1 / 13

Computer Forensics

Need for Computer Forensics What to Look for. Computer Forensics. Investigate Crime committed by computer Investigate Crime against computers Analyze, extract, collect, preserve, present computer data Assure that evidence collected is admissible in a court of law. Define Computer Forensics.

anka
Download Presentation

Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Need for Computer Forensics What to Look for Computer Forensics

  2. Investigate Crime committed by computer Investigate Crime against computers Analyze, extract, collect, preserve, present computer data Assure that evidence collected is admissible in a court of law Define Computer Forensics

  3. Computer use has increased exponentially Internet use is also on the rise These trends have led to a corresponding increase in computer related crime Forensic technicians need technical, legal, and communication skills Need for Computer Forensics

  4. Stealing credit card numbers by hacking bank or online store databases Stealing money by modifying accounting software Disrupting sales by launching a denial of service attack Hacking school computer to change grades Using social engineering to gain unauthorized access Some computer crimes

  5. In a criminal case the main goal is to present evidence in a court of law • A warrant is generally required to seize evidence • All steps in evidence collection, analysis and preservation must be carefully documented • In a corporate case often the goal is to purge the person responsible for the incident • The company has the right to examine its own equipment • Often the equipment is required for the company to run it’s operation, so it must continue operation Criminal vs Corporate

  6. Computers • Server – computer with extensive resources that often provide services to other computers or networks – allow multiple concurrent users • Workstation – computer with less resources that allows one user at a time • Switch • Allows networking of several computers • Router • Connects networks Know your hardware

  7. CPU – The brain of a computer • RAM – Provides fast read/write memory for the computer’s currently running processes • ROM – Provides read only memory • Storage – Use for longer term memory • Hard Disk • Floppy Disk • USB Flash Drive • CDRom Drive • Portable Hard Drive Hardware

  8. Input Devices • Keyboard • Mouse • Scanner • Camera • Modem • Network Interface Card • Flash Drives Hardware

  9. DOS Windows Windows Server UNIX MAC OS LINUX ANDROID Many others Operating Systems

  10. FAT DOS, early Windows NTFS Recent Windows UFS UNIX Ext3 LINUX NFS UNIX network file system Mapped Drive Windows File Systems

  11. We need different tools to analyze computers depending on the OS and File system used We need knowledge of where to look for log files Some OS’s provide built-in tools for analysis We need to know where passwords and user data are stored Why are OS and File System important?

  12. Permission from the owner • Warrantless search • Does search violate reasonable expectation of privacy? • Does employment policy allow access? • Warrant • Is there reasonable cause to believe a crime has been committed? Search Rules

  13. Most modern OS’s log user access, logon failures, system and application errors The log files do no good unless they are monitored In some cases, log files grow indefinitely, so a log rotate plan must be adopted Auditing

More Related