SlideShare ist ein Scribd-Unternehmen logo

Review on Cyber Forensics - Copy.pptx

V
VaishnaviBorse8

The document provides an overview of cyber forensics. It discusses how cyber forensics has become important for investigations due to increasing internet crimes. It outlines the typical phases of cyber forensics investigations - identification, acquisition, analysis, and reporting. The identification phase deals with identifying evidence and preserving the chain of custody. The acquisition phase involves creating copies of digital evidence like hard disk images. The analysis phase examines the acquired evidence to find relevant pieces. Finally, the reporting phase documents the findings and conclusions. A variety of cyber forensics tools are also mentioned.

Wissenschaft
1 von 17
Review on Cyber Forensics Presented by: Vaishnavi Borse, M.Sc. I yr.
I. Introduction:  Computing devices has become an integral part of our lives.  This device with the Internet, have given predators a new tool with which to pursue their evil purpose.  Due to the steady increase in instances of cyber terrorism, Internet fraud, and constantly evolving viruses, computer forensics has, and will increasingly, become more of a focal point for government and law enforcement.  There are several steps and procedures that must be taken to reduce the risk of becoming a victim. There is also a tools available for use by trained individuals in the field of computer forensics  One such way is Cyber forensics, a unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.
 According to Arfid (i), Computer forensics involves the identification, documentation, and interpretation of computer media for using them as evidence and/or to rebuild the crime scenario.  According to Garber (ii), Computer forensics defined as the process of identifying, collecting, preserving, analyzing and presenting the computer- related evidence in a manner that is legally acceptable by court.
A. Importance of computer forensics Computer forensics has become an important part of the judicial process in recent months, the media reported numerous cyber attacks by criminals who know how hacking technique in computer network systems, with this in mind electronic evidence plays a more vital role in court to prove or disprove the actions of an individual in order to obtain a conviction. However, obtaining electronic evidence can be difficult and there may be problems of authenticity, digital evidence must be provided in a way that is admissible in a court of law. Phishing, corporate fraud, intellectual property disputes, theft, breach of contract and asset recovery. Ability to search and analyze a large amount of information quickly and efficiently and to identify key pieces of data that can be used to assist in the formation of a legal case. Valuable data that has been lost, deleted by offenders can be recovered and used to form substantial evidence in court
Oliver et al, (iii), Network forensics involves collection and analysis of network events in order to discover the sources of security attacks. Cyber forensics focuses on real- time, online evidence gathering. Forensics analysis deals with identification, extraction and reporting on data obtained from a computer system. System forensics is performed on standalone machines. N . Data forensics majorly focuses on analysis of volatile and non-volatile data Digital forensic deals with examination and analysis of material found in digital devices,
B . Overview of Cyber Forensics Cyber forensics becoming as a source of investigation because human expert witnesses are important since courts will not recognize software tools such as Encase, Pasco, Ethereal as an expert witness [Meyers and Rogers, (iv) ]. Cyber forensics is useful for many professionals like military, private sector and industry, academia, and law. These areas have many needs including data protection, data acquisition, imaging, extraction, interrogation, normalization, analysis, and reporting. Albert and Robert (ix), focused the cyber forensics international guidelines, related key terms, and tools in their field manual. The objective of Cyber forensics is to identify digital evidence for an investigation with scientific method to draw conclusions.
II. Phases of Cyber Forensics [Cole, (viii)] 1. Identification Phase 2. Acquisition Phase 3. Analysis Phase 4. Reporting Phase 5. Forensics Methodology The identification phase mainly deals with incident identification, evidence collection and checking of the evidence. The acquisition phase saves the state of a computer system that can be further analyzed. The analysis phase collects the acquired data and examines it to find the pieces of evidences. The reporting phase comprises of documentation and evidence retention.
1. Identification Phase • The process of identifying evidence material and its probable location. • Evidence should be handled properly. Basic requirement in evidence collection is evidence must be presented without alteration. This requirement applies to all the phases of forensics analysis • At the time of evidence collection, there is a need of thorough check of system logs, time stamps and security monitors. • Chain of custody is a vital part of computer forensics and the legal system and goal is to protect the integrity of evidence, so evidence should be physically secured in a safe place along with a detailed log. [McQuade and Samuel, (vii) ]
