SlideShare a Scribd company logo

Digital forensic science and its scope manesh t

Manesh T, profile picture
Manesh T

This document provides an overview of digital forensics and network forensics. It discusses key topics such as the differences between digital forensics and computer security, common types of digital evidence like disk, memory, and mobile forensics, and the basic steps involved in a digital forensics investigation including identification, acquisition, authentication, analysis, and presentation. It also provides examples of tools used for different types of digital forensics examinations and summarizes the scope and career paths within the field of computer forensics.

Technology
1 of 42
Downloaded 12 times
1
2
Most read
3
Most read
4
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Presented By Manesh T Research Fellow UOC-Spain
Network Forensics-An Intro Introduction to Digital Forensics Agenda Classification & Terminologies Digital Crimes at a Glance Computer Security Vs. Forensics Steps in Digital Forensics Tools and Uses Research Contributions in Network Forensics Conclusions
Forensics Vs. Digital Forensics  Forensic science is the application of science to criminal and civil laws. Forensic Investigators collect, preserve, and analyze scientific evidence during the course of an investigation.  Digital Forensics is the collection, preservation, identification, extraction, interpretation and documentation of digital evidence which can be used in the court of law. - -Digital Forensics Sciences, -Computer Forensics 3
Digital Forensic Science (DFS) 4 The practice of scientifically derived and proven technical methods and tools toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of after-the-fact digital information derived from digital sources for the purpose of facilitating or furthering the reconstruction of events as forensic evidence
Computer Security Vs Digital Forensics Computer Security major’s job is to secure down systems and prevent hackers from gaining access Digital Forensics majors have the job of figuring out exactly what happened when the other failed. Security and forensics are so closely related that without one the other would be non-existent. 5
Classification & Terminologies Digital Forensics Disk Forensics Memory Forensics Mobile Forensics Intrusion Forensics Network Forensics Cloud /IoT Forensics Image Forensics Cyber Forensics 6
Terminologies Digital Forensic Sciences Computer Forensics Disk Forensics Memory Forensics Mobile Forensics Database Forensics Image Forensics Cyber Forensics Network Forensics IoT Forensics Web Forensics Cloud Forensics E mail Forensics7
What is Digital Crime?  Any crime where computer is a tool, target or both  Offences against computer data or systems  Unauthorized access, modification or impairment of a computer or digital system  Offences against the confidentiality, integrity and availability of computer data and systems  Conventional Crime Vs. Digital Crime  Examples of Digital Crime  Credit Card Fraud, Identity theft, Spam,DoS 8
What Forensics is not…… Pro-Active (Security) But reactive to an event or request About finding the bad guy/criminal But finding evidence of value Something you do for fun Expertise is needed Hacking Lawful Interception & Ethical Hacking 9
Offline Vs Online Forensics  Offline Forensics –Postmortem Forensics,  Performed on tampered or compromised digital objects or network environment  Online forensics- Live forensics  Performed during the malicious activity on digital artifacts or computer networks or in interconnected systems  Challenging  High speed packet capturing devices 10
Basic forensic methodology consists of:  Acquire the digital evidence without altering or damaging the original  Information stored or transmitted in binary forms, documents, images, voice and videos  Physical items or data objects( hard disk, CD, memory, computer etc.)  Admissible, Authentic, Complete, Reliable  Authenticate that your recovered evidence is the same as the originally seized data  Analyze the data without modifying it. 11
Disk Forensics 12 • Disk forensics is the science of extracting forensic information from hard disk images • The goal is to recover data from a disk image using a forensic analysis tool. • Encryption, file system Tools Used 1.Sleuth Kit 2.Autopsy Kit 3.Samdump
Disk Forensics-Autopsy 13
Memory Forensics 14 • Live Forensics • Capture the Memory • Analyze the Memory • Reconstruction of Memory State Tools Used 1.Memdump 2.Nigilant Kit 3.Memoryze
Mobile Forensics  Mobile forensics is a branch of digital forensics.  Simply, it is a science of recovering different kinds of evidence from mobile phones.  It helps investigators significantly to reach to the criminal. 15 - Contact numbers. - Record of calls, SMS, MMS and details about them. - Sounds. - Photographs. - Email messages. - Notes. - Calendar. Tools • EnCase Neutrino • Cell Dek Tech • Oxygen Forensics
Database Forensics  Prove or disprove the occurrence of a data security breach  Determine the scope of a database intrusion  Retrace user DML and DDL operations  Identify data pre- and post-transactions  Recover previously deleted database data 16 Tools • Logminer • Data Carve
Web Forensics Web application forensics (IIS, Tomcat, Wamp server) Post Mortem Investigation of compromised web application system  Traces web vulnerability attacks  Cross site scripting  SQL Injections  Session hijacking etc. 17 Tools • Encase • FTK •Splunk
