Suche senden
Hochladen
Chfi V3 Module 01 Computer Forensics In Todays World
•
13 gefällt mir
•
6,539 views
G
gueste0d962
Folgen
Technologie
Kunst & Fotos
Melden
Teilen
Melden
Teilen
1 von 41
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
computer forensics
computer forensics
Vaibhav Tapse
Digital forensics
Digital forensics
Nicholas Davis
Fundamental digital forensik
Fundamental digital forensik
newbie2019
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
Computer forensics and its role
Computer forensics and its role
Sudeshna Basak
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
Digital forensics
Digital forensics
Vidoushi B-Somrah
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
Surajgroupsvideo
Empfohlen
computer forensics
computer forensics
Vaibhav Tapse
Digital forensics
Digital forensics
Nicholas Davis
Fundamental digital forensik
Fundamental digital forensik
newbie2019
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
Computer forensics and its role
Computer forensics and its role
Sudeshna Basak
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
Digital forensics
Digital forensics
Vidoushi B-Somrah
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
Surajgroupsvideo
Computer forensics
Computer forensics
SCREAM138
Cyber forensics
Cyber forensics
pranjal dutta
Computer forensic
Computer forensic
bhavithd
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
Filip Maertens
Digital Forensics
Digital Forensics
Oldsun
Digital forensics
Digital forensics
Vidoushi B-Somrah
Cyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
Memory Forensics
Memory Forensics
n|u - The Open Security Community
CS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
Digital Forensic ppt
Digital Forensic ppt
Suchita Rawat
Digital Forensic
Digital Forensic
Cleverence Kombe
Digital forensic tools
Digital forensic tools
Parsons Corporation
Computer +forensics
Computer +forensics
Rahul Baghla
Intro to cyber forensics
Intro to cyber forensics
Chaitanya Dhareshwar
Digital forensics
Digital forensics
Roberto Ellis
Digital Forensics
Digital Forensics
Mithileysh Sathiyanarayanan
Current Forensic Tools
Current Forensic Tools
Jyothishmathi Institute of Technology and Science Karimnagar
Mobile Forensics
Mobile Forensics
primeteacher32
Registry Forensics
Registry Forensics
Somesh Sawhney
Introduction to computer forensic
Introduction to computer forensic
Online
Chapter 3 cmp forensic
Chapter 3 cmp forensic
shahhardik27
Computer forensics
Computer forensics
Shreya Singireddy
Weitere ähnliche Inhalte
Was ist angesagt?
Computer forensics
Computer forensics
SCREAM138
Cyber forensics
Cyber forensics
pranjal dutta
Computer forensic
Computer forensic
bhavithd
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
Filip Maertens
Digital Forensics
Digital Forensics
Oldsun
Digital forensics
Digital forensics
Vidoushi B-Somrah
Cyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
Memory Forensics
Memory Forensics
n|u - The Open Security Community
CS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
Digital Forensic ppt
Digital Forensic ppt
Suchita Rawat
Digital Forensic
Digital Forensic
Cleverence Kombe
Digital forensic tools
Digital forensic tools
Parsons Corporation
Computer +forensics
Computer +forensics
Rahul Baghla
Intro to cyber forensics
Intro to cyber forensics
Chaitanya Dhareshwar
Digital forensics
Digital forensics
Roberto Ellis
Digital Forensics
Digital Forensics
Mithileysh Sathiyanarayanan
Current Forensic Tools
Current Forensic Tools
Jyothishmathi Institute of Technology and Science Karimnagar
Mobile Forensics
Mobile Forensics
primeteacher32
Registry Forensics
Registry Forensics
Somesh Sawhney
Introduction to computer forensic
Introduction to computer forensic
Online
Was ist angesagt?
