computer forensics
DESCRIPTION
When U delete a file it is not really deletedTRANSCRIPT
![Page 1: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/1.jpg)
Computer
Forensics
LALIT GARG 3610109
CSE-2NDYEAR
![Page 2: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/2.jpg)
IndexWhat is Computer ForensicsObjective of Computer ForensicsWhy Computer ForensicsHistory of Computer ForensicsHow it approachesSteps of InvestigationWhat not to do during InvestigationComputer Forensics Techniques
![Page 3: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/3.jpg)
IndexAnti-ForensicsComputer Forensics ToolsAdvantages of Computer ForensicsDisadvantages of Computer ForensicsConclusions
![Page 4: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/4.jpg)
What is Computer Forensics
Computer forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded
![Page 5: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/5.jpg)
Objective of Computer Forensics
Usually to provide digital evidence of aspecific or general activity
![Page 6: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/6.jpg)
Why Computer Forensics?
- Employee internet abuse- Unauthorized disclosure of corporate information and data - Industrial espionage - Damage assessment - Criminal fraud and deception cases - More general criminal cases- and countless others!
![Page 7: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/7.jpg)
History of Computer Forensics Bankruptcy in Enron in December 2001 Hundreds of employees were left jobless while some
executives seemed to benefit from the company's collapse.
The United States Congress decided to investigate and A specialized detective force began to search through hundreds of Enron employee computers using computer forensics.
![Page 8: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/8.jpg)
How it approaches?
-Secure the subject system (from tampering during the operation)-Take a copy of hard drive (if applicable)-Identify and recovery all files (including those deleted)- Access/copy hidden, protected and temporary files-Study 'special' areas on the drive (eg: residue from previously deleted files)- Investigate data/settings from installed applications/programs
![Page 9: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/9.jpg)
How it approaches….cont
-Assess the system as a whole, including its structure- Consider general factors relating to the users activity- Create detailed report. Throughout the investigation, it is important to stress that a full audit log of your activities should be maintained.
![Page 10: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/10.jpg)
Steps of Investigation
Secure the computer system to ensure that the equipment and data are safe
Find every file on the computer system Recover as much deleted information as possible using
applications Reveal the contents of all hidden files with programs
designed to detect the presence of hidden data Decrypt and access protected files
![Page 11: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/11.jpg)
Cont…
Analyze special areas of the computer's disks Document every step of the procedure Be prepared to testify in court as an expert
witness in computer forensics
![Page 12: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/12.jpg)
What should not be done during investigation?
-Avoid changing date/time stamps (of files for example) or changing data itself-Overwriting of unallocated space (which can happen on re-boot for example). 'Study don't change' is a useful catch-phrase.
![Page 13: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/13.jpg)
Computer Forensics Technique Cross-Drive Analysis(CDA)
Live Analysis
Deleted File Analysis
![Page 14: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/14.jpg)
Anti-Forensics : The Nightmare Programmers design anti-forensic tools to make it hard
or impossible to retrieve information during an investigation
Dozens of ways people can hide information
![Page 15: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/15.jpg)
Anti-Forensics…..contd. Some programs can fool computers by changing the
information in files' headers Programs can divide files up into small sections and
hide each section at the end of other files Programs called packers can insert executable files into
other kinds of files Encryption is another way to hide data Changing the metadata attached to files Some computer applications will erase data if an
unauthorized user tries to access the system
![Page 16: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/16.jpg)
Computer Forensics Tools
Disk imaging software Software or hardware write tools Hashing tools File recovery programs Programs to preserve information in RAM Encryption decoding software Password cracking software
![Page 17: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/17.jpg)
Advantages of Computer Forensics
Ability to search through a massive amount of data
Quickly Thoroughly In any language
![Page 18: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/18.jpg)
Disadvantages of Computer Forensics
Digital evidence accepted into court must prove that there is no
tampering all evidence must be fully
accounted for computer forensic specialists
must have complete knowledge of legal requirements, evidence handling and storage and
documentation procedures
![Page 19: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/19.jpg)
Disadvantages of Computer Forensics
Costsproducing electronic records & preserving them is
extremely costly
Presents the potential for exposing privileged documents
Legal practitioners must have extensive computer knowledge
![Page 20: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/20.jpg)
Conclusion
With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.
![Page 21: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/21.jpg)
Thank You
It’s nice to be important but it is more important to be nice
![Page 22: Computer forensics](https://reader033.vdocuments.net/reader033/viewer/2022052222/546830d2af795985308b541d/html5/thumbnails/22.jpg)
Any Query???