Browser Forensics  People uses Web Browsers to search for information, shop online, banking, communicate through emails or instant messaging.  Losses due to crimes  Forensics Investigation to get browsing related data from computer  Tracing cache, history and cookies of browsers  Tools  AccessData FTK  Imager 3.1.3.2  Autopsy 3.0.6  Web browser Forensic Analyzer, Cache, History and Cookie viewers by Nirsoft 18
Cloud Forensics  Cloud Computing – A transformative Technology  it is easier to share data  Access the files by using a computer, a smartphone or a tablet device  Choose between free and commercial solutions  Digital Forensics in Cloud Storage Services  Tools  DiskPulse tool to track the disk usage  RegShot and RegFromApp to track the registry changes 19
Cloud Forensics -Continued Drobox Installation Folder 20
Cloud Forensics -Continued 21 Drobox Decryptor
IoT Forensics Connected, Headless, diverse and small Sources of evidence on IoT can be categorized into three groups:  All evidence collected from smart devices and sensors;  All evidence collected from hardware and software that provide a communication between smart devices and the external world (e.g., computers, mobile, IPS, IDS and firewalls),  All evidence collected from hardware and software that are outside the network under investigation. (ISP, MSP) 22
Image Forensics  Digital image forensics aims at restoring some of the lost trustworthiness of digital images and revolves around the following two fundamental questions o From where is the image come from? o Has the image been processed after acquisition? o The forensic analysis of digital images (or digital image forensics) then refers to the reconstruction of the generation process of a given digital image, where the main focus lies on inference about the image’s authenticity and origin. o Forensic face recognition in computer vision. 23
Cyber Forensics The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.” Cyber crime means any criminal activity in which a computer or network is the source, tool or target or place of crime 24
Cyber Forensics 25
Steps in Digital Forensics • Search for Information about information we requireIdentification • Obtain Forensic Copies of all Digital evidencesAcquisition • Discriminating evidences based on integrityAuthentication • Logical interpretation of recovered data • Tentative evidences turn to actual evidencesAnalysis • Generate Forensic Report • Prosecution by Court of LawPresentation 26
Identification Phase Sub Phases Classify Digital Crime Information Harvesting Intelligence Gathering Data Inspection Functions Past/ Ongoing, Disk,Memroy, Cloud, Network forensics How?When?What?Who? Scene Audit, System Monitoring Encrypted, Steganography, Open 27
Acquisition Phase Sub Phases Pre acquisition process Acquisition Plan Post acquisition process Functions Implications, lawful interception, Custody Snapshot, online, offline, Log file, Memory, Network Packets, Disk Images Handle forensic data, seized evidences, conservation and transportation 28 Pro Discover Basic, EnCase
Authentication Phase Sub Phases Categorize Evidences Validate Evidences Discriminate Evidences Functions Persistent, Volatile Use Hashing of Images, other digital evidences for Integrity Admissible, Authentic, Complete, Reliable Best, Secondary, Direct Evidences 29
Forensic Analysis Phase Sub Phases Preparation Extraction (Physical) Extraction (Logical) Analysis (Time Line) Analysis (Data Hiding) Analysis of Application Reconstruct Files Functions Media, Type of Forensic analysis Filter, Packet header, File Carving, File system, File slack, Unallocated space Review Time, Date Stamps, Logs Correlate, Access to encrypted, protected assets Saved passwords, Emails, Cookies, attachments, History 30 Access Data Ultimate Toolkit
Presentation Phase Sub Phases Documentation, Expert Testimony Correlated Evidences, Impose Laws section Substantial Interpretations, Crime Report, Generate Digital Forensic Report Prosecution By Court 31
Scope of Computer Forensics 32
DFS-Tools Tool Platform License Description Magnet AXIOM Cross Platform Proprietary Complete Acquisition, analysis and presentation EnCase Windows Proprietary Multipurpose Forensic Tool SANS Investigative Forensics Toolkit - SIFT Ubuntu Proprietary Multi-purpose forensic operating system Digital Forensics Framework Cross Platform Proprietary Framework and user interfaces dedicated to Digital Forensics CANE Linux Linux Freeware Gnu/Linux computer forensics FTK Windows Proprietary Multipurpose Forensic Tool COFEE Windows Proprietary A suite of tools for Windows developed by Microsoft 33
Network Forensic –An Intro • Network forensics is the science that deals with capture, recording, and analysis of network traffic to retrace the content of the network session. 34
Computing Environment in My Research 35
Steps in Network Forensic Analysis 36 C • Collection & filtering R • Correlation Analysis L • Log file analysis S • Stream Reassembly A • Application layer viewer W • Workflow or case management
Paths to Careers in CF Certifications Associate Degree Bachelor Degree Post Grad Certificate Masters Doctorate 37
Job Functions CF Technician CF Investigator CF Analyst/Examiner (lab) CF Lab Director CF Scientist 38
Professional Opportunities Law Enforcement Private Sector Intelligence Community Military Academia 39
Conclusions • Basics of Digital Forensic Sciences, Classifications • Steps in Digital Forensics • Basics of Network Forensics, Steps • Forensic Tools • Research Challenges 40
Useful Links  Kerala Police- Kochi  http://kochicity.keralapolice.gov.in/  National Investigation Agency –NIA  http://www.nia.gov.in/  CBI  http://cbi.nic.in/  Cyberdome  http://cyberdome.kerala.gov.in/index.html  Cyber Cell  https://kerala.gov.in/cyber-cell  RCCF-CDAC  http://www.cyberforensics.in/?AspxAutoDe tectCookieSupport=1 41
Finish Thank you

