akash seminar

Upload: saurav-ambastha

Post on 05-Apr-2018

242 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/2/2019 Akash Seminar

    1/20

    COMPUTER FORENSICS

    Presentation by:-Akash Kumar

    IT 3rd Yr

    0930913003

  • 8/2/2019 Akash Seminar

    2/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1. Contents

    1.1. Introduction to Computer Forensics 1.2. History of Computer Forensics

    1.3. Definition

    1.4. Need of Computer Forensics

    1.5. Computer Forensics Flaws and Risks

    1.6. Digital Evidence

    1.7. Modes of Attacks

    1.8. Role of Computer Forensics

    1.9.Conclusion

  • 8/2/2019 Akash Seminar

    3/20

    1.1 INTRODUCTIONTO COMPUTERFORENSICS

  • 8/2/2019 Akash Seminar

    4/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1.1 INTRODUCTIONTO COMPUTER FORENSICS

    The digital age has produced many new professions, but oof the most unusual is computer forensics.

    Computer forensics deals with the application of law to ascience.

    Although it is similar to other forms of legal forensics, thecomputer forensics process requires a vast knowledge o

    computer hardware and software in order to avoid theaccidental invalidation or destruction of evidence and topreserve the evidence for later analysis.

  • 8/2/2019 Akash Seminar

    5/20

    1.2 HISTORYOF COMPUTERFORENSICS

  • 8/2/2019 Akash Seminar

    6/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1.2.2 EVOLUTION COMPUTER FORENSICS

    1984 - FBI Computer Analysis and Response Team (CARTemerged

    1991 - International Law Enforcement meeting wasconducted to discuss computer forensics & the need forstandardized approach

    1994 Department of Justice (DOJ) - Federal Guidelines

    for Searching & Seizing Computers

    1997 - FBI- Scientific Working Group on Digital Evidence(SWGDE) was established to develop standards incomputer forensics.

    2001 - USAF - Digital Forensics Research Workshop washeld,

    2003 - Academic - International Journal of Di ital Forensic

  • 8/2/2019 Akash Seminar

    7/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    Computer forensics is defined as a methodical series oftechniques and procedures forgathering evidence, from

    computing equipment and various storage devices anddigital media, that can be presented in a court of law in a

    coherent and meaningful format (Dr. H.B. Wolfe)

    A ccording to Steve Hailey, Cybersecurity Institute,

    computer forensics is The preservation, identification,extraction,interpretation, and documentation of computerevidence, to include the rules of evidence, legal processes

    integrity of evidence, factual reporting of the information

    found, and providing expert opinion in a court of law orother legal and/or administrative proceeding as to what wa

    found.

    1.2.4 Definition of Computer Forensics

  • 8/2/2019 Akash Seminar

    8/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    Need for computer forensics arises from:

    Presence of a majority of electronic documents nowaday

    According to a University of California study, during 1999

    93% of information was generated in digital form, oncomputers

    7% of information originated in other media, such aspaper

    Search and identify data in a computer

    Increasing trail of activities by perpetrators left on

    computers. Digital Evidence is delicate in nature; therefore they mus

    be recorded as early as possible to avoid loss of valuab

    1.2.6 Need for Computer Forensics

  • 8/2/2019 Akash Seminar

    9/20Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    Law enforcement officials, network and systemadministrators of IT firms, attorney and also private

    investigators depend upon qualified computer forensicexperts to investigate their and civil cases.

    An appropriate computer forensics specialist is calledand extend them as much cooperative assistance as

    possible because if there is to be any chance ofrecovering property, locating and successfullyprosecuting the criminal, there must be evidence ofsufficient quantity and quality.

    For recoveringDeleted,Encrypted or,

    1.2.6 Need for Computer Forensics (Cont.)

  • 8/2/2019 Akash Seminar

    10/20

    1.3 COMPUTER FORENSICS FLAWSAND RISKS

  • 8/2/2019 Akash Seminar

    11/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1.3 COMPUTER FORENSICS FLAWSAND RISKS Computer forensics is in its early or development stages

    It is different from other forensic sciences as digital

    evidence is examined

    There is a little theoretical knowledge to base assumptionsfor analysis and standard empirical hypothesis testing whecarried out

    lacks of proper training

    no standardization of tools

    Designations are not entirely professional

    It is still more of an Art than a Science

  • 8/2/2019 Akash Seminar

    12/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1.3 COMPUTER FORENSICS FLAWSAND RISKS (CONT.)

    According to EC-Council, Corporate Espionage Statistic

    Corporate computer security budgets increased at anaverage of 48% in 2002

    62% of the corporate companies had their systemscompromised by virus

    FBI statistics reveal that more than 100 nations areengaged in corporate espionage against US companies

    More than 2230 documented incidents of corporateespionage by the year 2003

  • 8/2/2019 Akash Seminar

    13/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1.4.2 DIGITAL EVIDENCE What is Digital Evidence? Information of probative value stored or transmitted in

    digital form Probative Value - evidence which is sufficiently useful t

    prove something important in a trial Type of Digital Evidence What to seize?

    Storage Media (i.e.. floppies, CDs, thumb drives) Computer (CPU)

    Laptops (always seize power supply)

    External Drives & Media

    Corresponding Devices i.e. tape/tape drive, jaz disk/jaz drive

    Unique software and operating manuals

  • 8/2/2019 Akash Seminar

    14/20

    1.6 MODESFOR ATTACKS

  • 8/2/2019 Akash Seminar

    15/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1.6 MODESFORATTACKS Cyber crime falls into two categories depending on the

    ways attack take place

    Following are the two types of attacks

    Insider Attacks

    Attack from the employee within an organization

    External Attacks

    Attack from the outside by persons who are not withinthe company

    These involve hackers hired by either an insider or anexternal entity whose aim is to destroy a competitors

    reputation.

  • 8/2/2019 Akash Seminar

    16/20

    1.7 ROLEOF COMPUTER FORENSICS

  • 8/2/2019 Akash Seminar

    17/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    1.7.2 RULESOF COMPUTER FORENSIC A good forensic investigator should always follow these

    rules:

    Minimize the option of examining the original evidence

    Instead, examine the duplicate evidence

    Obey rules of evidence and do not tamper with the

    evidence Always prepare a chain of custody, and handle evidence

    with care

    Never exceed the knowledge base of the forensic

    investigation

    Document any changes in evidence

    1 7 3 Th 3 A f C t F i

  • 8/2/2019 Akash Seminar

    18/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    The 3 As of computer forensics methodologies

    Acquireevidence without modification orcorruption Authenticatethat the recovered evidence is sameas th

    originally seized data

    Analyzedata without any alterations

    1.7.3 The 3 As of Computer ForensicsMethodology

  • 8/2/2019 Akash Seminar

    19/20

    Chapter 1 Computer Forensics in Todays World SAK4801 Special Topics in Computer Science II

    CONCLUSION

    With computers becoming more and more involved in our everyda

    lives, both professionally and socially, there is a need for compute

    forensics. This field will enable crucial electronic evidence to b

    found, whether it was lost, deleted, damaged, or hidden, and used tprosecute individuals that believe they have successfully beaten th

    system.

  • 8/2/2019 Akash Seminar

    20/20