SlideShare ist ein Scribd-Unternehmen logo

Computer forensics 1

•Als PPT, PDF herunterladen•
•
J
Jinalkakadiya
1 von 30
Computer Forensics Developed by: 1)Nilam Radadiya
Index • Topics to be covered – Introduction – History – Need of Computer Forensics – Working with Computer Forensics – Tool of Computer Forensics – Cyber Crime – Types of Cyber Crime – Heaking – Virus – Computer Forensics Methodology – Skills Required For Computer Forensics Application – Advantages & Disadvantages
Definition • What is Computer Forensics? – Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis. – Evidence might be required for a wide range of computer crimes and misuses – Multiple methods of • Discovering data on computer system • Recovering deleted, encrypted, or damaged file information • Monitoring live activity • Detecting violations of corporate policy – Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity
History for computer Forensics • 1970 • First crimes cases involving computers, mainly financial fraud • 1980 • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified Fraud Examiners began to seek training in what became computer forensics • SEARCH High Tech Crimes training created • Regular classes began to be taught to Federal agents in California and at FLETC in Georgia • HTCIA formed in Southern California
• 1984 • FBI Magnetic Media Program created. Later it become Computer Analysis and Response Team (CART) • 1987 • Acces Data – Cyber Forensic Company formed • 1988 • Creation of IACIS, the International Association of Computer Investigative Specialists • First Seized Computer Evidence Recovery Specialists (SCERS) classes held • 1993 • First International Conference on Computer Evidence held History for computer Forensics(conti)
History for computer Forensics(conti) • 1995 • International Organization on Computer Evidence (IOCE) formed • 1997 • The G8 countries in Moscow declared that “Law enforcement personnel must be trained and equipped to address high-tech crimes”. • 1998 • In March G8 appointed IICE to create international principles, guidelines and procedures relating to digital evidence • 1998 • INTERPOL Forensic Science Symposium • 1999 • FBI CART case load exceeds 2000 cases, examining 17 terabytes of data • 2000 • First FBI Regional Computer Forensic Laboratory established
Who Needs Computer Forensics? • the computer has invaded our very existence, become a part of our lives, and is an integral part of almost every case — from complex litigation and class actions to contract disputes. Computer crimes are crimes in which computers are used as a tool to facilitate or enable an illegal activity, or have been a target of criminal activity. • Computer forensics services can be used by anyone who thinks a crime or breach of policy or a wrong has been done. They may also be utilized by someone who is defending or protecting themselves or another party and are looking for evidence to prove or disprove the commitment of a crime or breach of information.
Computer Forensic Requirements • Operation Systems – Windows 3.1/95/98/ME/NT/2000/2003/XP – DOS – UNIX – LINUX – VAX/VMS • Software – Familiarity with most popular software packages such as Office • Forensic Tools – Familiarity with computer forensic techniques and the software packages that could be used
There are five basic step to the computer forensics 1)Preparation(of the investigator,not the data) 2)Collection(the data) 3)Examination 4)Analysis 5)Reporting Working:
• The investigator must be properly trained to perform the specific kind of investigation that is at hand .Tools that are used to generate reports for court should be validated. • Computer Forensicsmain aim is to find out the evidence of the crime which is legal.for a person to be a successful computer forensics professional the basic thing that comes to mind is that he himself should step into the shoes of the computer criminal and analyze the case at that perticular time. • More over it is required for the person to gain access to system vai unauthorized way in order to determine how the ciminal might have penetrated the system. Preparation:
Collection of Data:  Evidence from computer systems It can be user created file:address book,email files,audio/video file,internet bookmark,documents,text,spread sheets,database files It can be user protected files hidden files,steganography,encrypted files,password protected files, compressed files,renamed files It can be computer created files backup files,cookies,histroy files,temporary files Evidence can be also obtain from deleted files,free space,boot records, hidden partitions,reserved area, computer date and time
Collection of Data Continue….  Evidence from other devices Smart cards and biometric scanner Digital cameras:images,video,sound,data and time Answering machines Evidence can be also obtain from telephones, scanner,printer,pagers,servers,switches,hubs,routersa and modems
Examination: Examination mean to examine the collection data What they should want to say? How they relates with the crime?
Analysis:- There are many steps in carrying out the entire procedureof computer forensics,but human inteligence really matters a lot.the capasity of the human analysis and intelligent detection of the system can not be comparized.there are steps that should be followed in analysis of computer forensics. First step:- if the computer system is in a network or over an internet then first step of computer forensics analyst is to find out the computer system which was used in commiting the crime. Next step:- is the discovery of the information that is usually in the form of the files.these files includes the normal files over the system or even deleted files.
Reporting:- Once the anaysis is complete, a report is generated the report may be the written report or oral testimony, or combination of both.there are many core differences between computer and physical forensics.the physical forensics focus on identification and individualization. While computer forensics focus on the finding the evidence and analyzing it.therefore it is more difficult to a physical crime scene investigation than the physical forensics processes
