Documente Academic
Documente Profesional
Documente Cultură
Forensics
Fall 2007
Definitions
What is Computer Forensics??
Computer forensics is the practice of
collecting,analysing and reporting on
digital data in a way that is legally
admissible.
it can be used in the dectection and
prevention of crime and in any
disputenwhere evidence is stored digitally
Evidence might be required for a wide range
of computer crimes and misuses
Definitions (cont)
What Constitutes Digital Evidence?
Any information being subject to human
intervention or not, that can be extracted from
a computer.
Must be in human-readable format or capable
of being interpreted by a person with
expertise in the subject.
Computer Forensics Examples
Recovering thousands of deleted emails
Performing investigation post employment
termination
Recovering evidence post formatting hard
drive
Computer Forensic Capabilities
Recover deleted files
Find out what external devices have been attached and
what users accessed them
Determine what programs ran
Recover webpages
Recover emails and users who read them
Recover chat logs
Determine file servers used
Discover document’s hidden history
Recover phone records and SMS text messages from
mobile devices
Find malware and data collected
Purpose of Computer Forensics
Classic Forensics
Computer forensics uses technology to search for digital
evidence of a crime
Attempts to retrieve information even if it has been
altered or erased so it can be used in the pursuit of an
attacker or a criminal
Incident Response
Live System Analysis
Computer Forensics
Post-Mortem Analysis
Computer Security Incident
Unauthorized or unlawful intrusions into
computing systems
Scanning a system - the systematic probing of
ports to see which ones are open
Denial–of–Service (DoS) attack - any attack
designed to disrupt the ability of authorized users to
access data .
Malicious Code – any program or procedure that
makes unauthorized modifications or triggers
unauthorized actions (virus, worm, Trojan horse)
Typical Investigations
Theft of Company Secrets
Employee Sabotage
Credit Card Fraud
Financial Crimes
Embezzlement (money or information)
Economic Crimes
Harassment
Major Crimes
Identity Theft
Computer Forensics Users
Law Enforcement
Private Computer Forensic Organizations
Military
University Programs
Computer Security and IT Professionals
Important Factors
Legal procedures
Not compromising evidence
Treat every piece of evidence as it will be used in
court
Documentation*
Chain of Custody
Write Blocks
Imaging
Bit by bit copy of a piece of electronic media
(Hard drive
The Goal
The goal of computer forensics
is to do a structured
investigation and find out
exactly what happened on a
digital system, and who was
responsible for it.
Methodology
Treat every case as if it will end up in the court [1]
Forensics Methodology [1]:
Acquire the evidence without altering or damaging the
origin
Authenticate that your recovered evidence is the same as
the originally seized data
Analyze the data without modifying it
There are essentially three phases for recovering evidence
from a computer system or storage medium. Those phases are:
(1) acquire,
(2) analyze,
(3) report
Course Curriculum
Introduction to Criminal Justice
Computer Ethics
Computer Organization
Binary System
Encryption and Computer Forensics
Steganography: Data Hiding
Introduction to Computer Security: Handling Security
Incidents, Malicious Code
Computer Forensics Evidence and Analysis
More….
Conclusion
With computers becoming more and more
involved in our everyday lives, both
professionally and socially, there is a need for
computer forensics.
This field will be found wheather it was lost,
deleted, damaged or hidden and used to
prosecute individuals that belives they have
successfully beaten the system.
References
[1] Computer Forensics, Incident Response Essentials, Warren
G. Kruse II, Jay G. Heiser, Addison-Wesley
[2] Incident Responce and Computer Forensics, Kevin Mandia,
Chris Prosise, Matt Pepe, McGraw-Hill
[3] Information Security Illuminated, Michael G. Solomon, Mike
Chapple, Jones and Bartlett Publishers, Inc
[4] Computer Forensics, Computer Crime Scene Investigation,
John R. Vacca, Charles River Media Inc
[5] Forensic Computing, A Practitioner's Guide, Tony Sammes
and Brian Jenkinson, Springer.
[6] Mark Pollitt, Computer Forensics: An Approach to Evidence
in Cyberspace,
http://www.digitalevidencepro.com/Resources/Approach.pdf