Upload
sarangwankhade
View
217
Download
0
Embed Size (px)
Citation preview
8/2/2019 Computer Forensics Semiarn
1/19
Computer Forensics
Introduction :-Introduction :-
Computer Forensics is a branch offorensic sciencepertaining to legal evidence
found in computers and digital storage media. Computer forensics is also known as
digital forensics.
There are many definitions of computer forensics however generally, computer
forensic refers to the detail investigation of the computers to carry out the required
tasks. It performs the investigation of the maintained data of the computer to check out
what exactly happened to the computer and who is responsible for it. The investigation
process starts from the analysis of the ground situation and moves on further to the
insides of the computers operating system.
http://en.wikipedia.org/wiki/Forensic_sciencehttp://www.computerforensics1.com/computer-forensic-operating-system.htmlhttp://www.computerforensics1.com/computer-forensic-operating-system.htmlhttp://en.wikipedia.org/wiki/Forensic_science8/2/2019 Computer Forensics Semiarn
2/19
Computer forensic is a broader concept which is mainly related to the crimes
happening in computer which is against law. Various laws have been imposed to check
out the crimes but still they exist and are difficult to find the criminal due to lack of
evidence. All these difficulties can be overcome with the help of computer forensics.
The main motto of computer forensic experts is not only to find the criminal but also
to find out the evidence and the presentation of the evidence in a manner that leads to
legal action of the culprit. The major reasons for criminal activity in computers are:
1. Unauthorized use of computers mainly stealing a username and password
2. Accessing the victims computer via the internet
3. Releasing a malicious computer program that is virus
4. Harassment and stalking in cyberspace
5. E-mail Fraud
6. Theft of company documents.
The goal of computer forensics is to explain the current state of a digital artifact.
The term digital artifact can include a computer system, storage medium (such as a
hard disk or CD-ROM), an electronic document .e.g. an email message or JPEG
image or even a sequence of packets moving over a computer network
It is Scientific process of preserving, identifying, extracting, documenting, and
interpreting data on computer.
8/2/2019 Computer Forensics Semiarn
3/19
HistoryHistory
Michael Anderson
Father of computer forensics
special agent with IRS
Meeting in 1988 (Portland, Oregon)
creation of IACIS, the International Association of Computer Investigative
Specialists
the first Seized Computer Evidence Recovery Specialists (SCERS) classes
held
8/2/2019 Computer Forensics Semiarn
4/19
Computer Forensics RequirementComputer Forensics Requirement
Hardware
Familiarity with all internal and external devices/components of a computer
Thorough understanding of hard drives and settings
Understanding motherboards and the various chipsets used
Power connections
Memory
BIOS
Understanding how the BIOS works
Familiarity with the various settings and limitations of the BIOS
Operation Systems
Windows 3.1/95/98/ME/NT/2000/2003/XP
DOS
8/2/2019 Computer Forensics Semiarn
5/19
UNIX
LINUX
VAX/VMS
Software
Familiarity with most popular software packages
such as Office
Forensic Tools
Familiarity with computer forensic techniques and the software packages that
could be used
8/2/2019 Computer Forensics Semiarn
6/19
Multiple methods of computer forensics :-Multiple methods of computer forensics :-
Discovering data on computer system
Recovering deleted, encrypted, or damaged File information.
Monitoring live activity
Detecting violations of corporate policy
8/2/2019 Computer Forensics Semiarn
7/19
According to many professionals, Computer Forensics isAccording to many professionals, Computer Forensics is
a four (4) step process :-a four (4) step process :-
Acquisition
Physically or remotely obtaining possession of the computer, all network mappings
from the system, and external physical storage devices
Identification
This step involves identifying what data could be recovered and electronically
retrieving it by running various Computer Forensic tools and software
suites
Evaluation
Evaluating the information/data recovered to determine if and how it could be used
again the suspect for employment termination or prosecution in court.
Presentation
This step involves the presentation of evidence discovered in a manner which is
understood by lawyers, non-technically staff/management, and suitable as evidence as
determined by United States and internal laws
8/2/2019 Computer Forensics Semiarn
8/19
A Computer Forensic Promises:
Not delete, damage or alter any evidence
Protect the computer and files against a virus
Handle all evidence properly to prevent any future damage
Keep a log of all work done and by whom
Keep any Client-Attorney information that is gained confidential
Advantages of Computer forensics:-Advantages of Computer forensics:-
Ability to search through a massive amount of data
Quickly
Thoroughly
In any language
The main task or the advantage from the computer forensic is to catch the culprit or
the criminal who is involved in the crime related to the computers. The information of the
computer is advantageous in case where the involvement of hardware and software
with which forensics expert is familiar. The basics of the computer design and
architecture play a prominent role and the expert professional should have a great deal
of knowledge about the fundamental software design and implementation.
This is quite often similar from one computer system to the other. Experience of one
application, software, file system or the operating system can be applied to gain the
results in the other aspects of the case. The computer crime exists in many forms.