More Related Content

PPTX
Computer forensic ppt
Priya Manik
 
PPTX
Memory forensics.pptx
9905234521
 
PPTX
Cyber Forensics Overview
Yansi Keim
 
PPTX
Computer forensics and its role
Sudeshna Basak
 
PPT
Preserving and recovering digital evidence
Online
 
PPTX
Digital forensics
Vidoushi B-Somrah
 
PPTX
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
PPTX
Digital Forensics
Mithileysh Sathiyanarayanan
 
Computer forensic ppt
Priya Manik
 
Memory forensics.pptx
9905234521
 
Cyber Forensics Overview
Yansi Keim
 
Computer forensics and its role
Sudeshna Basak
 
Preserving and recovering digital evidence
Online
 
Digital forensics
Vidoushi B-Somrah
 
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Digital Forensics
Mithileysh Sathiyanarayanan
 

What's hot (20)

PPT
Computer forensics
SCREAM138
 
PPTX
Computer forensics toolkit
Milap Oza
 
PPTX
Autopsy Digital forensics tool
Sreekanth Narendran
 
PPTX
Forensic imaging
DINESH KAMBLE
 
PPTX
Mobile Forensics
abdullah roomi
 
PDF
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
PDF
Android forensics (Manish Chasta)
ClubHack
 
PPTX
mobile forensic.pptx
Ambuj Kumar
 
PPTX
Digital forensics
vishnuv43
 
PPTX
Legal aspects of digital forensics
KakshaPatel3
 
PPT
Cyber crime and forensic
SANTANU KUMAR DAS
 
PPTX
Mobile Forensics
primeteacher32
 
ODP
Brief introduction to digital forensics
Marco Alamanni
 
PDF
Incident response methodology
Piyush Jain
 
ODT
Operating System Forensics
ArunJS5
 
PDF
Digital forensic principles and procedure
newbie2019
 
PDF
Digital Evidence in Computer Forensic Investigations
Filip Maertens
 
PDF
Multimedia (Social Forensics)
Sebastiano Battiato
 
PPT
Introduction to computer forensic
Online
 
PPTX
Network Forensics
primeteacher32
 
Computer forensics
SCREAM138
 
Computer forensics toolkit
Milap Oza
 
Autopsy Digital forensics tool
Sreekanth Narendran
 
Forensic imaging
DINESH KAMBLE
 
Mobile Forensics
abdullah roomi
 
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
Android forensics (Manish Chasta)
ClubHack
 