2. Acquisition Phase  The goal of this phase is to save all digital values.  A copy of hard disk is created, which is commonly called as an image.  Kruse and Heiser (vi), described the different methods of acquiring data and their relative advantages and disadvantages.  Three types of forensic acquisition: i. Mirror image. ii. Forensics duplication. iii. Live acquisition.
i. Mirror image: A Mirror image, bit-for-bit copy, involves the backups of entire hard disk. The purpose of having mirror image is evidence available in the case of original system need to be restarted for further analysis ii. Forensic Duplication : Sector-by-sector. An advanced method that makes a copy of every bit without leaving any single bit of the evidence. The resultant may be single large file and must be an exact representation of the original drive at bitstream level. Forensic tool kit (ftk) imager, unix dd command, or encase, access data’s ftk. iii. Live acquisition: Capturing RAM This information may not be recorded in a file system or image backups and it may hold clues related to attacker All currently running processes, open sockets, currently logged users, recent connections etc, are available in volatile information.
3. Analysis phase  Forensic analysis is the process of understanding, re-creating, and analyzing arbitrary events that have gathered from digital sources [Caloyannides, (v)].  There are three types of examinations; limited, partial or full examination  Limited examination covers the data areas that are specified by legal documents. Least time consuming and most common type.  Partial examination deals with prominent areas. Key areas like log files, registry, cookies, E-mail folders and user directories etc.  Full examination requires the examiner to look each and every possible bit of data to find the root causes of the incident. File slack inspection is done in this examination
4. Reporting Phase  The reporting phase comprises of documentation and evidence retention.  The scientific method is used in this phase to draw conclusions based on the gathered evidence.  Based on the Cyber laws and presents the conclusions for corresponding evidence from investigation.  Need of good policy for how long evidence from an incident should be retention.  Factors to be considered in this process are prosecution, data retention and cost.  To meet the retention requirements there is a need of maintaining log archival.The archived logs must be protected to maintain confidentiality and integrity of logs.
5. Forensics Methodology The International Association of Computer Investigative Specialists (IACIS) has developed a forensic methodology which can be summarized as follows:  Protect the Crime Scene, power shutdown for the computer and document the hardware configuration and transport the computer system to a secure location.  Bit Stream backup of digital media, use hash algorithms to authenticate data on all storage devices and document the system date and time .  Search keywords and check file space management (swap file, file slack evaluation, unallocated space).  Evaluate program functionality, document findings/results and retain Copies of software.
III. Cyber forensic tools: Albert and Robert (ix), described various cyber forensics tools and their description: (1) The Coroner’s Toolkit (TCT), is an open source set of forensic tools designed to conduct investigation UNIX systems. (2) The Forensic Toolkit (FTK) is very powerful tool but not simple to use. (3) I2Analyst is a different type of analysis tool from those information security professionals are used to. (4) LogLogic’s LX 2000 is powerful and distributed log analysis tool. (5) NetWitness, security intelligence, is a network traffic security analyzer tool. (6) ProDiscover Incident Response (IR) is a complete IT forensic tool that can access computers over the network to study the network behavior. (7) The Sleuth Kit is one of network forensics tools used to find file
IV. Conclusion  When analyzing cyber forensics, the process of doing so is different than the traditional forensics.  The various phases of Cyber forensics have been discussed and each phase explored with their respective tools.
References: i. Arfid, 2005 , “Have You Been Hacked”? A Primer to Cyber Security and Cyber Forensics”, The Chartered Accountant. [Accessed date: 16-02-2022] ii. Garber, 2021, “Computer Forensics: HighTech Law Enforcement”, IEEE Computer Society’s Computer Magazine, 34 (1). [Accessed date: 18-02-2022] iii. Oliver et al, 2019, “E-Mail Authorship Attribution for Computer Forensics”, Applications of Data Mining in Computer Security, Springer. [Accessed date: 19-02-2022] iv. Meyers and Rogers, 2004, “Computer Forensics: the Need for Stand Ardization and Certification”, International Journal of Digital Evidence. [Accessed date: 19-02-2022] v. Caloyannides, 2001, “Computer Forensics and Privacy”. Artech House. [Accessed date: 18-02-2022] vi. Kruse and Heiser, 2002, “Computer Forensics Incident Response Essentials”, Addison Wesley Pearson Education. [Accessed date: 18-02-2022] vii. McQuade and Samuel, 2016, “Understanding and Managing Cybercrime” Pearson Education. [Accessed date: 19-02-2022] viii. Cole, 2010, “Network Security: Bible”, Wiley India Pvt. Ltd. [Accessed date: 20-02- 2022] ix. Albert and Robert, 2018, “Cyber Forensics: A Field Manual for Collecting, Examining and Preserving Evidence of Computer Crimes”, Taylor & Francis Group. [Accessed date: 19-02-2022] x. Whitman and Herbert, 2010, “Principles and Practices of Information Security”,
Thank you!!!

