Post on 28-Jan-2015
description
COMPUTER FORENSICS
By Group :-G10Group Members are as:-1:Pradeep Kumar2:Parvez3:Surender Singh
CONTENTSDefinition of Computer ForensicsHistory of Computer ForensicsSteps Of Computer ForensicsCertifications for Computer ForensicComputer Forensic RequirementsCollecting EvidenceUses of Computer forensicsAdvantages of Computer ForensicsDisadvantages of Computer ForensicsComputer forensics labs and centers in IndiaConclusionReferences
THE FIELD OF COMPUTER FORENSICS
What is Computer Forensics?
Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis
Computer forensics is the process of identifying, preserving, and analyzing data and technical items for evidence that will be used in court
THE FIELD OF COMPUTER FORENSICS
Used to obtain potential legal evidence Evidence might be required for a wide
range of computer crimes and misuses Multiple methods of computer forensics
are:Discovering data on computer systemRecovering deleted, encrypted, or damaged file information
Monitoring live activityDetecting violations of corporate policy
Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity
THE FIELD OF COMPUTER FORENSICS
Example:- Recovering thousands of deleted emails Performing investigation post employment
termination Recovering evidence post formatting hard
drive
HISTORY OF COMPUTER FORENSICS
1970s First crimes cases involving computers, mainly financial fraud
1980’s Financial investigators and courts realize that in some cases all the
records and evidences were only on computers. Norton Utilities, “Un-erase” tool created Association of Certified Fraud Examiners began to seek training in
what became computer forensics SEARCH High Tech Crimes training created Regular classes began to be taught to Federal agents in California
and at FLETC in Georgia HTCIA formed in Southern California
HISTORY OF COMPUTER FORENSICS
1984 FBI Magnetic Media Program created... this later becomes
the Computer Analysis and Response Team (CART)
1993 First International Conference on Computer Evidence held
1995 International Organization on Computer Evidence (IOCE)
formed
HISTORY OF COMPUTER FORENSICS
1997 The G8 countries declared that "Law enforcement personnel
must be trained and equipped to address high-tech crimes" in the Moscow
1998 In March G8 appointed IICE to create international
principles for the procedures relating to digital evidence
1998 INTERPOL Forensic Science Symposium
HISTORY OF COMPUTER FORENSICS
1999 FBI CART case load exceeds 2000 cases, examining 17 terabytes of data
2000 First FBI Regional Computer Forensic Laboratory
established
2003 FBI CART case load exceeds 6500 cases, examining 782 terabytes of data
STEPS OF COMPUTER FORENSICS
According to many professionals, Computer Forensics is a four (4) step process
Acquisition Physically or remotely obtaining possession of the
computer, all network mappings from the system, and external physical storage devices
Identification This step involves identifying what data could be
recovered and electronically retrieving it by running various Computer Forensic tools and software suites
STEPS OF COMPUTER FORENSICS
Evaluation Evaluating the information/data recovered to
determine if and how it could be used again the suspect for employment termination or prosecution in court
Presentation This step involves the presentation of evidence
discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence as determined by United States and internal laws
CERTIFICATION FOR COMPUTER INVESTIGATIVE SPECIALISTS
CEECS (Certified Electronic Evidence Collection Specialist Certification) Awarded to individuals who complete the CEECS regional
certification course Also awarded to individuals in the Certified Forensic Computer
Examiner course that successfully pass the written test
CERTIFICATION FOR FORENSIC COMPUTER
EXAMINERInternal Certification Training Program Must successfully complete two week training course
offered by IACIS and correspondence proficiency problems
External Certification Testing Process Not a training course Testing process
Active Law Enforcement
Individuals qualified for IACIS membership
Recertification Every three years must complete recertification process
Must be in good standing with IACIS
Complete proficiency test
A COMPUTER FORENSIC SPECIALIST PROMISES TO:
Do not delete, damage or alter any evidence Protect the computer and files against a virus Handle all evidence properly to prevent any future
damage Keep a log of all work done and by whom Keep any Client-Attorney information that is gained
confidential
COMPUTER FORENSIC REQUIREMENTS
Hardware Familiarity with all internal and external
devices/components of a computer Thorough understanding of hard drives and settings Understanding motherboards and the various chipsets
used Power connections Memory
BIOS Understanding how the BIOS works Familiarity with the various settings and limitations of
the BIOS
COMPUTER FORENSIC REQUIREMENTS
Operation Systems Windows 3.1/95/98/ME/NT/2000/2003/XP DOS UNIX LINUX
Software Familiarity with most popular software packages
such as MS Office Forensic Tools
Familiarity with computer forensic techniques and the software packages that could be used
COLLECTING EVIDENCE Make Exact copies of all
hard drives & disks using computer software Date and Time stamped on each file;
used for timeline
Protect the Computer system Avoid deletion, damage, viruses
and corruption
Discover files Normal Files Deleted Files Password Protected Files Hidden Files Encrypted Files
Reveal all contents of hidden files used by application and operating system
Access contents of password protected files if legally able to do so
Analyze data Print out analysis
Computer System All Files and data Overall opinion
Provide expert consultation/testimony
USES OF COMPUTER FORENSICS
Criminal Prosecutors Rely on evidence obtained from a computer to
prosecute suspects and use as evidence Civil Litigations
Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases
Insurance Companies Evidence discovered on computer can be
used to mollify costs (fraud, worker’s compensation, arson, etc)
USES OF COMPUTER FORENSICS
Private Corporations Obtained evidence from employee computers can
be used as evidence in harassment, fraud, and embezzlement cases
Law Enforcement Officials Rely on computer forensics to backup search warrants
and post-seizure handling Individual/Private Citizens
Obtain the services of professional computer forensic specialists to support claims of harassment, abuse, or wrongful termination from employment
ADVANTAGES OF COMPUTER FORENSICS
Ability to search through a massive amount of data
Quickly Thoroughly In any language
DISADVANTAGES OF COMPUTER FORENSICS
Digital evidence accepted into court must prove that there is no
tampering all evidence must be fully
accounted for computer forensic specialists
must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures
DISADVANTAGES OF COMPUTER FORENSICS
Costs producing electronic records & preserving them is
extremely costly ,
Presents the potential for exposing privileged documents
Legal practitioners must have extensive computer knowledge
COMPUTER FORENSICS LABS AND CENTERS IN
INDIA1. cyber college, Dehradun
2. Secure India (A Group of Cyber Security Specialists), Muzaffarnagar, Uttar Pradesh
3. E2Labs Research & Development Center, Hyderabad, Andhra Pradesh
4. Agape Inc, Nagpur, Maharashtra
5. Appin Technology Lab, Hyderabad, Andhra Pradesh
6. Shoeb Online, Mumbai, Maharashtra
7. ForensicsGuru.com, New Delhi8. I.TECH COMPUTERS - DATA FORENSICS & DATA
RECOVERY, Mumbai
9. Indiaforensic Center of Studies , Pune
10. Focus Forensics Technology Private Limited,Delhi
CONCLUSION With computers becoming more and more
involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.
REFERENCES
http://www.allstateinvestigation.com/ComputerForensicServices.htm
Computer Forensics, Inc. http://www.forensics.com/ http://www.computer-forensic.com/index.html http://www.forensics-research.com/index.php/
computer-forensics/tools/
QUERY?