(20)
Computer forensics
Computer forensics
Cyber forensics
Cyber forensics
Computer forensic
Computer forensic
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
Digital Forensics
Digital Forensics
Digital forensics
Digital forensics
Cyber Forensics & Challenges
Cyber Forensics & Challenges
Memory Forensics
Memory Forensics
CS6004 Cyber Forensics
CS6004 Cyber Forensics
Digital Forensic ppt
Digital Forensic ppt
Digital Forensic
Digital Forensic
Digital forensic tools
Digital forensic tools
Computer +forensics
Computer +forensics
Intro to cyber forensics
Intro to cyber forensics
Digital forensics
Digital forensics
Digital Forensics
Digital Forensics
Current Forensic Tools
Current Forensic Tools
Mobile Forensics
Mobile Forensics
Registry Forensics
Registry Forensics
Introduction to computer forensic
Introduction to computer forensic
Andere mochten auch
Chapter 3 cmp forensic
Chapter 3 cmp forensic
shahhardik27
Computer forensics
Computer forensics
Shreya Singireddy
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
GarethKnight
Legal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
Sagar Rahurkar
Cyberwar poster english
Cyberwar poster english
Abbas Badran
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
Kranthi
Computer forensic ppt
Computer forensic ppt
Priya Manik
Andere mochten auch
(7)
Chapter 3 cmp forensic
Chapter 3 cmp forensic
Computer forensics
Computer forensics
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
Legal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
Cyberwar poster english
Cyberwar poster english
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
Computer forensic ppt
Computer forensic ppt
Ähnlich wie Chfi V3 Module 01 Computer Forensics In Todays World
CHFI.pdf
CHFI.pdf
ManjeetSinghBisht4
File000114
File000114
Desmond Devendran
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
Vi Tính Hoàng Nam
Computer Forensics
Computer Forensics
Shreya Singireddy
Computer forensics 1
Computer forensics 1
Jinalkakadiya
Computer forensics vital_for_combating_cyber_crimes
Computer forensics vital_for_combating_cyber_crimes
Vicky Shah
Computer Forensics ppt
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
Computer forensics and Investigation
Computer forensics and Investigation
Neha Raju k
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
prashant3535
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
Prosecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the Web
Darius Whelan
File000146
File000146
Desmond Devendran
Digital forensics
Digital forensics
vishnuv43
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptx
VaishnaviBorse8
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the court
Cell Site Analysis (CSA)
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
File000166
File000166
Desmond Devendran
Digital&computforensic
Digital&computforensic
Rahul Badekar
Cyber forensic 1
Cyber forensic 1
anilinvns
Ähnlich wie Chfi V3 Module 01 Computer Forensics In Todays World
(20)
CHFI.pdf
CHFI.pdf
File000114
File000114
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
Computer Forensics
Computer Forensics
Computer forensics 1
Computer forensics 1
Computer forensics vital_for_combating_cyber_crimes
Computer forensics vital_for_combating_cyber_crimes
Computer Forensics ppt
Computer Forensics ppt
Computer forensics and Investigation
Computer forensics and Investigation
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
Prosecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the Web
File000146
File000146
Digital forensics
Digital forensics
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptx
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the court
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
File000166
File000166
Digital&computforensic
Digital&computforensic
Cyber forensic 1
Cyber forensic 1
Kürzlich hochgeladen
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Kürzlich hochgeladen
(20)
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Chfi V3 Module 01 Computer Forensics In Todays World
1.
Co pute ac
g Computer Hacking Forensics Investigator Version 3 Module I Computer Forensics in Today’s World y
2.
Scenario Jacob,
a senior management official of a software giant is accused by his junior staff of sexually harassment. Rachel, the complainant, has accused Jacob of sending email asking sexual favors in return for her annual performance hike Ross, a computer forensics investigator, is hired by the , p g , y software giant to investigate the case If found guilty, Jacob stands to loose his job and may face imprisonment up to three years, along with a fine of $ 15,000 Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
3.
Forensic News
Source: http://www.infoworld.com/article/06/08/10/HNinterceptingemail_1.html Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
4.
Module Objective
This module will familiarize you with the following: Computer forensics Stages of forensic investigation History of computer forensics in tracking cyber criminals Objective of computer forensics Rules of computer forensics Computer facilitated crimes Digital forensics g Reasons for cyber attacks Approach the crime scene Computer forensics flaws and Where and when do you use y risks computer forensics Modes of attacks Legal issues Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
5.
Module Flow
Introduction History Objective of forensics Computer fforensics i Computer f ili C facilitated d Reasons for cyber attacks flaws and risks crimes Stages of Rules of Digital forensics forensic investigation computer forensics Where and when to use Approach to Legal issues computer forensics the crime scene Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
6.
Introduction
Cyber activity has become an important part of our daily lives Importance of computer forensics: • 85% of business and government agencies detected security breaches • The FBI estimates that the United States loses up t $ billi a year t cyber crime l to $10 billion to b i Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
7.
