SlideShare une entreprise Scribd logo

Network and computer forensics

Télécharger en tant que PPTX, PDF
J
Johnson Ubah

This course introduces the practice of digital investigation as well as reporting of cybercrimes which is most rampant now in our times.

Technologie
1  sur  37
ISN 3244 - Network and Computer Forensics BY ENGR. JOHNSON C. UBAH B.ENG, M.ENG, HCNA, ASM
Course overview This course provides an introduction to the methodology and procedures associated with digital forensic analysis in a network environment and also in a computer system. Students will develop an understanding of the fundamentals associated with the topologies, protocols, and applications required to conduct forensic analysis in a network environment. Students will learn about the importance of network forensic principles, legal considerations, digital evidence controls, and documentation of forensic procedures. This course will incorporate demonstrations and laboratory exercises to reinforce the student’s practical knowhow.
Objectives The needs for computer forensic experts are growing in corporations, law firms, insurance agencies, and law enforcement. Organizations are now realizing that evidence retrieved from computers and other digital media are becoming more relevant to convicting hackers and criminals. Though this digital evidence can be powerful, but if it is not retrieved through proper investigative procedure, it can be easily damaged and ruled inadmissible in a court of law.
Course objective Upon successful completion of this course the student will understand: How to look for digital evidence in both wired and wireless networks and on a computer system. Perform end to end forensic investigations Collect evidence from log files Understand the importance of time synchronization in event logs How to use typical forensic investigation tools Follow a scientific approach to investigate network security events and incidents
Topics covered oIntroduction to computer forensic oOverview of hardware and operating system oData recovery oDigital evidence controls oComputer forensic tools oNetwork forensic oMobile network forensic oComputer crime and legal issues oWireless attack investigation
Introduction to Computer Forensics COMPUTER CRIMES, EVIDENCE, EXTRACTION, PRESERVATION E.T.C
What is computer forensic? Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network.
Why forensic? It provides the forensic team with the best techniques and tools to solve complicated digital-related cases. Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices.
Objectives of computer forensic It helps to recover, analyze, and preserve computer and related materials in such a manner that it helps the investigation agency to present them as evidence in a court of law. It helps to postulate the motive behind the crime and identity of the main culprit. Designing procedures at a suspected crime scene which helps you to ensure that the digital evidence obtained is not corrupted.
Objectives of computer forensic Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to extract the evidence and validate them. Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the malicious activity on the victim Producing a computer forensic report which offers a complete report on the investigation process. Preserving the evidence by following the chain of custody.
Process of Digital forensics Digital forensics entails the following steps: ◦ Identification ◦ Preservation ◦ Analysis ◦ Documentation ◦ Presentation
Forensic process
Forensic process Identification It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format). Electronic storage media can be personal computers, Mobile phones, PDAs, etc. Preservation In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.
Forensic process Analysis In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory. Documentation In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping.
Forensic process Presentation In this last step, the process of summarization and explanation of conclusions is done. However, it should be written in a layperson's terms using abstracted terminologies. All abstracted terminologies should reference the specific details.
Overview of the digital forensics analysis methodology The Cybercrime Lab illustrates an overview of the process with the figure below. The three steps, Preparation/Extraction, Identification, and Analysis, are highlighted because they are the focus.
Preparation/extraction Examiners begin by asking whether there is enough information to proceed. They make sure a clear request is in hand and that there is sufficient data to attempt to answer it. If anything is missing, they coordinate with the requester. Otherwise, they continue to set up the process. ◦ Validation of all hardware and software, to ensure that they work properly. ◦ Duplicates the forensic data provided in the request and verifies its integrity ◦ After examiners verify the integrity of the data to be analyzed, a plan is developed to extract data.
Examiners list leads explicitly to help focus the examination. As they develop new leads, they add them to the list, and as they exhaust leads, they mark them "processed" or "done." For each search lead, examiners extract relevant data and mark that search lead as processed. They add anything extracted to a second list called an "Extracted Data List." Examiners pursue all the search leads, adding results to this second list. Then they move to the next phase of the methodology, identification.
Examiners repeat the process of identification for each item on the Extracted Data List. First, they determine what type of item it is. If it is not relevant to the forensic request, they simply mark it as processed and move on. If an item is relevant to the forensic request, examiners document it on a third list, the Relevant Data List. This list is a collection of data relevant to answering the original forensic request. Identification
Identification After processing the Extracted Data list, examiners go back to any new leads developed. For any new data search leads, examiners consider going back to the Extraction step to process them. Similarly, for any new source of data that might lead to new evidence, examiners consider going all the way back to the process of obtaining and imaging that new forensic data. It is advisable for examiners to inform the requester of their initial findings. It is also a good time for examiners and the requester to discuss what they believe the return on investment will be for pursuing new leads.