8/2/2019 Computer Forensics Semiarn
9/19
Computer Forensics deals extensively to find the evidence in order to prove the crime
and the culprit behind it in a court of law. The forensics provides the organization with a
support and helps them recover their loss. If it is known that the data exists then the
alternate formats of the same data or the information can also be recovered. The
discovery of the data or the information that can provide vital clues in the prosecution of
the criminal is itself a process.
A forensics expert always identifies many possibilities that to get a relevant evidence.
In addition to all the benefits of utilizing the services of the computer forensics, the
professional may also undertake the inspections of the location during on site premises.
This may be required in the cases where the signs or clues of the physical movement
are required. Some cases may also involve additional information regarding the earlierversions or the method of backups, formatted versions of data or information, which is
either created or treated by the other application programs.
The application programs may have different formats also. Some of the application
programs include the word processors, spreadsheets, email, timeline and scheduling
applications and even the usage of graphical applications.
The important thing and the major advantage regarding the computer forensics is thepreservation of the evidence that is collected during the process. The protection of
evidence can be considered as critical. A computer forensics professional expert should
ensure that computer system that is being dealt with is handled carefully. Since the
subject is legalized and there are many laws hence the computer forensic professionals
maintain a code of ethics.
The ethicality can be considered as an advantage of the forensics in computer
systems. At last the computer forensics has emerged as important part in the disaster
recovery management. Most of the organizations some time or the other employs the
services of the computer forensics experts. The cost of operations is also lower in
comparison with the security measures that are applied.
8/2/2019 Computer Forensics Semiarn
10/19
Disadvantages of Computer Forensics :-Disadvantages of Computer Forensics :-
The major disadvantage of the computer forensics is the privacy concern. It may
happen in some cases that the privacy of the client is compromised.
It is the duty of the computer forensics expert to maintain the high standards and thekeep in mind the sensitivity of the case and maintain the privacy and secrecy of the data
or the information of the clients interests. But in some circumstances it becomes almost
impossible for the computer forensics professional to maintain the secrecy of the data or
the information. This may happen if the information is necessary to prove the crime and
should be produced as the evidence in the court of law in order to prove the crime.
There are other disadvantages as well regarding the computer forensics. It is also
possible that some sensitive data or information that is important to the client may be
lost in order to find the evidence. The forensics professional must maintain the concern
that the data information or the possible evidence is not destroyed, damaged, or even
otherwise be compromised by the procedures that are utilized for the purpose of
investigating a computer system.
http://www.computerforensics1.com/http://www.computerforensics1.com/8/2/2019 Computer Forensics Semiarn
11/19
There are also the chances of introduction of some malicious programs in the computer
system that may corrupt the data at a later stage of time. During the analysis process
care should be taken that no possible computer virus is released or introduced in the
computer system. IT is also possible that the hardware of the computer system is
damaged physically.
The evidence that is physically extracted and the relevant evidence should be properly
handled as well as protected from later damage that may either mechanical or
electromagnetic in nature. The integrity of the data and the information that is acquired
should be preserved. The custody of the data that is acquired as the evidence is the
responsibility of the computer forensics team.
During the time case is solved; it may be required that the data or the information is
stored in the court. In some cases it is also possible that the data is in dispute and
neither of the disputing parties can use the data. Due to this reason the business
operations may also be affected. The duty of the computer forensics expert is to ensure
that justice is delivered as fast as possible so that the inconvenience and the
subsequent loss to the organization can be avoided.
It is also important the information that is acquired during the forensic exploration isethically and legally respected. More over despite some of the limitations of the
Computer Forensics the subject is still perceived. Also the advantages and the benefits
of the subject have wide applications in various situations. Measures should be taken
and the care of the professional employed for the computer forensics is a must to avoid
any subsequent damage to the computer system. It is also possible in cases that the
operations cost may exceed. Steps should be taken to minimize the cost.
Need for Computer Forensics:-Need for Computer Forensics:-
The purpose of computer forensics is mainly due to the wide variety of computer
crimes that take place. In the present technological advancements it is common for
every organization to employ the services of the computer forensics experts. There are
http://www.computerforensics1.com/computer-forensic-analysis.htmlhttp://www.computerforensics1.com/computer-forensic-analysis.html8/2/2019 Computer Forensics Semiarn
12/19
various computer crimes that occur on small scale as well as large scale. The loss
caused is dependent upon the sensitivity of the computer data or the information for
which the crime has been committed.
The computer forensics has become vital in the corporate world. There can be theft of
the data from an organization in which case the organization may sustain heavy losses.
For this purpose computer forensics are used as they help in tracking the criminal.
The need in the present age can be considered as much severe due to the internet
advancements and the dependency on the internet. The people that gain access to the
computer systems without proper authorization should be dealt in. The network security
is an important issue related to the computer world. The computer forensics is a threat
against the wrong doers and the people with the negative mindsets.
The computer forensics is also efficient where in the data is stored in a single system
for the backup. The data theft and the intentional damage of the data in a single system
can also be minimized with the computer forensics. There are hardware and software
that employ the security measures in order to track the changes and the updating of the
data or the information. The user information is provided in the log files that can be
effectively used to produce the evidence in case of any crime a legal manner.
