Computer Forensics

1
(No Transcript)
2
Computer Forensics
3
Presented By

• Anam Sattar
• Anum Ijaz
• Tayyaba Shaffqat
• Daniyal Qadeer Butt
• Usman Rashid

4
The Field of Computer Forensics

• What is Computer Forensics?
• Scientific process of preserving, identifying,
  extracting, documenting and interpreting data on
  computers.
•  
• used to obtain potential legal evidence.
•  
• computer forensic is the application of computer
  investigation and analysis techniques in the
  interests  of determining potential legal
  evidence.
•  
• computer forensic is also called digital
  forensic, network forensic, or cyber forensic.

5
History of Computer Forensics

• 1.father of computer Forensic
• "Michael Enderson"
• 2.meeting in 1988 (Portland ,Oregon)
•       Creation of IACIS.

6
Advantages of Computer Forensics

• Ability to search through a massive amount of
  data
• Quickly
• Thoroughly
• In any language

7
Disadvantages of Computer Forensics

• 1.privacy concern
• 2.data corruption

8
Importance of computer forensic.

• Computer evidence are popular in cases such as
  fraud, harassment, theft of trade secrets.
• Computer forensic experts are often the only ones
  that can crack technology-based cases. Anyone can
  turn on a computer and do a basic search for a
  missing file but not everyone can find a missing
  file that someone else doesnt want found. So if
  you want a wining case, hiring highly qualified
  experts makes all the difference.

9
Computer Forensics process
10
Computer Forensics process

• Can be simple or complex depending upon
  circumstances.
• Specialist looks for the information related to
  the incident.
• It may be limited by a search warrant or time.

11
Gathering of Information
12
First Step Gathering of Information

• Investigator is guided by search warrant to seize
  all the material.
• Corporate forensics specialist is guided by the
  availability of equipment.
• Despite of provided guidelines, many items are
  considered for collection examination.

13
Items needed to be considered for collection

• Computer Media
• Hard Disk
• Removable Hard Disk
• USB flash drives
• Flash memory card
• Optical disc

14
Computers and Peripherals
15
Computers and Peripherals

• Every part of the computer needs to be considered
  for examination.
• all the equipment
• must be taken under
• possession.

16
Other computer and network hardware
17
Other computer and network hardware

• The computers forensics should also include
  digital devices like routers, digital cameras,
  smart phones and other personal mobile devices.
• Should also look for computers connected with
  wireless connection.

18
Computer software
19
Computer software

• Its is impossible to examine files without the
  proper application software.
• The user of the suspect computer might have
  installed specialized, custom or a very old
  software.
• So the specialist should also look out for the
  proper software.

20
Step 2 In the computer Forensics Lab
21
In the computer Forensics Lab

• When the gathered material are in the forensics
  lab, the investigation can begin.
• It compromises of following steps
• Preserve the media
• Extract evidence
• Analyze computer media
• Document results

22
During this process

• We should make sure that
• No information is modified.
• The original hard disk should never be used to
  boot a computer.
• Specialized tools must be used to maintain the
  integrity of the data and make sure that it stays
  in its original form.

23
Computer Forensics Tools
24
Computer Forensics Tools

• A computer forensic tool refers to software used
  in the investigations of computer-related crimes,
  include software for-
• Disk imaging
• Forensic media preparation
• Mobile devices
• String search

25
The Forensic Recovery Of Digital Evidence

• Workstation
• Imaging application
• Analysis tools

26
Fire chief hardware

• Working
• How it can use?
• Connected with computer
• via fire wire connection

27
Fire fly hardware

• It can plug directly into an
• Eide ,IDE ,SAS or
• SATA hard disk.
• It is more preferable than
• the road master
• easier way of transferring data than road master

28
Working of computer forenics

• The purpose of computer forensics techniques is
  to search, preserve and analyze information on
  computer systems to find potential evidence for a
  trial.
• Many of the techniques detectives use in crime
  scene investigations have digital counterparts
  but there are also some unique aspects to
  computer investigations.

29
Working

• Analyzing deleted files
• Traking packet routes
• Analyzing network traffic

30
Working

• Analyzing internet provider logs
• Analyzing chat logs
• Analyzing packet trace

31
working

• Analyzing personal mobile devices
• Analyzing browser history logs

32
Conclusion

• Computer forensics is very important.
• The procedures are important to follow, because
  doing so ensures evidence will be admitted and
  suspects will be more likely to face the
  consequences if found guilty.

33
The End.

• Questions??