Analysis In the analysis phase, examiners connect all the dots and paint a complete picture for the requester. For every item on the Relevant Data List, examiners answer questions like who, what, when, where, and how. They try to explain which user or application created, edited, received, or sent each item, and how it originally came into existence. Examiners also explain where they found it. Most importantly, they explain why all this information is significant and what it means to the case.
Analysis Often examiners can produce the most valuable analysis by looking at when things happened and producing a timeline that tells a coherent story. ◦ For each relevant item, examiners try to explain when it was created, accessed, modified, received, sent, viewed, deleted, and launched. Examiners document all their analysis, and other information relevant to the forensic request, and add it all to a fifth and final list, the "Analysis Results List.“ ◦ This is a list of all the meaningful data that answers who, what, when, where, how, and other questions. Finally, after examiners cycle through these steps enough times, they can respond to the forensic request. They move to the Forensic Reporting phase. This is the step where examiners document findings so that the requester can understand them and use them in the case.
Lists used in forensic analysis oSearch lead list oExtracted lead list oRelevant lead list oNew source of data list oAnalysis result list
Types of Computer forensic
Challenges faced by computer forensic Here, are major challenges faced by the Digital Forensic: ◦ The increase of PC's and extensive use of internet access ◦ Easy availability of hacking tools ◦ Lack of physical evidence makes prosecution difficult. ◦ The large amount of storage space into Terabytes that makes this investigation job difficult. ◦ Any technological changes require an upgrade or changes to solutions
Example Uses of Digital Forensics In recent time, commercial organizations have used digital forensics in following a type of cases: ◦ Intellectual Property theft ◦ Industrial espionage ◦ Employment disputes ◦ Fraud investigations ◦ Inappropriate use of the Internet and email in the workplace ◦ Forgeries related matters ◦ Bankruptcy investigations ◦ Issues concern with the regulatory compliance
Advantages of Digital forensics Here, are pros/benefits of Digital forensics ◦ To ensure the integrity of the computer system. ◦ To produce evidence in the court, which can lead to the punishment of the culprit. ◦ It helps the companies to capture important information if their computer systems or networks are compromised. ◦ Efficiently tracks down cybercriminals from anywhere in the world. ◦ Helps to protect the organization's money and valuable time. ◦ Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action's in the court.
Disadvantages of Digital Forensics Here, are major cos/ drawbacks of using Digital Forensic ◦ Digital evidence accepted into court. However, it is must be proved that there is no tampering ◦ Producing electronic records and storing them is an extremely costly affair ◦ Legal practitioners must have extensive computer knowledge ◦ Need to produce authentic and convincing evidence ◦ If the tool used for digital forensic is not according to specified standards, then in the court of law, the evidence can be disapproved by justice. ◦ Lack of technical knowledge by the investigating officer might not offer the desired result
Computer evidence Computer evidence is data that is harvested from a computer hard drive and utilized in the process of a crime investigation. Because it is relatively easy to corrupt data stored on a hard drive, forensics experts go to great lengths to secure and protect computers that are seized as part of the investigative process. Extracting the data must take place under highly controlled circumstances, and must be accomplished by law enforcement professionals that are specifically trained in the process.
Computer crime Alternatively referred to as cyber crime, e-crime, electronic crime, or hi-tech crime. Computer crime is an act performed by a knowledgeable computer user, sometimes referred to as a hacker that illegally browses or steals a company's or individual's private information.
Computer crimes Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially involving the Internet, represents an extension of existing criminal behaviour alongside some novel illegal activities.
Types of cybercrime/computer crime oBlackmail oIdentity theft oFraud oChild pornography oDigital privacy o Money laundering o Counterfeiting o Spam o Hacking o Denial of service attacks
Preserving Evidence Preserving evidence should be the top priority of those entrusted with gathering and collecting evidence. Evidence collection protocols apply to both pre- collection and post-collection evidence. If evidence is not properly preserved prior to collection, it may be contaminated or destroyed. If evidence is not properly preserved and stored prior to forensic analysis or testing, it may deteriorate, destroying or devaluing it as a source of information.
Preserving Evidence Those responsible for collecting evidence must understand and employ a variety of evidence preservation protocols, depending on the type of evidence. Nevertheless, some guidelines apply to all evidence, such as limitations on the number of individuals allowed to handle the evidence, use of safeguards to minimize contamination, proper collection documentation, acceptable chain-of- evidence documentation, and evidence appropriate storage. As evidence collection methodologies improve, forensic experts develop new protocols to preserve that evidence.
Memorializing the Crime Scene To preserve the appearance of a crime scene, as well as the loci of relevant objects to one another, a crime scene investigator should photograph the crime scene. To improve the usefulness of the photographs for later examination, the investigator should photograph the area from various angles and distances. To give these photographs additional meaning, he should illustrate the scene with a scaled drawing. Further, he should memorialize in writing important impressions, observations and measurements of the scene that photographs cannot capture or record, including smells, temperature, and humidity.
Thanks !!! Questions???