mobile forensic.pptx
Ambuj Kumar
 
Digital forensics
vishnuv43
 
Legal aspects of digital forensics
KakshaPatel3
 
Cyber crime and forensic
SANTANU KUMAR DAS
 
Mobile Forensics
primeteacher32
 
Brief introduction to digital forensics
Marco Alamanni
 
Incident response methodology
Piyush Jain
 
Operating System Forensics
ArunJS5
 
Digital forensic principles and procedure
newbie2019
 
Digital Evidence in Computer Forensic Investigations
Filip Maertens
 
Multimedia (Social Forensics)
Sebastiano Battiato
 
Introduction to computer forensic
Online
 
Network Forensics
primeteacher32
 
Ad

Similar to Digital forensic science and its scope manesh t (20)

DOCX
Digital forensics Steps
gamemaker762
 
PDF
Introduction to Forensic Research Digital Forensics
SaanviMisar
 
PPTX
3170725_Unit-1.pptx
BhagyasriPatel2
 
PPTX
3170725_Unit-1.pptx
YashPatel132112
 
DOCX
What is Digital Forensics.docx
AliAshraf68199
 
PDF
computerforensicppt-160201192341.pdf
Gnanavi2
 
PDF
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Security Experts
 
PPTX
ppt on computer forensic concept and types
s48ourabh
 
PDF
IT forensic
Rupesh Verma
 
PDF
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
PDF
digital forensics-9 of cyber security.pdf
AdyakantaSahoo
 
PDF
Digital forensic
Chandan Sah
 
PPT
Digital Forensic
Cleverence Kombe
 
PPTX
Computer forensic
Shashi Mishra
 
PPT
Secure Computer Forensics and its tools
Kathirvel Ayyaswamy
 
PPTX
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
PDF
Digital Forensic Investigator Top Interview Questions and answers
priyanshamadhwal2
 
PPTX
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
PPTX
The Scope of Cyber Forensic.pptx
Applied Forensic Research Sciences
 
PPTX
Scope of Cyber forensics
Applied Forensic Research Sciences
 
Digital forensics Steps
gamemaker762
 
Introduction to Forensic Research Digital Forensics
SaanviMisar
 
3170725_Unit-1.pptx
BhagyasriPatel2
 
3170725_Unit-1.pptx
YashPatel132112
 
What is Digital Forensics.docx
AliAshraf68199
 
computerforensicppt-160201192341.pdf
Gnanavi2
 
Cyber Forensics|Digital Forensics|Cyber Crime-2023
Cyber Security Experts
 
ppt on computer forensic concept and types
s48ourabh
 
IT forensic
Rupesh Verma
 
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
digital forensics-9 of cyber security.pdf
AdyakantaSahoo
 
Digital forensic
Chandan Sah
 
Digital Forensic
Cleverence Kombe
 
Computer forensic
Shashi Mishra
 
Secure Computer Forensics and its tools
Kathirvel Ayyaswamy
 
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
Digital Forensic Investigator Top Interview Questions and answers
priyanshamadhwal2
 
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
The Scope of Cyber Forensic.pptx
Applied Forensic Research Sciences
 
Scope of Cyber forensics
Applied Forensic Research Sciences
 
Ad

Recently uploaded (20)

PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
A Presentation on Touch Screen Technology
memembruh336
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 