The main purpose of the computer forensics is to produce evidence in the court that
can lead to the punishment of the actual. The forensic science is actually the process of
utilizing the scientific knowledge for the purpose of collection, analysis, and most
importantly the presentation of the evidence in the court of law. The word forensic itself
means to bring to the court.
The need or the importance of the computer forensics is to ensure the integrity of thecomputer system. The system with some small measures can avoid the cost of
operating and maintaining the security. The subject provides in depth knowledge for the
understanding of the legal as well as the technical aspects of computer crime. It is very
much useful from a technical stand point, view.
http://www.computerforensics1.com/http://www.computerforensics1.com/8/2/2019 Computer Forensics Semiarn
13/19
The importance of computer forensics is evident in tracking the cases of the child
pornography and email spamming. The computer forensics has been efficiently used to
track down the terrorists from the various parts of the world. The terrorists using the
internet as the medium of communication can be tracked down and their plans can be
known.
There are many tools that can be used in combination with the computer forensics to
find out the geographical information and the hide outs of the criminals. The IP address
plays an important role to find out the geographical position of the terrorists. The
security personnel deploy the effective measures using the computer forensics. The
Intrusion Detecting Systems are used for that purpose.
Methods of Hiding DataMethods of Hiding Data:-
1. Manipulating HTTP requests by changing (unconstrained) order of elements
The order of elements can be preset as a 1 or 0 bit
No public software is available for use yet, but the government uses this
method for its agents who wish to transfer sensitive information online
Undetectable because there is no standard for the order of elements and it
is, in essence, just normal web browsing
2. Encryption: -
The encryption of any information in a computer system is done to maintain the
privacy or secrecy of the subject. The encrypted file is stored in some location that is not
easily identifiable. This is done so that there is no leakage of the file. Even in extreme
cases when a file is found and opened by any person then also person should not be
able to read to the file.
8/2/2019 Computer Forensics Semiarn
14/19
8/2/2019 Computer Forensics Semiarn
15/19
Conclusion:-Conclusion:-
Thus we made conclusion on the study of computer forensics as
With computers becoming more and more involved in our everyday lives, both
professionally and socially, there is a need for computer forensics. This field will
enable crucial electronic evidence to be found, whether it was lost, deleted,
damaged, or hidden, and used to prosecute individuals that believe they have
successfully beaten the system.
References:-References:-
1. ^ http://www.computer forensics.com _ Computer Forensic.html
2. ^http://www.wekipedia.com _ definition of computer forensics.
3. ^http://rapidshare.com/Computer_Forensics.rar._abstract.
http://www.wekipedia.com/http://rapidshare.com/Computer_Forensics.rarhttp://www.wekipedia.com/http://rapidshare.com/Computer_Forensics.rar8/2/2019 Computer Forensics Semiarn
16/19
Abstract :-Abstract :-
Forensic computing is the process of identifying, preserving, analyzing and
presenting digital evidence in a manner that is legally acceptable.
From the above definition we can clearly identify four components :-
IDENTIFYING :-
this is the process of identifying things such as what evidence is present,
where and how it is stored, and which operating system is being used. From
this information the investigator can identify the appropriate recovery
methodologies, and the tools to be used.
PRESERVING :-
This is the process of preserving the integrity of digital evidence, ensuring the
chain of custody is not broken. The data needs to preserve (copied) on stable
media such as CD-ROM, using reproducible methodologies. All steps taken to
capture the data must be documented. Any changes to the evidence should
8/2/2019 Computer Forensics Semiarn
17/19
be documented, including what the change was and the reason for the
change. You may need to prove the integrity of the data in the court of law
ANALYSING :-
this is the process of reviewing and examining the data. The advantage of
copying this data onto CD-ROMs is the fact it can be viewed without the risk of
accidental changes, therefore maintaining the integrity whilst examining the
changes.
PRESENTING :-
this is the process of presenting the evidence in a legally acceptable and
understandable manner. If the matter is presented in court the jury who may
have little or no computer experience, must all be able to understand what is
presented and how it relates to the original, otherwise all efforts could be
futile.
Far more information is retained on the computer than most people
realize. Its also more difficult to completely remove information than is
generally thought. For these reasons (and many more), computer forensics
can often find evidence or even completely recover, lost or deleted
information, even if the information was intentionally deleted.
The goal of computer forensics is to retrieve the data and interpret as much
information about it as possible as compared to data recovery where the goal
is to retrieve the lost data.
8/2/2019 Computer Forensics Semiarn
18/19
Government Polytechnic, Amravati
(An Autonomous Institute of Maharashtra)
PROJECT REPORT
8/2/2019 Computer Forensics Semiarn
19/19
ON
COMPUTER FORENSICS
Prepared By:-
Gopal P. Rathi
(07CM040)
Guide By: - Head OfDepartment:-
Fafat Madam M. A. Ali Sir
DEPARTMENT OF COMPUTER ENGINEERING