1 / 17

Digital Forensics: Evidence in Hiding Brought to the Surface

Digital Forensics: Evidence in Hiding Brought to the Surface. Presented By: Rachel Miller Tabatha Caldwell Will Allen Introduction to Microcomputers Dr. Meeker December 3, 2008. What is Forensics?.

patience-best
Download Presentation

Digital Forensics: Evidence in Hiding Brought to the Surface

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Forensics: Evidence in Hiding Brought to the Surface Presented By: Rachel Miller Tabatha Caldwell Will Allen Introduction to Microcomputers Dr. Meeker December 3, 2008

  2. What is Forensics? • A Branch of Science in which Evidence is Collected and Analyzed in Order to Establish Proof within the Legal System • “Forensics” comes from the Latin word “forensis,” which means of or before the forum • Based upon the Roman legal system featuring criminal charge appeals being presented to the “forum” by the accuser and the accused • The more convincing argument and presentation of proof determined the outcome of the case

  3. More Specifically, What is Digital Forensics? • The Branch of Forensic Science that Primarily Addresses the Gathering of Evidence Found in Computers and Other Digital Storage Devices • Becoming More and More Prevalently Used within the Legal System • Contains Sub-Branches: • Firewall • Database • Mobile Device Forensics

  4. Who Works in the Field of Digital Forensics? • Digital Forensic Technicians • Digital Forensic Policy Makers • Digital Forensic Professionals

  5. Challenges Ahead for Digital Forensics • Continuing Changes in Digital Technologies • Examiners Must Provide Their Own Training Throughout Careers • Limitations Imposed on Investigations

  6. The Process of Digital Forensics • Preserve: • Copy Memory • Turn Off Computer • Copy Hard Drive • Demonstrate that the Original and the Copy Have Not Been Modified

  7. The Process of Digital Forensics (Continued) • Survey: • Emails • Documents • Image Files • Web History • User History • Directories • Logs • Hidden Files • Deleted Files

  8. The Process of Digital Forensics (Continued) • Search: • Keyword • File Names • File Types • File Times • Cross Drive – Relationships Between Computers • Emails • Files

  9. The Process of Digital Forensics (Continued) • Reconstruct: • Analyze All of the Data Found • Combine All of the Evidence Found

  10. Digital Forensic Identification • As Technology Advances, It Becomes Easier to Manipulate Photos • Some Digital Alterations are Easy to Identify • Others are Harder to Identify and Require Computers to Find Mathematical Algorithms and Geometric Properties • The Goal of Image Forensics is to Make It More Difficult and More Time-Consuming

  11. Photo Tampering Throughout History • http://www.sciam.com/slideshow.cfm?id=photo-tampering-throughout-history&thumbs=horizontal&photo_id=4A94FA96-B59E-3711-A1F5658E0CEC8A7D

  12. What Do You Need to Look For? • Lighting: Direction of Light and Reflection • Eyes: Ray Tracing from the Eyes to the Camera Center • Highlights in the Eyes: Shape, Color, and Location • Cloning: Uses Algorithms to Find Repetition in a Picture

  13. Common Applications • Scenario: A company performs an investigation of one of its employee’s mischievous activities during traditional working hours • Most companies outline specific policies for each of its employees to abide by during working hours while using company equipment • Example: Computers for Internet-usage • Child Pornography, Personal Email Communications, Etc. • Deleting documents or web pages from the “History” or “Trash” does not completely erase the Evidence • Forensic Analysis of the equipment’s encrypted “Hard Drive” will reveal detailed records of the employee’s actions

  14. Common Applications (Continued) • Scenario: A bank performs an investigation of an employee due to suspicious activity being observed within the monetary transaction records of specific clients of the employee • The employee is suspected of embezzlement • Forensic Analysis of the employee’s company and personal computer encrypted “Hard Drives” will reveal detailed evidence of any illegal transactions despite an attempted “cover-up”

  15. Common Applications (Continued) • http://www.youtube.com/watch?v=y_BLtefQv40 • A continuously growing need for highly credible digital forensic research and evidence being presented in legal cases by attorneys exists • Robert Fitzgerald and the Lorenzi Group of New England: • A prime example of companies that provide law firms and other businesses across the country with reliable, professional assistance in “the acquisition and imaging, processing, analyzing, and reporting and testifying process of digital evidence management”

  16. Common Applications (Continued) • Source: “Developing an Undergraduate Course in Digital Forensics” –Warren Harrison, Portland State University • “Sample Crime Summary: Mr. B. Bucks received a complaint from Joe Smith claiming his credit card was used fraudulently to purchase goods from Mr. Bucks’ e-store, StuffRUS. The order in question was placed on Saturday, September 16th at 1:46 PM. The order totaled $8,607.99 and was placed using Smith’s credit card #1231123113131 with a confirmation e-mail to c43630@hotmail.com. The merchandise was reportedly delivered to Mr. Smith’s residence at 7605 Wabash Avenue in Portland, Oregon, using Next Day delivery. However, Smith was out of town September 15th-21st at a family camping trip in Little Rock, Arkansas. The confirmation e-mail address was registered to a bogus name. Mr. Bucks’ IT team identified the IP address of the computer used to place the order to be 168.1.23.1. The owner of that IP address is Portland State University. PSU’s IT team determined from their server logs the IP address was leased to a wireless MAC address 00-0F-3D-0E-CE-E1 between 1:00 PM and 3:00 PM September 16th. The MAC prefix 00-0F-3D is assigned to the D-LINK Corp. While taking a statement from Smith, he stated that he discovered he lost his credit card after visiting “The Camping Supply Store” in Beaverton, Oregon. He also said he talked about his trip to the employees at The Camping Supply Store and told them he was going to be gone for a week. The investigators visited The Camping Supply Store and interviewed the employees. One of them, Ed Reed, said he was a student at Portland State University, and the investigator noticed he was carrying a laptop computer with a D-Link wireless card. The manager told the investigators Ed usually worked on Saturdays, but on the 16th, he had asked for the afternoon off to study for an examination at the university.”

  17. Bibliography • http://www.sciam.com/article.cfm?id=digital-image-forensics • http://www.sciam.com/article.cfm?id=5-ways-to-spot-a-fake • http://www.wisegeek.com/what-is-forensics.htmhttp://en.wikipedia.org/wiki/Computer_forensics • http://www.investistion.com/computer_forensics.htm • http://www.notablesoftware.com/Papers/ForensicComp.html • http://www.youtube.com/watch?v=y_BLtefQv40 • http://www.ccsc.org/northwest/2006/ppt/forensicstutorialHARRISON.pdf • http://www.basistech.com/knowledge-center/forensics/crash-course-in-digital-forensics.pdf

More Related