Recommandé

Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 

Recommandé

Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Case study nuix edrm enron data set
Case study nuix edrm enron data setCase study nuix edrm enron data set
Case study nuix edrm enron data setNuix
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
iConference Popovsky
iConference PopovskyiConference Popovsky
iConference PopovskyBrian Rowe
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelCSCJournals
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaMaribel García Arenas
 
C3602021025
C3602021025C3602021025
C3602021025ijceronline
 
Presentation-DFI
Presentation-DFIPresentation-DFI
Presentation-DFIDuaa Shoukat
 
SFScon19 - Alessandro Farina - Open Source Forensics
SFScon19 - Alessandro Farina - Open Source ForensicsSFScon19 - Alessandro Farina - Open Source Forensics
SFScon19 - Alessandro Farina - Open Source ForensicsSouth Tyrol Free Software Conference
 
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...Manoj895639
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
by Warren Jin
by Warren Jin by Warren Jin
by Warren Jin butest
 
Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationUniversitas Pembangunan Panca Budi
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesBRNSSPublicationHubI
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 

Contenu connexe

Tendances

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Case study nuix edrm enron data set
Case study nuix edrm enron data setCase study nuix edrm enron data set
Case study nuix edrm enron data setNuix
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
iConference Popovsky
iConference PopovskyiConference Popovsky
iConference PopovskyBrian Rowe
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelCSCJournals
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaMaribel García Arenas
 
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...Manoj895639
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
by Warren Jin
by Warren Jin by Warren Jin
by Warren Jin butest
 

Tendances (20)

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
Case study nuix edrm enron data set
Case study nuix edrm enron data setCase study nuix edrm enron data set
Case study nuix edrm enron data set
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
iConference Popovsky
iConference PopovskyiConference Popovsky
iConference Popovsky
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation Model
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far Alqatawna
 
C3602021025
C3602021025C3602021025
C3602021025
 
Presentation-DFI
Presentation-DFIPresentation-DFI
Presentation-DFI
 
SFScon19 - Alessandro Farina - Open Source Forensics
SFScon19 - Alessandro Farina - Open Source ForensicsSFScon19 - Alessandro Farina - Open Source Forensics
SFScon19 - Alessandro Farina - Open Source Forensics
 
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...
a-novel-web-attack-detection-system-for-internet-of-things-via-ensemble-class...
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT V
 
by Warren Jin
by Warren Jin by Warren Jin
by Warren Jin
 
Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics Investigation
 

Similaire à Network and computer forensics

A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesBRNSSPublicationHubI
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdfComputer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdffeetshoemart
 
reserach paper on Study Of Digital Forensics Process.docx
reserach paper on Study Of Digital Forensics Process.docxreserach paper on Study Of Digital Forensics Process.docx
reserach paper on Study Of Digital Forensics Process.docxNavneetSaluja5
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceDr. Richard Otieno
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
The Investigative Lab - Nuix
The Investigative Lab - NuixThe Investigative Lab - Nuix
The Investigative Lab - NuixNuix
 