Tools: There are main three tools are used in computer forensics 1)Disasseembler 2)disk analyzer 3)Hex editor
Dissembler: A disassembler is a computer programe that translates machine language into assembly language-the inverse opration to that of an assembler. Assembly language source code generally permits the use of symbolic constant and programmer comments.these are usually removed from the assembled machine code by the assembler.if so a disassembler oprating on the machine code would produce disassembly lacking these constant and comments. The dissembled output becomes more difficult for a human to interprete than the original source code.
Disk Analyzer: Disk analyzer is a useful freeware windows 95/98/me/NT utility that allows computer owners to analyze hard disk space.it is easy to use and fast.with the few clicks of your mouse you can make analysis of selected drive or directory. 1)Makes analysis of selected drive or directory 2)Display summary 3)Sort items by size,type,date/time 4)Finds Duplicates 5)Display graphs 6)Prints Reports
Hex Editor: A Hex Editor(Or binary or byte editor is a type of computer program that allows a user to manipulate binary computer files Hex Editor that were designed to edit sector data from floppy or hard disk were sometimes called sector editors or disk editors.in most hex editor application the data of computer file is represented as hexadecimal values grouped in two 8 byte and one group of 16 ASCII characters,nonprintable characters.
Cyber Crime • Definition • The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime – illegal activitiy committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail tracing, credit card fraud, software piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace are on the rise. • Here the definition by Nandini Ramprasad i. "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".
• – National Research Council, "Computers at Risk", 1991. What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet. This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose money".
Types of Cyber Crime • HACKING The act of gaining unauthorized access to a computer system or network and in some cases making unauthorized use of this access. Hacking is also the act by which other forms of cyber-crime (e.g., fraud, terrorism, etc.) are committed. Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user. • VIRUS DISSEMINATION Malicious software that attaches itself to other software. (virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious soft wares) • SOFTWARE PRIVACY Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses world wide are ever increasing due to this crime Can be done in various ways such as end user copying, hard disk loading, Counterfeiting, Illegal downloads from the internet etc
• IRC CRIME Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other Criminals use it for meeting coconspirators. Hackers use it for discussing their exploits / sharing the techniques Pedophiles use chat rooms to allure small children. • CREDIT CARD FRAUD You simply have to type credit card number into www page off the vendor for online transaction If electronic transactions are not secured the credit card numbers can be stolen by the hackers who can misuse this card by impersonating the credit card owner. • PHISHING It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means.
Hacking • Computer hacking is broadly defined as intentionally accesses a computer without authorization or exceeds authorized access. Various state and federal laws govern computer hacking. • The word "hacking" has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts (who refer to cyber- criminals as "crackers"), the second definition is much more commonly used. In particular, the web pages here refer to "hackers" simply because our web-server logs show that every one who reaches these pages are using the second definition as part of their search criteria.
Virus • A computer virus is a computer program that can replicate itself and spread from one computer to another. • A Virus is a small program that embeds itself into other programs. When those other programs are executed, the virus is also executed, and attempts to copy itself into more programs. In this way, it spreads in a manner similar to a biological virus. viruses, by definition, can "infect" any executable code. Accordingly, they are found on floppy and hard disk boot sectors, executable programs, macro languages and executable electronic mail attachments. • viruses can be found using a Virus Scanner or a Virus Wall. Some software products are also available to remove them with a minimum of harm to the "infected" files. • Some viruses are self-modifying, in order to make detection more difficult. Such viruses are called polymorphic (many shapes).
Computer Forensics Methodology 1)Shut Down the Computer. 2)Document and Hardware Configuration of The System. 3)Transport the Computer System to A Secure Location. 4)Make Bit Stream Back ups of Hard Disks and FloppyDisks. 5)Mathematically Verify Data on All Storage Devices. 6)Document the System Date and Time. 7)Make a List of Key Search Words.
8)Evaluate the Windows Swap File. 9)Evaluate Unallocated Space(ErasedFiles). 10)Search Files, File Slack and Unallocated Space for Key Words. 11)Document File Names,Dates and Times. 12)Identify File, Program and Storage Anomalies.(error) 13)Evaluate Program Functionality. 14)Document Your Findings.
Skills Required for Computer Forensics • Programming or computer related experience • Broad understanding of operating systems and applications • Strong analytical skills • Strong computer science fundamentals • Strongs system administrative skills • Knowledge of the latest intruder tools • Knowledge of cryptography and steganography • Strong understanding of the rules of evidence and evidence handling • Ability to be an expert witness in a court of law
Conclusion
Thank You