Digital forensic science and its scope manesh t

  • 2. Network Forensics-An Intro Introduction to Digital Forensics Agenda Classification & Terminologies Digital Crimes at a Glance Computer Security Vs. Forensics Steps in Digital Forensics Tools and Uses Research Contributions in Network Forensics Conclusions
  • 3. Forensics Vs. Digital Forensics  Forensic science is the application of science to criminal and civil laws. Forensic Investigators collect, preserve, and analyze scientific evidence during the course of an investigation.  Digital Forensics is the collection, preservation, identification, extraction, interpretation and documentation of digital evidence which can be used in the court of law. - -Digital Forensics Sciences, -Computer Forensics 3
  • 4. Digital Forensic Science (DFS) 4 The practice of scientifically derived and proven technical methods and tools toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of after-the-fact digital information derived from digital sources for the purpose of facilitating or furthering the reconstruction of events as forensic evidence
  • 5. Computer Security Vs Digital Forensics Computer Security major’s job is to secure down systems and prevent hackers from gaining access Digital Forensics majors have the job of figuring out exactly what happened when the other failed. Security and forensics are so closely related that without one the other would be non-existent. 5
  • 8. What is Digital Crime?  Any crime where computer is a tool, target or both  Offences against computer data or systems  Unauthorized access, modification or impairment of a computer or digital system  Offences against the confidentiality, integrity and availability of computer data and systems  Conventional Crime Vs. Digital Crime  Examples of Digital Crime  Credit Card Fraud, Identity theft, Spam,DoS 8
  • 9. What Forensics is not…… Pro-Active (Security) But reactive to an event or request About finding the bad guy/criminal But finding evidence of value Something you do for fun Expertise is needed Hacking Lawful Interception & Ethical Hacking 9
  • 10. Offline Vs Online Forensics  Offline Forensics –Postmortem Forensics,  Performed on tampered or compromised digital objects or network environment  Online forensics- Live forensics  Performed during the malicious activity on digital artifacts or computer networks or in interconnected systems  Challenging  High speed packet capturing devices 10
  • 11. Basic forensic methodology consists of:  Acquire the digital evidence without altering or damaging the original  Information stored or transmitted in binary forms, documents, images, voice and videos  Physical items or data objects( hard disk, CD, memory, computer etc.)  Admissible, Authentic, Complete, Reliable  Authenticate that your recovered evidence is the same as the originally seized data  Analyze the data without modifying it. 11
  • 12. Disk Forensics 12 • Disk forensics is the science of extracting forensic information from hard disk images • The goal is to recover data from a disk image using a forensic analysis tool. • Encryption, file system Tools Used 1.Sleuth Kit 2.Autopsy Kit 3.Samdump
  • 14. Memory Forensics 14 • Live Forensics • Capture the Memory • Analyze the Memory • Reconstruction of Memory State Tools Used 1.Memdump 2.Nigilant Kit 3.Memoryze
  • 15. Mobile Forensics  Mobile forensics is a branch of digital forensics.  Simply, it is a science of recovering different kinds of evidence from mobile phones.  It helps investigators significantly to reach to the criminal. 15 - Contact numbers. - Record of calls, SMS, MMS and details about them. - Sounds. - Photographs. - Email messages. - Notes. - Calendar. Tools • EnCase Neutrino • Cell Dek Tech • Oxygen Forensics
  • 16. Database Forensics  Prove or disprove the occurrence of a data security breach  Determine the scope of a database intrusion  Retrace user DML and DDL operations  Identify data pre- and post-transactions  Recover previously deleted database data 16 Tools • Logminer • Data Carve
  • 17. Web Forensics Web application forensics (IIS, Tomcat, Wamp server) Post Mortem Investigation of compromised web application system  Traces web vulnerability attacks  Cross site scripting  SQL Injections  Session hijacking etc. 17 Tools • Encase • FTK •Splunk
  • 18. Browser Forensics  People uses Web Browsers to search for information, shop online, banking, communicate through emails or instant messaging.  Losses due to crimes  Forensics Investigation to get browsing related data from computer  Tracing cache, history and cookies of browsers  Tools  AccessData FTK  Imager 3.1.3.2  Autopsy 3.0.6  Web browser Forensic Analyzer, Cache, History and Cookie viewers by Nirsoft 18
  • 19. Cloud Forensics  Cloud Computing – A transformative Technology  it is easier to share data  Access the files by using a computer, a smartphone or a tablet device  Choose between free and commercial solutions  Digital Forensics in Cloud Storage Services  Tools  DiskPulse tool to track the disk usage  RegShot and RegFromApp to track the registry changes 19
  • 20. Cloud Forensics -Continued Drobox Installation Folder 20
