Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Computer Forensics

    Hochgeladen von

    Manjeet Kaur
    79 Ansichten20 Seiten
    Computer forensics is the scientific process of preserving, identifying, extracting, documenting and interpreting data from computers to obtain legal evidence. It has historically been used by government agencies, corporations and individuals. There are advantages like quickly searching large amounts of data, but also disadvantages like high costs and needing to prove evidence was not tampered with. Common techniques used include data acquisition, identification, evaluation and presentation. Methods of hiding data include steganography and modifying HTTP requests, while recovery methods involve software analysis, disk analysis and firewall filtering. Anti-forensics techniques also aim to limit evidence collection.

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PPT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Computer forensics is the scientific process of preserving, identifying, extracting, documenting and interpreting data from computers to obtain legal evidence. It has historically been used by government agencies, corporations and individuals. There are advantages like quickly searching large amounts of data, but also disadvantages like high costs and needing to prove evidence was not tampered with. Common techniques used include data acquisition, identification, evaluation and presentation. Methods of hiding data include steganography and modifying HTTP requests, while recovery methods involve software analysis, disk analysis and firewall filtering. Anti-forensics techniques also aim to limit evidence collection.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    79 Ansichten20 Seiten

    Computer Forensics

    Hochgeladen von

    Manjeet Kaur
    Computer forensics is the scientific process of preserving, identifying, extracting, documenting and interpreting data from computers to obtain legal evidence. It has historically been used by government agencies, corporations and individuals. There are advantages like quickly searching large amounts of data, but also disadvantages like high costs and needing to prove evidence was not tampered with. Common techniques used include data acquisition, identification, evaluation and presentation. Methods of hiding data include steganography and modifying HTTP requests, while recovery methods involve software analysis, disk analysis and firewall filtering. Anti-forensics techniques also aim to limit evidence collection.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 20

    Computer Forensics

    Sara Jones CSC 105:05

    Objectives
    The Field of Computer Forensics History of Computer Forensics Collecting Evidence Advantages of Computer Forensics Disadvantages of Computer Forensics How Computer Forensics is used by government, corporate America, and the public Computer Forensic Companies in New Jersey

    The Field of Computer Forensics What is Computer Forensics?


    Scientific

    process of preserving, identifying, extracting, documenting, and interpreting data on computer to obtain potential legal evidence

    Used

    History of Computer Forensics


    Michael Anderson
    Father

    of computer forensics special agent with IRS

    Meeting in 1988 (Portland, Oregon)


    creation

    of IACIS, the International Association of Computer Investigative Specialists the first Seized Computer Evidence Recovery Specialists (SCERS) classes held

    How Evidence is Protected


    A Computer Forensic Specialist promises to: Not delete, damage or alter any evidence Protect the computer and files against a virus Handle all evidence properly to prevent any future damage Keep a log of all work done and by whom Keep any Client-Attorney information that is gained confidential

    Steps of digital forensics


    According to many professionals, Computer Forensics is a four (4) step process -Acquisition Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices -Identification This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites

    Steps of digital forensics(cont.)


    -Evaluation Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court -Presentation This step involves the presentation of evidence discovered in a manner which is understood by lawyers, nontechnically staff/management, and suitable as evidence as determined by United States and internal laws

    Advantages of Computer Forensics


    Ability to search through a massive amount of data
    Quickly Thoroughly In

    any language

    Disadvantages of Computer Forensics


    Digital evidence accepted into court

    must prove that there is no tampering all evidence must be fully accounted for computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures

    Disadvantages of Computer Forensics


    Costs
    producing

    electronic records & preserving them is extremely costly


    Sattar vs. Motorola Inc

    Presents the potential for exposing privileged documents Legal practitioners must have extensive computer knowledge

    Computer Forensic Services in New Jersey

    Computer Forensic Services, LLC All State Investigations, Inc.

    Who uses the digital forensic

    Criminal Prosecutors

    Rely on evidence obtained from a computer to prosecute suspects and use as evidence

    Civil Litigations

    Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases
    Evidence discovered on computer can be used to mollify costs (fraud, workers compensation, arson, etc) Obtained evidence from employee computers can be used as evidence in harassment, fraud, and embezzlement cases

    Insurance Companies

    Private Corporations

    Methods of data hiding


    To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: steganography and marking. Steganography: The art of storing information in such a way that the existence of the information is hidden.

    Methods of data hiding(cont.)


    To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: steganography and marking.
    The duck flies at midnight. Tame uncle Sam
    Simple but effective when done well

    Methods of data hiding(cont.)

    Manipulating HTTP requests by changing (unconstrained) order of elements The order of elements can be preset as a 1 or 0 bit No public software is available for use yet, but the government uses this method for its agents who wish to transfer sensitive information on line Undetectable because there is no standard for the order of elements and it is, in essence, just normal web browsing Encryption: The problem with this is that existence of data is not hidden, instead it draws attention to itself. With strong enough encryption, it doesnt matter if its existence is known

    Methods of recovering data


    Steganalysis Methods - Detection Human Observation Opening a text document in a common word processor may show appended spaces and invisible characters Images and sound/video clips can be viewed or listened to and distortions may be found Generally, this only occurs if the amount of data hidden inside the media is too large to be successfully hidden within the media (15% rule) Software analysis Even small amounts of processing can filter out echoes and shadow noise within an audio file to search for hidden information If the original media file is available, hash values can easily detect modifications

    Methods of recovering data


    Steganalysis Methods Detection cont... Disk analysis utilities can search the hard drive for hidden tracks/sectors/data RAM slack is the space from the end of the file to the end of the containing sector. Before a sector is written to disk, it is stored in a buffer somewhere in RAM. If the buffer is only partially filled with information before being committed to disk, remnants from the end of the buffer will be written to disk. In this way, information that was never "saved" can be found in RAM slack on disk. Firewall/Routing filters can be applied to search for hidden or invalid data in IP datagram headers

    ANTI-FORENSICS

    -Software that limits and/or corrupts evidence that could be collected by an investigator -Performs data hiding and distortion -Exploits limitations of known and used forensic tools -Works both on Windows and LINUX based systems -In place prior to or post system acquisition

    Conclusion
    With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.

    Questions????

    Das könnte Ihnen auch gefallen