Empfohlen

computer forensics
computer forensicscomputer forensics
computer forensics
shivi123456
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
Manu Mathew Cherian
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
computer forensics
computer forensicscomputer forensics
computer forensics
Akhil Kumar
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 

Empfohlen

computer forensics
computer forensicscomputer forensics
computer forensics
shivi123456
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
Manu Mathew Cherian
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
computer forensics
computer forensicscomputer forensics
computer forensics
Akhil Kumar
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
Megha Sahu
 
mobile application security
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
One97 Communications Limited
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
Bhupeshkumar Nanhe
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
RoshiniVijayakumar1
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Novizul Evendi
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
Suchita Rawat
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Priya Manik
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hacking
tangytangling
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacy
ch samaram
 

Weitere ähnliche Inhalte

Was ist angesagt?

Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 

Was ist angesagt? (20)

Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Database forensics
Database forensicsDatabase forensics
Database forensics
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
 
mobile application security
mobile application securitymobile application security
mobile application security
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 

Andere mochten auch

Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hacking
tangytangling
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hacker
yanizaki
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
Sudeshna Basak
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
poonam.rwalia
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
Jayaseelan Vejayon
 

Andere mochten auch (7)

Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hacking
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacy
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hacker
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 

Ähnlich wie Computer forensics 1

Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
smile790243
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
forensicsnation
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
forensicsnation
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
forensicsnation
 

Ähnlich wie Computer forensics 1 (20)

Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
cyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricscyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometrics
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptx
 
Scope of Cyber forensics
Scope of Cyber forensicsScope of Cyber forensics
Scope of Cyber forensics
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Digital&computforensic
Digital&computforensicDigital&computforensic
Digital&computforensic
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
computer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikcomputer forensics by amritanshu kaushik
computer forensics by amritanshu kaushik
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
 