  • 22. IoT Forensics Connected, Headless, diverse and small Sources of evidence on IoT can be categorized into three groups:  All evidence collected from smart devices and sensors;  All evidence collected from hardware and software that provide a communication between smart devices and the external world (e.g., computers, mobile, IPS, IDS and firewalls),  All evidence collected from hardware and software that are outside the network under investigation. (ISP, MSP) 22
  • 23. Image Forensics  Digital image forensics aims at restoring some of the lost trustworthiness of digital images and revolves around the following two fundamental questions o From where is the image come from? o Has the image been processed after acquisition? o The forensic analysis of digital images (or digital image forensics) then refers to the reconstruction of the generation process of a given digital image, where the main focus lies on inference about the image’s authenticity and origin. o Forensic face recognition in computer vision. 23
  • 24. Cyber Forensics The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.” Cyber crime means any criminal activity in which a computer or network is the source, tool or target or place of crime 24
  • 26. Steps in Digital Forensics • Search for Information about information we requireIdentification • Obtain Forensic Copies of all Digital evidencesAcquisition • Discriminating evidences based on integrityAuthentication • Logical interpretation of recovered data • Tentative evidences turn to actual evidencesAnalysis • Generate Forensic Report • Prosecution by Court of LawPresentation 26
  • 27. Identification Phase Sub Phases Classify Digital Crime Information Harvesting Intelligence Gathering Data Inspection Functions Past/ Ongoing, Disk,Memroy, Cloud, Network forensics How?When?What?Who? Scene Audit, System Monitoring Encrypted, Steganography, Open 27
  • 28. Acquisition Phase Sub Phases Pre acquisition process Acquisition Plan Post acquisition process Functions Implications, lawful interception, Custody Snapshot, online, offline, Log file, Memory, Network Packets, Disk Images Handle forensic data, seized evidences, conservation and transportation 28 Pro Discover Basic, EnCase
  • 29. Authentication Phase Sub Phases Categorize Evidences Validate Evidences Discriminate Evidences Functions Persistent, Volatile Use Hashing of Images, other digital evidences for Integrity Admissible, Authentic, Complete, Reliable Best, Secondary, Direct Evidences 29
  • 30. Forensic Analysis Phase Sub Phases Preparation Extraction (Physical) Extraction (Logical) Analysis (Time Line) Analysis (Data Hiding) Analysis of Application Reconstruct Files Functions Media, Type of Forensic analysis Filter, Packet header, File Carving, File system, File slack, Unallocated space Review Time, Date Stamps, Logs Correlate, Access to encrypted, protected assets Saved passwords, Emails, Cookies, attachments, History 30 Access Data Ultimate Toolkit
  • 31. Presentation Phase Sub Phases Documentation, Expert Testimony Correlated Evidences, Impose Laws section Substantial Interpretations, Crime Report, Generate Digital Forensic Report Prosecution By Court 31
  • 32. Scope of Computer Forensics 32
  • 33. DFS-Tools Tool Platform License Description Magnet AXIOM Cross Platform Proprietary Complete Acquisition, analysis and presentation EnCase Windows Proprietary Multipurpose Forensic Tool SANS Investigative Forensics Toolkit - SIFT Ubuntu Proprietary Multi-purpose forensic operating system Digital Forensics Framework Cross Platform Proprietary Framework and user interfaces dedicated to Digital Forensics CANE Linux Linux Freeware Gnu/Linux computer forensics FTK Windows Proprietary Multipurpose Forensic Tool COFEE Windows Proprietary A suite of tools for Windows developed by Microsoft 33
  • 34. Network Forensic –An Intro • Network forensics is the science that deals with capture, recording, and analysis of network traffic to retrace the content of the network session. 34
  • 35. Computing Environment in My Research 35
  • 36. Steps in Network Forensic Analysis 36 C • Collection & filtering R • Correlation Analysis L • Log file analysis S • Stream Reassembly A • Application layer viewer W • Workflow or case management
  • 37. Paths to Careers in CF Certifications Associate Degree Bachelor Degree Post Grad Certificate Masters Doctorate 37
  • 38. Job Functions CF Technician CF Investigator CF Analyst/Examiner (lab) CF Lab Director CF Scientist 38
  • 39. Professional Opportunities Law Enforcement Private Sector Intelligence Community Military Academia 39
  • 40. Conclusions • Basics of Digital Forensic Sciences, Classifications • Steps in Digital Forensics • Basics of Network Forensics, Steps • Forensic Tools • Research Challenges 40
  • 41. Useful Links  Kerala Police- Kochi  http://kochicity.keralapolice.gov.in/  National Investigation Agency –NIA  http://www.nia.gov.in/  CBI  http://cbi.nic.in/  Cyberdome  http://cyberdome.kerala.gov.in/index.html  Cyber Cell  https://kerala.gov.in/cyber-cell  RCCF-CDAC  http://www.cyberforensics.in/?AspxAutoDe tectCookieSupport=1 41