際際滷

際際滷Share a Scribd company logo

DIGITAL FORENSICS_PRESENTATION

Download as PPTX, PDF
Amina Baha
Amina Baha

Digital forensics is the practice of determining past actions on a computer system using forensic techniques to understand artifacts. It began in 1984 with 3 cases handled by the FBI's Media Magnet Program and has expanded to include 16 regional computer forensics laboratories. Digital forensics can recover deleted files, determine programs run, and discover web and document histories. Tools used include forensic workstations, write blockers, anti-static bags, and software like EnCase and FTK. Becoming an examiner requires formal training, certifications, experience, and skills in forensic tools, practices, and methodologies along with an analytical and detail-oriented personality.

1 of 11
Downloaded 18 times
DIGITAL FORENSICS An Overview
BASICS OF EVERY FORENSICS CASE 1. Make an Image 2. Conduct the Investigation 3. Bookmark relevant/important discoveries 4. Prepare a report of the findings
HISTORY 1984 Started with the FBIs Media Magnet Program 3 Cases handled that year 1991 The program later became the Computer Analysis Response Team (CART) 1995 International Organization on Computer Evidence (IOCE) was formed. 2001 CART renamed to Regional Computer Forensics Laboratory (RCFL) FBIs full service forensics laboratory devoted to examining and supporting criminal investigations. The RCFLs support state, local and federal cases 2001 Computer Forensics renamed to Digital Forensics 16 centers as of today
WHAT IS IT? The practice of determining the past actions that have taken place on a computer system using computer forensic techniques and understanding artifacts. Science, and the techniques that you learn and, in the future, possibly discover must be documented, tested, and verified if you expect them to hold up to scrutiny. Often confused with Incident Response (IR). Incident Response is a function that strictly belongs within information technology support services and is often looking for a cause or the break associated with the violation as it relates to a system or network and the overall computer infrastructure, rather than the actions of a person; which is what Digital Forensic does.
WHAT CAN IT DO? Recovering deleted files. Determine what programs have been run. Recover what web pages users have viewed. Recover the webmail that users have read. Determine what file servers users have used. Discover the hidden history of documents. Recover deleted private chat conversations between users. Recover call records and Short Message Service (SMS) messages from mobile devices.
TOOLS & EQUIPMENTS Forensic Workstations: There are many available on the market, but what is essential is that the workstations have the processing and memory power to perform the examination you need. As the business/lab grows, access to servers might be needed as well purchasing an actual forensics work station. SIFT: Vmware developed by SANS for Ubuntu Write Blockers: An external device that allows acquisition and allows read commands, but blocks writing commands. Anti-static Bags: Prevent static and shock from damaging the evidence/components you have gathered for your investigation. EnCase: Used for data acquisition and analysis FTK: Forensics Tool Kit scans hard-drives looking for various information and even recovering items. This is also used to make computer images. ProDiscover: Creates a computer image and can turn an image into a bootable VMware.
PREPARING FOR A CASE What type of case is it? Administrative, Civil, Criminal Public/Private What is being investigated? Crime/Violation OS/Device Who will be involved & at what level?
PERFORMING & DOCUMENTING THE INVESTIGATION Industry Tools, Processes & Guidelines Used within the investigation Reporting Findings Forensic Examiners do not make interpretation, but report their findings If during a non criminal investigation certain information is uncovered, like child pornography, the case will become criminal and case will need to be revaluated Preparing Reports for legal use Outcome
RECENT & SAMPLE CASES Target Data Breaches Network Intrusion/Hacking Personal and financial data was compromised Resactor Sold Credit Card Numbers Timberwolves Player : Dante Cunningham Romania Bank Transfer Case: Local Non-Profit Zeus
HOW TO BECOME A FORENSICS EXAMINER? Formal Training: Credibility Academic Certifications Experience Skillset: Competency Tools Industry Best Practices Methodologies Personality: Success Analytical Detailed Strong/Emotional Stable Patient
QUESTIONS? Amina.Baha@gmail.com