The Investigative Lab - White Paper
The Investigative Lab - White PaperThe Investigative Lab - White Paper
The Investigative Lab - White PaperNuix
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemCSCJournals
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsParaben Corporation
 

Similaire à Network and computer forensics (20)

A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdfComputer Forensics MethodologiesList them and explain each one.P.pdf
Computer Forensics MethodologiesList them and explain each one.P.pdf
 
reserach paper on Study Of Digital Forensics Process.docx
reserach paper on Study Of Digital Forensics Process.docxreserach paper on Study Of Digital Forensics Process.docx
reserach paper on Study Of Digital Forensics Process.docx
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptx
 
Scope of Cyber forensics
Scope of Cyber forensicsScope of Cyber forensics
Scope of Cyber forensics
 
The Investigative Lab - Nuix
The Investigative Lab - NuixThe Investigative Lab - Nuix
The Investigative Lab - Nuix
 
The Investigative Lab - White Paper
The Investigative Lab - White PaperThe Investigative Lab - White Paper
The Investigative Lab - White Paper
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
 

Plus de Johnson Ubah

Supervised learning
Supervised learningSupervised learning
Supervised learningJohnson Ubah
 
Statistical inference with Python
Statistical inference with PythonStatistical inference with Python
Statistical inference with PythonJohnson Ubah
 
Lecture 3 intro2data
Lecture 3 intro2dataLecture 3 intro2data
Lecture 3 intro2dataJohnson Ubah
 
OSI reference Model
OSI reference ModelOSI reference Model
OSI reference ModelJohnson Ubah
 
introduction to data science
introduction to data scienceintroduction to data science
introduction to data scienceJohnson Ubah
 
introduction to machine learning
introduction to machine learningintroduction to machine learning
introduction to machine learningJohnson Ubah
 

Plus de Johnson Ubah (7)

Supervised learning
Supervised learningSupervised learning
Supervised learning
 
Statistical inference with Python
Statistical inference with PythonStatistical inference with Python
Statistical inference with Python
 
Lecture 3 intro2data
Lecture 3 intro2dataLecture 3 intro2data
Lecture 3 intro2data
 
IP Addressing
IP AddressingIP Addressing
IP Addressing
 
OSI reference Model
OSI reference ModelOSI reference Model
OSI reference Model
 
introduction to data science
introduction to data scienceintroduction to data science
introduction to data science
 
introduction to machine learning
introduction to machine learningintroduction to machine learning
introduction to machine learning
 

Dernier

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Dernier (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Network and computer forensics