History of Forensics
Francis Galton (1822-1911) • Made the first recorded study of fingerprints fingerprints. Leone Lattes (1887-1954) • Discovered blood groupings (A,B,AB, & 0). Calvin Goddard (1891-1955) • Allowed Firearms and bullet comparison for solving many pending court cases. Albert Osborn (1858-1946) Alb t O b ( 8 8 6) • Developed essential features of document examination. Hans Gross (1847-1915) • Made use of scientific study to head criminal investigations. FBI (1932) • A Lab was set up to provide forensic services to all field agents and other law authorities across the country. Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
8.
Definition of Forensic
Science Definition: • “Application of physical sciences to law in the search for truth in civil, criminal and social behavioral matters to the end that injustice shall not be done to any member of society.” (Source: Handbook of Forensic Pathology College of American Pathologists 1990) Aim: • To determine the evidential value of a crime scene a d e a ed evidence. and related e de ce Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
9.
Definition of Computer
Forensics Definition: “A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and i f l format.” meaningful f - Dr. H.B. Wolfe Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
10.
What is Computer
Forensics? “The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or p g p p g / administrative proceeding as to what was found.” "Forensic Computing is the science of capturing, processing and investigating data from computers using a methodology whereby any evidence discovered is acceptable in a Court of Law.” Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
11.
Need for Computer
Forensics “Computer forensics is equivalent of surveying a crime scene or performing an autopsy on a victim.” – {Source: James Borek 2001} Presence of a majority of electronic documents Search and identify data in a computer y p Digital evidence can be easily destroyed, if not handled properly For F recovering: i • Deleted files • Encrypted files • Corrupted files Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
12.
Ways of Forensic
Data Collection Forensic Data collection can be categorized: • Background: Data gathered and stored for normal business reasons • Foreground: Data specifically gathered to detect crime, or to identify criminals Issues related t collecting evidence: I l t d to ll ti id • Proper documentation • Duplicating media l d • Preserving evidence • Tests should be repeatable Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
13.
Objectives of Computer
Forensics To recover, analyze, and present computer-based material in such a way that it can be presented as evidence p in a court of law To id tif the id T identify th evidence i short ti in h t time, estimate potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
14.
Benefits of Forensic
Readiness Evidence can be gathered to act in the company's defense if subject to a lawsuit In the event of a major incident, a fast and efficient investigation can be conducted and corresponding actions can be followed with minimal disruption to the business Forensic readiness can extend the target of information security to the wider threat from cyber crime, such as intellectual property protection, fraud, or extortion Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
15.
Categories of Forensics
Data Computer forensics focuses on three categories of data: • Active Data • Latent Data • Archival Data Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
16.
Computer Forensics Flaws
and Risks Computer forensics is in its development stage It differs from other forensic sciences, as digital evidence is examined There is a little theoretical knowledge based upon which empirical hypothesis testing is carried out There is a lack of proper training There is no standardization of tools It i ill I is still more of an “Art” than a “Science” f “A ” h “S i ” Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
17.
Computer Facilitated Crimes
Dependency on computer has given way to new crimes Computers are used as tools for committing crimes Computer crimes pose new challenges for investigators due to their: • Speed • Anonymity • Fl ti nature of evidence Fleeting t f id Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
18.
Type of Computer
Crimes Fraud by computer manipulation Damage to or modifications of computer data or programs Unauthorized access to computer and programs/applications Unauthorized reproduction of computer programs Financial crimes – identity theft, fraud, forgery, theft of funds committed by electronic means Counterfeiting – use of computers and laser printers to print checks, money orders, negotiable securities, store coupons y , g , p Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
19.
Cyber Crime
Cyber crime is defined as “Any illegal act involving a computer, its systems, or its applications.” • Crime directed against a computer • Crime where the computer contains evidence • Crime where the computer is used as a tool to commit the crime “Cyber Crime is a term used broadly to describe criminal activity in which computers or networks are a tool, a target, or a place of criminal activity These categories are not exclusive and many activities can be characterized as falling in one or more categories.” A cyber crime is intentional and not accidental Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
20.
Modes of Attacks
Cyber crime can be categorized into two categories, depending on the way the attack takes place. • Insider Attacks: Breach of trust from employees within the organization • External Attacks: Hackers either hired by an insider or by an y y external entity with aim to destroy competitor’s reputation Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
21.
