Digital Forensics Works
computer science technology|
Active In SP
Joined: Jan 2010
17-01-2010, 11:36 PM
Digital Forensics Works.pdf (Size: 376.78 KB / Downloads: 202)
digital forensic investigation is a investigation might follow.
form of digital investigation in which the process follow The process isnâ„¢t unlike that of a physical crime lows rules that allow the results to be entered into a scene investigation.1 In the physical word, investigalegal
courtâ€for example, by maintaining the digital tors first preserve the scene to prevent evidence from dataâ„¢s chain of custody. being lost. Next, they survey the scene and locate propose that most subscribers to this magazine
obvious evidenceâ€for example, by looking at the victim have conducted a form of digital investigation at some at a murder scene to determine whether she was shot
point in their careers. Debugging your software to decode or stabbed and, based on the obvious evidence, contermine how it got into a given digital state is a form
conducting ducting a detailed search to find more evidence,
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Active In SP
Joined: Feb 2011
08-03-2011, 12:10 PM
Sauveer - Original ppt.pptx (Size: 625.07 KB / Downloads: 59)
Technical Definition: Digital Forensics
“Tools and techniques used to recover, preserve, and examine digital evidence on or transmitted by digital devices.”
Definition for the Masses
“Deleted” files, on almost any kind of digital storage media, are almost never completely “gone”.
Who Needs It?
Law enforcement officials
Prosecution of crimes which involve computers or other digital devices.
Defending the innocent & Prosecuting the guilty.
Security agencies (e.g. Secret Service, CIA, FBI, NSA)
Employee misconduct in corporate cases.
For accidental deletion or malicious deletion of data by a user (or a program).
Prosecution of internal computer-related crimes.
Evidence discovered on computer can be used to mollify costs (fraud in accident, arson & worker’s compensation cases etc.)
Digital Forensics-Possibilities & Limitations
Recovery of deleted data.
Discovery of when files were modified, created, deleted, organized etc.
Can determine which storage devices were attached to a specific computer.
Which applications were installed, even if they were uninstalled by the user.
Which web sites a user visited…
If digital media is completely (physically) destroyed, recovery is impossible.
If digital media is securely overwritten, recovery is very, very complicated, or practically impossible.
A Digital Computer Forensics investigation, involves four major steps
Obtaining the original evidence.
Protecting the original evidence.
Finding relevant evidence.
Presenting the evidence in court.
Traditional: Where’s the evidence?
Print spool files
Temp files (all those .TMP files!)
Alternate or “hidden” partitions
On a variety of removable media (floppies, ZIP, Jazz, tapes, …)
Sources of Digital Evidence
Illegally copied software or other copyrighted material
Voice mail access numbers
Call forwarding numbers
Above, plus contacts, maps, pictures, passwords, documents, …
Landline Telephones/Answering machines
Incoming call info
Access codes for voice mail systems
Especially digital copiers, which may store entire copy jobs.
“I deleted, the file, it’s gone.”
Deleted files are recoverable using digital forensics tools.
“I changed the name of the file, now no one will find it”
Digital forensics tools immediately identify files based on content—names don’t matter at all.
“I formatted the drive”
This destroys almost nothing.
“I cut the floppy into little pieces- Media Mutilation ”
At this point, it’s a question of how important it is to recover the data, because it is harder to recover the data.
“I use only web-based email”
Some email fragments are still present locally.
Tools of Digital Forensics
includes tools for data acquisition, file recovery, indexing/search and file parsing.
Forensic Toolkit –
scans a hard drive looking for various information.
PTK Forensics –
runs as a GUI interface for The Sleuth Kit, acquiring and indexing digital media for investigation.
Tools of Digital Forensics
The Sleuth Kit –
provides a large number of specialized command-line based utilities.
The Coroner’s Toolkit –
analysis of data recovery from computer disasters.
Computer Online Forensic Evidence Extractor (COFEE) –
automated forensic tool during a live analysis.
CASE STUDY - I
20th hijacker in the 9/11 (2001) terrorist
attacks against the U.S.
His laptop, 4 computers, and several email accounts (firstname.lastname@example.org) were searched for e-evidence.
FBI discovered that the 19 hijackers used Kinko's computers in various cities to gain access to the Internet to plan 9/11.
CASE STUDY - II
Digital Forensics tools found immense application in investigating
various digital media used in Mumbai Terror attack 26/11.
Future of Digital Forensics
Digital forensics is now part of criminal investigations.
Crimes & methods to hide crimes are becoming more sophisticated.
Digital forensics will be in demand for as long as there are criminals and misbehaving people.
Will attract students and law professionals who need to update their skills.
Digital Forensics has gained an important place in criminal investigations pertaining to digital media. Increasing number of computer crime means increasing demand for digital forensics services .
Today, everyone is exposed to potential attacks and has a responsibility to its network neighbors to minimize their own vulnerabilities in an effort to provide a more secure and stable network.
The digital forensic needs and challenges can be accomplished only with the cooperation of the private, public, and international sectors.