Recommended

Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
guestcf6f5b
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Shreya Singireddy
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
Sudeshna Basak
computer forensics
computer forensicscomputer forensics
computer forensics
shivi123456
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Daksh Verma
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
Dhruv Seth
Chap 1 general introduction to computer forensics
Chap 1 general introduction to computer forensicsChap 1 general introduction to computer forensics
Chap 1 general introduction to computer forensics
Malobe Lottin Cyrille Marcel
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Sarwar Hossain Rafsan
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Hiren Selani
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Shreya Singireddy
Chap 2 computer forensics investigation
Chap 2 computer forensics investigationChap 2 computer forensics investigation
Chap 2 computer forensics investigation
Malobe Lottin Cyrille Marcel
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
Vi T鱈nh Hong Nam
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
Muzzammil Wani
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
Online
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
computer forensics
computer forensicscomputer forensics
computer forensics
Akhil Kumar
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Novizul Evendi
Digital forensics
Digital forensicsDigital forensics
Digital forensics
yash sawarkar
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
Tiago Henriques
Digital forensics
Digital forensics Digital forensics
Digital forensics
Adriana Backman
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
alrawes
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
Paraben Corporation
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
Dr. Prashant Vats
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis

More Related Content

What's hot (20)

Computer forensics
Computer forensicsComputer forensics
Computer forensics
Hiren Selani
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Shreya Singireddy
Chap 2 computer forensics investigation
Chap 2 computer forensics investigationChap 2 computer forensics investigation
Chap 2 computer forensics investigation
Malobe Lottin Cyrille Marcel
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
Vi T鱈nh Hong Nam
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
Muzzammil Wani
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
Online
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
computer forensics
computer forensicscomputer forensics
computer forensics
Akhil Kumar
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Novizul Evendi
Digital forensics
Digital forensicsDigital forensics
Digital forensics
yash sawarkar
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
Tiago Henriques
Digital forensics
Digital forensics Digital forensics
Digital forensics
Adriana Backman
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
alrawes
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
Paraben Corporation
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
Dr. Prashant Vats
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Hiren Selani
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Shreya Singireddy
Chap 2 computer forensics investigation
Chap 2 computer forensics investigationChap 2 computer forensics investigation
Chap 2 computer forensics investigation
Malobe Lottin Cyrille Marcel
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
Vi T鱈nh Hong Nam
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
Muzzammil Wani
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
Online
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
computer forensics
computer forensicscomputer forensics
computer forensics
Akhil Kumar
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Novizul Evendi
Digital forensics
Digital forensicsDigital forensics
Digital forensics
yash sawarkar
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
Tiago Henriques
Digital forensics
Digital forensics Digital forensics
Digital forensics
Adriana Backman
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
alrawes
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
Paraben Corporation
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
Dr. Prashant Vats
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza

Similar to DIGITAL FORENSICS_PRESENTATION (20)

Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
gagan deep
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
unit 5 understanding computer forensics.pptx
unit 5 understanding computer forensics.pptxunit 5 understanding computer forensics.pptx
unit 5 understanding computer forensics.pptx
Dimple Relekar
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptx
Gautam708801
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuven
Marc Hullegie
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
Sweta Kumari Barnwal
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
Network Forensics- Social Media Forensics
Network Forensics- Social Media ForensicsNetwork Forensics- Social Media Forensics
Network Forensics- Social Media Forensics
Don Caeiro
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
KomalNagre4
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
9905234521
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1
Jinalkakadiya
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
Computer Forensics What Every Lawyer Needs to Know
Computer Forensics What Every Lawyer Needs to KnowComputer Forensics What Every Lawyer Needs to Know
Computer Forensics What Every Lawyer Needs to Know
Winston & Strawn LLP
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
Mobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android ForensicsMobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android Forensics
Don Caeiro
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
gagan deep
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
unit 5 understanding computer forensics.pptx
unit 5 understanding computer forensics.pptxunit 5 understanding computer forensics.pptx
unit 5 understanding computer forensics.pptx
Dimple Relekar
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptx
Gautam708801
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuven
Marc Hullegie
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
Sweta Kumari Barnwal
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
Network Forensics- Social Media Forensics
Network Forensics- Social Media ForensicsNetwork Forensics- Social Media Forensics
Network Forensics- Social Media Forensics
Don Caeiro
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
KomalNagre4
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
9905234521
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1
Jinalkakadiya
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
Computer Forensics What Every Lawyer Needs to Know
Computer Forensics What Every Lawyer Needs to KnowComputer Forensics What Every Lawyer Needs to Know
Computer Forensics What Every Lawyer Needs to Know
Winston & Strawn LLP
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
Mobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android ForensicsMobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android Forensics
Don Caeiro