Computer forensics 1

  • 2. Index • Topics to be covered – Introduction – History – Need of Computer Forensics – Working with Computer Forensics – Tool of Computer Forensics – Cyber Crime – Types of Cyber Crime – Heaking – Virus – Computer Forensics Methodology – Skills Required For Computer Forensics Application – Advantages & Disadvantages
  • 3. Definition • What is Computer Forensics? – Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis. – Evidence might be required for a wide range of computer crimes and misuses – Multiple methods of • Discovering data on computer system • Recovering deleted, encrypted, or damaged file information • Monitoring live activity • Detecting violations of corporate policy – Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity
  • 4. History for computer Forensics • 1970 • First crimes cases involving computers, mainly financial fraud • 1980 • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified Fraud Examiners began to seek training in what became computer forensics • SEARCH High Tech Crimes training created • Regular classes began to be taught to Federal agents in California and at FLETC in Georgia • HTCIA formed in Southern California
  • 5. • 1984 • FBI Magnetic Media Program created. Later it become Computer Analysis and Response Team (CART) • 1987 • Acces Data – Cyber Forensic Company formed • 1988 • Creation of IACIS, the International Association of Computer Investigative Specialists • First Seized Computer Evidence Recovery Specialists (SCERS) classes held • 1993 • First International Conference on Computer Evidence held History for computer Forensics(conti)
  • 6. History for computer Forensics(conti) • 1995 • International Organization on Computer Evidence (IOCE) formed • 1997 • The G8 countries in Moscow declared that “Law enforcement personnel must be trained and equipped to address high-tech crimes”. • 1998 • In March G8 appointed IICE to create international principles, guidelines and procedures relating to digital evidence • 1998 • INTERPOL Forensic Science Symposium • 1999 • FBI CART case load exceeds 2000 cases, examining 17 terabytes of data • 2000 • First FBI Regional Computer Forensic Laboratory established
  • 7. Who Needs Computer Forensics? • the computer has invaded our very existence, become a part of our lives, and is an integral part of almost every case — from complex litigation and class actions to contract disputes. Computer crimes are crimes in which computers are used as a tool to facilitate or enable an illegal activity, or have been a target of criminal activity. • Computer forensics services can be used by anyone who thinks a crime or breach of policy or a wrong has been done. They may also be utilized by someone who is defending or protecting themselves or another party and are looking for evidence to prove or disprove the commitment of a crime or breach of information.
  • 8. Computer Forensic Requirements • Operation Systems – Windows 3.1/95/98/ME/NT/2000/2003/XP – DOS – UNIX – LINUX – VAX/VMS • Software – Familiarity with most popular software packages such as Office • Forensic Tools – Familiarity with computer forensic techniques and the software packages that could be used
  • 9. There are five basic step to the computer forensics 1)Preparation(of the investigator,not the data) 2)Collection(the data) 3)Examination 4)Analysis 5)Reporting Working:
  • 10. • The investigator must be properly trained to perform the specific kind of investigation that is at hand .Tools that are used to generate reports for court should be validated. • Computer Forensicsmain aim is to find out the evidence of the crime which is legal.for a person to be a successful computer forensics professional the basic thing that comes to mind is that he himself should step into the shoes of the computer criminal and analyze the case at that perticular time. • More over it is required for the person to gain access to system vai unauthorized way in order to determine how the ciminal might have penetrated the system. Preparation:
  • 11. Collection of Data:  Evidence from computer systems It can be user created file:address book,email files,audio/video file,internet bookmark,documents,text,spread sheets,database files It can be user protected files hidden files,steganography,encrypted files,password protected files, compressed files,renamed files It can be computer created files backup files,cookies,histroy files,temporary files Evidence can be also obtain from deleted files,free space,boot records, hidden partitions,reserved area, computer date and time
  • 12. Collection of Data Continue….  Evidence from other devices Smart cards and biometric scanner Digital cameras:images,video,sound,data and time Answering machines Evidence can be also obtain from telephones, scanner,printer,pagers,servers,switches,hubs,routersa and modems
  • 13. Examination: Examination mean to examine the collection data What they should want to say? How they relates with the crime?
  • 14. Analysis:- There are many steps in carrying out the entire procedureof computer forensics,but human inteligence really matters a lot.the capasity of the human analysis and intelligent detection of the system can not be comparized.there are steps that should be followed in analysis of computer forensics. First step:- if the computer system is in a network or over an internet then first step of computer forensics analyst is to find out the computer system which was used in commiting the crime. Next step:- is the discovery of the information that is usually in the form of the files.these files includes the normal files over the system or even deleted files.
  • 15. Reporting:- Once the anaysis is complete, a report is generated the report may be the written report or oral testimony, or combination of both.there are many core differences between computer and physical forensics.the physical forensics focus on identification and individualization. While computer forensics focus on the finding the evidence and analyzing it.therefore it is more difficult to a physical crime scene investigation than the physical forensics processes