Empfohlen

Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptxHappyness Mkumbo
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
180 184
180 184180 184
180 184Editor IJARCET
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsShreya Singireddy
 

Empfohlen

Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptxHappyness Mkumbo
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
180 184
180 184180 184
180 184Editor IJARCET
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsShreya Singireddy
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptxBhagyasriPatel2
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptxYashPatel132112
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime sceneApplied Forensic Research Sciences
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Security Experts
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...IJCSIS Research Publications
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
cyber forensics
cyber forensicscyber forensics
cyber forensicsAmbuj Kumar
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesBRNSSPublicationHubI
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsZaid Amla
 
A Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsA Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsIRJET Journal
 
Enhancements in the world of digital forensics
Enhancements in the world of digital forensicsEnhancements in the world of digital forensics
Enhancements in the world of digital forensicsIAESIJAI
 
cyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricscyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricsMayank Diwakar
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceDr. Richard Otieno
 
A Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessA Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessEditor IJCATR
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)JIEMS Akkalkuwa
 
Ethical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsEthical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsShanaAneevan
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 
Seismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptxSeismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptxAlMamun560346
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfSumit Kumar yadav
 

Weitere ähnliche Inhalte

Ähnlich wie Review on Cyber Forensics - Copy.pptx

What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Security Experts
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...IJCSIS Research Publications
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesBRNSSPublicationHubI
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsZaid Amla
 
A Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsA Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsIRJET Journal
 
Enhancements in the world of digital forensics
Enhancements in the world of digital forensicsEnhancements in the world of digital forensics
Enhancements in the world of digital forensicsIAESIJAI
 
cyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricscyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricsMayank Diwakar
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceDr. Richard Otieno
 
A Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessA Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessEditor IJCATR
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)JIEMS Akkalkuwa
 
Ethical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsEthical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsShanaAneevan
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 

Ähnlich wie Review on Cyber Forensics - Copy.pptx (20)

What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Forensics|Digital Forensics|Cyber Crime-2023
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
A Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsA Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows Systems
 
Enhancements in the world of digital forensics
Enhancements in the world of digital forensicsEnhancements in the world of digital forensics
Enhancements in the world of digital forensics
 
cyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricscyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometrics
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
 
A Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessA Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation Process
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
 
Ethical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsEthical Hacking And Computer Forensics
Ethical Hacking And Computer Forensics
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh t
 

Kürzlich hochgeladen

Seismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptxSeismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptxAlMamun560346
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfSumit Kumar yadav
 
GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...
GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...
GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...Lokesh Kothari
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)Areesha Ahmad
 
Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​kaibalyasahoo82800
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000Sapana Sha
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxgindu3009
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPirithiRaju
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfSumit Kumar yadav
 
GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)Areesha Ahmad
 
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxCOST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxFarihaAbdulRasheed
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Silpa
 
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls AgencyHire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls AgencySheetal Arora
 
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Monika Rani
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsSérgio Sacani
 
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...ssuser79fe74
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPirithiRaju
 
Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfSumit Kumar yadav
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLkantirani197
 

Kürzlich hochgeladen (20)

Seismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptxSeismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptx
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdf
 
GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...
GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...
GUIDELINES ON SIMILAR BIOLOGICS Regulatory Requirements for Marketing Authori...
 
Site Acceptance Test .
Site Acceptance Test .Site Acceptance Test .
Site Acceptance Test .
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)
 
Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptx
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdf
 
GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)
 
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxCOST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.
 