Examples of Cyber
Crime A few examples of cyber crime include: • Theft of Intellectual Property • Damage of company service networks • Embezzlement • Copyright piracy ( py g p y (software, movie, sound recording) , , g) • Child Pornography • Planting of virus and worms • Password trafficking • E il bombing & SPAM Email b bi Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
22.
Examples of Cyber
Crime (cont’d) The investigation of any crime involves painstaking collection of clues, forensic evidence and attention to detail , This is more so in these days of ‘white collar’ crime where documentary evidence plays a crucial role With an increasing number of households and businesses using computers, coupled with easy Internet access, i i i l d ih it is inevitable that there will be at least one electronic device found during the course of an investigation This may be a computer, but could also be a printer, mobile y p , p , phone, and personal organizer This electronic device may be central to the investigation No matter which, the information held on the computer may be b crucial and must b i i l d be investigated i the proper manner, i d in h especially if any evidence found is to be relied upon in a court of law Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
23.
Examples of Evidence
Examples of how evidence found in a computer may assist in the prosecution or defense of a case are p manifold. A few of these examples are: Use/abuse of the Internet Production of false documents and accounts Encrypted/password protected material Abuse of systems Email contact between suspects/conspirators Theft of commercial secrets Unauthorized transmission of information Records of movements Malicious attacks on the computer systems themselves p y Names and addresses of contacts Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
24.
Stages of Forensic
Investigation in Tracking Cyber Criminals An incident occurs in The client contacts the The advocate contracts which, the company’s hi h h ’ company’s advocate ’ d an external f l forensic i server is compromised for legal advice investigator The FI seizes the The forensic investigator The forensic investigator evidences in the crime (FI) prepares the prepares first response scene & transports bit-stream images of the files of procedures (frp) them to the forensics lab The FI prepares investigation The forensic investigator The forensic investigator reports and concludes the Creates md5 # examines the evidence investigation, enables the of the files files for proof of a crime advocate identify required p oo s de t y equ ed proofs The advocate studies the The forensic investigator The FI handles the report and might press charges usually destroys sensitive report to the against the offensive in all the evidences client in a secure manner the court of law Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
25.
Key Steps in
Forensic Investigations Step 1: Computer crime is suspected Step 2: Collect preliminary evidence p p y Step 3: Obtain court warrant for seizure (if required) Step 4: Perform first responder procedures Step 5: S i evidence at the crime scene S Seize id h i Step 6: Transport them to the forensic laboratory Step 7: Create 2 bit stream copies of the evidence Step 8: Generate MD5 checksum on the images Step 9: Prepare chain of custody Step 10: Store the original evidence in a secure location Step 11: Analyze the image copy for evidence Step 12: Prepare a forensic report Step 13: S b i the report to the client S Submit h h li Step 14: If required, attend the court and testify as expert witness Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
26.
Rules of Computer
Forensics Minimize the option of examining the original evidence Document anyy Follow rules of change in evidence evidence Never exceed Do not tamper the knowledge with the base evidence Handle evidence Always prepare with care chain of custody Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
27.
Rule for Forensic
Investigator Examination of a computer by the technically inexperienced person will almost certainly result in rendering any evidence found inadmissible in a court of law Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
28.
Accessing Computer Forensics
Resources You can obtain • Computer Technology Investigators Resources by joining Northwest various discussion • High Technology Crime Investigation groups such as: Association Joining J i i a network of t k f computer forensic experts and other professionals News services devoted to computer forensics can also be a powerful resource • Journals of forensic investigators Other resources: • Actual case studies Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
29.
Maintaining Professional Conduct
Professional conduct determines the credibility of a forensic investigator Always dress professionally – wear a tie and a coat Investigators must display the highest level of ethics I ti t t di l th hi h t l l f thi and moral integrity, as well as confidentiality Discuss the case at hand only with the person who has the right to k h i h know Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
30.
Understanding Corporate Investigations
Involve private companies who address company policy violations and litigation disputes Company procedures should continue without any interruption from the investigation vest gat o After the investigation the company should minimize or eliminate similar litigations Industrial espionage is the foremost crime in corporate investigations Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
31.
Digital Forensics
The use of scientifically unexpressed and proven methods towards h d d Preserving Collecting C ll i Confirming Digital evidence extracted Identifying d if i from digital sources Analyzing Recording di Presenting Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
32.
