1 / 33

Computer Forensics

Computer Forensics. Presented By:. Anam Sattar Anum Ijaz Tayyaba Shaffqat Daniyal Qadeer Butt Usman Rashid. The Field of Computer Forensics. What is Computer Forensics? Scientific process of preserving, identifying, extracting, documenting and interpreting data on computers.

havyn
Download Presentation

Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer Forensics

  2. Presented By: • Anam Sattar • Anum Ijaz • Tayyaba Shaffqat • Daniyal Qadeer Butt • Usman Rashid

  3. The Field of Computer Forensics • What is Computer Forensics? • Scientific process of preserving, identifying, extracting, documenting and interpreting data on computers. • used to obtain potential legal evidence. • computer forensic is the application of computer investigation and analysis techniques in the interests  of determining potential legal evidence. • computer forensic is also called digital forensic, network forensic, or cyber forensic.

  4. History of Computer Forensics • 1.father of computer Forensic • "Michael Enderson" • 2.meeting in 1988 (Portland ,Oregon)       Creation of IACIS.

  5. Advantages of Computer Forensics • Ability to search through a massive amount of data • Quickly • Thoroughly • In any language

  6. Disadvantages of Computer Forensics 1.privacy concern 2.data corruption

  7. Importance of computer forensic. • Computer evidence are popular in cases such as fraud, harassment, theft of trade secrets. • Computer forensic experts are often the only ones that can crack technology-based cases. Anyone can turn on a computer and do a basic search for a missing file but not everyone can find a missing file that someone else doesn’t want found. So if you want a wining case, hiring highly qualified experts makes all the difference.

  8. Computer Forensics process

  9. Computer Forensics process • Can be simple or complex depending upon circumstances. • Specialist looks for the information related to the incident. • It may be limited by a search warrant or time.

  10. Gathering of Information

  11. First Step: Gathering of Information • Investigator is guided by search warrant to seize all the material. • Corporate forensics specialist is guided by the availability of equipment. • Despite of provided guidelines, many items are considered for collection & examination.

  12. Items needed to be considered for collection • Computer Media: • Hard Disk • Removable Hard Disk • USB flash drives • Flash memory card • Optical disc

  13. Computers and Peripherals

  14. Computers and Peripherals • Every part of the computer needs to be considered for examination. • & all the equipment must be taken under possession.

  15. Other computer and network hardware

  16. Other computer and network hardware • The computers forensics should also include digital devices like routers, digital cameras, smart phones and other personal mobile devices. • Should also look for computers connected with wireless connection.

  17. Computer software

  18. Computer software • Its is impossible to examine files without the proper application software. • The user of the suspect computer might have installed specialized, custom or a very old software. • So the specialist should also look out for the proper software.

  19. Step 2: In the computer Forensics Lab

  20. In the computer Forensics Lab • When the gathered material are in the forensics lab, the investigation can begin. • It compromises of following steps • Preserve the media • Extract evidence • Analyze computer media • Document results

  21. During this process • We should make sure that • No information is modified. • The original hard disk should never be used to boot a computer. • Specialized tools must be used to maintain the integrity of the data and make sure that it stays in its original form.

  22. Computer Forensics Tools

  23. Computer Forensics Tools • A computer forensic tool refers to software used in the investigations of computer-related crimes, include software for:- • Disk imaging • Forensic media preparation • Mobile devices • String search

  24. The Forensic Recovery Of Digital Evidence: • Workstation • Imaging application • Analysis tools

  25. Fire chief hardware: • Working • How it can use? • Connected with computer via fire wire connection

  26. Fire fly hardware: • It can plug directly into an Eide ,IDE ,SAS or SATA hard disk. • It is more preferable than the road master • easier way of transferring data than road master

  27. Working of computer forenics • The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial. • Many of the techniques detectives use in crimescene investigations have digital counterparts but there are also some unique aspects to computer investigations.

  28. Working • Analyzing deleted files • Traking packet routes • Analyzing network traffic

  29. Working • Analyzing internet provider logs • Analyzing chat logs • Analyzing packet trace

  30. working • Analyzing personal mobile devices • Analyzing browser history logs

  31. Conclusion • Computer forensics is very important. • The procedures are important to follow, because doing so ensures evidence will be admitted and suspects will be more likely to face the consequences if found guilty.

  32. The End. Questions??

More Related