  • 1. ISN 3244 - Network and Computer Forensics BY ENGR. JOHNSON C. UBAH B.ENG, M.ENG, HCNA, ASM
  • 2. Course overview This course provides an introduction to the methodology and procedures associated with digital forensic analysis in a network environment and also in a computer system. Students will develop an understanding of the fundamentals associated with the topologies, protocols, and applications required to conduct forensic analysis in a network environment. Students will learn about the importance of network forensic principles, legal considerations, digital evidence controls, and documentation of forensic procedures. This course will incorporate demonstrations and laboratory exercises to reinforce the student’s practical knowhow.
  • 3. Objectives The needs for computer forensic experts are growing in corporations, law firms, insurance agencies, and law enforcement. Organizations are now realizing that evidence retrieved from computers and other digital media are becoming more relevant to convicting hackers and criminals. Though this digital evidence can be powerful, but if it is not retrieved through proper investigative procedure, it can be easily damaged and ruled inadmissible in a court of law.
  • 4. Course objective Upon successful completion of this course the student will understand: How to look for digital evidence in both wired and wireless networks and on a computer system. Perform end to end forensic investigations Collect evidence from log files Understand the importance of time synchronization in event logs How to use typical forensic investigation tools Follow a scientific approach to investigate network security events and incidents
  • 5. Topics covered oIntroduction to computer forensic oOverview of hardware and operating system oData recovery oDigital evidence controls oComputer forensic tools oNetwork forensic oMobile network forensic oComputer crime and legal issues oWireless attack investigation
  • 6. Introduction to Computer Forensics COMPUTER CRIMES, EVIDENCE, EXTRACTION, PRESERVATION E.T.C
  • 7. What is computer forensic? Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network.
  • 8. Why forensic? It provides the forensic team with the best techniques and tools to solve complicated digital-related cases. Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices.
  • 9. Objectives of computer forensic It helps to recover, analyze, and preserve computer and related materials in such a manner that it helps the investigation agency to present them as evidence in a court of law. It helps to postulate the motive behind the crime and identity of the main culprit. Designing procedures at a suspected crime scene which helps you to ensure that the digital evidence obtained is not corrupted.
  • 10. Objectives of computer forensic Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to extract the evidence and validate them. Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the malicious activity on the victim Producing a computer forensic report which offers a complete report on the investigation process. Preserving the evidence by following the chain of custody.
  • 11. Process of Digital forensics Digital forensics entails the following steps: ◦ Identification ◦ Preservation ◦ Analysis ◦ Documentation ◦ Presentation
  • 13. Forensic process Identification It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format). Electronic storage media can be personal computers, Mobile phones, PDAs, etc. Preservation In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.
  • 14. Forensic process Analysis In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory. Documentation In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping.
  • 15. Forensic process Presentation In this last step, the process of summarization and explanation of conclusions is done. However, it should be written in a layperson's terms using abstracted terminologies. All abstracted terminologies should reference the specific details.
  • 16. Overview of the digital forensics analysis methodology The Cybercrime Lab illustrates an overview of the process with the figure below. The three steps, Preparation/Extraction, Identification, and Analysis, are highlighted because they are the focus.
  • 17. Preparation/extraction Examiners begin by asking whether there is enough information to proceed. They make sure a clear request is in hand and that there is sufficient data to attempt to answer it. If anything is missing, they coordinate with the requester. Otherwise, they continue to set up the process. ◦ Validation of all hardware and software, to ensure that they work properly. ◦ Duplicates the forensic data provided in the request and verifies its integrity ◦ After examiners verify the integrity of the data to be analyzed, a plan is developed to extract data.
  • 18. Examiners list leads explicitly to help focus the examination. As they develop new leads, they add them to the list, and as they exhaust leads, they mark them "processed" or "done." For each search lead, examiners extract relevant data and mark that search lead as processed. They add anything extracted to a second list called an "Extracted Data List." Examiners pursue all the search leads, adding results to this second list. Then they move to the next phase of the methodology, identification.
  • 19. Examiners repeat the process of identification for each item on the Extracted Data List. First, they determine what type of item it is. If it is not relevant to the forensic request, they simply mark it as processed and move on. If an item is relevant to the forensic request, examiners document it on a third list, the Relevant Data List. This list is a collection of data relevant to answering the original forensic request. Identification
  • 20. Identification After processing the Extracted Data list, examiners go back to any new leads developed. For any new data search leads, examiners consider going back to the Extraction step to process them. Similarly, for any new source of data that might lead to new evidence, examiners consider going all the way back to the process of obtaining and imaging that new forensic data. It is advisable for examiners to inform the requester of their initial findings. It is also a good time for examiners and the requester to discuss what they believe the return on investment will be for pursuing new leads.
