cyber forensics notes presentation chp1.pdf
anupamapadhi04
34 views
20 slides
Oct 16, 2024
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
cyber forensic notes
Slide Content
Cyber Forensics
Course Code :-USCS5041
Course Code :-USCS5041
Cyber Forensics
Introduction
Chapter -1
Introduction
Chapter -1
What Is Cyber Forensics
›Cyber forensics involves investigating and analyzing electronic
devices to gather evidence for court, while maintaining evidence
integrity. The goal is to determine what happened on a suspect
device and who was responsible.
›Cyber forensics plays a crucial role in cybercrime investigations,
involving:
–Identifying, collecting, preserving, analyzing, and documenting digital
evidence
–Using forensic software to examine digital images of suspect devices
–Searching for hidden files, deleted data, and encrypted files
–Documenting evidence in a final report, verified with the original device,
for legal proceedings.
›Cyber forensics involves investigating and analyzing electronic
devices to gather evidence for court, while maintaining evidence
integrity. The goal is to determine what happened on a suspect
device and who was responsible.
›Cyber forensics plays a crucial role in cybercrime investigations,
involving:
–Identifying, collecting, preserving, analyzing, and documenting digital
evidence
–Using forensic software to examine digital images of suspect devices
–Searching for hidden files, deleted data, and encrypted files
–Documenting evidence in a final report, verified with the original device,
for legal proceedings.
›Definition:
–Cyber forensics is a discipline that involves investigating and analyzing
electronic or digital devices to gather and preserve evidence for
presentation in a court of law.›Goal:
–The primary objective of cyber forensics is to conduct a structured
investigation while maintaining the integrity of evidence and a
documented chain of custody to determine what happened on a suspect
device and who was responsible.
›Role in cybercrime investigations:
–Cyber forensics plays a crucial role in investigating cybercrimes, as it
helps to identify, collect, preserve, analyze, and document digital
evidence.
–Cyber forensics is a discipline that involves investigating and analyzing
electronic or digital devices to gather and preserve evidence for
presentation in a court of law.›Goal:
–The primary objective of cyber forensics is to conduct a structured
investigation while maintaining the integrity of evidence and a
documented chain of custody to determine what happened on a suspect
device and who was responsible.
›Role in cybercrime investigations:
–Cyber forensics plays a crucial role in investigating cybercrimes, as it
helps to identify, collect, preserve, analyze, and document digital
evidence.
›Techniques and tools:
–Forensic investigators use various techniques and software applications
to examine digital images of suspect devices. These techniques include:
–Searching for hidden folders
–Recovering deleted, encrypted, or damaged files
–Analyzing digital evidence to reconstruct events
›Documentation and verification:
–Any evidence found is carefully documented in a final report, which is
verified with the original device before preparing for legal proceedings.
This ensures the integrity and admissibility of the evidence in court.
›Overall, cyber forensics is a critical component of cybercrime
investigations, as it helps to uncover digital evidence and bring
perpetrators to justice.
–Forensic investigators use various techniques and software applications
to examine digital images of suspect devices. These techniques include:
–Searching for hidden folders
–Recovering deleted, encrypted, or damaged files
–Analyzing digital evidence to reconstruct events
›Documentation and verification:
–Any evidence found is carefully documented in a final report, which is
verified with the original device before preparing for legal proceedings.
This ensures the integrity and admissibility of the evidence in court.
›Overall, cyber forensics is a critical component of cybercrime
investigations, as it helps to uncover digital evidence and bring
perpetrators to justice.
What Is Computer Forensics
›The preservation, identification, extraction, interpretation, and
documentation of computer evidence, to include the rules of
evidence, legal processes, integrity of evidence, reporting of the
information found in a manner that is legally acceptable.
›The preservation, identification, extraction, interpretation, and
documentation of computer evidence, to include the rules of
evidence, legal processes, integrity of evidence, reporting of the
information found in a manner that is legally acceptable.
Steps
•Identification:
•Identifying what evidence is present, where it is
stored, and how it is stored (in which format).
Electronic devices can be personal computers,
Mobile phones, PDAs, etc.
•Preservation:
•Data is isolated, secured, and preserved. It
includes prohibiting unauthorized personnel
from using the digital device so that digital
evidence, mistakenly or purposely, is not
tampered with and making a copy of the original
evidence.
•Identification:
•Identifying what evidence is present, where it is
stored, and how it is stored (in which format).
Electronic devices can be personal computers,
Mobile phones, PDAs, etc.
•Preservation:
•Data is isolated, secured, and preserved. It
includes prohibiting unauthorized personnel
from using the digital device so that digital
evidence, mistakenly or purposely, is not
tampered with and making a copy of the original
evidence.
Steps
•Analysis:
•Forensic lab personnel reconstruct fragments of
data and draw conclusions based on evidence.