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls AgencyHire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
 
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
 
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
 
Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdf
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
 

Review on Cyber Forensics - Copy.pptx

  • 1. Review on Cyber Forensics Presented by: Vaishnavi Borse, M.Sc. I yr.
  • 2. I. Introduction:  Computing devices has become an integral part of our lives.  This device with the Internet, have given predators a new tool with which to pursue their evil purpose.  Due to the steady increase in instances of cyber terrorism, Internet fraud, and constantly evolving viruses, computer forensics has, and will increasingly, become more of a focal point for government and law enforcement.  There are several steps and procedures that must be taken to reduce the risk of becoming a victim. There is also a tools available for use by trained individuals in the field of computer forensics  One such way is Cyber forensics, a unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.
  • 3.  According to Arfid (i), Computer forensics involves the identification, documentation, and interpretation of computer media for using them as evidence and/or to rebuild the crime scenario.  According to Garber (ii), Computer forensics defined as the process of identifying, collecting, preserving, analyzing and presenting the computer- related evidence in a manner that is legally acceptable by court.
  • 4. A. Importance of computer forensics Computer forensics has become an important part of the judicial process in recent months, the media reported numerous cyber attacks by criminals who know how hacking technique in computer network systems, with this in mind electronic evidence plays a more vital role in court to prove or disprove the actions of an individual in order to obtain a conviction. However, obtaining electronic evidence can be difficult and there may be problems of authenticity, digital evidence must be provided in a way that is admissible in a court of law. Phishing, corporate fraud, intellectual property disputes, theft, breach of contract and asset recovery. Ability to search and analyze a large amount of information quickly and efficiently and to identify key pieces of data that can be used to assist in the formation of a legal case. Valuable data that has been lost, deleted by offenders can be recovered and used to form substantial evidence in court
  • 5. Oliver et al, (iii), Network forensics involves collection and analysis of network events in order to discover the sources of security attacks. Cyber forensics focuses on real- time, online evidence gathering. Forensics analysis deals with identification, extraction and reporting on data obtained from a computer system. System forensics is performed on standalone machines. N . Data forensics majorly focuses on analysis of volatile and non-volatile data Digital forensic deals with examination and analysis of material found in digital devices,
  • 6. B . Overview of Cyber Forensics Cyber forensics becoming as a source of investigation because human expert witnesses are important since courts will not recognize software tools such as Encase, Pasco, Ethereal as an expert witness [Meyers and Rogers, (iv) ]. Cyber forensics is useful for many professionals like military, private sector and industry, academia, and law. These areas have many needs including data protection, data acquisition, imaging, extraction, interrogation, normalization, analysis, and reporting. Albert and Robert (ix), focused the cyber forensics international guidelines, related key terms, and tools in their field manual. The objective of Cyber forensics is to identify digital evidence for an investigation with scientific method to draw conclusions.
  • 7. II. Phases of Cyber Forensics [Cole, (viii)] 1. Identification Phase 2. Acquisition Phase 3. Analysis Phase 4. Reporting Phase 5. Forensics Methodology The identification phase mainly deals with incident identification, evidence collection and checking of the evidence. The acquisition phase saves the state of a computer system that can be further analyzed. The analysis phase collects the acquired data and examines it to find the pieces of evidences. The reporting phase comprises of documentation and evidence retention.
  • 8. 1. Identification Phase • The process of identifying evidence material and its probable location. • Evidence should be handled properly. Basic requirement in evidence collection is evidence must be presented without alteration. This requirement applies to all the phases of forensics analysis • At the time of evidence collection, there is a need of thorough check of system logs, time stamps and security monitors. • Chain of custody is a vital part of computer forensics and the legal system and goal is to protect the integrity of evidence, so evidence should be physically secured in a safe place along with a detailed log. [McQuade and Samuel, (vii) ]
  • 9. 2. Acquisition Phase  The goal of this phase is to save all digital values.  A copy of hard disk is created, which is commonly called as an image.  Kruse and Heiser (vi), described the different methods of acquiring data and their relative advantages and disadvantages.  Three types of forensic acquisition: i. Mirror image. ii. Forensics duplication. iii. Live acquisition.
