2. INTRODUCTION
- Digital forensics is a branch of forensic
science encompassing the recovery and investigation of
material found in digital devices, often in relation to computer
crime.
-The technical aspect of an investigation is divided into several
sub-branches, relating to the type of digital devices involved:
computer forensics, network forensics,forensic data analysis
and mobile device forensics.
-The typical forensic process encompasses the seizure, forensic
imaging and analysis of digital media and the production of a
report into collected evidence.
3. NEED FOR DIGITAL FORENSICS
•To ensure the integrity of computer system.
•To focus on the response to hi-tech offenses, started to
intervene the system.
•computer forensics has been efficiently used to track
down the terrorists from the various parts of the world.
•To produce evidence in the court that can lead to the
punishment of the actual.
4. oBegan to evolve more than 30 years ago in US when law
enforcement and military investigators started seeing criminals
get technical.
oOver the next decades, and up to today, the field has exploded.
Law enforcement and the military continue to have a large
presence in the information security and computer forensic field
at the local, state and national level.
oNow a days, Software companies continue to produce newer
and more robust forensic software programs. And law
enforcement and the military continue to identify and train more
and more of their personnel in the response to crimes involving
technology.
HISTORY
5. METHODOLOGY
•Collection: which involves the evidence search, evidence
recognition, evidence collection and documentation.
•Examination: It involves revealing hidden and obscured information and
the relevant documentation.
•Analysis: this looks at at the product of the examination for its significance
and probative value to the case.
•Reporting: this entails writing a report outlining the examination process
and pertinent data recovered from the overall investigation.
6. TYPES OF CYBER CRIME
•HACKING.
•The act of gaining unauthorized access to a computer system or network and in
some cases making unauthorized use of this access.
DENIAL OF SERVICE ATTACK.
This is an act by the criminal, who floods the band width of the victim’s
network or fills his e-mail box with spam mail depriving him of the services he
is entitled to access or provide.
SOFTWARE PIRACY.
Theft of software through the iillegal copying of genuine programs or the
counterfeiting and distribution of products intended to pass for the original
7. •PHISHING
•It is technique of pulling out confidential information from the
bank/financial institutional account holders by deceptive means.
•SPOOFING
•Getting one computer on a network to pretend to have the identity of
another computer, usually one with special access privileges,so as to obtain
access to the other computers on the network.
8. •KALI LINUX- Kali Linux is an open source project that is
maintained and funded by Offensive Security
•BACKTRACK 5R3 (Linux operating system)-This OS has many
forensic tools to analyse any compromised system or find security
holes in that a large amount of open source bundled packages are
installed in this OS.
•OPHCRACK-This tool use to crack the hashes which are generated
by same files of windows ,this tools uses rainbow tables to crack the
hashes.
•.
DIGITAL FORENSICS TOOLS
9. Live incident response-Collects all of the revelent data from
the system that will be used to confirm whether that incident
occurred. Live incident response include collecting volatile
and non volatile data
Volatile vs. Nonvolatile data-
Some of the volatile data that should be collected includes
system date and time, users currently logged on, the internal
routing table, running processes, scheduled jobs, open
files, and process memory dumps.
TECHNIQUE
10. Live analysis-
The examination of computers from within the operating
system using custom forensics or existing tools to extract
evidence
11. Image Forensic Using Exif- Exiftool is a Perl library and a command-line tool that can be used for reading and writing metadata in files
RELATED WORK
16. -Programming or computer-related experience
oBroad understanding of operating systems and applications
oStrong analytical skills
oStrong computer science fundamentals
oStrong system administrative skills
oKnowledge of the latest intruder tools
oKnowledge of cryptography and steganography
oStrong understanding of the rules of evidence and evidence
handling
SKILLS REQUIRED FOR
FORENSIC APPLICATION
17. 1) Internet History Files
2) Temporary Internet Files
3) Slack/Unallocated Space
4) Buddy lists, personal chat room records, P2P, others saved
areas
5) News groups/club lists/posting
6) Settings, folder structure, file names
7) File Storage Dates
8) Software/Hardware added
9) File Sharing ability
TOP 10 LOCATION FOR
EVIDENCE