•Documentation:
•A record of all the visible data is created. It helps
in recreating and reviewing the crime scene. All
the findings from the investigations are
documented.
•Presentation:
•All the documented findings are produced in a
court of law for further investigations.
•Analysis:
•Forensic lab personnel reconstruct fragments of
data and draw conclusions based on evidence.
•Documentation:
•A record of all the visible data is created. It helps
in recreating and reviewing the crime scene. All
the findings from the investigations are
documented.
•Presentation:
•All the documented findings are produced in a
court of law for further investigations.
Need for Computer Forensics
›The need for computer forensics arises from the increasing reliance
on digital devices and the internet in our daily lives. As technology
advances, so do the opportunities for cybercriminals to commit
crimes, such as intellectual property theft, industrial espionage, fraud
investigations, and misuse of the internet and email in the workplace.
›Computer forensics plays a crucial role in investigating these crimes
by providing a scientific method of gathering evidence from digital
devices and computer networks. This evidence can be used to
identify and prosecute criminals, as well as to recover lost data and
prevent future incidents.
›computer forensics can help track down cybercriminals from
anywhere in the world, allowing law enforcement agencies to bring
them to justice.
›The need for computer forensics arises from the increasing reliance
on digital devices and the internet in our daily lives. As technology
advances, so do the opportunities for cybercriminals to commit
crimes, such as intellectual property theft, industrial espionage, fraud
investigations, and misuse of the internet and email in the workplace.
›Computer forensics plays a crucial role in investigating these crimes
by providing a scientific method of gathering evidence from digital
devices and computer networks. This evidence can be used to
identify and prosecute criminals, as well as to recover lost data and
prevent future incidents.
›computer forensics can help track down cybercriminals from
anywhere in the world, allowing law enforcement agencies to bring
them to justice.
Types of Attacks in Cyber Crime
›Insider Attacks
–Insider attacks are malicious activities carried out by individuals within
an organization. These individuals have authorized access to the
company's systems and information, which they misuse to steal, leak, or
destroy data.
›Common Insider Attack Methods:
–Data Theft:Stealing sensitive data such as intellectual property,
customer information, or financial records.
–Sabotage:Deliberately damaging systems, data, or operations.
–Espionage:Selling or leaking confidential information to competitors or
other unauthorized entities.
›Insider Attacks
–Insider attacks are malicious activities carried out by individuals within
an organization. These individuals have authorized access to the
company's systems and information, which they misuse to steal, leak, or
destroy data.
›Common Insider Attack Methods:
–Data Theft:Stealing sensitive data such as intellectual property,
customer information, or financial records.
–Sabotage:Deliberately damaging systems, data, or operations.
–Espionage:Selling or leaking confidential information to competitors or
other unauthorized entities.
Types of Attacks in Cyber Crime
›External Attacks
–External attacks are carried out by individuals or groups outside the
organization who do not have authorized access to the company's
systems. These attackers use various techniques to penetrate the
organization's defenses and exploit vulnerabilities.
›Common External Attack Methods:
–Phishing:Sending deceptive emails to trick individuals into revealing
sensitive information or downloading malware.
–Malware:Using malicious software such as viruses, ransomware, or
spyware to damage systems.
–Man-in-the-Middle (MitM) Attacks:Intercepting and altering
communication between two parties without their knowledge.
›External Attacks
–External attacks are carried out by individuals or groups outside the
organization who do not have authorized access to the company's
systems. These attackers use various techniques to penetrate the
organization's defenses and exploit vulnerabilities.
›Common External Attack Methods:
–Phishing:Sending deceptive emails to trick individuals into revealing
sensitive information or downloading malware.
–Malware:Using malicious software such as viruses, ransomware, or
spyware to damage systems.
–Man-in-the-Middle (MitM) Attacks:Intercepting and altering
communication between two parties without their knowledge.
Forensics investigators often work as part of a team
known as investigation triad.
known as investigation triad.
Investigation triad
›Vulnerability/threat assessment and risk management:
–Tests and verifies the integrity of stand-along workstations and network
servers
›Network intrusion detection and incident response:
–Detects intruder attacks by using automated tools and monitoring
network.
›Digital investigations:
–Manages investigations and conducts forensics analysis of systems
suspected of containing evidence
›Vulnerability/threat assessment and risk management:
–Tests and verifies the integrity of stand-along workstations and network
servers
›Network intrusion detection and incident response:
–Detects intruder attacks by using automated tools and monitoring
network.
›Digital investigations:
–Manages investigations and conducts forensics analysis of systems
suspected of containing evidence
Preparing for Computer Investigations
›Digital investigations fall into two categories:
–public-sector investigations
–Private-sector investigations
›Digital investigations fall into two categories:
–public-sector investigations
–Private-sector investigations
Preparing for Computer Investigations
›Public-sector investigations
are conducted by government
entities range from municipal,
county, and state and other
governmental organizations.