  • 21. Analysis In the analysis phase, examiners connect all the dots and paint a complete picture for the requester. For every item on the Relevant Data List, examiners answer questions like who, what, when, where, and how. They try to explain which user or application created, edited, received, or sent each item, and how it originally came into existence. Examiners also explain where they found it. Most importantly, they explain why all this information is significant and what it means to the case.
  • 22.
  • 23. Analysis Often examiners can produce the most valuable analysis by looking at when things happened and producing a timeline that tells a coherent story. ◦ For each relevant item, examiners try to explain when it was created, accessed, modified, received, sent, viewed, deleted, and launched. Examiners document all their analysis, and other information relevant to the forensic request, and add it all to a fifth and final list, the "Analysis Results List.“ ◦ This is a list of all the meaningful data that answers who, what, when, where, how, and other questions. Finally, after examiners cycle through these steps enough times, they can respond to the forensic request. They move to the Forensic Reporting phase. This is the step where examiners document findings so that the requester can understand them and use them in the case.
  • 24. Lists used in forensic analysis oSearch lead list oExtracted lead list oRelevant lead list oNew source of data list oAnalysis result list
  • 25. Types of Computer forensic
  • 26. Challenges faced by computer forensic Here, are major challenges faced by the Digital Forensic: ◦ The increase of PC's and extensive use of internet access ◦ Easy availability of hacking tools ◦ Lack of physical evidence makes prosecution difficult. ◦ The large amount of storage space into Terabytes that makes this investigation job difficult. ◦ Any technological changes require an upgrade or changes to solutions
  • 27. Example Uses of Digital Forensics In recent time, commercial organizations have used digital forensics in following a type of cases: ◦ Intellectual Property theft ◦ Industrial espionage ◦ Employment disputes ◦ Fraud investigations ◦ Inappropriate use of the Internet and email in the workplace ◦ Forgeries related matters ◦ Bankruptcy investigations ◦ Issues concern with the regulatory compliance
  • 28. Advantages of Digital forensics Here, are pros/benefits of Digital forensics ◦ To ensure the integrity of the computer system. ◦ To produce evidence in the court, which can lead to the punishment of the culprit. ◦ It helps the companies to capture important information if their computer systems or networks are compromised. ◦ Efficiently tracks down cybercriminals from anywhere in the world. ◦ Helps to protect the organization's money and valuable time. ◦ Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action's in the court.
  • 29. Disadvantages of Digital Forensics Here, are major cos/ drawbacks of using Digital Forensic ◦ Digital evidence accepted into court. However, it is must be proved that there is no tampering ◦ Producing electronic records and storing them is an extremely costly affair ◦ Legal practitioners must have extensive computer knowledge ◦ Need to produce authentic and convincing evidence ◦ If the tool used for digital forensic is not according to specified standards, then in the court of law, the evidence can be disapproved by justice. ◦ Lack of technical knowledge by the investigating officer might not offer the desired result
  • 30. Computer evidence Computer evidence is data that is harvested from a computer hard drive and utilized in the process of a crime investigation. Because it is relatively easy to corrupt data stored on a hard drive, forensics experts go to great lengths to secure and protect computers that are seized as part of the investigative process. Extracting the data must take place under highly controlled circumstances, and must be accomplished by law enforcement professionals that are specifically trained in the process.
  • 31. Computer crime Alternatively referred to as cyber crime, e-crime, electronic crime, or hi-tech crime. Computer crime is an act performed by a knowledgeable computer user, sometimes referred to as a hacker that illegally browses or steals a company's or individual's private information.
  • 32. Computer crimes Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially involving the Internet, represents an extension of existing criminal behaviour alongside some novel illegal activities.
  • 33. Types of cybercrime/computer crime oBlackmail oIdentity theft oFraud oChild pornography oDigital privacy o Money laundering o Counterfeiting o Spam o Hacking o Denial of service attacks
  • 34. Preserving Evidence Preserving evidence should be the top priority of those entrusted with gathering and collecting evidence. Evidence collection protocols apply to both pre- collection and post-collection evidence. If evidence is not properly preserved prior to collection, it may be contaminated or destroyed. If evidence is not properly preserved and stored prior to forensic analysis or testing, it may deteriorate, destroying or devaluing it as a source of information.
  • 35. Preserving Evidence Those responsible for collecting evidence must understand and employ a variety of evidence preservation protocols, depending on the type of evidence. Nevertheless, some guidelines apply to all evidence, such as limitations on the number of individuals allowed to handle the evidence, use of safeguards to minimize contamination, proper collection documentation, acceptable chain-of- evidence documentation, and evidence appropriate storage. As evidence collection methodologies improve, forensic experts develop new protocols to preserve that evidence.
  • 36. Memorializing the Crime Scene To preserve the appearance of a crime scene, as well as the loci of relevant objects to one another, a crime scene investigator should photograph the crime scene. To improve the usefulness of the photographs for later examination, the investigator should photograph the area from various angles and distances. To give these photographs additional meaning, he should illustrate the scene with a scaled drawing. Further, he should memorialize in writing important impressions, observations and measurements of the scene that photographs cannot capture or record, including smells, temperature, and humidity.