DIGITAL FORENSICS_PRESENTATION

  • 2. BASICS OF EVERY FORENSICS CASE 1. Make an Image 2. Conduct the Investigation 3. Bookmark relevant/important discoveries 4. Prepare a report of the findings
  • 3. HISTORY 1984 Started with the FBIs Media Magnet Program 3 Cases handled that year 1991 The program later became the Computer Analysis Response Team (CART) 1995 International Organization on Computer Evidence (IOCE) was formed. 2001 CART renamed to Regional Computer Forensics Laboratory (RCFL) FBIs full service forensics laboratory devoted to examining and supporting criminal investigations. The RCFLs support state, local and federal cases 2001 Computer Forensics renamed to Digital Forensics 16 centers as of today
  • 4. WHAT IS IT? The practice of determining the past actions that have taken place on a computer system using computer forensic techniques and understanding artifacts. Science, and the techniques that you learn and, in the future, possibly discover must be documented, tested, and verified if you expect them to hold up to scrutiny. Often confused with Incident Response (IR). Incident Response is a function that strictly belongs within information technology support services and is often looking for a cause or the break associated with the violation as it relates to a system or network and the overall computer infrastructure, rather than the actions of a person; which is what Digital Forensic does.
  • 5. WHAT CAN IT DO? Recovering deleted files. Determine what programs have been run. Recover what web pages users have viewed. Recover the webmail that users have read. Determine what file servers users have used. Discover the hidden history of documents. Recover deleted private chat conversations between users. Recover call records and Short Message Service (SMS) messages from mobile devices.
  • 6. TOOLS & EQUIPMENTS Forensic Workstations: There are many available on the market, but what is essential is that the workstations have the processing and memory power to perform the examination you need. As the business/lab grows, access to servers might be needed as well purchasing an actual forensics work station. SIFT: Vmware developed by SANS for Ubuntu Write Blockers: An external device that allows acquisition and allows read commands, but blocks writing commands. Anti-static Bags: Prevent static and shock from damaging the evidence/components you have gathered for your investigation. EnCase: Used for data acquisition and analysis FTK: Forensics Tool Kit scans hard-drives looking for various information and even recovering items. This is also used to make computer images. ProDiscover: Creates a computer image and can turn an image into a bootable VMware.
  • 7. PREPARING FOR A CASE What type of case is it? Administrative, Civil, Criminal Public/Private What is being investigated? Crime/Violation OS/Device Who will be involved & at what level?
  • 8. PERFORMING & DOCUMENTING THE INVESTIGATION Industry Tools, Processes & Guidelines Used within the investigation Reporting Findings Forensic Examiners do not make interpretation, but report their findings If during a non criminal investigation certain information is uncovered, like child pornography, the case will become criminal and case will need to be revaluated Preparing Reports for legal use Outcome
  • 9. RECENT & SAMPLE CASES Target Data Breaches Network Intrusion/Hacking Personal and financial data was compromised Resactor Sold Credit Card Numbers Timberwolves Player : Dante Cunningham Romania Bank Transfer Case: Local Non-Profit Zeus
  • 10. HOW TO BECOME A FORENSICS EXAMINER? Formal Training: Credibility Academic Certifications Experience Skillset: Competency Tools Industry Best Practices Methodologies Personality: Success Analytical Detailed Strong/Emotional Stable Patient
AboutCopyright
息 2025 際際滷