Case Study: #
1 Password Recovery Services y A pharmaceutical manufacturer had password protected accounting software files as part of normal security practices to safeguard confidential information. After the bookkeeper’s employment was terminated for poor performance, the Director of Human Resources attempted to open the accounting file and found the file password protected, as expected. The HR Director obtained a copy of the current password that had been stored in an envelope in the department safe (as directed by the company’s security policy). When she attempted to use the password to open the file, she was unsuccessful. Apparently, the former bookkeeper had changed the password and not followed the company policy of placing a copy of the password in the safe. The HR Director emailed the password protected accounting file to TRC. We were able to recover the password within a few hours and email it back to her all in the same afternoon. Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
33.
Case Study: #2
Court Upholds Repayment of Fees Incurred in a Computer Forensic Investigation United States v. Gordon, 393 F.3d 1044 (9th Cir. 2004). After discovering missing stock shares, an employer suspected embezzlement and requested the defendant’s laptop computer for examination. The employer specifically told the defendant not to delete anything from the hard drive. p y p y y g A computer forensic analysis revealed the defendant attempted to overwrite files on the computer by running “Evidence Eliminator,” a software wiping program, at least five times the night before he turned over the computer. The defendant was convicted of embezzlement and ordered to pay restitution, including reimbursing the employer for $1,038,477 of the total $1,268,022 costs spent on the forensic analysis. On appeal, the defendant argued the trial court should not have awarded the employer investigation costs, including the costs of the forensic examination costs examination. The appellate court rejected this argument and affirmed the district court’s award, noting the defendant “purposefully covered his tracks as he concealed his numerous acts of wrongdoing from [his employer] over a period of years. As the victim, [the employer] cannot be faulted for making a concerted effort to pick up his trail and identify all the assets he took amid everything he worked on.” Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
34.
When An Advocate
Contacts The Forensic Investigator, He Specifies How To Approach The Crime Scene p pp Any liabilities from the incident and how they can be managed Finding and prosecuting/punishing (internal versus external culprits) Legal and regulatory constraints on what action can be taken Reputation protection and PR issues When/if to advise partners, customers, and investors How to deal with employees Resolving commercial disputes Any additional measures required Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
35.
Enterprise Theory of
Investigation (ETI) “Rather than viewing criminal acts as isolated crimes, the ETI attempts to show that individuals commit crimes in furtherance of the criminal enterprise itself In other words, individuals commit criminal acts solely to benefit their criminal enterprise “By applying the ETI with favorable state and federal legislation, l enforcement can t l i l ti law f t target and di t d dismantle tl entire criminal enterprises in one criminal indictment.” Source: FBI LAW ENFORCEMENT BULLETIN,THE, May, 2001 by Richard A. Mcfeely Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
36.
Where and When
Do You Use Computer Forensics Where? • To provide a Real Evidence such as reading bar codes, magnetic tapes. • To identify the occurrence of electronic transactions transactions. • To reconstruct an incidence with sequence of events. When? • If a breach of contract occurs. • If copyright and intellectual property theft/misuse happens. • Employee disputes. • Damage to Resources. Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
37.
Legal Issues
It is not always possible for a computer forensics expert to separate the legal issues surrounding the evidence from the practical aspects of computer forensics Ex: The issues related to authenticity, reliability and completeness and convincing The Th approach of investigation di h fi ti ti diverges with change i ith h in technology Evidence shown is to be untampered with and fully accounted for, from the time of collection to the time of presentation to the court. Hence, it must meet the relevant evidence laws Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
38.
Reporting the Results
Report should consist of summary of p y conclusions, observations and all appropriate recommendations. i t d ti Report is based on: • Who has access to the data? • H How could it b made available t an ld be d il bl to investigation? • To what business processes does it relate? Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
39.
Summary
Forensic Computing is the science of capturing, processing and investigating data from computers using a methodology whereby any evidence discovered is acceptable in a court of law. The Th need f computer f d for t forensics h i i has increased d t th presence of a d due to the f majority of digital documents. Computer forensics focuses on three categories of data: active data, latent data and archival data. Cyber crime is defined as any illegal act involving a computer, its systems, or its applications. Forensics results report should consist of summary of conclusions, observations and all appropriate recommendations. b i d ll i d i Copyright © by EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
40.
Copyright © by
EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
41.
Copyright © by
EC-Council EC-Council All rights reserved. Reproduction is strictly prohibited
Jetzt herunterladen