privacy rights established by law and policy  Minimizes disruption to business and network operations
  • 36. Why forensics?  Allows for criminal or civil action against perpetrators  Provides accurate reports and useful recommendations  Provides rapid detection and containment  Minimizes exposure and compromise of proprietary data
  • 37. Why forensics?  Protects your organization’s reputation and assets  Educates senior management  Promotes rapid detection and/or prevention of such incidents in the future (via lessons learned, policy changes, and so on)
  • 38. Cyber Crime Investigation Lifecycle Incident Expert Witness Awareness Testimony Preliminary Analysis Consultation Prevention Deposition/ Technologies Affidavit Improved Processes Image New Security Policies Acquisition/ Improved Configurations Recovery Preliminary/ Containment Detailed Final Report Analysis Presentation

Hinweis der Redaktion

  1. Mathematical authentication of digital evidence is achieved by using suitable hash functions. The MD5 hash algorithm that at one time was considered suitable. MD5 was prescribed as suitable by Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000.MD5 was subsequently proven weak by mathematicians. In fact, Asian School of Cyber Laws had filed a public interest litigation in the Bombay High Court on the same issue.Subsequently, the Information Technology (Certifying Authorities) Amendment Rules, 20091 amendedthe Rule 6 mentioned above and MD5 was replaced by SHA-2.It is advised that in Digital Forensics and Investigations, mathematical authentication of digital evidence must be done using either SHA-1 or SHA-2. MD5 must not be used as such evidence may be unacceptable in a court of law.