  • 16. Tools: There are main three tools are used in computer forensics 1)Disasseembler 2)disk analyzer 3)Hex editor
  • 17. Dissembler: A disassembler is a computer programe that translates machine language into assembly language-the inverse opration to that of an assembler. Assembly language source code generally permits the use of symbolic constant and programmer comments.these are usually removed from the assembled machine code by the assembler.if so a disassembler oprating on the machine code would produce disassembly lacking these constant and comments. The dissembled output becomes more difficult for a human to interprete than the original source code.
  • 18. Disk Analyzer: Disk analyzer is a useful freeware windows 95/98/me/NT utility that allows computer owners to analyze hard disk space.it is easy to use and fast.with the few clicks of your mouse you can make analysis of selected drive or directory. 1)Makes analysis of selected drive or directory 2)Display summary 3)Sort items by size,type,date/time 4)Finds Duplicates 5)Display graphs 6)Prints Reports
  • 19. Hex Editor: A Hex Editor(Or binary or byte editor is a type of computer program that allows a user to manipulate binary computer files Hex Editor that were designed to edit sector data from floppy or hard disk were sometimes called sector editors or disk editors.in most hex editor application the data of computer file is represented as hexadecimal values grouped in two 8 byte and one group of 16 ASCII characters,nonprintable characters.
  • 20. Cyber Crime • Definition • The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime – illegal activitiy committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail tracing, credit card fraud, software piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace are on the rise. • Here the definition by Nandini Ramprasad i. "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".
  • 21. • – National Research Council, "Computers at Risk", 1991. What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet. This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose money".
  • 22. Types of Cyber Crime • HACKING The act of gaining unauthorized access to a computer system or network and in some cases making unauthorized use of this access. Hacking is also the act by which other forms of cyber-crime (e.g., fraud, terrorism, etc.) are committed. Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user. • VIRUS DISSEMINATION Malicious software that attaches itself to other software. (virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious soft wares) • SOFTWARE PRIVACY Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses world wide are ever increasing due to this crime Can be done in various ways such as end user copying, hard disk loading, Counterfeiting, Illegal downloads from the internet etc
  • 23. • IRC CRIME Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other Criminals use it for meeting coconspirators. Hackers use it for discussing their exploits / sharing the techniques Pedophiles use chat rooms to allure small children. • CREDIT CARD FRAUD You simply have to type credit card number into www page off the vendor for online transaction If electronic transactions are not secured the credit card numbers can be stolen by the hackers who can misuse this card by impersonating the credit card owner. • PHISHING It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means.
  • 24. Hacking • Computer hacking is broadly defined as intentionally accesses a computer without authorization or exceeds authorized access. Various state and federal laws govern computer hacking. • The word "hacking" has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts (who refer to cyber- criminals as "crackers"), the second definition is much more commonly used. In particular, the web pages here refer to "hackers" simply because our web-server logs show that every one who reaches these pages are using the second definition as part of their search criteria.
  • 25. Virus • A computer virus is a computer program that can replicate itself and spread from one computer to another. • A Virus is a small program that embeds itself into other programs. When those other programs are executed, the virus is also executed, and attempts to copy itself into more programs. In this way, it spreads in a manner similar to a biological virus. viruses, by definition, can "infect" any executable code. Accordingly, they are found on floppy and hard disk boot sectors, executable programs, macro languages and executable electronic mail attachments. • viruses can be found using a Virus Scanner or a Virus Wall. Some software products are also available to remove them with a minimum of harm to the "infected" files. • Some viruses are self-modifying, in order to make detection more difficult. Such viruses are called polymorphic (many shapes).
  • 26. Computer Forensics Methodology 1)Shut Down the Computer. 2)Document and Hardware Configuration of The System. 3)Transport the Computer System to A Secure Location. 4)Make Bit Stream Back ups of Hard Disks and FloppyDisks. 5)Mathematically Verify Data on All Storage Devices. 6)Document the System Date and Time. 7)Make a List of Key Search Words.
  • 27. 8)Evaluate the Windows Swap File. 9)Evaluate Unallocated Space(ErasedFiles). 10)Search Files, File Slack and Unallocated Space for Key Words. 11)Document File Names,Dates and Times. 12)Identify File, Program and Storage Anomalies.(error) 13)Evaluate Program Functionality. 14)Document Your Findings.
  • 28. Skills Required for Computer Forensics • Programming or computer related experience • Broad understanding of operating systems and applications • Strong analytical skills • Strong computer science fundamentals • Strongs system administrative skills • Knowledge of the latest intruder tools • Knowledge of cryptography and steganography • Strong understanding of the rules of evidence and evidence handling • Ability to be an expert witness in a court of law