  • 10. i. Mirror image: A Mirror image, bit-for-bit copy, involves the backups of entire hard disk. The purpose of having mirror image is evidence available in the case of original system need to be restarted for further analysis ii. Forensic Duplication : Sector-by-sector. An advanced method that makes a copy of every bit without leaving any single bit of the evidence. The resultant may be single large file and must be an exact representation of the original drive at bitstream level. Forensic tool kit (ftk) imager, unix dd command, or encase, access data’s ftk. iii. Live acquisition: Capturing RAM This information may not be recorded in a file system or image backups and it may hold clues related to attacker All currently running processes, open sockets, currently logged users, recent connections etc, are available in volatile information.
  • 11. 3. Analysis phase  Forensic analysis is the process of understanding, re-creating, and analyzing arbitrary events that have gathered from digital sources [Caloyannides, (v)].  There are three types of examinations; limited, partial or full examination  Limited examination covers the data areas that are specified by legal documents. Least time consuming and most common type.  Partial examination deals with prominent areas. Key areas like log files, registry, cookies, E-mail folders and user directories etc.  Full examination requires the examiner to look each and every possible bit of data to find the root causes of the incident. File slack inspection is done in this examination
  • 12. 4. Reporting Phase  The reporting phase comprises of documentation and evidence retention.  The scientific method is used in this phase to draw conclusions based on the gathered evidence.  Based on the Cyber laws and presents the conclusions for corresponding evidence from investigation.  Need of good policy for how long evidence from an incident should be retention.  Factors to be considered in this process are prosecution, data retention and cost.  To meet the retention requirements there is a need of maintaining log archival.The archived logs must be protected to maintain confidentiality and integrity of logs.
  • 13. 5. Forensics Methodology The International Association of Computer Investigative Specialists (IACIS) has developed a forensic methodology which can be summarized as follows:  Protect the Crime Scene, power shutdown for the computer and document the hardware configuration and transport the computer system to a secure location.  Bit Stream backup of digital media, use hash algorithms to authenticate data on all storage devices and document the system date and time .  Search keywords and check file space management (swap file, file slack evaluation, unallocated space).  Evaluate program functionality, document findings/results and retain Copies of software.
  • 14. III. Cyber forensic tools: Albert and Robert (ix), described various cyber forensics tools and their description: (1) The Coroner’s Toolkit (TCT), is an open source set of forensic tools designed to conduct investigation UNIX systems. (2) The Forensic Toolkit (FTK) is very powerful tool but not simple to use. (3) I2Analyst is a different type of analysis tool from those information security professionals are used to. (4) LogLogic’s LX 2000 is powerful and distributed log analysis tool. (5) NetWitness, security intelligence, is a network traffic security analyzer tool. (6) ProDiscover Incident Response (IR) is a complete IT forensic tool that can access computers over the network to study the network behavior. (7) The Sleuth Kit is one of network forensics tools used to find file
  • 15. IV. Conclusion  When analyzing cyber forensics, the process of doing so is different than the traditional forensics.  The various phases of Cyber forensics have been discussed and each phase explored with their respective tools.
  • 16. References: i. Arfid, 2005 , “Have You Been Hacked”? A Primer to Cyber Security and Cyber Forensics”, The Chartered Accountant. [Accessed date: 16-02-2022] ii. Garber, 2021, “Computer Forensics: HighTech Law Enforcement”, IEEE Computer Society’s Computer Magazine, 34 (1). [Accessed date: 18-02-2022] iii. Oliver et al, 2019, “E-Mail Authorship Attribution for Computer Forensics”, Applications of Data Mining in Computer Security, Springer. [Accessed date: 19-02-2022] iv. Meyers and Rogers, 2004, “Computer Forensics: the Need for Stand Ardization and Certification”, International Journal of Digital Evidence. [Accessed date: 19-02-2022] v. Caloyannides, 2001, “Computer Forensics and Privacy”. Artech House. [Accessed date: 18-02-2022] vi. Kruse and Heiser, 2002, “Computer Forensics Incident Response Essentials”, Addison Wesley Pearson Education. [Accessed date: 18-02-2022] vii. McQuade and Samuel, 2016, “Understanding and Managing Cybercrime” Pearson Education. [Accessed date: 19-02-2022] viii. Cole, 2010, “Network Security: Bible”, Wiley India Pvt. Ltd. [Accessed date: 20-02- 2022] ix. Albert and Robert, 2018, “Cyber Forensics: A Field Manual for Collecting, Examining and Preserving Evidence of Computer Crimes”, Taylor & Francis Group. [Accessed date: 19-02-2022] x. Whitman and Herbert, 2010, “Principles and Practices of Information Security”,