Computer +forensics

COMPUTER FORENSICS

By Group :-G10Group Members are as:-1:Pradeep Kumar2:Parvez3:Surender Singh

CONTENTSDefinition of Computer ForensicsHistory of Computer ForensicsSteps Of Computer ForensicsCertifications for Computer ForensicComputer Forensic RequirementsCollecting EvidenceUses of Computer forensicsAdvantages of Computer ForensicsDisadvantages of Computer ForensicsComputer forensics labs and centers in IndiaConclusionReferences

THE FIELD OF COMPUTER FORENSICS

What is Computer Forensics?

Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis

Computer forensics is the process of identifying, preserving, and analyzing data and technical items for evidence that will be used in court


Used to obtain potential legal evidence Evidence might be required for a wide

range of computer crimes and misuses Multiple methods of computer forensics

are:Discovering data on computer systemRecovering deleted, encrypted, or damaged file information

Monitoring live activityDetecting violations of corporate policy

Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity


Example:- Recovering thousands of deleted emails Performing investigation post employment

termination Recovering evidence post formatting hard

drive

HISTORY OF COMPUTER FORENSICS

1970s First crimes cases involving computers, mainly financial fraud

1980’s Financial investigators and courts realize that in some cases all the

records and evidences were only on computers. Norton Utilities, “Un-erase” tool created Association of Certified Fraud Examiners began to seek training in

what became computer forensics SEARCH High Tech Crimes training created Regular classes began to be taught to Federal agents in California

and at FLETC in Georgia HTCIA formed in Southern California


1984 FBI Magnetic Media Program created... this later becomes

the Computer Analysis and Response Team (CART)

1993 First International Conference on Computer Evidence held

1995 International Organization on Computer Evidence (IOCE)

formed


1997 The G8 countries declared that "Law enforcement personnel

must be trained and equipped to address high-tech crimes" in the Moscow

1998 In March G8 appointed IICE to create international

principles for the procedures relating to digital evidence

1998 INTERPOL Forensic Science Symposium


1999 FBI CART case load exceeds 2000 cases, examining 17 terabytes of data

2000 First FBI Regional Computer Forensic Laboratory

established

2003 FBI CART case load exceeds 6500 cases, examining 782 terabytes of data

STEPS OF COMPUTER FORENSICS

According to many professionals, Computer Forensics is a four (4) step process

Acquisition Physically or remotely obtaining possession of the

computer, all network mappings from the system, and external physical storage devices

Identification This step involves identifying what data could be

recovered and electronically retrieving it by running various Computer Forensic tools and software suites

STEPS OF COMPUTER FORENSICS

Evaluation Evaluating the information/data recovered to

determine if and how it could be used again the suspect for employment termination or prosecution in court

Presentation This step involves the presentation of evidence

discovered in a manner which is understood by lawyers, non-technically staff/management, and suitable as evidence as determined by United States and internal laws

CERTIFICATION FOR COMPUTER INVESTIGATIVE SPECIALISTS

CEECS (Certified Electronic Evidence Collection Specialist Certification) Awarded to individuals who complete the CEECS regional

certification course Also awarded to individuals in the Certified Forensic Computer

Examiner course that successfully pass the written test

CERTIFICATION FOR FORENSIC COMPUTER

EXAMINERInternal Certification Training Program Must successfully complete two week training course

offered by IACIS and correspondence proficiency problems

External Certification Testing Process Not a training course Testing process

Active Law Enforcement

Individuals qualified for IACIS membership

Recertification Every three years must complete recertification process

Must be in good standing with IACIS

Complete proficiency test

A COMPUTER FORENSIC SPECIALIST PROMISES TO:

Do not delete, damage or alter any evidence Protect the computer and files against a virus Handle all evidence properly to prevent any future

damage Keep a log of all work done and by whom Keep any Client-Attorney information that is gained

confidential

COMPUTER FORENSIC REQUIREMENTS

Hardware Familiarity with all internal and external

devices/components of a computer Thorough understanding of hard drives and settings Understanding motherboards and the various chipsets

used Power connections Memory

BIOS Understanding how the BIOS works Familiarity with the various settings and limitations of

the BIOS

COMPUTER FORENSIC REQUIREMENTS

Operation Systems Windows 3.1/95/98/ME/NT/2000/2003/XP DOS UNIX LINUX

Software Familiarity with most popular software packages

such as MS Office Forensic Tools

Familiarity with computer forensic techniques and the software packages that could be used

COLLECTING EVIDENCE Make Exact copies of all

hard drives & disks using computer software Date and Time stamped on each file;

used for timeline

Protect the Computer system Avoid deletion, damage, viruses

and corruption

Discover files Normal Files Deleted Files Password Protected Files Hidden Files Encrypted Files

Reveal all contents of hidden files used by application and operating system

Access contents of password protected files if legally able to do so

Analyze data Print out analysis

Computer System All Files and data Overall opinion

Provide expert consultation/testimony

USES OF COMPUTER FORENSICS

Criminal Prosecutors Rely on evidence obtained from a computer to

prosecute suspects and use as evidence Civil Litigations

Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases

Insurance Companies Evidence discovered on computer can be

used to mollify costs (fraud, worker’s compensation, arson, etc)

USES OF COMPUTER FORENSICS

Private Corporations Obtained evidence from employee computers can

be used as evidence in harassment, fraud, and embezzlement cases

Law Enforcement Officials Rely on computer forensics to backup search warrants

and post-seizure handling Individual/Private Citizens

Obtain the services of professional computer forensic specialists to support claims of harassment, abuse, or wrongful termination from employment

ADVANTAGES OF COMPUTER FORENSICS

Ability to search through a massive amount of data

Quickly Thoroughly In any language

DISADVANTAGES OF COMPUTER FORENSICS

Digital evidence accepted into court must prove that there is no

tampering all evidence must be fully

accounted for computer forensic specialists

must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures

DISADVANTAGES OF COMPUTER FORENSICS

Costs producing electronic records & preserving them is

extremely costly ,

Presents the potential for exposing privileged documents

Legal practitioners must have extensive computer knowledge

COMPUTER FORENSICS LABS AND CENTERS IN

INDIA1. cyber college, Dehradun

2. Secure India (A Group of Cyber Security Specialists), Muzaffarnagar, Uttar Pradesh

3. E2Labs Research & Development Center, Hyderabad, Andhra Pradesh

4. Agape Inc, Nagpur, Maharashtra

5. Appin Technology Lab, Hyderabad, Andhra Pradesh

6. Shoeb Online, Mumbai, Maharashtra

7. ForensicsGuru.com, New Delhi8. I.TECH COMPUTERS - DATA FORENSICS & DATA

RECOVERY, Mumbai

9. Indiaforensic Center of Studies , Pune

10. Focus Forensics Technology Private Limited,Delhi

CONCLUSION With computers becoming more and more

involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.

REFERENCES

http://www.allstateinvestigation.com/ComputerForensicServices.htm

Computer Forensics, Inc. http://www.forensics.com/ http://www.computer-forensic.com/index.html http://www.forensics-research.com/index.php/

computer-forensics/tools/

QUERY?