›These investigations typically
focus on criminal
investigations and
prosecution.
›Public sector is what is good
for public
›Private-sector investigations
are conducted by business or
corporations.
›These investigations often
focus on internal issues within
organizations, such as policy
violations, intellectual
property theft, and
compliance with company
policies.
›Private sector is what is good
for business.
›Public-sector investigations
are conducted by government
entities range from municipal,
county, and state and other
governmental organizations.
›These investigations typically
focus on criminal
investigations and
prosecution.
›Public sector is what is good
for public
›Private-sector investigations
are conducted by business or
corporations.
›These investigations often
focus on internal issues within
organizations, such as policy
violations, intellectual
property theft, and
compliance with company
policies.
›Private sector is what is good
for business.
Understanding Law Enforcement Agency
Investigations
›When conducting public-sector investigations, you must
understand laws on computer-related crimes including:
–standard legal processes
–guidelines on search and seizure
–and how to build a criminal case
Investigations
›When conducting public-sector investigations, you must
understand laws on computer-related crimes including:
–standard legal processes
–guidelines on search and seizure
–and how to build a criminal case
Maintaining Professional Conduct
›Professional Behavior
–Exhibit Professionalism:Always display the highest level of professional
behavior.
–Key Attributes:Maintain objectivity, confidentiality, expand technical
knowledge, and conduct with integrity.
›Maintaining Objectivity
–Form Opinions on Evidence:Base opinions on education, training, experience,
and case evidence.
–Exhaust Leads:Avoid conclusions until all reasonable leads are explored and
facts considered.
–Avoid Bias:Focus on finding relevant digital evidence without prejudice or
external influence.
–Reputation:Your objectivity is crucial for your professional reputation.
›Professional Behavior
–Exhibit Professionalism:Always display the highest level of professional
behavior.
–Key Attributes:Maintain objectivity, confidentiality, expand technical
knowledge, and conduct with integrity.
›Maintaining Objectivity
–Form Opinions on Evidence:Base opinions on education, training, experience,
and case evidence.
–Exhaust Leads:Avoid conclusions until all reasonable leads are explored and
facts considered.
–Avoid Bias:Focus on finding relevant digital evidence without prejudice or
external influence.
–Reputation:Your objectivity is crucial for your professional reputation.
Maintaining Professional Conduct
›Maintaining Confidentiality
–Limited Discussions:Discuss case details only with essential personnel.
–General Advice:When seeking advice, share only general terms and
facts without specifics.
–Case Confidentiality:Keep investigations confidential until required by
court or attorney to release information.
–Private-Sector Sensitivity:Confidentiality is critical, especially regarding
terminated employees to avoid legal issues.
›Legal Considerations
–Attorney-Work-Product Rule:When working with attorneys, all case
communications should be restricted to the legal team unless otherwise
approved by the attorney.
›Maintaining Confidentiality
–Limited Discussions:Discuss case details only with essential personnel.
–General Advice:When seeking advice, share only general terms and
facts without specifics.
–Case Confidentiality:Keep investigations confidential until required by
court or attorney to release information.
–Private-Sector Sensitivity:Confidentiality is critical, especially regarding
terminated employees to avoid legal issues.
›Legal Considerations
–Attorney-Work-Product Rule:When working with attorneys, all case
communications should be restricted to the legal team unless otherwise
approved by the attorney.
Maintaining Professional Conduct
›Continuous Professional Development
–Stay Updated:Keep up with the latest in computer hardware, software,
networking, and forensic tools.
–Learn New Techniques:Regularly update investigation techniques.
–Training and Education:Attend workshops, conferences, and pursue
further education and certifications.
–Formal Education:An undergraduate degree in computing or related
fields is beneficial; consider advanced studies in complementary areas.
–Professional Organizations:Join and participate in professional
organizations for training and updates on technical improvements.
›Continuous Professional Development
–Stay Updated:Keep up with the latest in computer hardware, software,
networking, and forensic tools.
–Learn New Techniques:Regularly update investigation techniques.
–Training and Education:Attend workshops, conferences, and pursue
further education and certifications.
–Formal Education:An undergraduate degree in computing or related
fields is beneficial; consider advanced studies in complementary areas.
–Professional Organizations:Join and participate in professional
organizations for training and updates on technical improvements.
Maintaining Professional Conduct
›Integrity
–Conduct with Integrity:Maintain the highest levels of honesty and
integrity in all aspects of life.
–Avoid Indiscretions:Steer clear of actions that could lead to
embarrassment or discredit during legal proceedings.
›Integrity
–Conduct with Integrity:Maintain the highest levels of honesty and
integrity in all aspects of life.
–Avoid Indiscretions:Steer clear of actions that could lead to
embarrassment or discredit during legal proceedings.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 34
- Slides 20
- Age 419 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views